Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JvrQuHMa2C.pdf

Overview

General Information

Sample name:JvrQuHMa2C.pdf
renamed because original name is a hash value
Original sample name:0425201506bdfcd5cc17e15388b793a7bff573d999fd7104cc62bf98f57b335a.pdf
Analysis ID:1592943
MD5:ad13c0aa36e9152a7aa4d3dee214ca36
SHA1:7b81a5ae937c3a022f550e23e0a801224759b1f8
SHA256:0425201506bdfcd5cc17e15388b793a7bff573d999fd7104cc62bf98f57b335a
Tags:bookingItalianPastapdfuser-JAMESWT_MHT
Infos:
Errors
  • Corrupt sample or wrongly selected analyzer.

Detection

CAPTCHA Scam ClickFix
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
AI detected suspicious URL
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7456 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JvrQuHMa2C.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7680 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,11508616175095407708,6137334233323038778,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 5140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#bm17t9d9ezpyr6" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2036,i,3150319846026810190,1535699209564262474,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_188JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    2.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-16T17:20:59.046753+010028594861A Network Trojan was detected172.67.168.162443192.168.2.749930TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: https://fixecondfirbook.info/Joe Sandbox AI: Score: 9 Reasons: The brand 'Booking' is well-known and is primarily associated with the domain 'booking.com'., The URL 'fixecondfirbook.info' does not match the legitimate domain 'booking.com'., The URL contains suspicious elements such as misspellings and unusual domain extension '.info', which is not typically used by the brand., The domain name 'fixecondfirbook' does not have any clear association with the brand 'Booking'., The presence of unrelated or misspelled words in the domain name is a common phishing tactic. DOM: 2.1.pages.csv
      Yara detected CAPTCHA Scam ClickFix
      Source: Yara matchFile source: 2.1.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_188, type: DROPPED
      AI detected landing page (webpage, office document or email)
      Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view complaint'
      AI detected suspicious Javascript
      Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://clintonmakes.com/215c/#bm17t9d9ezpyr6... This script demonstrates high-risk behavior, including dynamic code execution and data exfiltration. It attempts to redirect the user to an untrusted domain, which is a strong indicator of malicious intent.
      Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://fixecondfirbook.info/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The `copyToClipboard()` function generates a command that could be used for malicious purposes, and the script also manipulates the DOM to hide the reCAPTCHA checkbox and display a custom SVG element. These behaviors, combined with the suspicious intent and lack of transparency, indicate a high-risk script that should be further investigated.
      AI detected suspicious URL
      Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://fixecondfirbook.info
      Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://fixecondfirbook.info
      Source: https://fixecondfirbook.info/HTTP Parser: No favicon

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2859486 - Severity 1 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound : 172.67.168.162:443 -> 192.168.2.7:49930
      Source: Joe Sandbox ViewIP Address: 104.21.94.195 104.21.94.195
      Source: Joe Sandbox ViewIP Address: 172.67.168.162 172.67.168.162
      Source: Joe Sandbox ViewIP Address: 66.63.187.216 66.63.187.216
      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /bookid82291 HTTP/1.1Host: minedudiser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /languageRevert.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /captchaHandler.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /backend_static/common/flags/new/48-squared/us.png HTTP/1.1Host: q-xx.bstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /languageRevert.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fixecondfirbook.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /captchaHandler.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /backend_static/common/flags/new/48-squared/us.png HTTP/1.1Host: q-xx.bstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /send-ip HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
      Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: f5510ad44=0ad448213ea0
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://clintonmakes.com/215c/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: time.windows.com
      Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
      Source: global trafficDNS traffic detected: DNS query: clintonmakes.com
      Source: global trafficDNS traffic detected: DNS query: minedudiser.com
      Source: global trafficDNS traffic detected: DNS query: fixecondfirbook.info
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: q-xx.bstatic.com
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: unknownHTTP traffic detected: POST /send-ip HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://fixecondfirbook.infoSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 16:22:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: ExpressContent-Security-Policy: default-src 'none'X-Content-Type-Options: nosniffcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsBU9svuMk1VgMhYO%2B2oW8Om5zEHZ4AePv1YkI18hNFH4d3D1n4hfslzZFOhn7GULM74%2BKZiflgs2zNsrDyIJzpes5Yi2%2Bx6%2BN8naxhakfSSpeQgi%2FMUXjIpg8%2FtjQRfw2xmH5HQiQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 902f7177a8794276-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1697&rtt_var=643&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2853&recv_bytes=929&delivery_rate=1720683&cwnd=212&unsent_bytes=0&cid=550407ba4182a76e&ts=335&x=0"
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 16:20:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedserver: Apache/2.4.37 (Rocky Linux)Content-Encoding: gzipData Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0
      Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
      Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
      Source: JvrQuHMa2C.pdfString found in binary or memory: https://clintonmakes.com/215c/#bm17t9d9ezpyr6)
      Source: chromecache_188.11.drString found in binary or memory: https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
      Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
      Source: chromecache_188.11.drString found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
      Source: classification engineClassification label: mal84.phis.winPDF@42/72@27/11
      Source: JvrQuHMa2C.pdfInitial sample: https://clintonmakes.com/215c/#bm17t9d9ezpyr6
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-20-29-172.logJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JvrQuHMa2C.pdf"
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,11508616175095407708,6137334233323038778,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#bm17t9d9ezpyr6"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2036,i,3150319846026810190,1535699209564262474,262144 /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,11508616175095407708,6137334233323038778,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2036,i,3150319846026810190,1535699209564262474,262144 /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword /JS count = 0
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword /JavaScript count = 0
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword stream count = 29
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword obj count = 76
      Source: JvrQuHMa2C.pdfInitial sample: PDF keyword /OpenAction

      Persistence and Installation Behavior

      barindex
      Detect drive by download via clipboard copy & paste
      Source: screenshotOCR Text: 800king.com C fixecondfirbook.info p Type here to search I'm not a robot Verification Steps 1. Press Windows Button " 2. Press CTRL + V 3. Press Enter recAPTCHA ENG SG 11:22 16/01/2025
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Spearphishing Link      		Windows Management Instrumentation4
      Browser Extensions      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      System Information Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      JvrQuHMa2C.pdf0%VirustotalBrowse
      JvrQuHMa2C.pdf0%ReversingLabs

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://clintonmakes.com/215c/#bm17t9d9ezpyr6)0%Avira URL Cloudsafe
      http://clintonmakes.com/favicon.ico0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      bg.microsoft.map.fastly.net
      		199.232.214.172
      		truefalse
        		high
        d2i5gg36g14bzn.cloudfront.net
        		18.245.31.18
        		truefalse
          		high
          a.nel.cloudflare.com
          		35.190.80.1
          		truefalse
            		high
            e8652.dscx.akamaiedge.net
            		2.23.197.184
            		truefalse
              		high
              twc.trafficmanager.net
              		104.40.149.189
              		truefalse
                		high
                s-part-0017.t-0009.t-msedge.net
                		13.107.246.45
                		truefalse
                  		high
                  www.google.com
                  		216.58.206.36
                  		truefalse
                    		high
                    clintonmakes.com
                    		66.63.187.216
                    		truefalse
                      		high
                      fixecondfirbook.info
                      		172.67.168.162
                      		truefalse
                        		high
                        minedudiser.com
                        		186.64.116.70
                        		truefalse
                          		high
                          x1.i.lencr.org
                          		unknown
                          		unknownfalse
                            		high
                            q-xx.bstatic.com
                            		unknown
                            		unknownfalse
                              		high
                              time.windows.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://fixecondfirbook.info/send-ipfalse
                                  		high
                                  https://fixecondfirbook.info/languageRevert.jsfalse
                                    		high
                                    https://minedudiser.com/bookid82291false
                                      		high
                                      https://a.nel.cloudflare.com/report/v4?s=lsBU9svuMk1VgMhYO%2B2oW8Om5zEHZ4AePv1YkI18hNFH4d3D1n4hfslzZFOhn7GULM74%2BKZiflgs2zNsrDyIJzpes5Yi2%2Bx6%2BN8naxhakfSSpeQgi%2FMUXjIpg8%2FtjQRfw2xmH5HQiQ%3D%3Dfalse
                                        		high
                                        http://clintonmakes.com/favicon.icofalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://fixecondfirbook.info/favicon.icofalse
                                          		high
                                          http://clintonmakes.com/215c/false
                                            		unknown
                                            https://clintonmakes.com/215c/false
                                              		high
                                              https://fixecondfirbook.info/captchaHandler.jsfalse
                                                		high
                                                https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.pngfalse
                                                  		high
                                                  https://fixecondfirbook.info/false
                                                    		high

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://clintonmakes.com/215c/#bm17t9d9ezpyr6)JvrQuHMa2C.pdffalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
                                                      		high
                                                      https://www.adobe.coReaderMessages.0.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        104.21.94.195
                                                        		unknownUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        172.67.168.162
                                                        		fixecondfirbook.infoUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        216.58.206.36
                                                        		www.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        66.63.187.216
                                                        		clintonmakes.comUnited States
                                                        		8100ASN-QUADRANET-GLOBALUSfalse
                                                        18.245.31.18
                                                        		d2i5gg36g14bzn.cloudfront.netUnited States
                                                        		16509AMAZON-02USfalse
                                                        35.190.80.1
                                                        		a.nel.cloudflare.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        13.32.99.94
                                                        		unknownUnited States
                                                        		16509AMAZON-02USfalse
                                                        2.23.197.184
                                                        		e8652.dscx.akamaiedge.netEuropean Union
                                                        		1273CWVodafoneGroupPLCEUfalse
                                                        239.255.255.250
                                                        		unknownReserved
                                                        		unknownunknownfalse
                                                        186.64.116.70
                                                        		minedudiser.comChile
                                                        		52368ZAMLTDACLfalse

                                                        Private

                                                        IP
                                                        192.168.2.7

                                                        General Information

                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1592943
                                                        Start date and time:2025-01-16 17:19:15 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 5m 4s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:defaultwindowspdfcookbook.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:17
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:JvrQuHMa2C.pdf
                                                        renamed because original name is a hash value
                                                        Original Sample Name:0425201506bdfcd5cc17e15388b793a7bff573d999fd7104cc62bf98f57b335a.pdf
                                                        Detection:MAL
                                                        Classification:mal84.phis.winPDF@42/72@27/11
                                                        EGA Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 0
                                                        • Number of non-executed functions: 0
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .pdf
                                                        • Found PDF document
                                                        • URL browsing timeout or error
                                                        • Close Viewer

                                                        Errors

                                                        • Corrupt sample or wrongly selected analyzer.

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 172.64.41.3, 162.159.61.3, 2.16.168.107, 2.16.168.105, 199.232.214.172, 142.250.185.67, 142.250.186.78, 142.251.173.84, 172.217.18.14, 142.250.185.206, 172.217.16.206, 142.250.185.99, 142.250.186.35, 142.250.186.138, 172.217.16.202, 172.217.18.10, 216.58.206.42, 172.217.23.106, 172.217.18.106, 142.250.186.170, 142.250.186.106, 142.250.185.106, 142.250.184.202, 142.250.181.234, 216.58.212.170, 142.250.185.138, 216.58.206.74, 142.250.185.74, 142.250.184.234, 216.58.212.138, 142.250.185.234, 142.250.186.74, 142.250.185.202, 142.250.185.170, 142.250.186.42, 142.250.184.206, 142.250.185.238, 216.58.212.163, 142.250.184.238, 142.250.185.174, 142.250.186.174, 13.107.246.45, 2.23.242.162, 23.217.172.185, 172.202.163.200
                                                        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, otelrules.afd.azureedge.net, twc.trafficmanager.net, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, geo2.adobe.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        11:20:42API Interceptor2x Sleep call for process: AcroCEF.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        66.63.187.216iRMbIIEjhP.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • clintonmakes.com/favicon.ico
                                                        zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                                        • swxpeyou.com/favicon.ico
                                                        weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • edwatsonsmallworks.com/favicon.ico
                                                        ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • leahbdesign.com/favicon.ico
                                                        cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                                        • revelsocialclub.com/favicon.ico
                                                        104.21.94.195iRMbIIEjhP.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                          P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                            shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                              9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                                                  BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                    OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                                                        cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                          ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                            172.67.168.162z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                                              pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                                                                weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                  ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                    cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                                                                      iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                                                                        BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                          cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                            ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                              ItalianPastaLumma.htaGet hashmaliciousUnknownBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                d2i5gg36g14bzn.cloudfront.netshJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.53
                                                                                                9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.49
                                                                                                weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.18
                                                                                                ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.129
                                                                                                BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.18
                                                                                                cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.18
                                                                                                ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 18.245.31.53
                                                                                                https://page-get-reserves.com/yewhahgt/Get hashmaliciousUnknownBrowse
                                                                                                • 18.245.31.18
                                                                                                https://page-view-reserved-eng.com/mrzorecfGet hashmaliciousUnknownBrowse
                                                                                                • 18.245.31.49
                                                                                                https://page-view-reserved-en.com/erabwasiGet hashmaliciousUnknownBrowse
                                                                                                • 18.245.31.18
                                                                                                e8652.dscx.akamaiedge.netV2yjcnvr6z.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 23.209.209.135
                                                                                                P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 2.23.197.184
                                                                                                shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 23.209.209.135
                                                                                                z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 2.23.197.184
                                                                                                zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 23.209.209.135
                                                                                                weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 23.209.209.135
                                                                                                ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 2.23.197.184
                                                                                                cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 23.209.209.135
                                                                                                iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 23.209.209.135
                                                                                                BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 23.209.209.135
                                                                                                bg.microsoft.map.fastly.netV2yjcnvr6z.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 199.232.214.172
                                                                                                OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.214.172
                                                                                                JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 199.232.210.172
                                                                                                ysGzoTK3Nr.docxGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.214.172
                                                                                                ysGzoTK3Nr.docxGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.210.172
                                                                                                UGEcpfWq4z.docxGet hashmaliciousUnknownBrowse
                                                                                                • 199.232.214.172

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                CLOUDFLARENETUSiRMbIIEjhP.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 104.21.94.195
                                                                                                http://neuroplus.com.br/asset/payroll/portal/qybVCmrZMa/ben.fillowmen@ne.govGet hashmaliciousUnknownBrowse
                                                                                                • 104.17.25.14
                                                                                                shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.168.162
                                                                                                https://www.google.com.vn/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%RANDOM4%wDnNeW8yycT&sa=t&esrc=nNeW8F%RANDOM3%A0xys8Em2FL&source=&cd=tS6T8%RANDOM3%Tiw9XH&cad=XpPkDfJX%RANDOM4%VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkayik.com.au/glyxzb/e7365d2bd9a2e2c8b5587a6a9eb341aa/YXdpbGxpYW1zQGtmb3JjZS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                • 104.17.25.14
                                                                                                pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.168.162
                                                                                                9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                https://852u.adj.st/credits-opensea/?sk=288xDmHv&adj_t=wt0ujiy&adj_deep_link=eversheds-sutherlandpago://credits-opensea/?sk=288xDmHv&adj_label=MLM_MP_ML-EMAIL_CC_MARA_AO-UCR_ALL_ACT_X_X_DEFAULT_I-EG-UCR-MUTT-MAR-ABIERTO&adj_fallback=https://iondetox.com.ar/g63c/5617939594/Eversheds-sutherland/?eu=Y2xvemFub0BldmVyc2hlZHMtc3V0aGVybGFuZC5lcw==Get hashmaliciousUnknownBrowse
                                                                                                • 188.114.96.3
                                                                                                Aura.exeGet hashmaliciousLummaC, PureLog Stealer, XmrigBrowse
                                                                                                • 104.21.96.1
                                                                                                CLOUDFLARENETUSiRMbIIEjhP.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 104.21.94.195
                                                                                                http://neuroplus.com.br/asset/payroll/portal/qybVCmrZMa/ben.fillowmen@ne.govGet hashmaliciousUnknownBrowse
                                                                                                • 104.17.25.14
                                                                                                shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.168.162
                                                                                                https://www.google.com.vn/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%RANDOM4%wDnNeW8yycT&sa=t&esrc=nNeW8F%RANDOM3%A0xys8Em2FL&source=&cd=tS6T8%RANDOM3%Tiw9XH&cad=XpPkDfJX%RANDOM4%VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkayik.com.au/glyxzb/e7365d2bd9a2e2c8b5587a6a9eb341aa/YXdpbGxpYW1zQGtmb3JjZS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                • 104.17.25.14
                                                                                                pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.168.162
                                                                                                9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 104.21.94.195
                                                                                                https://852u.adj.st/credits-opensea/?sk=288xDmHv&adj_t=wt0ujiy&adj_deep_link=eversheds-sutherlandpago://credits-opensea/?sk=288xDmHv&adj_label=MLM_MP_ML-EMAIL_CC_MARA_AO-UCR_ALL_ACT_X_X_DEFAULT_I-EG-UCR-MUTT-MAR-ABIERTO&adj_fallback=https://iondetox.com.ar/g63c/5617939594/Eversheds-sutherland/?eu=Y2xvemFub0BldmVyc2hlZHMtc3V0aGVybGFuZC5lcw==Get hashmaliciousUnknownBrowse
                                                                                                • 188.114.96.3
                                                                                                Aura.exeGet hashmaliciousLummaC, PureLog Stealer, XmrigBrowse
                                                                                                • 104.21.96.1
                                                                                                ASN-QUADRANET-GLOBALUSiRMbIIEjhP.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 66.63.187.216
                                                                                                V2yjcnvr6z.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 66.63.187.216
                                                                                                P4906RXNYH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 66.63.187.216
                                                                                                shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 66.63.187.216
                                                                                                z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 66.63.187.216
                                                                                                pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 66.63.187.216
                                                                                                9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 66.63.187.216
                                                                                                zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                                                                                • 66.63.187.216
                                                                                                weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 66.63.187.216
                                                                                                ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 66.63.187.216

                                                                                                JA3 Fingerprints

                                                                                                No context

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):300
                                                                                                Entropy (8bit):5.20773556432535
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+9YM+q2PcNwi2nKuAl9OmbnIFUtU9eAXZmwq9eAqMVkwOcNwi2nKuAl9OmbjLJ:7+n+vLZHAahFUtU9X/q93V54ZHAaSJ
                                                                                                MD5:D92F8EB4FF892D22E59C17F1C1E1D73A
                                                                                                SHA1:642438AEA30EB6CABC570163B55633CC34A038E1
                                                                                                SHA-256:55110FC6D1AC08CE57AA798CDE9EFE1522950284FEFA6545B92770EB8D52DCB6
                                                                                                SHA-512:90A6A67A53A05E93FE251DBE59B75E0D9EF85CF430672D35A8B7968A71758463825BFBC1F13A5A3A5E5D70A2915B5133B37BAF93CAD7E6CF5CF7398237749FD7
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:2025/01/16-11:20:27.479 1e1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:20:27.482 1e1c Recovering log #3.2025/01/16-11:20:27.482 1e1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):300
                                                                                                Entropy (8bit):5.20773556432535
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+9YM+q2PcNwi2nKuAl9OmbnIFUtU9eAXZmwq9eAqMVkwOcNwi2nKuAl9OmbjLJ:7+n+vLZHAahFUtU9X/q93V54ZHAaSJ
                                                                                                MD5:D92F8EB4FF892D22E59C17F1C1E1D73A
                                                                                                SHA1:642438AEA30EB6CABC570163B55633CC34A038E1
                                                                                                SHA-256:55110FC6D1AC08CE57AA798CDE9EFE1522950284FEFA6545B92770EB8D52DCB6
                                                                                                SHA-512:90A6A67A53A05E93FE251DBE59B75E0D9EF85CF430672D35A8B7968A71758463825BFBC1F13A5A3A5E5D70A2915B5133B37BAF93CAD7E6CF5CF7398237749FD7
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:2025/01/16-11:20:27.479 1e1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:20:27.482 1e1c Recovering log #3.2025/01/16-11:20:27.482 1e1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):344
                                                                                                Entropy (8bit):5.1852207261024805
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+95IQyq2PcNwi2nKuAl9Ombzo2jMGIFUtU9vG1Zmwq97IQRkwOcNwi2nKuAl97:7+/IVvLZHAa8uFUtUZG1/qCI54ZHAa8z
                                                                                                MD5:FFDF764332D11D3A57B0B33109585591
                                                                                                SHA1:B8E3C01EDC38A6C4FCC7B497E0336D4747DDE1E2
                                                                                                SHA-256:0D37470081BE8CD1CB46AC283A4C6E2FCA04A1568773EE79C1802DB12805D01A
                                                                                                SHA-512:741235C0D109A3040A9C3FF2F333ABC3C95BB8B7AA03E48A0924FDCFA741B40B6BF201BF5B91C0E6FDE33EA460086686DDFD678BBA5C774EF7D4E889902D6306
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:2025/01/16-11:20:27.534 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:20:27.535 1f30 Recovering log #3.2025/01/16-11:20:27.536 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):344
                                                                                                Entropy (8bit):5.1852207261024805
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+95IQyq2PcNwi2nKuAl9Ombzo2jMGIFUtU9vG1Zmwq97IQRkwOcNwi2nKuAl97:7+/IVvLZHAa8uFUtUZG1/qCI54ZHAa8z
                                                                                                MD5:FFDF764332D11D3A57B0B33109585591
                                                                                                SHA1:B8E3C01EDC38A6C4FCC7B497E0336D4747DDE1E2
                                                                                                SHA-256:0D37470081BE8CD1CB46AC283A4C6E2FCA04A1568773EE79C1802DB12805D01A
                                                                                                SHA-512:741235C0D109A3040A9C3FF2F333ABC3C95BB8B7AA03E48A0924FDCFA741B40B6BF201BF5B91C0E6FDE33EA460086686DDFD678BBA5C774EF7D4E889902D6306
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:2025/01/16-11:20:27.534 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:20:27.535 1f30 Recovering log #3.2025/01/16-11:20:27.536 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\05d5caaf-add1-4d36-9c09-f55beb0cb172.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.969814904260269
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                                                                                MD5:7BE9C8316EB1B7252CB363207744A145
                                                                                                SHA1:57861355BE6541501AED40F896891579DCF473BF
                                                                                                SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                                                                                SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\124be5cb-1128-48b6-9d33-2b5b21b68d3a.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:modified
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.972137858045026
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqjqgxsBdOg2HwfkAcaq3QYiubSpDyP7E4T3y:Y2sRds4qgidMHpr3QYhbSpDa7nby
                                                                                                MD5:B2A0416B1BEAD85B077971D9F7FAED22
                                                                                                SHA1:9A597EC59F9C2DD7DC8C0FE5234177278323A5A3
                                                                                                SHA-256:A7196EAC0E4751BE7E361960A952C960D2BABF6621523A56BEF379998BC1DBB5
                                                                                                SHA-512:15E1B8A9B59F37465C09A3A77133663BCD4FAB6B71A0204A843D332B83D9D4C4A6174C714C5891020691BBD12E0F6C82E80FE1D3C26B3FDA50B72BFA4BAD44B0
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381604439479180","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":358460},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.969814904260269
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                                                                                MD5:7BE9C8316EB1B7252CB363207744A145
                                                                                                SHA1:57861355BE6541501AED40F896891579DCF473BF
                                                                                                SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                                                                                SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4fb47a.TMP (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):475
                                                                                                Entropy (8bit):4.969814904260269
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                                                                                                MD5:7BE9C8316EB1B7252CB363207744A145
                                                                                                SHA1:57861355BE6541501AED40F896891579DCF473BF
                                                                                                SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                                                                                                SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                                                                                                Malicious:false
                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4509
                                                                                                Entropy (8bit):5.239844099218839
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPURNWwXqX5RNZ:CwNw1GHqPySfkcigoO3h28ytPCWEGRZ
                                                                                                MD5:84975B19488DE33882FFD18D5823214E
                                                                                                SHA1:3B4310998CB2B7E02ACC8D1F76B7D9F480BF4C26
                                                                                                SHA-256:DF0F9F486EC82BCE89716BD0F51F3A184E43834A8039ED3B837BD69669DF6F4E
                                                                                                SHA-512:1E6076C23CDC872005E120EE7251B1ED2D837A6E4EA565A9F12F776935513566EC0CE4B26C9A477A2E0A9B9586FD4EE295B4E9466ECBAFF70C11B9D4C55C0C45
                                                                                                Malicious:false
                                                                                                Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):332
                                                                                                Entropy (8bit):5.20171516009773
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+9KQyq2PcNwi2nKuAl9OmbzNMxIFUtU9+FSG1Zmwq9kQRkwOcNwi2nKuAl9Omk:7+cVvLZHAa8jFUtUUFSG1/qCI54ZHAab
                                                                                                MD5:279A6E9D2B2C6804425033CDF663AFFB
                                                                                                SHA1:F04821908BA1F82D2F6FE5EF8E0DF1B496907002
                                                                                                SHA-256:E28DEFE8ADDAF82F0D79AD0B2598FF2904C1416F35EC43F7601D777889E8CF03
                                                                                                SHA-512:CAF79ED977321A8AF4D4BC02D6A02747960E7213CE4BDE6CE6FB85C9E7C4D2BF31A07DB509C5CD3355B09A3BE270AF052EEB874F17AD5303A05127A2C2444946
                                                                                                Malicious:false
                                                                                                Preview:2025/01/16-11:20:27.871 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:20:27.887 1f30 Recovering log #3.2025/01/16-11:20:27.918 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):332
                                                                                                Entropy (8bit):5.20171516009773
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:iO+9KQyq2PcNwi2nKuAl9OmbzNMxIFUtU9+FSG1Zmwq9kQRkwOcNwi2nKuAl9Omk:7+cVvLZHAa8jFUtUUFSG1/qCI54ZHAab
                                                                                                MD5:279A6E9D2B2C6804425033CDF663AFFB
                                                                                                SHA1:F04821908BA1F82D2F6FE5EF8E0DF1B496907002
                                                                                                SHA-256:E28DEFE8ADDAF82F0D79AD0B2598FF2904C1416F35EC43F7601D777889E8CF03
                                                                                                SHA-512:CAF79ED977321A8AF4D4BC02D6A02747960E7213CE4BDE6CE6FB85C9E7C4D2BF31A07DB509C5CD3355B09A3BE270AF052EEB874F17AD5303A05127A2C2444946
                                                                                                Malicious:false
                                                                                                Preview:2025/01/16-11:20:27.871 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:20:27.887 1f30 Recovering log #3.2025/01/16-11:20:27.918 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250116162031Z-168.bmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x -120 x 32, cbSize 78774, bits offset 54
                                                                                                Category:dropped
                                                                                                Size (bytes):78774
                                                                                                Entropy (8bit):1.5914721858861718
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:St9DIbaRcdvU7yqgRdPL+mb6//JSMfInC6vOl6J94ZvM6MtRRcXSfVN7SMX7McRL:St9DTiU4rj6QcvxOf0b4
                                                                                                MD5:7519FDB94D0CE392FEFDB5D670AE2334
                                                                                                SHA1:DC99ADD772FF6FA781FA49214C78D84345CEE89B
                                                                                                SHA-256:91644E706DE4C75E436757A68E90CE30D3416D3FD03D7ECCF8392346AE7C0499
                                                                                                SHA-512:59AEC854CB179F6D430CE8D12F45C674B66C2FDCA351744B8D1431CC6F8A3DADA42E5C87DF1E5E28D3FB4AF22CD3F72875863BEF0D05AD3347CD61E9DE7DA9CC
                                                                                                Malicious:false
                                                                                                Preview:BM.3......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                                                Category:dropped
                                                                                                Size (bytes):86016
                                                                                                Entropy (8bit):4.438775625159447
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:yeaci5GCiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1yurVgazUpUTTGt
                                                                                                MD5:0C095A52FA2F4D41373BC4A2FEC2334C
                                                                                                SHA1:3E6A0783A5275C6E69EC768455DA3DD61125A851
                                                                                                SHA-256:CDBA8379E96572585398A9E16A732BAD54287980DBA62F91397474217797252B
                                                                                                SHA-512:1A5F8B17AD43F4961B1E0809D1D24EF526FDBD4BDDF7276309B82294EB90035188F7BE602DE5CC50991F7DA285CF575B46B7D19BD194AB81AB11B590A54B1CCE
                                                                                                Malicious:false
                                                                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite Rollback Journal
                                                                                                Category:dropped
                                                                                                Size (bytes):8720
                                                                                                Entropy (8bit):3.7747441022682278
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:7MYp/E2ioyV2dioy3DoWoy1CABoy19GKOioy1noy1AYoy1Wioy1hioybioyzioyp:7Hpju2d0iAp+XKQigSb9IVXEBodRBkG
                                                                                                MD5:CFAE306CA40F0C8253E892520DA9D6E3
                                                                                                SHA1:3CBEDAD2B1A7A28B5D0AE77CDA18097A617D6B28
                                                                                                SHA-256:B34B7DC16D13F7799C63FC15030AFC6DCC0538A381D2EC09CFF71C56A90C21B0
                                                                                                SHA-512:9D5322D5105ABB93996B6BF1851A0EEB5E5B5260E2C54180E25CCF35BB28F090EDB298748881A5CB16E6A7CC50E3502C6D40ECCFA9B74671A585FAE7B0E3DCBF
                                                                                                Malicious:false
                                                                                                Preview:.... .c.......@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:Certificate, Version=3
                                                                                                Category:dropped
                                                                                                Size (bytes):1391
                                                                                                Entropy (8bit):7.705940075877404
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                Malicious:false
                                                                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                Category:dropped
                                                                                                Size (bytes):71954
                                                                                                Entropy (8bit):7.996617769952133
                                                                                                Encrypted:true
                                                                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                Malicious:false
                                                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):192
                                                                                                Entropy (8bit):2.7464849065063075
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:kkFklm9rvfllXlE/HT8kdtNNX8RolJuRdxLlGB9lQRYwpDdt:kK/FQT8WNMa8RdWBwRd
                                                                                                MD5:4F400528888FDC09CAB2EEE691A07296
                                                                                                SHA1:01521A4972AA8A133037129E95CEC5870D3BDF83
                                                                                                SHA-256:38CF93A4C776A0B75EA0E1566D6B40448EC6C5F6782D8F97EC328240C2BA8969
                                                                                                SHA-512:1233A724949AD9E20144902FCF746F890C8AB2105D6CC869911FEDA8DA8347A9DCD39874AFC056545DD33B47B6509088EF692A902E529B4552E0E58F7A5C4C7C
                                                                                                Malicious:false
                                                                                                Preview:p...... ..........e.2h..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):328
                                                                                                Entropy (8bit):3.237197333704125
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:kKXkdLD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:/SLaDImsLNkPlE99SNxAhUe/3
                                                                                                MD5:BE984202AD5146D3F11260F1002651A2
                                                                                                SHA1:EBAC9B52785735C1371D7B0F458EB95334972CB8
                                                                                                SHA-256:B43B863FB6277D30B0FA03405007DC766147CAAF1784A157505C1AB6442A9BEE
                                                                                                SHA-512:2EEB32C850D6DF9D6C5A0CBD02ADB6EA90973FC398E30BF33EF346CE7C914F227073A593E25A852B685E8AB7A75B0DCEAB91B64BA0A97ED78854A67AF586C1F8
                                                                                                Malicious:false
                                                                                                Preview:p...... .........5..2h..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):228351
                                                                                                Entropy (8bit):3.3898188882857125
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:qMKP+iyzDtrh1cK3XEivQ7VK/3AYvYwgF/rRoL+sn:FKPoH/3AYvYwglFoL+sn
                                                                                                MD5:E50F0172166A22E3934BC9BE1230D217
                                                                                                SHA1:5BC71ACD513E24B0DC4464B5F8303B53060AC253
                                                                                                SHA-256:B0E3C9BB8985F3347035023EC394252407381B1F1BC8D775F6D3CC273101BF58
                                                                                                SHA-512:CADECBD83A19CA83DDFCDA9F7F4B87775E94332FBC7254FE2A750F2FEC4C6766C2F3039A15021DC6BB83515F79878638BE5FC53DFFB54F722024613D048CC155
                                                                                                Malicious:false
                                                                                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):295
                                                                                                Entropy (8bit):5.343071995683208
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJM3g98kUwPeUkwRe9:YvXKXuXGXpObsdTeOC2sGMbLUkee9
                                                                                                MD5:D6AAF66672A240FA0BD6E87F35E1210D
                                                                                                SHA1:0F4397F55547494BD2DE939B13B6599ACB1BDA7C
                                                                                                SHA-256:AC82EF1ABE45CF109312B45BBF0A281CC663CF8701C410DA90A4E0C061117525
                                                                                                SHA-512:F8B3D2C70D54310C7DFCEEEED727030D3FA5C966E47086E624D4ED56F016EF26944FF3D08E1B183AD3D0FA1E05B74890E1FD76D2B88576243639D1BD1047A320
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.2811203516120075
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfBoTfXpnrPeUkwRe9:YvXKXuXGXpObsdTeOC2sGWTfXcUkee9
                                                                                                MD5:4E0D559EF1365A47CDF4BE852D0B28D9
                                                                                                SHA1:264B04D3B83D0F3E9767CC89E058CD96533705C4
                                                                                                SHA-256:669226DB6B397C668EB876D9C7AC2FF5EDDCD1B6C8A244C0FA3B3F2778CB0F07
                                                                                                SHA-512:8AD5DA725A1D1211FF1EB3871A71181C49A90621647B3EBDBB1FEF3C3BEE60AF9700960312BF19977ECFDA35F3CA7AA2CE5EF7029CEA4969AE675D9DF0742DE5
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):294
                                                                                                Entropy (8bit):5.259379846969815
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfBD2G6UpnrPeUkwRe9:YvXKXuXGXpObsdTeOC2sGR22cUkee9
                                                                                                MD5:4972240EF6A3D8FC075431CBE08EFFEC
                                                                                                SHA1:3A51896FF53BC44FD4E91D2FD123B783B6D3F73F
                                                                                                SHA-256:836168450618380ADBD9E3E3D232689AD4722A77355A002A9F7B95F9E175B56C
                                                                                                SHA-512:35215423071D5CCB3D297FCF0650ADBF875E58B4271149FAC6CE73009E69D4CB1AE7859AECF330FBE7118CAC1F4695B08DB69C178B18D92AE235DCC57059E467
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):285
                                                                                                Entropy (8bit):5.329238320219288
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfPmwrPeUkwRe9:YvXKXuXGXpObsdTeOC2sGH56Ukee9
                                                                                                MD5:8879CD72A5AEF0D93FB07E5A2344E946
                                                                                                SHA1:943951240387E538A8F2E2625FA9F0AE34674E74
                                                                                                SHA-256:77EDF93AFAD0BE8809B0280FFFDC2AA57AFD777B2652617EFB0D1D44AFF22C39
                                                                                                SHA-512:E494910F9FAF581155BCC07A1D7CD250DE69B0C79390198466FF667DE5BDECDA7B951CADF9F809551928448A95909D7538FBECA8F26CC283EF22429547DB71D5
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):1123
                                                                                                Entropy (8bit):5.690945954787375
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Yv6XuXGXpWmeOZJpLgE9cQx8LennAvzBvkn0RCmK8czOCCSV:YvCpVeohgy6SAFv5Ah8cv/V
                                                                                                MD5:68F83DEA68E73BFBB6A9BACF6473F5DD
                                                                                                SHA1:129BDDE1902C83EEC5117AC670571F2A153D6E98
                                                                                                SHA-256:C02B81F8EB615B548E44305FDDBC0C52C4FCFBFBE42CDA2C50EAD9245D4AE1D5
                                                                                                SHA-512:5639A24231CA13BDF0B238B11D20A2C64C4A903525C94FAC6723DC505EF1959BF2D9215E781DB95B1B90DE2E76A4E0A29B95F4B9BF7EDB24C1D711E2E8D1C0DF
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.265491733003633
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJf8dPeUkwRe9:YvXKXuXGXpObsdTeOC2sGU8Ukee9
                                                                                                MD5:CADA9DCC2315D85A59C02DD5F994D70C
                                                                                                SHA1:3D3E9C756EA60B933B6B4F1B6FFE0D3652DFC889
                                                                                                SHA-256:A01AFD396D100AD3F015450752E313523E40E8ECDF5340A367616B5B6C75481A
                                                                                                SHA-512:6BB4AE1F2EEE19BC113ECF843F76CC64F2E150D34051EC2E758E4255DB019B23E0B77381E96D407E8E468E710BE8F9479BD80870A0F8F216F79AD5AE46BD97C6
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):292
                                                                                                Entropy (8bit):5.270328504408411
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfQ1rPeUkwRe9:YvXKXuXGXpObsdTeOC2sGY16Ukee9
                                                                                                MD5:07400710D6BACF6F6684C35DCD0623B6
                                                                                                SHA1:DF1888EA9319E67233BF9947CD91BC90E0DDC7AB
                                                                                                SHA-256:ECAC3068995921ACE94EFA8954627B13955B903E71E38F7AF290330299316A2E
                                                                                                SHA-512:32F66A21C3F2A4F294A668B8445B95762B2D91A373B934D299202DA9EC88AFF498A0394B5C367C0AAED6EBAB73A2A378DB37413EA71F19E455646FD1D2517068
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.284952938062938
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfFldPeUkwRe9:YvXKXuXGXpObsdTeOC2sGz8Ukee9
                                                                                                MD5:A293B69DCBF6964EDC4C22C3FDE2E05A
                                                                                                SHA1:F044E7D9A9D01A67D7105DD3DB3DFA0AAAC13EC0
                                                                                                SHA-256:AE7E9AFC3F7E2F84F874B0C436F165032DFC1E671387AD707801F68EA2E58D60
                                                                                                SHA-512:11C8CCD21EF7A65B5B8A9407190A969A6E7B3A3DAD70030BA601849B9744DBA2AB485D19BFA9BF774640D3B498D7CAB1BB284E57B06EC633540243211B94FFBA
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):295
                                                                                                Entropy (8bit):5.292341659527415
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfzdPeUkwRe9:YvXKXuXGXpObsdTeOC2sGb8Ukee9
                                                                                                MD5:4630802996303C317CBBFB6CBD2A0881
                                                                                                SHA1:06B0E9223CBF7DE4B2850F2F55B141729CFA6CF2
                                                                                                SHA-256:FA388343584BB392E3A9BA57450D174C43DEF4B70053E6F40C2907DB3990FC19
                                                                                                SHA-512:B015205C61D12397047D3823B06CB62B94EA3B9DC2AC709FC4752B7C434B815C3CD8844EAD5E72F8A65C8F0033D5CBA828B22A2A5BFCD347DE99D2B344F9DB4F
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):289
                                                                                                Entropy (8bit):5.272701870247171
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfYdPeUkwRe9:YvXKXuXGXpObsdTeOC2sGg8Ukee9
                                                                                                MD5:B810C8AFB1164306157A892474957A56
                                                                                                SHA1:F1A7AB1C7A2DBE7288F6307281A080DEAF8F68A1
                                                                                                SHA-256:687E66C68C3E40DBBB46E9B1039F6D5B2269678692E767BD53CF8660396B3876
                                                                                                SHA-512:BED6395C76DD88C5F2623B8B27825947E78DF6D58ECEC3F2DA68DA56BDB962E74201F15B6673C7A5ABF1292EDCF37CBD35951B6F80B7724158A2F0D601223EA4
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):284
                                                                                                Entropy (8bit):5.258271642194114
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJf+dPeUkwRe9:YvXKXuXGXpObsdTeOC2sG28Ukee9
                                                                                                MD5:82A63E39F2F1774E27A034C52A2C0301
                                                                                                SHA1:0B8F4F184FC9678AA3D55F7CFA4F2E40859FCD68
                                                                                                SHA-256:AFFD2462BC00ADC174B1E6355B52A5CF62CE8966A26CD802E1FFD925F1219482
                                                                                                SHA-512:57AF9755C5761BAFFF796E1AC2B87EFE99F7D128A0C1091D1EA574FAC2C9833C85409F6CFE851C63AE6DBFFC417B4689BCAAC133A02A0622216BBEC3E7A5041D
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):291
                                                                                                Entropy (8bit):5.256436583933081
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfbPtdPeUkwRe9:YvXKXuXGXpObsdTeOC2sGDV8Ukee9
                                                                                                MD5:750EA8447D45C5F031913C8A85C28434
                                                                                                SHA1:F258D0645FA5C0D5AD562D0672E50E6633A6F531
                                                                                                SHA-256:6BA6E9F3E6532986C9F51DC7077BDE97D1D9749FC9E7B1A5C5C6E474B19F23D8
                                                                                                SHA-512:8B04DF04864EE16EEFA4275C79F9DC0F0A39422FBA89D970FBBE165351E5387571C707A032A382D064CEF364FAE32A9464B460949B45313FA2D102DB1F886837
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):287
                                                                                                Entropy (8bit):5.261006055274837
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJf21rPeUkwRe9:YvXKXuXGXpObsdTeOC2sG+16Ukee9
                                                                                                MD5:1F95693988811221C29767D664DCBFD6
                                                                                                SHA1:08C8FBDB377D1419433430DAB3C07FE5CC7B5353
                                                                                                SHA-256:DCAAC79B2E8A3A0BB760653E759914EEF2ED0F0CF492CAF062FF1FEE2223A92E
                                                                                                SHA-512:47FAF9B2619798E1F0161F27B60C16052CB65F77276F490098092AF1CAA9ABFC0FCCA8A8B481D7C029F20971CD797BA29EDD52BA49BB6CE38B55D604A6A31FAA
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):1090
                                                                                                Entropy (8bit):5.666875521235041
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Yv6XuXGXpWmeOZ5amXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSV:YvCpVe6BgkDMUJUAh8cvMV
                                                                                                MD5:574C304AAC7032E4EC771A49BF6330A6
                                                                                                SHA1:8ABCD04EFD8B1F745B68191FEA822D98D927D569
                                                                                                SHA-256:60AF4FDD868A63457785EB2E3314D41D275FE5138F8600B258F30D9967DF1022
                                                                                                SHA-512:84F801A610FEDD493BE54F4D0A75FA495E6B1FC9F0EC1719CACAEBDFCF3F5BE1A073B40D04516082186483D077A739FA5F2F7BE8FB70E07B15ACAAB8E52434CE
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):286
                                                                                                Entropy (8bit):5.235958522437406
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJfshHHrPeUkwRe9:YvXKXuXGXpObsdTeOC2sGUUUkee9
                                                                                                MD5:D4CD3E5D912D6BCEB461988F00B7165B
                                                                                                SHA1:6B29BB5F7BC6141A36D10BDD9A73E62E20B74D8B
                                                                                                SHA-256:C69DBC355A84103DEFEAC98BA9B4EB5463175F32C98477DE04F0D85A99090F60
                                                                                                SHA-512:6B43F023FD40301F6514E4869D3D11FED93E2AED3166E0E59DE310F229EDC7CC62D64CD8684CCA1F9EB38BF0C2F052CDCA549B70E7BC6AB306FAF47276E38D1C
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):282
                                                                                                Entropy (8bit):5.250723308251187
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:YEQXJ2HXPWXXWX2iO4WsGiIPEeOF0Ypo2EeoAvJTqgFCrPeUkwRe9:YvXKXuXGXpObsdTeOC2sGTq16Ukee9
                                                                                                MD5:DF346537C153CB948444540A07FBD094
                                                                                                SHA1:0EE53F0AE6D426743255AEA60F53280991A73BCE
                                                                                                SHA-256:9ACD2D6EC103DE5FD2D7CE191CCDE7ABB8B6BB7E2FE8374BA96AB87555457023
                                                                                                SHA-512:A632D27DA35399A58145A98E8A6CF5C4C3EDC41356FCFFE136CB0FB2BE2D5800CFDD76CA66C206DDBDB72C31CEBBC41397A9B32E125139B4FCD532A326DF3C79
                                                                                                Malicious:false
                                                                                                Preview:{"analyticsData":{"responseGUID":"8398a7dc-8294-4e82-8421-2a40bc12a72d","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1737217534828,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):4
                                                                                                Entropy (8bit):0.8112781244591328
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:e:e
                                                                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                Malicious:false
                                                                                                Preview:....

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:JSON data
                                                                                                Category:dropped
                                                                                                Size (bytes):2814
                                                                                                Entropy (8bit):5.12965741484173
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:Y3yElajMZ1ay/HA0Fno6sijV7EwdmET1h2rmjLNEj0SJEaYPa2LqD2LSJPZC1cKF:Y8UO6siZ1RhVLNmzyqDZYGReSi+Ah9B
                                                                                                MD5:B5AF7E932F70256FCE065979A5AAEEF3
                                                                                                SHA1:CC0AD9E090D637E23B2331EFC7CB6B6D780EB26B
                                                                                                SHA-256:8E0964663A245D6609836A3D0ED106AC85F82A30E6D130CA2D3ABBF4E27A9C2B
                                                                                                SHA-512:AACC5F238DB7AC8897C6EC1A8699FD405019CB79EA868B7855D35A657E0529E048644B07494EF219A041C426050508A82852134F85D2DB0B3FE5F5154132A057
                                                                                                Malicious:false
                                                                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ba9c8c162449737ec26c7f1c9c543be2","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1737044434000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5b5f8e9623396f46c52966749f228ddc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1737044434000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f57e56e9532529f931713ca0c9180bea","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1737044434000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f2848fa43ddad5d1cdcc63b251aecea8","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1737044434000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"6f5718826358360ddd4385180af312b4","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1737044434000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"3c65fefe9fb518dbeab0e061f9fbe45f","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                                Category:dropped
                                                                                                Size (bytes):12288
                                                                                                Entropy (8bit):1.4527934258616706
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsjlp:lNVmsw3SHtbDbPe0K3+fDZdU
                                                                                                MD5:2E74102D987623E493672F2950A08BD2
                                                                                                SHA1:03D58718776EB145222B4A2BF7E8077B335A5039
                                                                                                SHA-256:71B1B0803C98946C0434CCC41D7BB7E717CF10944C76A97428775606515C3A3B
                                                                                                SHA-512:D05D9B6648E1F6B7CD425536096F6B869CDD260E9D72DD2094D09B8D637702FA236D0F6C02EE0C70A639FBD2AC718FC29467CD4AD98364DC74C59869E7B22214
                                                                                                Malicious:false
                                                                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:SQLite Rollback Journal
                                                                                                Category:dropped
                                                                                                Size (bytes):8720
                                                                                                Entropy (8bit):1.9556160996281764
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:7MgrvrBd6dHtbGIbPe0K3+fDy2dsiZqFl2GL7ms+:7h3SHtbDbPe0K3+fDZdBKVms+
                                                                                                MD5:13FAFE5D0D19A11532353F857D6CFED3
                                                                                                SHA1:ED57AC717450B95B5FC611DD2673EFC3FD12FD3B
                                                                                                SHA-256:2CC5E19A897ECF0E19EC83D187164403FCF00AF5946D2045DCE4AD84E55CEFD3
                                                                                                SHA-512:50CB8616932E28045CCC4CBEDAEAE7EF50CC4D8192C359196CF5DA60547C5336D07955B05771F47F11E5A6021B5B9DDED7E9677C170FAA2B93A4CB6DA335A5FD
                                                                                                Malicious:false
                                                                                                Preview:.... .c.......C.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):66726
                                                                                                Entropy (8bit):5.392739213842091
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:RNOpblrU6TBH44ADKZEgPncBnHfE7Xks0VOiUwG8v1b6rYyu:6a6TZ44ADEPncxE70sKhrQK
                                                                                                MD5:BB0570202A1327C8F7B4EEE9393A52DE
                                                                                                SHA1:3DA3B5B75C60F8771A91769C6E39B643F8E03F41
                                                                                                SHA-256:F83C85A68706646549F679B9AF9B36465F5DC8952CFA0A1609E2F00A0AD58D76
                                                                                                SHA-512:9FDF45A4DDFF10B822DA51A5FD786F345A889A4B81B6A7CC17EE0C9AFFF45E418069BE199C1590E72397AFE21B46939C68AF43AC1BCF7E6EA4F668650CD9C12F
                                                                                                Malicious:false
                                                                                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                C:\Users\user\AppData\Local\Temp\MSIf7743.LOG

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):246
                                                                                                Entropy (8bit):3.516674370985874
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eebClEpl:Qw946cPbiOxDlbYnuRKhsDr
                                                                                                MD5:D3FF266FAFA358E41C1A87DA608C02DF
                                                                                                SHA1:1CCF9DDEA6E7028C66BDEA07643BE406641F23A8
                                                                                                SHA-256:BEAA0648EBB8C16B5522779FF42058FCA20824E04BD3F146B25E30D880FFE5F2
                                                                                                SHA-512:E27B34987CE7330A9683456A245B99DAE79CF24C15C0866DD7164ED191BB298041F8CD5C1B3DFF108D9298261DD2E255C26418E499E77F507E1E2124FC6B9E6C
                                                                                                Malicious:false
                                                                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.6./.0.1./.2.0.2.5. . .1.1.:.2.0.:.3.4. .=.=.=.....

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-20-29-172.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393)
                                                                                                Category:dropped
                                                                                                Size (bytes):16525
                                                                                                Entropy (8bit):5.386483451061953
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                                                                                                MD5:F49CA270724D610D1589E217EA78D6D1
                                                                                                SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                                                                                                SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                                                                                                SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                                                                                                Malicious:false
                                                                                                Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):15114
                                                                                                Entropy (8bit):5.379164850140701
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:9JXYft9TS1oGztRFgjw9QV2Vzu69YXWDf60/73Vh1AVrVgVZb5vKYmgEbx0xYV8d:8SAwkRmVL
                                                                                                MD5:961C32516FB4C7B466C483FBB45B7E8E
                                                                                                SHA1:5B8B6F40689E3C6BAC4664E7EC2DF315E92BF4AC
                                                                                                SHA-256:64C35A175B69238A24573009A4961D2EF98C092F0C1FAD21BD868F76B803CE14
                                                                                                SHA-512:EA0DAAFF5E62CB77B5B593E55A200899B2675E40FCCEDF33D020BCBA2F37CAA4C11AC4A46DD7284F59EF960A9B14C9082BDDC63736611B5A1CF2C644894E2ED8
                                                                                                Malicious:false
                                                                                                Preview:SessionID=68a84b70-2632-474b-8ff9-3681ab58e2fd.1737044429194 Timestamp=2025-01-16T11:20:29:194-0500 ThreadID=6392 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=68a84b70-2632-474b-8ff9-3681ab58e2fd.1737044429194 Timestamp=2025-01-16T11:20:29:195-0500 ThreadID=6392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=68a84b70-2632-474b-8ff9-3681ab58e2fd.1737044429194 Timestamp=2025-01-16T11:20:29:195-0500 ThreadID=6392 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=68a84b70-2632-474b-8ff9-3681ab58e2fd.1737044429194 Timestamp=2025-01-16T11:20:29:195-0500 ThreadID=6392 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=68a84b70-2632-474b-8ff9-3681ab58e2fd.1737044429194 Timestamp=2025-01-16T11:20:29:195-0500 ThreadID=6392 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):35721
                                                                                                Entropy (8bit):5.416649930155313
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gR/:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRd
                                                                                                MD5:E15AC71EF1FEC7BBBBC6A75547518811
                                                                                                SHA1:59B314D8C80867D12397ECAF8101BC4E84DDE921
                                                                                                SHA-256:8D8E0F860D0BF87E12C664BF2F6BB38794F3231DE9246AA5B002807C3951B6CC
                                                                                                SHA-512:E6B30420B265A5A17C3E902DA54CF4876272520BE4B9C4C476CC15E9046AD5F488430DE51887C4F4845ABB2B485FBFADD824D3852AC8145816581284DCDFD3FD
                                                                                                Malicious:false
                                                                                                Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\1d154384-ab0c-408f-b28b-bb8bd728a6c3.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                Category:dropped
                                                                                                Size (bytes):386528
                                                                                                Entropy (8bit):7.9736851559892425
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                Malicious:false
                                                                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\5dc5ee11-d6f3-4e33-9444-a01e69a7cac3.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                Category:dropped
                                                                                                Size (bytes):1407294
                                                                                                Entropy (8bit):7.97605879016224
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\80ebae4b-943a-4432-bfe1-5aef31daa7b5.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                Category:dropped
                                                                                                Size (bytes):1419751
                                                                                                Entropy (8bit):7.976496077007677
                                                                                                Encrypted:false
                                                                                                SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                                                                                                MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                                                                                                SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                                                                                                SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                                                                                                SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                                                                                                Malicious:false
                                                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\fc4c4a55-ebbe-415f-87d2-31fb93a03f02.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                Category:dropped
                                                                                                Size (bytes):758601
                                                                                                Entropy (8bit):7.98639316555857
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                MD5:3A49135134665364308390AC398006F1
                                                                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                Malicious:false
                                                                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                Chrome Cache Entry: 187

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):610
                                                                                                Entropy (8bit):7.596151900307889
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:6v/7iiaBY1azPX793IrzbrJif0E5zaB2klzfngSN17Aod/ja:rCMzPZ3Ir3rpkJk1/Ja
                                                                                                MD5:6018807017AFEAD14417566F975FFDB4
                                                                                                SHA1:2EE7C3239E4046E9567C8100DECD9ABE6093B79F
                                                                                                SHA-256:99AF6690771B7B62A1325D0C0B38A9A0300C18921E4877DCF38A239B9C977502
                                                                                                SHA-512:03C81DD6C526EE84F274F4BFE903FC694BFD4ED20B359C1A7BA09D940795316B816E869B59D4DA383AC8367B952E5ED7C7244795E1EDDB6976A358240421C789
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR... ... .....szz....)IDATX..?L.a...w1.......KS..Z..hM.].......c].R...1v.hL...tS[[.....H.1i].ld.!..ppx.....g.{s...}..!.@M.[...0......C ...9.P5....h......P...4o..'Ri...z.Tfn..D......2.y].F.5k...!..<.|.[r......GdO....vE..$.&...`a...........e.N.._..l..Y..\...|...;F........u..w... ...e.....5......h..=.58#2..>..|^....Z._4u.....&Y.M.Z.S.Kt.as.q..2...D......N.%.n.A...g.W....@:S`1....2....e..a.C#h.d...#f..=.i.....qo..+.HN.O.k.:....O.............V&..1.l.t...SHe...|....W.ts.c.....zj..=..3..b........?8...}....!.F._..m./.T.jv.P."..2.......C....d........A1.....IEND.B`.

                                                                                                Chrome Cache Entry: 188

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, Unicode text, UTF-8 text
                                                                                                Category:downloaded
                                                                                                Size (bytes):169290
                                                                                                Entropy (8bit):5.183926752751333
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:lEFpFm7r2UBhZ/ntaFg7r2UBhZ/ntH7r2UBhZ/nt7FxwkBBWQitv7hZ/ntKSwkE5:WvVcrwqSbYl8Mg6
                                                                                                MD5:F97AEEA08CDEB6E4FE2D65AD9AFB58FE
                                                                                                SHA1:EA8D2860728437C237C439AB1391E459EF73A07B
                                                                                                SHA-256:1ABB37D8A55D3CDEAA5BAE6705077BBD16AB2FCEC147CB2DBDE5A1650D1E62E2
                                                                                                SHA-512:819D9306DA2454F98D18EEBC409C88C100F5F3219620B8D438D1976E99A0E8899EA07CE801E3AE28CE7B22C107D9D335E54E81481976DE5D131F5F544D824173
                                                                                                Malicious:false
                                                                                                URL:https://fixecondfirbook.info/
                                                                                                Preview:.<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>B..king...m</title>. <style>. body {. margin: 0;. font-family: Arial, sans-serif;. background-color: #ffffff;. color: #000000;. }.. header {. background-color: #003580;. color: white;. padding: 10px 40px;. display: flex;. height: 55px;. justify-content: space-between;. align-items: center;. left: 0;. }.. header h1 {. margin: 0;. font-size: 20px;. }.. .content {. max-width: 400px;. margin: -20px auto;. background: white;. padding: 0px;. border-radius: 8px;. /* box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1); */. /* text-align: center; */. }.. .content2 {. max-width: 400px;. margin: 60px auto;. background: white;. padding: 0px;. border-radius: 8px;. /* box-shadow: 0 2px 10px rgba(0,

                                                                                                Chrome Cache Entry: 189

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                Category:downloaded
                                                                                                Size (bytes):610
                                                                                                Entropy (8bit):7.596151900307889
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:6v/7iiaBY1azPX793IrzbrJif0E5zaB2klzfngSN17Aod/ja:rCMzPZ3Ir3rpkJk1/Ja
                                                                                                MD5:6018807017AFEAD14417566F975FFDB4
                                                                                                SHA1:2EE7C3239E4046E9567C8100DECD9ABE6093B79F
                                                                                                SHA-256:99AF6690771B7B62A1325D0C0B38A9A0300C18921E4877DCF38A239B9C977502
                                                                                                SHA-512:03C81DD6C526EE84F274F4BFE903FC694BFD4ED20B359C1A7BA09D940795316B816E869B59D4DA383AC8367B952E5ED7C7244795E1EDDB6976A358240421C789
                                                                                                Malicious:false
                                                                                                URL:https://fixecondfirbook.info/favicon.ico
                                                                                                Preview:.PNG........IHDR... ... .....szz....)IDATX..?L.a...w1.......KS..Z..hM.].......c].R...1v.hL...tS[[.....H.1i].ld.!..ppx.....g.{s...}..!.@M.[...0......C ...9.P5....h......P...4o..'Ri...z.Tfn..D......2.y].F.5k...!..<.|.[r......GdO....vE..$.&...`a...........e.N.._..l..Y..\...|...;F........u..w... ...e.....5......h..=.58#2..>..|^....Z._4u.....&Y.M.Z.S.Kt.as.q..2...D......N.%.n.A...g.W....@:S`1....2....e..a.C#h.d...#f..=.i.....qo..+.HN.O.k.:....O.............V&..1.l.t...SHe...|....W.ts.c.....zj..=..3..b........?8...}....!.F._..m./.T.jv.P."..2.......C....d........A1.....IEND.B`.

                                                                                                Chrome Cache Entry: 190

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                Category:downloaded
                                                                                                Size (bytes):2228
                                                                                                Entropy (8bit):7.82817506159911
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                                                                                MD5:EF9941290C50CD3866E2BA6B793F010D
                                                                                                SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                                                                SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                                                                SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                                                                Malicious:false
                                                                                                URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                                                                                Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                                                                                Chrome Cache Entry: 191

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:HTML document, ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):146
                                                                                                Entropy (8bit):4.7571268282533
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:PouV7uJzhquHbtt6vYk2ZRMRJfHKERSAEtvxLrXZiLKY8KWMm9AbBK6c4NGL:hxuJzhqIzyYk+qRU4zEdxXZiqNM0+BKj
                                                                                                MD5:F903C6BF520C04B0EF07D926AF78E263
                                                                                                SHA1:DEF53C8C51418D8A6660E50CAACEE77A5AAA575A
                                                                                                SHA-256:E7C6B9D5281C4D2A3A7AF6293A17FC1685460DC81DD4BD59063637FFDB190029
                                                                                                SHA-512:3358D5F395818B834B2A5C5B4C8A1FF617BC842F5732C79235A3847806A411D5512161A968EDFF684CD29B37DD12E2A7ADACA54E1C289434BBBBD1BA41F8C785
                                                                                                Malicious:false
                                                                                                Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /send-ip</pre>.</body>.</html>.

                                                                                                Chrome Cache Entry: 192

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                Category:downloaded
                                                                                                Size (bytes):642
                                                                                                Entropy (8bit):7.485255326893554
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:6v/7+FO+DpBBzM22sBdG4llNTJ6yHfbE8/jALtcq4PsesuZtC6mN:5tj2sBdpXlHfw8chcqgsCZxmN
                                                                                                MD5:41A0E840AA47C87E19D2BFE0B1231C3F
                                                                                                SHA1:B5F588CA91FC9E67B5EA658C5FF943B0639E57B9
                                                                                                SHA-256:A333D02EEDDE7A4DD8643D58B0EA7947268A1762F35F517EB6000EC9E7FCFAE8
                                                                                                SHA-512:8578A788F605BC27B4326EB38417A71E45A05AC885B971C49AC3C7D23F6DDF747F69F2CCF3DF0C461E1C90268247D6959F248D3001518F56888F6D6B8C1CDD2E
                                                                                                Malicious:false
                                                                                                URL:https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
                                                                                                Preview:.PNG........IHDR...0...0.....`......uPLTE..0<9p..0.'@.....0<:p.s}TS.....a_.HFymk.IFy.;I......yx....HGy..........Wd.........&@...mk.......G^............l.........tRNS...;%j.....IDATH..a..0..`..5..KiA8..S..O.y.....h><..4.......c..0..Pm.v......i...iuo..;..X..H'7LVM.....{..5zM.{.B"-4r[O..L..fw.hY..G...\.@h.U.kS...d.2`{...]i.....Zt@....t.,.z..W..x..........V-lB...S.!...S....U5.....E.+...g..4.....!.?...N..w.7-L[....<j..|.+r5.u~..a0.<.l..._.h.q..4.....(.>.<.E.I...-t....X.S.77-nX.......^.T.*.....s.m.......~V....Lnz....Y...5......-...|...{q...'.lN.W.4W]..<.......`!..A......D@...$.....0X.I..1XI.....T....C..@.}....IEND.B`.

                                                                                                Chrome Cache Entry: 193

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):642
                                                                                                Entropy (8bit):7.485255326893554
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:6v/7+FO+DpBBzM22sBdG4llNTJ6yHfbE8/jALtcq4PsesuZtC6mN:5tj2sBdpXlHfw8chcqgsCZxmN
                                                                                                MD5:41A0E840AA47C87E19D2BFE0B1231C3F
                                                                                                SHA1:B5F588CA91FC9E67B5EA658C5FF943B0639E57B9
                                                                                                SHA-256:A333D02EEDDE7A4DD8643D58B0EA7947268A1762F35F517EB6000EC9E7FCFAE8
                                                                                                SHA-512:8578A788F605BC27B4326EB38417A71E45A05AC885B971C49AC3C7D23F6DDF747F69F2CCF3DF0C461E1C90268247D6959F248D3001518F56888F6D6B8C1CDD2E
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR...0...0.....`......uPLTE..0<9p..0.'@.....0<:p.s}TS.....a_.HFymk.IFy.;I......yx....HGy..........Wd.........&@...mk.......G^............l.........tRNS...;%j.....IDATH..a..0..`..5..KiA8..S..O.y.....h><..4.......c..0..Pm.v......i...iuo..;..X..H'7LVM.....{..5zM.{.B"-4r[O..L..fw.hY..G...\.@h.U.kS...d.2`{...]i.....Zt@....t.,.z..W..x..........V-lB...S.!...S....U5.....E.+...g..4.....!.?...N..w.7-L[....<j..|.+r5.u~..a0.<.l..._.h.q..4.....(.>.<.E.I...-t....X.S.77-nX.......^.T.*.....s.m.......~V....Lnz....Y...5......-...|...{q...'.lN.W.4W]..<.......`!..A......D@...$.....0X.I..1XI.....T....C..@.}....IEND.B`.

                                                                                                Chrome Cache Entry: 194

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                Category:dropped
                                                                                                Size (bytes):2228
                                                                                                Entropy (8bit):7.82817506159911
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                                                                                MD5:EF9941290C50CD3866E2BA6B793F010D
                                                                                                SHA1:4736508C795667DCEA21F8D864233031223B7832
                                                                                                SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                                                                                SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                                                                                Malicious:false
                                                                                                Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                                                                                Chrome Cache Entry: 195

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 190
                                                                                                Category:downloaded
                                                                                                Size (bytes):168
                                                                                                Entropy (8bit):6.7197357652806184
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:FttakNW0v1qHv3HjapKxfD/20PbHykg8TaKRUvKEivzCz4Ecssx2VSREvln:Xt5WaoekNj20P57TaKaHirPF2Vr9n
                                                                                                MD5:3B84FB10F1DF8E1537F04D6C0F8EB5B6
                                                                                                SHA1:E486E09F4BEC13056A3C39C48738C50C0983130B
                                                                                                SHA-256:8675302B63BEDD118BCBB4527599F0FC76E387E96C626776FB7CCB63DA4F498A
                                                                                                SHA-512:6FC2F7B6FE2EB51700421CC92C30137A3820208B3AA75E159D11FE7064FF152680D0D746ABACB5D0E98350ACA8872B2FCFC12B8E32CE0232E343E1FA505C3660
                                                                                                Malicious:false
                                                                                                URL:http://clintonmakes.com/favicon.ico
                                                                                                Preview:..........M.M..0...R.K.plv..H.H.8x...d....t./M....&='.Zgp.....P...[.".9b*S....1..A...nr.....,.(.J[..:)B.$.......n.Y.a......R.509.}...l?.0.<y..gW.....|....v....

                                                                                                Chrome Cache Entry: 196

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                Category:downloaded
                                                                                                Size (bytes):586
                                                                                                Entropy (8bit):4.370557641150247
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:uSoUAjPUdbGVL+PSePqfowFGZciFanuacl:1kTibMC1qfNsCmauacl
                                                                                                MD5:ED1D486217F2793D2EF42BE7E3832E34
                                                                                                SHA1:90E1F5CA3AD5B15F83D073983CCC793AA10EC3D3
                                                                                                SHA-256:87BEC5CD283117B0FAA07633479F3E64F476BC65E94EB1B306EDEED381B05DD1
                                                                                                SHA-512:17BC69370C9B0B4FA0D536D6E188770F575CCA8ABCBCE515FE045483787DC01AB5D1F9023F79860ED55B6D6CFC7D54010E538A2299666972D58C6BB8A80EDFBD
                                                                                                Malicious:false
                                                                                                URL:https://fixecondfirbook.info/captchaHandler.js
                                                                                                Preview:document.addEventListener('DOMContentLoaded', function() {. const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox');. if (recaptchaCheckbox) {. recaptchaCheckbox.addEventListener('click', function() {. // ........ IP-...... .. ....... fetch('/send-ip', {. method: 'POST'. }).then(response => {. if (response.ok) {. console.log('');. } else {. console.error('');. }. });. });. }.}); .

                                                                                                Chrome Cache Entry: 197

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):874
                                                                                                Entropy (8bit):4.562777845892514
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:2z34mR0mRFgRmRCL3/mRLC4McHPXkniHqb8iHqmu:aLpfbgLegbM0nhYhmu
                                                                                                MD5:E1B0667740A466F2ADE08864B8AAC4A8
                                                                                                SHA1:3E79FF881EB857A030CDA726CBA4B73FDFEB9664
                                                                                                SHA-256:D688F111F8DF6DADFE5505FDB923A2788311A2D1D70D4FE04688020E1B211A6D
                                                                                                SHA-512:43E9400B5467A7DBFCBD89C9D08CBADE214DE5CC562A9DBF4D6A7F7216E5146C771E8BE90CF1F1C1E0106EA52F0F27CA7698D8190FB34603981CDCE50F26E4AD
                                                                                                Malicious:false
                                                                                                Preview:(function() {. function revertLanguageChange() {. if (document.documentElement.lang !== originalLang) {. document.documentElement.lang = originalLang;. }. }.. const originalLang = document.documentElement.lang;.. const observer = new MutationObserver(revertLanguageChange);. observer.observe(document.documentElement, { attributes: true, attributeFilter: ['lang'] });.. document.addEventListener('contextmenu', function(event) {. event.preventDefault();. }, false);.. document.addEventListener('keydown', function(event) {. if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. if (event.altKey && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. }, false);.})();.

                                                                                                Chrome Cache Entry: 198

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text
                                                                                                Category:downloaded
                                                                                                Size (bytes):874
                                                                                                Entropy (8bit):4.562777845892514
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:2z34mR0mRFgRmRCL3/mRLC4McHPXkniHqb8iHqmu:aLpfbgLegbM0nhYhmu
                                                                                                MD5:E1B0667740A466F2ADE08864B8AAC4A8
                                                                                                SHA1:3E79FF881EB857A030CDA726CBA4B73FDFEB9664
                                                                                                SHA-256:D688F111F8DF6DADFE5505FDB923A2788311A2D1D70D4FE04688020E1B211A6D
                                                                                                SHA-512:43E9400B5467A7DBFCBD89C9D08CBADE214DE5CC562A9DBF4D6A7F7216E5146C771E8BE90CF1F1C1E0106EA52F0F27CA7698D8190FB34603981CDCE50F26E4AD
                                                                                                Malicious:false
                                                                                                URL:https://fixecondfirbook.info/languageRevert.js
                                                                                                Preview:(function() {. function revertLanguageChange() {. if (document.documentElement.lang !== originalLang) {. document.documentElement.lang = originalLang;. }. }.. const originalLang = document.documentElement.lang;.. const observer = new MutationObserver(revertLanguageChange);. observer.observe(document.documentElement, { attributes: true, attributeFilter: ['lang'] });.. document.addEventListener('contextmenu', function(event) {. event.preventDefault();. }, false);.. document.addEventListener('keydown', function(event) {. if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. if (event.altKey && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. }, false);.})();.

                                                                                                Chrome Cache Entry: 199

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:downloaded
                                                                                                Size (bytes):16
                                                                                                Entropy (8bit):3.75
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:HEIQL:kh
                                                                                                MD5:A6FD0B162FB82DAB665FD0C44346F558
                                                                                                SHA1:E097833D14D58DF26033A916160A935AAFAC37C9
                                                                                                SHA-256:800C0A33850287FD505475C979F6482241E98EAA136732EA18AABA084B838E15
                                                                                                SHA-512:13AD2E0568F7F6BD05524CFA1797DC0309E6CDB1AA98C818060DCB2ACA99958DAFAB4A2CF5AE1CEA49367CC4B7A91633DB889B35ACF15ECB85AF461F2F74D593
                                                                                                Malicious:false
                                                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAnojw-vAgGkgRIFDQzGSa4=?alt=proto
                                                                                                Preview:CgkKBw0MxkmuGgA=

                                                                                                Chrome Cache Entry: 200

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                Category:dropped
                                                                                                Size (bytes):586
                                                                                                Entropy (8bit):4.370557641150247
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:uSoUAjPUdbGVL+PSePqfowFGZciFanuacl:1kTibMC1qfNsCmauacl
                                                                                                MD5:ED1D486217F2793D2EF42BE7E3832E34
                                                                                                SHA1:90E1F5CA3AD5B15F83D073983CCC793AA10EC3D3
                                                                                                SHA-256:87BEC5CD283117B0FAA07633479F3E64F476BC65E94EB1B306EDEED381B05DD1
                                                                                                SHA-512:17BC69370C9B0B4FA0D536D6E188770F575CCA8ABCBCE515FE045483787DC01AB5D1F9023F79860ED55B6D6CFC7D54010E538A2299666972D58C6BB8A80EDFBD
                                                                                                Malicious:false
                                                                                                Preview:document.addEventListener('DOMContentLoaded', function() {. const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox');. if (recaptchaCheckbox) {. recaptchaCheckbox.addEventListener('click', function() {. // ........ IP-...... .. ....... fetch('/send-ip', {. method: 'POST'. }).then(response => {. if (response.ok) {. console.log('');. } else {. console.error('');. }. });. });. }.}); .

                                                                                                Chrome Cache Entry: 201

                                                                                                Download File
                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 526
                                                                                                Category:downloaded
                                                                                                Size (bytes):252
                                                                                                Entropy (8bit):7.110598860032035
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:XtyPGgXdn/L/x3ArVZad32XfxRqI+XQcqa/uD+hWpXJy2QDnW/:XKXdnz/x3UU32vxwIjG/+ps3i/
                                                                                                MD5:273A8E7CE16720012159CCEB076C49B7
                                                                                                SHA1:3D5057731B1521631866D264662F645BAC8CFF95
                                                                                                SHA-256:01CE43EC5F0C2288440121A3A84C1A44210912BC59BB0CA41ED7DA3D68ACCCE7
                                                                                                SHA-512:916731902918128430C5C3B49C509F8A7DA63312445978CD59B2A9199AC34F95E007C8983A728F2918BF32B1C36F1F310415A14FBDDCF56F18F0D777AEB9ADA3
                                                                                                Malicious:false
                                                                                                URL:http://clintonmakes.com/215c/
                                                                                                Preview:.............n. .._..xri3...%...Y:E..6...8...Kb..TE.....8....m..x..lW...R.%....T-.L..9......;.G.~.35v.'.!q.l.j%..*.)_.I.D}.".BI.p..J.........n..}.HC.}S\g...G.nX.&.....d.[.].H...3...9........6,bW].P.a........[q.....j..}..=z=.f*.._...S....

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PDF document, version 1.4, 4 pages
                                                                                                Entropy (8bit):7.900687229046515
                                                                                                TrID:
                                                                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                                                                File name:JvrQuHMa2C.pdf
                                                                                                File size:127'315 bytes
                                                                                                MD5:ad13c0aa36e9152a7aa4d3dee214ca36
                                                                                                SHA1:7b81a5ae937c3a022f550e23e0a801224759b1f8
                                                                                                SHA256:0425201506bdfcd5cc17e15388b793a7bff573d999fd7104cc62bf98f57b335a
                                                                                                SHA512:7fd599c6b235d1469a1b3c0ce3eb10f658f1ec48d16c50179f2445c0661c12488b551765b3e074e2e42a9e5e6492f81918f49725b66831e06a0f8eb35305f836
                                                                                                SSDEEP:3072:if4EDfE0djHijSiCtmHpA14oNhdcVH17ExKjWUHDc0V+g1fhXD:7EbdjCjBu7NhMyxKjfsCz
                                                                                                TLSH:18C3D063CA448CCDF8E3C7F685367E8F48BEF22706D0A923343485966E5191D9A721BD
                                                                                                File Content Preview:%PDF-1.4.1 0 obj.<<./Count 4./Kids [3 0 R.5 0 R.7 0 R.9 0 R]./MediaBox [0 0 595.28 841.89]./Type /Pages.>>.endobj.2 0 obj.<<./OpenAction [3 0 R /FitH null]./PageLayout /OneColumn./Pages 1 0 R./Type /Catalog.>>.endobj.3 0 obj.<<./Annots [<</A <</S /URI /UR

                                                                                                File Icon

                                                                                                Icon Hash:62cc8caeb29e8ae0

                                                                                                Static PDF Info

                                                                                                General

                                                                                                Header:%PDF-1.4
                                                                                                Total Entropy:7.900687
                                                                                                Total Bytes:127315
                                                                                                Stream Entropy:7.970499
                                                                                                Stream Bytes:115373
                                                                                                Entropy outside Streams:5.185584
                                                                                                Bytes outside Streams:11942
                                                                                                Number of EOF found:1
                                                                                                Bytes after EOF:

                                                                                                Keywords Statistics

                                                                                                NameCount
                                                                                                obj76
                                                                                                endobj76
                                                                                                stream29
                                                                                                endstream29
                                                                                                xref1
                                                                                                trailer1
                                                                                                startxref1
                                                                                                /Page4
                                                                                                /Encrypt0
                                                                                                /ObjStm0
                                                                                                /URI4
                                                                                                /JS0
                                                                                                /JavaScript0
                                                                                                /AA0
                                                                                                /OpenAction1
                                                                                                /AcroForm0
                                                                                                /JBIG2Decode0
                                                                                                /RichMedia0
                                                                                                /Launch0
                                                                                                /EmbeddedFile0

                                                                                                Image Streams

                                                                                                IDDHASHMD5Preview
                                                                                                67001024b2b2320c10fb78c7ce898eb0937ea7cd5e2ab220f9

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2025-01-16T17:20:59.046753+01002859486ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound1172.67.168.162443192.168.2.749930TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jan 16, 2025 17:20:21.946736097 CET49677443192.168.2.720.50.201.200
                                                                                                Jan 16, 2025 17:20:26.743608952 CET49671443192.168.2.7204.79.197.203
                                                                                                Jan 16, 2025 17:20:27.915397882 CET49677443192.168.2.720.50.201.200
                                                                                                Jan 16, 2025 17:20:30.072511911 CET49675443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:30.072561979 CET49674443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:30.215652943 CET49672443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:32.681464911 CET44349705104.98.116.138192.168.2.7
                                                                                                Jan 16, 2025 17:20:32.681714058 CET49705443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:39.823218107 CET49677443192.168.2.720.50.201.200
                                                                                                Jan 16, 2025 17:20:40.983357906 CET49705443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:40.988094091 CET49814443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:40.988137007 CET44349814104.98.116.138192.168.2.7
                                                                                                Jan 16, 2025 17:20:40.988482952 CET49814443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:40.988482952 CET49814443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:20:40.988518953 CET44349814104.98.116.138192.168.2.7
                                                                                                Jan 16, 2025 17:20:40.988713980 CET44349705104.98.116.138192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.266781092 CET4982280192.168.2.72.23.197.184
                                                                                                Jan 16, 2025 17:20:42.271581888 CET80498222.23.197.184192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.271651983 CET4982280192.168.2.72.23.197.184
                                                                                                Jan 16, 2025 17:20:42.271770000 CET4982280192.168.2.72.23.197.184
                                                                                                Jan 16, 2025 17:20:42.276555061 CET80498222.23.197.184192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.894700050 CET80498222.23.197.184192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.894726038 CET80498222.23.197.184192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.894773960 CET4982280192.168.2.72.23.197.184
                                                                                                Jan 16, 2025 17:20:52.091057062 CET4982280192.168.2.72.23.197.184
                                                                                                Jan 16, 2025 17:20:53.547693014 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:53.547714949 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:53.547784090 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:53.549670935 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:53.549680948 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.337857962 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.339890003 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.339905024 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.341022968 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.341248989 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.342417955 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.342417955 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.342427969 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.342483997 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.387078047 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.387094975 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.433537006 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.883575916 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.883660078 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.883708000 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.899923086 CET49897443192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.899949074 CET4434989766.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.978643894 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.979593992 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.983509064 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.983592033 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.983880043 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.984360933 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.984513998 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:54.988653898 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:55.878067970 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:55.927764893 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:55.951649904 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:55.956612110 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.046304941 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.046355963 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.046411991 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.046828032 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.046885967 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.046936989 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.047060013 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.047075987 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.047301054 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.047319889 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.279469013 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.322967052 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:20:56.740885019 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.741158009 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.741173029 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.742311001 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.742367983 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.743451118 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.743529081 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.743730068 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.743736029 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.770555019 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.770905018 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.770932913 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.771907091 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.772002935 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.772294998 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.772341013 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.790690899 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.822391033 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:56.822417021 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.868705988 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:57.071121931 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.071221113 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.071815968 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:57.071851015 CET44349916186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.071988106 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:57.071988106 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:57.072014093 CET49916443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:20:57.090886116 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.090923071 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.091083050 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.091289997 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.091304064 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.518970013 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:57.519011974 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.519092083 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:57.519299984 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:57.519325972 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.585392952 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.585808039 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.585839033 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.587296009 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.587366104 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588536978 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588572979 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588654041 CET44349923172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.588665009 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588725090 CET49923443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588944912 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.588985920 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.589051008 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.589237928 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:57.589252949 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.137583017 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.137825966 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.137835979 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.139447927 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.139555931 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.140520096 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.140609026 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.140769958 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.140778065 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.157759905 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.157963991 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:58.157990932 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.159073114 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.159135103 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:58.159902096 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:58.159967899 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.180706978 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.201308966 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:58.201328993 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.242198944 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:20:58.768306971 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768377066 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768443108 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768465996 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.768497944 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768546104 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.768553019 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768596888 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768644094 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768646002 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.768676996 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.768712997 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.768732071 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.769011021 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.769047976 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.769052029 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.769061089 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.769094944 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.852252960 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852390051 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852437019 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852449894 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.852488041 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852530003 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.852587938 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852705002 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.852744102 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.852751017 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.853394032 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.853447914 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.853455067 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.853532076 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.853571892 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.853579044 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.854065895 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.854114056 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.854114056 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.854130983 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.854162931 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.854177952 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.854979992 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.855027914 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.855026960 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.855045080 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.855077982 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.855094910 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.902506113 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.902524948 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.943636894 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.943681002 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.943712950 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.943742990 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.943775892 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.943792105 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.944010019 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944039106 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944060087 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.944068909 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944106102 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.944114923 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944439888 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944480896 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.944492102 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944835901 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944883108 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.944890022 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.944925070 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.945336103 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.945368052 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.945393085 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.945401907 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.945411921 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.950427055 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.950464964 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.950481892 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.950511932 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.950525999 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.950680017 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.950721979 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.950735092 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.950763941 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951189041 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951251030 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951262951 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951287985 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951301098 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951301098 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951329947 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951337099 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951348066 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951888084 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951935053 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:58.951955080 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:58.951997042 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.038527966 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.038584948 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.038707972 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.038707972 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.038738966 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.038950920 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.038992882 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.038992882 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.039001942 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.039618969 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.039649010 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.039756060 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.039798021 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.039807081 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.039890051 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.040105104 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.040174007 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.040182114 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.040307045 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.040781021 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.040925980 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.041990042 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.042049885 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.043124914 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043199062 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043222904 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.043241978 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043301105 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043332100 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043339014 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.043339014 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.043350935 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.043401003 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.045504093 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.045665979 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.045711994 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.045711994 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.045737028 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046008110 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046128035 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.046140909 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046617031 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046648026 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046670914 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.046684027 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046715021 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046756029 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.046756029 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.046771049 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046885967 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.046931982 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.051067114 CET49930443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.051090002 CET44349930172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.055977106 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.056020975 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.056113005 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.060312033 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.060337067 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.060767889 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.060823917 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.060883045 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.061690092 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.061719894 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.564496040 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.564758062 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.564784050 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.565798044 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.565880060 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566180944 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566199064 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566247940 CET44349941172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.566286087 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566318035 CET49941443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566643953 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.566689968 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.567190886 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.567370892 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.567383051 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.570920944 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.571105957 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.571131945 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.572144032 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.572221041 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.572619915 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.572632074 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.572676897 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.572691917 CET44349942172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.572736025 CET49942443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.572973967 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.573015928 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.573071957 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.573240995 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:20:59.573255062 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.055871964 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.056225061 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.056247950 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.057264090 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.057343006 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.062865019 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.062993050 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.063265085 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.063273907 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.076312065 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.076618910 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.076633930 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.077681065 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.077758074 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.078067064 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.078125000 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.078201056 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.078207970 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.104829073 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.120474100 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.410742998 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.410859108 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.410922050 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.453654051 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.453778028 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.453946114 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.467125893 CET49945443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.467180014 CET44349945172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.475474119 CET49944443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.475519896 CET44349944172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.639419079 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.639471054 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.639548063 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.639606953 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.639666080 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.639717102 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.640098095 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.640116930 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.640328884 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.640342951 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.651947021 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.651974916 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.652030945 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.652299881 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:00.652314901 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.661053896 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:00.661092997 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.661150932 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:00.661410093 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:00.661427021 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.118047953 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.118052959 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.118315935 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.118340969 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.118419886 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.118444920 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.119277954 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.119353056 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.119550943 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.119606972 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.119647980 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.119662046 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.119709969 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.119714975 CET44349958172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.119766951 CET49958443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120058060 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120105028 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.120163918 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120464087 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120476007 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120502949 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120529890 CET44349959172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.120570898 CET49959443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120727062 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120759010 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.120845079 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120881081 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.120897055 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.121001959 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.121023893 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.145445108 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.145678997 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.145694971 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.146588087 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.146641970 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.146931887 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.146950006 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.146997929 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.147125959 CET44349961172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.147178888 CET49961443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.147274017 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.147309065 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.147377968 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.147633076 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.147644997 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.401395082 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.401819944 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.401855946 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.403295040 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.403371096 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.410238981 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.410414934 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.410418987 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.451340914 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.462044001 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.462074995 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.508919001 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.670088053 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.670378923 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.670398951 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.671295881 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.671489954 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.671689987 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.671746016 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.671866894 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.695702076 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.695974112 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.696003914 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.696336985 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.696758032 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.696830988 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.696954012 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.709526062 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.709673882 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.709870100 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.710438967 CET49962443192.168.2.718.245.31.18
                                                                                                Jan 16, 2025 17:21:01.710464001 CET4434996218.245.31.18192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.711688995 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.711714983 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.727899075 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:01.727953911 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.728035927 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:01.728236914 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:01.728255033 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.739341021 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.774558067 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.800277948 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.800575018 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.800611973 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.801639080 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.801707983 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.802045107 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.802118063 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.802177906 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:01.802192926 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.852809906 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.041626930 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.041755915 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.041873932 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.043452978 CET49965443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.043469906 CET44349965172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.061837912 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.061939001 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.062022924 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.062808990 CET49966443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.062838078 CET44349966172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.067182064 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.067236900 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.067301989 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.067627907 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.067643881 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.182178020 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.182285070 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.182646990 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.183453083 CET49964443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.183480978 CET44349964172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.446254969 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.447354078 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.447422028 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.452110052 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.452284098 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.456536055 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.456609964 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.456754923 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.456773043 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.509365082 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.537530899 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.538170099 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.538191080 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.539253950 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.539326906 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.539642096 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.539659977 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.539712906 CET44349973172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.539730072 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.539766073 CET49973443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.540107012 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.540164948 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.540221930 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.540426016 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:02.540443897 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.718375921 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.718502998 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:02.718628883 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.722646952 CET49971443192.168.2.713.32.99.94
                                                                                                Jan 16, 2025 17:21:02.722675085 CET4434997113.32.99.94192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.031956911 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.069616079 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:03.069649935 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.070190907 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.076267004 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:03.076370001 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.080591917 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:03.123336077 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.407454014 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.407565117 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:03.407613993 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:03.408926964 CET49978443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:21:03.408945084 CET44349978172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:21:05.772577047 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:05.772595882 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:05.772615910 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:05.772646904 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:05.772677898 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:06.280879974 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:06.281063080 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:07.057739019 CET4990580192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:07.062611103 CET804990566.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:08.108387947 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:08.108539104 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:08.108584881 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:09.134434938 CET49929443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:09.134464025 CET44349929216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:16.995354891 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:21:16.995522022 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:21:16.995589018 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:21:17.870280027 CET49917443192.168.2.7186.64.116.70
                                                                                                Jan 16, 2025 17:21:17.870320082 CET44349917186.64.116.70192.168.2.7
                                                                                                Jan 16, 2025 17:21:23.713783979 CET44349814104.98.116.138192.168.2.7
                                                                                                Jan 16, 2025 17:21:23.713908911 CET49814443192.168.2.7104.98.116.138
                                                                                                Jan 16, 2025 17:21:50.774589062 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:50.783798933 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:55.870202065 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:55.870583057 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:55.875185013 CET804990666.63.187.216192.168.2.7
                                                                                                Jan 16, 2025 17:21:55.875257015 CET4990680192.168.2.766.63.187.216
                                                                                                Jan 16, 2025 17:21:57.573905945 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:57.573966980 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:57.574048996 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:57.574299097 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:57.574322939 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:58.219765902 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:58.220177889 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:58.220204115 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:58.220710993 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:58.220998049 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:21:58.221096992 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:21:58.274600029 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:22:08.124845028 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:22:08.124948978 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:22:08.125410080 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:22:09.871414900 CET50028443192.168.2.7216.58.206.36
                                                                                                Jan 16, 2025 17:22:09.871463060 CET44350028216.58.206.36192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.153521061 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.153570890 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.153654099 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.154603004 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.154617071 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.634200096 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.634890079 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.634921074 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.635915995 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.635992050 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.636625051 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.636637926 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.636687994 CET44350029172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.636699915 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.636744976 CET50029443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.637248993 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.637295961 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:12.637366056 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.637737036 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:12.637751102 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.105654001 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.106256962 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.106281996 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.107275009 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.107346058 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.107707977 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.107758999 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.107883930 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.107889891 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.149916887 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.888638020 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.888753891 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.888803959 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.889839888 CET50030443192.168.2.7172.67.168.162
                                                                                                Jan 16, 2025 17:22:13.889858961 CET44350030172.67.168.162192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.902340889 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:13.902395964 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.902460098 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:13.902730942 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:13.902740955 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.406083107 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.406342983 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.406409979 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.409980059 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.410064936 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.410746098 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.410783052 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.410826921 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.410942078 CET44350031104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.411010027 CET50031443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.411436081 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.411488056 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.411561966 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.411849022 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.411864996 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.892724991 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.893352985 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.893383980 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.894256115 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.894323111 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.894586086 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.894639015 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.894710064 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:14.894717932 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:14.946743965 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:15.214930058 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.215034008 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.216871023 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:15.217405081 CET50032443192.168.2.7104.21.94.195
                                                                                                Jan 16, 2025 17:22:15.217417955 CET44350032104.21.94.195192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.224373102 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.224406958 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.224471092 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.224755049 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.224767923 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.690021038 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.698057890 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.698076010 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.699290991 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.699387074 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.700407982 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.700474977 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.700659990 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.700664997 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.748524904 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.822208881 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.822412968 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.822735071 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.824362993 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.824407101 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.824515104 CET50033443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.824531078 CET4435003335.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.824567080 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.824806929 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:15.824820995 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.278635025 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.278939009 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.278966904 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.279299021 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.279623985 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.279676914 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.279762030 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.323326111 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.406764030 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.406855106 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.407021046 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.407063961 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.407087088 CET4435003435.190.80.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:16.407098055 CET50034443192.168.2.735.190.80.1
                                                                                                Jan 16, 2025 17:22:16.407141924 CET50034443192.168.2.735.190.80.1

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jan 16, 2025 17:20:21.038203955 CET5549953192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:22.567158937 CET123123192.168.2.7104.40.149.189
                                                                                                Jan 16, 2025 17:20:22.772176027 CET123123104.40.149.189192.168.2.7
                                                                                                Jan 16, 2025 17:20:42.255856037 CET6546853192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:53.497755051 CET6074953192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:53.498236895 CET5789753192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:53.524857044 CET53607491.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:53.530566931 CET53627521.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:53.534466982 CET53563001.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:53.672869921 CET53578971.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.541917086 CET53627431.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.944719076 CET5200853192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:54.945076942 CET6220553192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:54.968791008 CET53622051.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:54.977796078 CET53520081.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:55.941422939 CET5330853192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:55.942244053 CET4975053192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:56.038273096 CET53497501.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:56.040318012 CET53533081.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.074486017 CET6026553192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:57.074628115 CET5961953192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:57.084296942 CET53602651.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.090403080 CET53596191.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.511113882 CET4915553192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:57.511231899 CET4938553192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:20:57.517940998 CET53491551.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:57.517995119 CET53493851.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:20:59.069472075 CET53532431.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.027757883 CET53560411.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.614231110 CET5317953192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:00.614545107 CET5587253192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:00.621625900 CET53558721.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.637759924 CET53531791.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.647731066 CET53570011.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.651396990 CET5921653192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:00.651530981 CET5886353192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:00.658811092 CET53592161.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:00.659152985 CET53588631.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.719549894 CET6298953192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:01.719549894 CET5457453192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:01.726881027 CET53629891.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:01.727530003 CET53545741.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:06.111071110 CET53632991.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:09.603509903 CET5722053192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:11.439152002 CET53529231.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:16.827666998 CET138138192.168.2.7192.168.2.255
                                                                                                Jan 16, 2025 17:21:26.509841919 CET6027053192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:30.346709967 CET53494761.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:45.431938887 CET6264653192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:21:53.097070932 CET53570041.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:21:53.306721926 CET53602661.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:06.404556036 CET5860753192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:22:13.892934084 CET5461753192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:22:13.893078089 CET5590753192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:22:13.901685953 CET53546171.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:13.901801109 CET53559071.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.216645956 CET6094053192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:22:15.216871023 CET4954053192.168.2.71.1.1.1
                                                                                                Jan 16, 2025 17:22:15.223439932 CET53609401.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:15.223756075 CET53495401.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:23.561623096 CET53493921.1.1.1192.168.2.7
                                                                                                Jan 16, 2025 17:22:38.731072903 CET6364753192.168.2.71.1.1.1

                                                                                                ICMP Packets

                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                Jan 16, 2025 17:20:53.673001051 CET192.168.2.71.1.1.1c227(Port unreachable)Destination Unreachable

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Jan 16, 2025 17:20:21.038203955 CET192.168.2.71.1.1.10x9694Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:42.255856037 CET192.168.2.71.1.1.10x606bStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:53.497755051 CET192.168.2.71.1.1.10x7b3Standard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:53.498236895 CET192.168.2.71.1.1.10x595cStandard query (0)clintonmakes.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:54.944719076 CET192.168.2.71.1.1.10x382aStandard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:54.945076942 CET192.168.2.71.1.1.10x63b3Standard query (0)clintonmakes.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:55.941422939 CET192.168.2.71.1.1.10xae22Standard query (0)minedudiser.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:55.942244053 CET192.168.2.71.1.1.10x343bStandard query (0)minedudiser.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.074486017 CET192.168.2.71.1.1.10x58b4Standard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.074628115 CET192.168.2.71.1.1.10xb8d8Standard query (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.511113882 CET192.168.2.71.1.1.10xcebaStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.511231899 CET192.168.2.71.1.1.10x59fbStandard query (0)www.google.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.614231110 CET192.168.2.71.1.1.10x4ccbStandard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.614545107 CET192.168.2.71.1.1.10x913bStandard query (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.651396990 CET192.168.2.71.1.1.10x1cfeStandard query (0)q-xx.bstatic.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.651530981 CET192.168.2.71.1.1.10x7173Standard query (0)q-xx.bstatic.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.719549894 CET192.168.2.71.1.1.10x2528Standard query (0)q-xx.bstatic.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.719549894 CET192.168.2.71.1.1.10x843fStandard query (0)q-xx.bstatic.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:09.603509903 CET192.168.2.71.1.1.10xd6c1Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:26.509841919 CET192.168.2.71.1.1.10x649fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:45.431938887 CET192.168.2.71.1.1.10x6a72Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:06.404556036 CET192.168.2.71.1.1.10x106dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:13.892934084 CET192.168.2.71.1.1.10xe826Standard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:13.893078089 CET192.168.2.71.1.1.10xa688Standard query (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:15.216645956 CET192.168.2.71.1.1.10x45bcStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:15.216871023 CET192.168.2.71.1.1.10x728aStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:38.731072903 CET192.168.2.71.1.1.10x8ca0Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Jan 16, 2025 17:20:21.045209885 CET1.1.1.1192.168.2.70x9694No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:21.045209885 CET1.1.1.1192.168.2.70x9694No error (0)twc.trafficmanager.net104.40.149.189A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:24.366864920 CET1.1.1.1192.168.2.70x2798No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:24.366864920 CET1.1.1.1192.168.2.70x2798No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:41.271738052 CET1.1.1.1192.168.2.70x78d6No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:41.271738052 CET1.1.1.1192.168.2.70x78d6No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:42.262995958 CET1.1.1.1192.168.2.70x606bNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:42.262995958 CET1.1.1.1192.168.2.70x606bNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:42.262995958 CET1.1.1.1192.168.2.70x606bNo error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:53.524857044 CET1.1.1.1192.168.2.70x7b3No error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:54.977796078 CET1.1.1.1192.168.2.70x382aNo error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:56.040318012 CET1.1.1.1192.168.2.70xae22No error (0)minedudiser.com186.64.116.70A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.084296942 CET1.1.1.1192.168.2.70x58b4No error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.084296942 CET1.1.1.1192.168.2.70x58b4No error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.090403080 CET1.1.1.1192.168.2.70xb8d8No error (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.517940998 CET1.1.1.1192.168.2.70xcebaNo error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:20:57.517995119 CET1.1.1.1192.168.2.70x59fbNo error (0)www.google.com65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.621625900 CET1.1.1.1192.168.2.70x913bNo error (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.637759924 CET1.1.1.1192.168.2.70x4ccbNo error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.637759924 CET1.1.1.1192.168.2.70x4ccbNo error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)q-xx.bstatic.comxx.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)xx.bstatic.comcf.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)cf.bstatic.comd2i5gg36g14bzn.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)d2i5gg36g14bzn.cloudfront.net18.245.31.18A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)d2i5gg36g14bzn.cloudfront.net18.245.31.129A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)d2i5gg36g14bzn.cloudfront.net18.245.31.53A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.658811092 CET1.1.1.1192.168.2.70x1cfeNo error (0)d2i5gg36g14bzn.cloudfront.net18.245.31.49A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.659152985 CET1.1.1.1192.168.2.70x7173No error (0)q-xx.bstatic.comxx.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.659152985 CET1.1.1.1192.168.2.70x7173No error (0)xx.bstatic.comcf.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:00.659152985 CET1.1.1.1192.168.2.70x7173No error (0)cf.bstatic.comd2i5gg36g14bzn.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)q-xx.bstatic.comxx.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)xx.bstatic.comcf.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)cf.bstatic.comd2i5gg36g14bzn.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)d2i5gg36g14bzn.cloudfront.net13.32.99.94A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)d2i5gg36g14bzn.cloudfront.net13.32.99.51A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)d2i5gg36g14bzn.cloudfront.net13.32.99.59A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.726881027 CET1.1.1.1192.168.2.70x2528No error (0)d2i5gg36g14bzn.cloudfront.net13.32.99.82A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.727530003 CET1.1.1.1192.168.2.70x843fNo error (0)q-xx.bstatic.comxx.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.727530003 CET1.1.1.1192.168.2.70x843fNo error (0)xx.bstatic.comcf.bstatic.comCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:01.727530003 CET1.1.1.1192.168.2.70x843fNo error (0)cf.bstatic.comd2i5gg36g14bzn.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:09.611367941 CET1.1.1.1192.168.2.70xd6c1No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:09.611367941 CET1.1.1.1192.168.2.70xd6c1No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:09.611367941 CET1.1.1.1192.168.2.70xd6c1No error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:26.517169952 CET1.1.1.1192.168.2.70x649fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:26.517169952 CET1.1.1.1192.168.2.70x649fNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:26.517169952 CET1.1.1.1192.168.2.70x649fNo error (0)e8652.dscx.akamaiedge.net23.209.209.135A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:45.439435005 CET1.1.1.1192.168.2.70x6a72No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:45.439435005 CET1.1.1.1192.168.2.70x6a72No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:21:45.439435005 CET1.1.1.1192.168.2.70x6a72No error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:06.413115978 CET1.1.1.1192.168.2.70x106dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:06.413115978 CET1.1.1.1192.168.2.70x106dNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:06.413115978 CET1.1.1.1192.168.2.70x106dNo error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:13.901685953 CET1.1.1.1192.168.2.70xe826No error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:13.901685953 CET1.1.1.1192.168.2.70xe826No error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:13.901801109 CET1.1.1.1192.168.2.70xa688No error (0)fixecondfirbook.info65IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:15.223439932 CET1.1.1.1192.168.2.70x45bcNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:38.738512039 CET1.1.1.1192.168.2.70x8ca0No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:38.738512039 CET1.1.1.1192.168.2.70x8ca0No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 16, 2025 17:22:38.738512039 CET1.1.1.1192.168.2.70x8ca0No error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • clintonmakes.com
                                                                                                  • minedudiser.com
                                                                                                  • fixecondfirbook.info
                                                                                                • https:
                                                                                                  • q-xx.bstatic.com
                                                                                                • a.nel.cloudflare.com
                                                                                                • x1.i.lencr.org

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.7498222.23.197.184807680C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Jan 16, 2025 17:20:42.271770000 CET115OUTGET / HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                Host: x1.i.lencr.org
                                                                                                Jan 16, 2025 17:20:42.894700050 CET1236INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Content-Type: application/pkix-cert
                                                                                                Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                                                                                ETag: "64cd6654-56f"
                                                                                                Content-Disposition: attachment; filename="ISRG Root X1.der"
                                                                                                Cache-Control: max-age=50336
                                                                                                Expires: Fri, 17 Jan 2025 06:19:38 GMT
                                                                                                Date: Thu, 16 Jan 2025 16:20:42 GMT
                                                                                                Content-Length: 1391
                                                                                                Connection: keep-alive
                                                                                                Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                                                                                Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                                                                                                Jan 16, 2025 17:20:42.894726038 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                                                                                                Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.74990566.63.187.216805572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Jan 16, 2025 17:20:54.983880043 CET468OUTGET /215c/ HTTP/1.1
                                                                                                Host: clintonmakes.com
                                                                                                Connection: keep-alive
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: f5510ad44=0ad448213ea0
                                                                                                Jan 16, 2025 17:20:55.878067970 CET448INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:20:55 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Transfer-Encoding: chunked
                                                                                                server: Apache/2.4.37 (Rocky Linux)
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 66 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 91 b1 6e c3 20 10 86 5f 85 b2 78 72 69 33 a5 8e ed 25 cd dc 0e 59 3a 45 04 2e 36 aa 01 e7 38 da fa ed 4b 62 a7 b2 54 45 f2 c2 e9 a4 ef ff 38 b8 f2 e1 f5 6d bb ff 78 df b1 96 6c 57 97 d3 09 52 d7 25 19 ea a0 2e c5 54 2d 90 4c 14 f5 39 9c a3 f9 aa f8 d6 3b 02 47 f9 7e e8 81 33 35 76 15 27 f8 21 71 f1 6c 98 6a 25 06 a0 2a d2 29 5f f3 49 e1 a4 85 44 7d 1b 22 c0 42 49 d4 b3 70 88 d6 4a 1c 0e 9d c4 06 0e c6 ca 06 6e b9 1e 7d 0f 48 43 c5 7d 53 5c 67 9a e5 b8 f8 47 dd 6e 58 80 26 a1 86 a0 d0 f4 64 bc 5b a6 5d 1c 48 f2 f1 1d 33 ea ae f5 1e 39 fb f7 0c e1 84 10 da ec 8f ca 9e 36 2c 62 57 5d a0 50 08 61 8d 03 1d b5 09 80 8f ca 5b 71 f4 fe d3 e8 f5 6a f5 f2 9c a5 7d 8e db 3d 7a 3d a4 66 2a d7 bd b3 5f 9e 07 89 53 0e 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: fcn _xri3%Y:E.68KbTE8mxlWR%.T-L9;G~35v'!qlj%*)_ID}"BIpJn}HC}S\gGnX&d[]H396,bW]Pa[qj}=z=f*_S0
                                                                                                Jan 16, 2025 17:20:55.951649904 CET381OUTGET /favicon.ico HTTP/1.1
                                                                                                Host: clintonmakes.com
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Referer: http://clintonmakes.com/215c/
                                                                                                Accept-Encoding: gzip, deflate
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Jan 16, 2025 17:20:56.279469013 CET371INHTTP/1.1 404 Not Found
                                                                                                Date: Thu, 16 Jan 2025 16:20:56 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Transfer-Encoding: chunked
                                                                                                server: Apache/2.4.37 (Rocky Linux)
                                                                                                Content-Encoding: gzip
                                                                                                Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.74990666.63.187.216805572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Jan 16, 2025 17:21:05.772577047 CET212INHTTP/1.0 408 Request Time-out
                                                                                                Cache-Control: no-cache
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
                                                                                                Jan 16, 2025 17:21:50.774589062 CET6OUTData Raw: 00
                                                                                                Data Ascii:


                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.74989766.63.187.2164435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:20:54 UTC664OUTGET /215c/ HTTP/1.1
                                                                                                Host: clintonmakes.com
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-User: ?1
                                                                                                Sec-Fetch-Dest: document
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:20:54 UTC210INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:20:54 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Content-Length: 1069
                                                                                                Connection: close
                                                                                                Set-Cookie: f5510ad44=0ad448213ea0
                                                                                                server: Apache/2.4.37 (Rocky Linux)
                                                                                                2025-01-16 16:20:54 UTC828INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f
                                                                                                Data Ascii: <!DOCTYPE html><html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="twitter:card" content="summary_large_image"><meta property="og:title" content=""/><meta property="twitter:title" content=""/><meta pro


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.749916186.64.116.704435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:20:56 UTC690OUTGET /bookid82291 HTTP/1.1
                                                                                                Host: minedudiser.com
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-Dest: document
                                                                                                Referer: http://clintonmakes.com/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:20:57 UTC344INHTTP/1.1 301 Moved Permanently
                                                                                                Date: Thu, 16 Jan 2025 16:20:56 GMT
                                                                                                Server: Apache
                                                                                                Strict-Transport-Security: max-age=63072000; includeSubdomains;
                                                                                                Location: https://fixecondfirbook.info/
                                                                                                Cache-Control: max-age=0
                                                                                                Expires: Thu, 16 Jan 2025 16:20:56 GMT
                                                                                                Content-Length: 237
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                2025-01-16 16:20:57 UTC237INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 69 78 65 63 6f 6e 64 66 69 72 62 6f 6f 6b 2e 69 6e 66 6f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://fixecondfirbook.info/">here</a>.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.749930172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:20:58 UTC684OUTGET / HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: navigate
                                                                                                Sec-Fetch-Dest: document
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Referer: http://clintonmakes.com/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:20:58 UTC928INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:20:58 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Accept-Ranges: bytes
                                                                                                Cache-Control: public, max-age=0
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwKLGAwHF12gCbqJvfZDU67jbU7GIE3gyFIhUjvdfeRqtFh2aygAn%2BBcK%2Fqhwt6obQbkRHh1YlZS06LnvVQFUBDOJ2UuCp7slzg1j0gGggZ4wtQPNMIY3lXKi9%2B22%2BCf%2B3Sij4jO%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6f97b878207c-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8321&min_rtt=8170&rtt_var=3172&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2852&recv_bytes=1262&delivery_rate=357405&cwnd=32&unsent_bytes=0&cid=f6cf57e387a9d6b2&ts=655&x=0"
                                                                                                2025-01-16 16:20:58 UTC441INData Raw: 33 33 36 37 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 42 d0 be d0 be 6b 69 6e 67 2e d1 81 d0 be 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a
                                                                                                Data Ascii: 3367<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Bking.m</title> <style> body { margin: 0; font-family: Arial, sans-serif;
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 74 3a 20 35 35 70 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 34 30 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2d 32 30 70 78 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20
                                                                                                Data Ascii: t: 55px; justify-content: space-between; align-items: center; left: 0; } header h1 { margin: 0; font-size: 20px; } .content { max-width: 400px; margin: -20px auto; background: white;
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 34 35 70 78 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 31 63 32 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 72 20 7b 0a 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69
                                                                                                Data Ascii: x; margin-top: -45px; font-size: 12px; color: #666; } footer a { color: #0071c2; text-decoration: none; } footer a:hover { text-decoration: underline; } hr { -webkit-font-smoothing: anti
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 72 5f 64 65 73 74 72 75 63 74 69 76 65 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 3a 20 23 66 63 62 34 62 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 72 3a 20 23 66 66 65 62 65 62 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 73 74 3a 20 23 66 66 66 30 66 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 64 61 72 6b 3a 20 23 62 63 35 62 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 3a 20 23 66 66 38 30 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f
                                                                                                Data Ascii: r_destructive: #c00; --bui_color_destructive_light: #fcb4b4; --bui_color_destructive_lighter: #ffebeb; --bui_color_destructive_lightest: #fff0f0; --bui_color_callout_dark: #bc5b01; --bui_color_callout: #ff8000; --bui_co
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 6c 69 67 68 74 65 72 3a 20 23 65 34 66 34 66 66 3b 0a 20 20 20 20 20 20 2d 2d 67 65 6e 69 75 73 5f 63 6f 6c 6f 72 5f 70 72 69 6d 61 72 79 3a 20 23 30 30 34 63 62 38 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 62 61 73 65 6c 69 6e 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 70 61 64 64 69 6e 67 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6e 65 67 61 74 69 76 65 5f 70 61 64 64 69 6e 67 3a 20 2d 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6d 65 64 69 75 6d 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 35 37 36 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6c 61 72 67 65 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 31 30 32 34 70 78 3b 0a 20 20 20 20 20 20 2d
                                                                                                Data Ascii: --bui_color_action_lighter: #e4f4ff; --genius_color_primary: #004cb8; --bui_baseline: 24px; --bui_padding: 12px; --bui_negative_padding: -12px; --bui_medium_breakpoint: 576px; --bui_large_breakpoint: 1024px; -
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 6c 61 72 67 65 73 74 5f 6c 69 6e 65 5f 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6e 6f 72 6d 61 6c 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6d 65 64 69 75 6d 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 62 6f 6c 64 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 73 74 61 63 6b 5f 73 61 6e 73 3a 20 22 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 22 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 52 6f 62 6f 74 6f 22 2c 20 22 48 65 6c 76 65 74 69 63 61 22 2c 20 22 41 72 69 61 6c 22 2c 20 73 61 6e 73 2d 73 65 72 69
                                                                                                Data Ascii: largest_line_height: 40px; --bui_font_weight_normal: 400; --bui_font_weight_medium: 500; --bui_font_weight_bold: 700; --bui_font_stack_sans: "BlinkMacSystemFont", -apple-system, "Segoe UI", "Roboto", "Helvetica", "Arial", sans-seri
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 34 37 34 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 66 6f 72 65 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 34 36 38 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 36 63 65 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 32 33 65 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62
                                                                                                Data Ascii: 4747; --bui_color_foreground_inverted: #f5f5f5; --bui_color_brand_primary_foreground: #003b95; --bui_color_accent_foreground: #946800; --bui_color_action_foreground: #006ce4; --bui_color_callout_foreground: #923e01; --b
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 67 65 6e 69 75 73 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 31 61 31 61 31 61 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 34 37 34 37 34 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 74 72 61 6e 73 70 61 72 65 6e 74 3a 20 72 67 62 61 28 32 36 2c 20 32 36 2c 20 32 36 2c 20 30 29 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 61 6c 74 3a 20 23 66 35 66 35
                                                                                                Data Ascii: ackground: #fff; --bui_color_on_brand_genius_primary_background: #fff; --bui_color_background_inverted: #1a1a1a; --bui_color_background: #474747; --bui_color_transparent: rgba(26, 26, 26, 0); --bui_color_background_alt: #f5f5
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 74 69 76 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 62 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66
                                                                                                Data Ascii: tive_background_dynamic: #fff; --bui_color_on_brand_primary_background_dynamic: #fff; --bui_color_brand_primary_background_dynamic: #003b95; --bui_color_accent_background_dynamic: #ffb700; --bui_color_callout_background_dynamic: #f
                                                                                                2025-01-16 16:20:58 UTC1369INData Raw: 62 6f 64 79 5f 31 5f 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 31 5f 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 53 65 67 6f 65 20 55 49 2c 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 32 5f 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f
                                                                                                Data Ascii: body_1_line-height: 24px; --DO_NOT_USE_bui_small_font_body_1_font-family: BlinkMacSystemFont, -apple-system, Segoe UI, Roboto, Helvetica, Arial, sans-serif; --DO_NOT_USE_bui_small_font_body_2_font-size: 14px; --DO_NOT_USE_bui_small_font_


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.749945172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:00 UTC542OUTGET /languageRevert.js HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: script
                                                                                                Referer: https://fixecondfirbook.info/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:00 UTC961INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:00 GMT
                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                Content-Length: 874
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                                                                                ETag: W/"36a-1944075a398"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q9CgjfWPcgGpoS3MsbB5g60uPAJJFaHGPk3GeqktBsUZP%2FN8j9xs2141YcKG0omVgV%2BtgkegdejCdG65qscmJYqfuJUsyWB9RlKnln7PWyHEdT2GbmFSFcjcGnX8A5xQDX7MWOO9Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6fa3c8959c66-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7227&min_rtt=7115&rtt_var=2748&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2852&recv_bytes=1120&delivery_rate=410400&cwnd=32&unsent_bytes=0&cid=8837fad5b7884d36&ts=363&x=0"
                                                                                                2025-01-16 16:21:00 UTC408INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 76 65 72 74 4c 61 6e 67 75 61 67 65 43 68 61 6e 67 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 21 3d 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 63 6f 6e 73 74 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 3b 0a 0a 20 20 20 20 63 6f 6e 73 74
                                                                                                Data Ascii: (function() { function revertLanguageChange() { if (document.documentElement.lang !== originalLang) { document.documentElement.lang = originalLang; } } const originalLang = document.documentElement.lang; const
                                                                                                2025-01-16 16:21:00 UTC466INData Raw: 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6f 6e 74 65 78 74 6d 65 6e 75 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 7d 2c 20 66 61 6c 73 65 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 65 76 65 6e 74 2e 63 74 72 6c 4b 65 79 20 7c 7c 20 65 76 65 6e 74 2e 6d 65 74 61 4b 65 79 29 20 26 26 20 65 76 65 6e 74 2e 73 68 69 66 74 4b 65 79 20 26 26 20 65 76 65 6e 74 2e 6b 65 79 2e 74 6f 4c 6f 77 65 72 43
                                                                                                Data Ascii: document.addEventListener('contextmenu', function(event) { event.preventDefault(); }, false); document.addEventListener('keydown', function(event) { if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key.toLowerC


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.749944172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:00 UTC542OUTGET /captchaHandler.js HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: script
                                                                                                Referer: https://fixecondfirbook.info/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:00 UTC977INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:00 GMT
                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                Content-Length: 586
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:38 GMT
                                                                                                ETag: W/"24a-19440759fb0"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5Rb0k%2F3jC3%2FlzF2cDWObA%2BnnAts%2FEw3uJGb%2Bz10wAGTM%2B4xNxtvuGnvY5u74YiNv5LWhkrW8o4Zv8pqsEMx3Gn%2FTp070GqMyLgach6HERsGW28JpZO44WDEhk0IkQn4oDXD%2FDQ4%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6fa42f3daab9-YYZ
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=13634&min_rtt=13625&rtt_var=5129&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2854&recv_bytes=1120&delivery_rate=213092&cwnd=32&unsent_bytes=0&cid=bda0e76c7096fc37&ts=393&x=0"
                                                                                                2025-01-16 16:21:00 UTC392INData Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 27 29 3b 0a 20 20 20 20 69 66 20 28 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 29 20 7b 0a 20 20 20 20 20 20 20 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 d0 9e d1 82 d0 bf d1 80 d0 b0
                                                                                                Data Ascii: document.addEventListener('DOMContentLoaded', function() { const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox'); if (recaptchaCheckbox) { recaptchaCheckbox.addEventListener('click', function() { //
                                                                                                2025-01-16 16:21:00 UTC194INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 72 65 73 70 6f 6e 73 65 2e 6f 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 7d 29 3b 20 0a
                                                                                                Data Ascii: if (response.ok) { console.log(''); } else { console.error(''); } }); }); }});


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.74996218.245.31.184435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:01 UTC629OUTGET /backend_static/common/flags/new/48-squared/us.png HTTP/1.1
                                                                                                Host: q-xx.bstatic.com
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://fixecondfirbook.info/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:01 UTC768INHTTP/1.1 200 OK
                                                                                                Content-Type: image/png
                                                                                                Content-Length: 642
                                                                                                Connection: close
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 04:05:32 GMT
                                                                                                Last-Modified: Mon, 07 Sep 2020 09:08:23 GMT
                                                                                                ETag: "5f55f887-282"
                                                                                                Expires: Wed, 05 Feb 2025 04:05:32 GMT
                                                                                                Cache-Control: max-age=2592000
                                                                                                access-control-allow-origin: *
                                                                                                nel: {"report_to":"default","max_age":600}
                                                                                                report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
                                                                                                Accept-Ranges: bytes
                                                                                                x-xss-protection: 1; mode=block
                                                                                                timing-allow-origin: *
                                                                                                X-Cache: Hit from cloudfront
                                                                                                Via: 1.1 77aeedb4b2272623c3e7c852eafc4998.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA56-P8
                                                                                                X-Amz-Cf-Id: 3EhhblnIye8iZFojWHFRmFL_jLURKjYhUzAZ8FRxsR7e0gW1Q3XotQ==
                                                                                                Age: 908129
                                                                                                2025-01-16 16:21:01 UTC642INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 03 00 00 00 60 dc 09 b5 00 00 00 75 50 4c 54 45 b4 1f 30 3c 39 70 b4 1f 30 97 27 40 ff ff ff b4 1f 30 3c 3a 70 d0 73 7d 54 53 82 ec c7 cb e3 ab b1 61 5f 8b 48 46 79 6d 6b 94 49 46 79 be 3b 49 91 90 ae c2 c2 d2 79 78 9c 85 84 a6 48 47 79 9d 9c b7 aa a9 c0 b6 b5 c9 c7 57 64 f3 f3 f6 db da e4 ce cd db 96 26 40 e7 e7 ed 6d 6b 93 9e 9d b7 ce ce db a1 47 5e b5 b5 c9 9e 9c b8 c0 a4 b4 b7 87 9a ae 6c 81 d6 1f 19 b1 00 00 00 04 74 52 4e 53 df bf bf bf 3b 25 6a 12 00 00 01 b8 49 44 41 54 48 c7 8c d4 61 93 94 30 0c 06 60 d4 f5 35 9a 14 4b 69 41 38 d9 dd bb 53 ff ff 4f b4 79 b9 b9 ce c0 ce 68 3e 3c d3 81 09 34 a4 a1 fb f0 1f f1 e9 63 8b 0e 30 83 87 50 6d eb 76 e5 e7 e7 16 1d fa 69 10 bc 89 69
                                                                                                Data Ascii: PNGIHDR00`uPLTE0<9p0'@0<:ps}TSa_HFymkIFy;IyxHGyWd&@mkG^ltRNS;%jIDATHa0`5KiA8SOyh><4c0Pmvii


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.749965172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:01 UTC361OUTGET /languageRevert.js HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:02 UTC973INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:01 GMT
                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                Content-Length: 874
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                                                                                ETag: W/"36a-1944075a398"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eL%2F%2Bcbk4E4ueQ5MXUi7ptutDw7cPzpZmmuJUqbew7ufm7Td3kg178KWoNHwl2yEc%2FkY6%2Fkcuf25qeV%2BFCfBVekBqJiIpYWXVQCtEsXRSsx26ngaUNY5pCb%2BSJCWHP%2BHybN%2BB5LDU8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6fae2c2caab4-YYZ
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=13948&min_rtt=13948&rtt_var=6974&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4244&recv_bytes=939&delivery_rate=61055&cwnd=32&unsent_bytes=0&cid=745e476a731284fc&ts=412&x=0"
                                                                                                2025-01-16 16:21:02 UTC396INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 76 65 72 74 4c 61 6e 67 75 61 67 65 43 68 61 6e 67 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 21 3d 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 63 6f 6e 73 74 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 3b 0a 0a 20 20 20 20 63 6f 6e 73 74
                                                                                                Data Ascii: (function() { function revertLanguageChange() { if (document.documentElement.lang !== originalLang) { document.documentElement.lang = originalLang; } } const originalLang = document.documentElement.lang; const
                                                                                                2025-01-16 16:21:02 UTC478INData Raw: 27 6c 61 6e 67 27 5d 20 7d 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6f 6e 74 65 78 74 6d 65 6e 75 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 7d 2c 20 66 61 6c 73 65 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 65 76 65 6e 74 2e 63 74 72 6c 4b 65 79 20 7c 7c 20 65 76 65 6e 74 2e 6d 65 74 61 4b 65 79 29 20 26 26 20 65 76 65 6e 74 2e 73 68 69 66 74 4b 65 79 20 26 26 20 65 76 65 6e 74 2e
                                                                                                Data Ascii: 'lang'] }); document.addEventListener('contextmenu', function(event) { event.preventDefault(); }, false); document.addEventListener('keydown', function(event) { if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.749966172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:01 UTC596OUTGET /favicon.ico HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: image
                                                                                                Referer: https://fixecondfirbook.info/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:02 UTC941INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:02 GMT
                                                                                                Content-Type: image/x-icon
                                                                                                Content-Length: 610
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                                                                                ETag: W/"262-1944075a398"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Htu1GRKz8BW5eVzGw8kJH0Xry%2FCW8Jw%2BBIFYIrNpYACKD5WIe427BLRRsafKC84nL4hxYSGw3FxLLnAqzZ04acEYvooVpvUgH2SlRd8K54uZnvjwZDoHDKhj0I5KN2YYS0%2FiL%2FKRFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6fae4bf4aa9e-YYZ
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=14218&min_rtt=14218&rtt_var=7109&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4244&recv_bytes=1174&delivery_rate=63435&cwnd=32&unsent_bytes=0&cid=c18d1cf694dd0b1c&ts=403&x=0"
                                                                                                2025-01-16 16:21:02 UTC428INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 29 49 44 41 54 58 85 d5 97 3f 4c 1a 61 18 c6 7f 77 31 b0 1c 82 c9 0d 12 13 4b 53 89 9d 5a 18 ba 68 4d 8c 5d a4 8b ba d0 c1 10 b1 63 5d ba 52 17 16 db b9 31 76 a3 68 4c 17 bb c0 74 53 5b 5b aa 8b 83 d0 cd 48 83 31 69 5d 18 6c 64 b1 21 b1 03 70 70 78 fc b9 e3 e0 d2 67 e3 7b 73 f7 fc ee 7d bf ef 21 9f 40 4d d3 5b e3 c0 2e 30 05 0c d1 1f 95 81 43 20 c2 c1 da 39 80 50 35 0f 03 1f fa 68 ac 07 b2 cc c1 da 9e 50 fd f2 9f 03 34 6f 84 b8 27 52 69 fb a0 cd a9 7a ee 8a 54 66 6e 97 a6 44 ec f9 fa 9a 86 ba 32 f7 79 5d f8 46 87 35 6b fb c7 bf ac 21 e8 c6 3c 9b 7c 86 5b 72 e8 d6 d3 99 02 f1 f7 47 64 4f 8b a6 00 c4 76 45 8f e4 24 f5 26 d4 d2 1c 60 61 e6 2e fb 9b 8b
                                                                                                Data Ascii: PNGIHDR szz)IDATX?Law1KSZhM]c]R1vhLtS[[H1i]ld!ppxg{s}!@M[.0C 9P5hP4o'RizTfnD2y]F5k!<|[rGdOvE$&`a.
                                                                                                2025-01-16 16:21:02 UTC182INData Raw: de 64 d9 d3 a2 a6 23 66 d2 b0 e7 3d e0 69 13 d3 01 bf dc 71 6f 98 fe 2b f6 48 4e a2 4f ef 6b a2 3a db 90 8c db eb 4f d4 13 b3 a3 9c 10 dd f8 a4 fb 1e 81 e9 ad 9b 56 26 b3 c1 31 be 6c 2e 74 0d b5 14 53 48 65 0a 00 dc 7c 7f a1 a9 05 57 f7 74 73 c2 b2 63 b8 a3 9c a8 e6 7a 6a 95 92 3d 03 a4 33 05 96 62 ca ad 16 af be ae 07 d3 db 8f 3f 38 bb b8 d2 7d be ed 08 06 21 cb 46 f0 5f 03 94 6d f4 2f 8b 54 ee 6a 76 e9 50 04 22 d8 d3 85 32 10 11 ab b7 d4 e5 01 43 d4 2e a7 e7 82 ba 64 d3 f5 fc 1f 98 86 a2 c4 41 31 cb af 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                Data Ascii: d#f=iqo+HNOk:OV&1l.tSHe|Wtsczj=3b?8}!F_m/TjvP"2C.dA1IENDB`


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.749964172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:01 UTC361OUTGET /captchaHandler.js HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:02 UTC969INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:02 GMT
                                                                                                Content-Type: application/javascript; charset=UTF-8
                                                                                                Content-Length: 586
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:38 GMT
                                                                                                ETag: W/"24a-19440759fb0"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbNus0wDZXKEco3a%2Bzq9kmtoBkDTQCmQoIO7DscV%2BDYVmK1O31eHG7i501OZdrKUbHRrpe9Dl45k1bnTiCvr6Va%2BIFn73a%2FmGymZMquYiBc%2Bn1GTmnrem6Vz%2FJN6HeQyzMdyZge0%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6faeee6dc952-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7961&min_rtt=7961&rtt_var=3980&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4246&recv_bytes=939&delivery_rate=69007&cwnd=32&unsent_bytes=0&cid=41b491e365615276&ts=554&x=0"
                                                                                                2025-01-16 16:21:02 UTC400INData Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 27 29 3b 0a 20 20 20 20 69 66 20 28 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 29 20 7b 0a 20 20 20 20 20 20 20 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 d0 9e d1 82 d0 bf d1 80 d0 b0
                                                                                                Data Ascii: document.addEventListener('DOMContentLoaded', function() { const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox'); if (recaptchaCheckbox) { recaptchaCheckbox.addEventListener('click', function() { //
                                                                                                2025-01-16 16:21:02 UTC186INData Raw: 20 20 20 20 20 20 20 20 20 69 66 20 28 72 65 73 70 6f 6e 73 65 2e 6f 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 7d 29 3b 20 0a
                                                                                                Data Ascii: if (response.ok) { console.log(''); } else { console.error(''); } }); }); }});


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.74997113.32.99.944435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:02 UTC389OUTGET /backend_static/common/flags/new/48-squared/us.png HTTP/1.1
                                                                                                Host: q-xx.bstatic.com
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:02 UTC768INHTTP/1.1 200 OK
                                                                                                Content-Type: image/png
                                                                                                Content-Length: 642
                                                                                                Connection: close
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 04:05:32 GMT
                                                                                                Last-Modified: Mon, 07 Sep 2020 09:08:23 GMT
                                                                                                ETag: "5f55f887-282"
                                                                                                Expires: Wed, 05 Feb 2025 04:05:32 GMT
                                                                                                Cache-Control: max-age=2592000
                                                                                                access-control-allow-origin: *
                                                                                                nel: {"report_to":"default","max_age":600}
                                                                                                report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
                                                                                                Accept-Ranges: bytes
                                                                                                x-xss-protection: 1; mode=block
                                                                                                timing-allow-origin: *
                                                                                                X-Cache: Hit from cloudfront
                                                                                                Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
                                                                                                X-Amz-Cf-Pop: FRA60-P3
                                                                                                X-Amz-Cf-Id: q2tJNA_Xp8ZBfS4XGxNIoD0oAJtsPmc2zn3OksGbzmDPvHxZ4GcKBQ==
                                                                                                Age: 908130
                                                                                                2025-01-16 16:21:02 UTC642INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 03 00 00 00 60 dc 09 b5 00 00 00 75 50 4c 54 45 b4 1f 30 3c 39 70 b4 1f 30 97 27 40 ff ff ff b4 1f 30 3c 3a 70 d0 73 7d 54 53 82 ec c7 cb e3 ab b1 61 5f 8b 48 46 79 6d 6b 94 49 46 79 be 3b 49 91 90 ae c2 c2 d2 79 78 9c 85 84 a6 48 47 79 9d 9c b7 aa a9 c0 b6 b5 c9 c7 57 64 f3 f3 f6 db da e4 ce cd db 96 26 40 e7 e7 ed 6d 6b 93 9e 9d b7 ce ce db a1 47 5e b5 b5 c9 9e 9c b8 c0 a4 b4 b7 87 9a ae 6c 81 d6 1f 19 b1 00 00 00 04 74 52 4e 53 df bf bf bf 3b 25 6a 12 00 00 01 b8 49 44 41 54 48 c7 8c d4 61 93 94 30 0c 06 60 d4 f5 35 9a 14 4b 69 41 38 d9 dd bb 53 ff ff 4f b4 79 b9 b9 ce c0 ce 68 3e 3c d3 81 09 34 a4 a1 fb f0 1f f1 e9 63 8b 0e 30 83 87 50 6d eb 76 e5 e7 e7 16 1d fa 69 10 bc 89 69
                                                                                                Data Ascii: PNGIHDR00`uPLTE0<9p0'@0<:ps}TSa_HFymkIFy;IyxHGyWd&@mkG^ltRNS;%jIDATHa0`5KiA8SOyh><4c0Pmvii


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.749978172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:21:03 UTC355OUTGET /favicon.ico HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:21:03 UTC941INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:21:03 GMT
                                                                                                Content-Type: image/x-icon
                                                                                                Content-Length: 610
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Cache-Control: public, max-age=14400
                                                                                                Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                                                                                ETag: W/"262-1944075a398"
                                                                                                CF-Cache-Status: REVALIDATED
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uauN5hZB3%2BIl2%2B8ZN0OUAfFaajGAL0m8a6K7miAFrm5sXhlLUb7FwCro3Ti4Xk60nXceeCUyuQSoJHVSL%2Fhj8q7z5NCVM1wIibG1v2krn6ckrv%2FUd1YZqzUrUozqxS%2FT4OyxAQGp9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f6fb6992ec95a-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8514&min_rtt=8514&rtt_var=3193&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2853&recv_bytes=933&delivery_rate=342883&cwnd=32&unsent_bytes=0&cid=8d56b2c49bff10e9&ts=377&x=0"
                                                                                                2025-01-16 16:21:03 UTC428INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 29 49 44 41 54 58 85 d5 97 3f 4c 1a 61 18 c6 7f 77 31 b0 1c 82 c9 0d 12 13 4b 53 89 9d 5a 18 ba 68 4d 8c 5d a4 8b ba d0 c1 10 b1 63 5d ba 52 17 16 db b9 31 76 a3 68 4c 17 bb c0 74 53 5b 5b aa 8b 83 d0 cd 48 83 31 69 5d 18 6c 64 b1 21 b1 03 70 70 78 fc b9 e3 e0 d2 67 e3 7b 73 f7 fc ee 7d bf ef 21 9f 40 4d d3 5b e3 c0 2e 30 05 0c d1 1f 95 81 43 20 c2 c1 da 39 80 50 35 0f 03 1f fa 68 ac 07 b2 cc c1 da 9e 50 fd f2 9f 03 34 6f 84 b8 27 52 69 fb a0 cd a9 7a ee 8a 54 66 6e 97 a6 44 ec f9 fa 9a 86 ba 32 f7 79 5d f8 46 87 35 6b fb c7 bf ac 21 e8 c6 3c 9b 7c 86 5b 72 e8 d6 d3 99 02 f1 f7 47 64 4f 8b a6 00 c4 76 45 8f e4 24 f5 26 d4 d2 1c 60 61 e6 2e fb 9b 8b
                                                                                                Data Ascii: PNGIHDR szz)IDATX?Law1KSZhM]c]R1vhLtS[[H1i]ld!ppxg{s}!@M[.0C 9P5hP4o'RizTfnD2y]F5k!<|[rGdOvE$&`a.
                                                                                                2025-01-16 16:21:03 UTC182INData Raw: de 64 d9 d3 a2 a6 23 66 d2 b0 e7 3d e0 69 13 d3 01 bf dc 71 6f 98 fe 2b f6 48 4e a2 4f ef 6b a2 3a db 90 8c db eb 4f d4 13 b3 a3 9c 10 dd f8 a4 fb 1e 81 e9 ad 9b 56 26 b3 c1 31 be 6c 2e 74 0d b5 14 53 48 65 0a 00 dc 7c 7f a1 a9 05 57 f7 74 73 c2 b2 63 b8 a3 9c a8 e6 7a 6a 95 92 3d 03 a4 33 05 96 62 ca ad 16 af be ae 07 d3 db 8f 3f 38 bb b8 d2 7d be ed 08 06 21 cb 46 f0 5f 03 94 6d f4 2f 8b 54 ee 6a 76 e9 50 04 22 d8 d3 85 32 10 11 ab b7 d4 e5 01 43 d4 2e a7 e7 82 ba 64 d3 f5 fc 1f 98 86 a2 c4 41 31 cb af 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                Data Ascii: d#f=iqo+HNOk:OV&1l.tSHe|Wtsczj=3b?8}!F_m/TjvP"2C.dA1IENDB`


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.750030172.67.168.1624435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:22:13 UTC586OUTPOST /send-ip HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                Content-Length: 0
                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                sec-ch-ua-mobile: ?0
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                Accept: */*
                                                                                                Origin: https://fixecondfirbook.info
                                                                                                Sec-Fetch-Site: same-origin
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Referer: https://fixecondfirbook.info/
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:22:13 UTC818INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Jan 2025 16:22:13 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDdnL5eerr89Mwq%2FPNjwriEqSzDj0SRsciCc6atKsQOXTP5LjpJLo4NZrGDX5UMWhPm88PESdnz0b9tHq4kgPFcR0ZvJUg6nwAVt6dN3b9jRcalRgz40nO643nnv9y0pe%2B4CfDIsWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f716c781d3b2c-IAD
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7029&min_rtt=7020&rtt_var=2651&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2853&recv_bytes=1164&delivery_rate=411441&cwnd=32&unsent_bytes=0&cid=76f38b316a39fd7c&ts=788&x=0"
                                                                                                2025-01-16 16:22:13 UTC27INData Raw: 31 35 0d 0a 49 50 20 d0 be d1 82 d0 bf d1 80 d0 b0 d0 b2 d0 bb d0 b5 d0 bd 0d 0a
                                                                                                Data Ascii: 15IP
                                                                                                2025-01-16 16:22:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.750032104.21.94.1954435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:22:14 UTC351OUTGET /send-ip HTTP/1.1
                                                                                                Host: fixecondfirbook.info
                                                                                                Connection: keep-alive
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept: */*
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:22:15 UTC911INHTTP/1.1 404 Not Found
                                                                                                Date: Thu, 16 Jan 2025 16:22:15 GMT
                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                X-Powered-By: Express
                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                X-Content-Type-Options: nosniff
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsBU9svuMk1VgMhYO%2B2oW8Om5zEHZ4AePv1YkI18hNFH4d3D1n4hfslzZFOhn7GULM74%2BKZiflgs2zNsrDyIJzpes5Yi2%2Bx6%2BN8naxhakfSSpeQgi%2FMUXjIpg8%2FtjQRfw2xmH5HQiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 902f7177a8794276-EWR
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1697&rtt_var=643&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2853&recv_bytes=929&delivery_rate=1720683&cwnd=212&unsent_bytes=0&cid=550407ba4182a76e&ts=335&x=0"
                                                                                                2025-01-16 16:22:15 UTC152INData Raw: 39 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 73 65 6e 64 2d 69 70 3c 2f 70 72 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                Data Ascii: 92<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /send-ip</pre></body></html>
                                                                                                2025-01-16 16:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.75003335.190.80.14435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:22:15 UTC557OUTOPTIONS /report/v4?s=lsBU9svuMk1VgMhYO%2B2oW8Om5zEHZ4AePv1YkI18hNFH4d3D1n4hfslzZFOhn7GULM74%2BKZiflgs2zNsrDyIJzpes5Yi2%2Bx6%2BN8naxhakfSSpeQgi%2FMUXjIpg8%2FtjQRfw2xmH5HQiQ%3D%3D HTTP/1.1
                                                                                                Host: a.nel.cloudflare.com
                                                                                                Connection: keep-alive
                                                                                                Origin: https://fixecondfirbook.info
                                                                                                Access-Control-Request-Method: POST
                                                                                                Access-Control-Request-Headers: content-type
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:22:15 UTC336INHTTP/1.1 200 OK
                                                                                                Content-Length: 0
                                                                                                access-control-max-age: 86400
                                                                                                access-control-allow-methods: POST, OPTIONS
                                                                                                access-control-allow-origin: *
                                                                                                access-control-allow-headers: content-type, content-length
                                                                                                date: Thu, 16 Jan 2025 16:22:15 GMT
                                                                                                Via: 1.1 google
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.2.75003435.190.80.14435572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-16 16:22:16 UTC494OUTPOST /report/v4?s=lsBU9svuMk1VgMhYO%2B2oW8Om5zEHZ4AePv1YkI18hNFH4d3D1n4hfslzZFOhn7GULM74%2BKZiflgs2zNsrDyIJzpes5Yi2%2Bx6%2BN8naxhakfSSpeQgi%2FMUXjIpg8%2FtjQRfw2xmH5HQiQ%3D%3D HTTP/1.1
                                                                                                Host: a.nel.cloudflare.com
                                                                                                Connection: keep-alive
                                                                                                Content-Length: 398
                                                                                                Content-Type: application/reports+json
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2025-01-16 16:22:16 UTC398OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 32 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 39 34 2e 31 39 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 78 65 63 6f 6e 64 66 69 72 62 6f 6f 6b
                                                                                                Data Ascii: [{"age":0,"body":{"elapsed_time":1322,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.94.195","status_code":404,"type":"http.error"},"type":"network-error","url":"https://fixecondfirbook
                                                                                                2025-01-16 16:22:16 UTC168INHTTP/1.1 200 OK
                                                                                                Content-Length: 0
                                                                                                date: Thu, 16 Jan 2025 16:22:16 GMT
                                                                                                Via: 1.1 google
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:11:20:25
                                                                                                Start date:16/01/2025
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JvrQuHMa2C.pdf"
                                                                                                Imagebase:0x7ff702560000
                                                                                                File size:5'641'176 bytes
                                                                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:11:20:26
                                                                                                Start date:16/01/2025
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                Imagebase:0x7ff6c3ff0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:11:20:27
                                                                                                Start date:16/01/2025
                                                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,11508616175095407708,6137334233323038778,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                Imagebase:0x7ff6c3ff0000
                                                                                                File size:3'581'912 bytes
                                                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:11:20:51
                                                                                                Start date:16/01/2025
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#bm17t9d9ezpyr6"
                                                                                                Imagebase:0x7ff6c4390000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:11:20:52
                                                                                                Start date:16/01/2025
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2036,i,3150319846026810190,1535699209564262474,262144 /prefetch:8
                                                                                                Imagebase:0x7ff6fee10000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                No disassembly