Play interactive tour

Edit tour

Analysis Report Totem attachment.pdf

Overview

General Information

Sample Name:	Totem attachment.pdf
Analysis ID:	406020
MD5:	aa597acde904a03b7299dafea8351de2
SHA1:	cc422cfb82083fd7d9f24faa6bcc029d385a45ae
SHA256:	e1efc4a70e40698bfe7fcff6d3b452bf30a16f7c6c102349800b71a030368a7d
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found potential malicious PDF (bad image similarity)

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected Phisher

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

System is w10x64

AcroRd32.exe (PID: 7084 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Totem attachment.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 7152 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Totem attachment.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 5012 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 2460 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8364937068833634580 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8364937068833634580 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6708 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=15405785800115108371 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6744 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14175672014211180875 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14175672014211180875 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 1052 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5164584895585780615 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5164584895585780615 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

iexplore.exe (PID: 5560 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g= MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5652 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e?data=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 609290.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm, type: DROPPED

Yara detected Phisher

Show sources

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm, type: DROPPED

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 199.192.16.144:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.192.16.144:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49776 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 80.0.0.0 80.0.0.0

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: msapplication.xml0.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1cfc32e8,0x01d74285</date><accdate>0x1cfc32e8,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1cfc32e8,0x01d74285</date><accdate>0x1cfc32e8,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.22.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: 5starsae.com

Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)5)_z#v
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/Uz9v
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/%
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/7
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/2
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#U
Source: AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: msapplication.xml.22.dr	String found in binary or memory: http://www.amazon.com/
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: msapplication.xml1.22.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.22.dr	String found in binary or memory: http://www.live.com/
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/$
Source: msapplication.xml3.22.dr	String found in binary or memory: http://www.nytimes.com/
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.821531301.000000000B421000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: msapplication.xml4.22.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.22.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.22.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.22.dr	String found in binary or memory: http://www.youtube.com/
Source: AcroRd32.exe, 00000001.00000002.821420995.000000000B320000.00000004.00000001.sdmp	String found in binary or memory: https://5starsae.com
Source: AcroRd32.exe, 00000001.00000002.821420995.000000000B320000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.820980900.000000000AFA5000.00000004.00000001.sdmp, ~DF0CBEAAF167783AD9.TMP.22.dr	String found in binary or memory: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=
Source: AcroRd32.exe, 00000001.00000003.804268076.000000000A2D0000.00000004.00000001.sdmp, Totem attachment.pdf	String found in binary or memory: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=)
Source: {446DB651-AE78-11EB-90EB-ECF4BBEA1588}.dat.22.dr	String found in binary or memory: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=Root
Source: AcroRd32.exe, 00000001.00000002.821365205.000000000B2B7000.00000004.00000001.sdmp	String found in binary or memory: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=ooo
Source: AcroRd32.exe, 00000001.00000002.821517989.000000000B3FE000.00000004.00000001.sdmp	String found in binary or memory: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=s)
Source: AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/T
Source: AcroRd32.exe, 00000001.00000002.821288479.000000000B1EA000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/k
Source: AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: AcroRd32.exe, 00000001.00000002.821173996.000000000B0D4000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm.23.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhs.ttf)
Source: authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm.23.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UNirkOUuhs.ttf)
Source: authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm.23.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0e.ttf)
Source: AcroRd32.exe, 00000001.00000002.811684458.0000000008ED0000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm.23.dr	String found in binary or memory: https://palacememorial.com/microsoft/Office365/?ss=2&email=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=
Source: ~DF0CBEAAF167783AD9.TMP.22.dr, {446DB651-AE78-11EB-90EB-ECF4BBEA1588}.dat.22.dr	String found in binary or memory: https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b7
Source: imagestore.dat.23.dr	String found in binary or memory: https://palacememorial.com/microsoft/Office365/images/favicon.ico~
Source: AcroRd32.exe, 00000001.00000002.811170314.00000000085BD000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443

Source: unknown	HTTPS traffic detected: 199.192.16.144:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.192.16.144:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.234.75:443 -> 192.168.2.4:49776 version: TLS 1.2

System Summary:

Found potential malicious PDF (bad image similarity)

Show sources

Source: Totem attachment.pdf

Static PDF information: Image stream: 13

Source: classification engine

Classification label: mal80.phis.winPDF@17/77@5/4

Source: Totem attachment.pdf	Initial sample: https://5starsae.com/google.com/google.com/y2hyaxn0awfuqhrvdgvtlnrly2g=
Source: Totem attachment.pdf	Initial sample: https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rc48y8j_ofxmnb_5io.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: Totem attachment.pdf	Initial sample: PDF keyword /JS count = 0
Source: Totem attachment.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Totem attachment.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000001.00000002.821391912.000000000B2DC000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_005FE050 LdrInitializeThunk,

1_2_005FE050

Source: AcroRd32.exe, 00000001.00000002.806294682.00000000055B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.806294682.00000000055B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.806294682.00000000055B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.806294682.00000000055B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Spearphishing Link1	Windows Management Instrumentation	Path Interception	Process Injection2	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Totem attachment.pdf	0%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
5starsae.com	4%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e?data=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/k	0%	Avira URL Cloud	safe
https://palacememorial.com/microsoft/Office365/?ss=2&email=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=	0%	Avira URL Cloud	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)5)_z#v	0%	Avira URL Cloud	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/T	0%	Avira URL Cloud	safe
https://palacememorial.com/microsoft/Office365/images/favicon.ico~	0%	Avira URL Cloud	safe
http://cipa.jp/exif/1.0//1.0/Uz9v	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/%	0%	Avira URL Cloud	safe
https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b7	0%	Avira URL Cloud	safe
https://5starsae.com	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	0%	Avira URL Cloud	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.quicktime.com.Acrobat	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/$	0%	Avira URL Cloud	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
palacememorial.com	69.49.234.75	true	false		unknown
5starsae.com	199.192.16.144	true	false	4%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e?data=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/k	AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://palacememorial.com/microsoft/Office365/?ss=2&email=Y2hyaXN0aWFuQHRvdGVtLnRlY2g=	Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm.23.dr	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/property#	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
http://ns.useplus.org/ldf/xmp/1.0/	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.nytimes.com/	msapplication.xml3.22.dr	false		high
http://www.aiim.org/pdfa/ns/id/	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false		high
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cipa.jp/exif/1.0/)5)_z#v	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/schema#	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfe/ns/id/	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false		high
http://www.amazon.com/	msapplication.xml.22.dr	false		high
http://cipa.jp/exif/1.0/	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/T	AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.twitter.com/	msapplication.xml5.22.dr	false		high
http://www.aiim.org/pdfa/ns/type#	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
https://palacememorial.com/microsoft/Office365/images/favicon.ico~	imagestore.dat.23.dr	false	Avira URL Cloud: safe	unknown
http://cipa.jp/exif/1.0//1.0/Uz9v	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/%	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.echosign.com	AcroRd32.exe, 00000001.00000002.821173996.000000000B0D4000.00000004.00000001.sdmp	false		high
https://palacememorial.com/microsoft/Office365/authorize_client_id:vfjx2y74-wh74-r8dz-umq0-3glnip5b7	~DF0CBEAAF167783AD9.TMP.22.dr, {446DB651-AE78-11EB-90EB-ECF4BBEA1588}.dat.22.dr	false	Avira URL Cloud: safe	unknown
https://5starsae.com	AcroRd32.exe, 00000001.00000002.821420995.000000000B320000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	AcroRd32.exe, 00000001.00000002.821288479.000000000B1EA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.youtube.com/	msapplication.xml7.22.dr	false		high
http://www.npes.org/pdfx/ns/id/	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/field#	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
http://www.osmf.org/drm/default	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.wikipedia.com/	msapplication.xml6.22.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y	AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.aiim.org/pdfa/ns/extension/	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	AcroRd32.exe, 00000001.00000002.821193535.000000000B0F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.live.com/	msapplication.xml2.22.dr	false		high
http://www.quicktime.com.Acrobat	AcroRd32.exe, 00000001.00000002.821531301.000000000B421000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000001.00000002.811684458.0000000008ED0000.00000004.00000001.sdmp	false		high
http://www.npes.org/pdfx/ns/id/$	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.reddit.com/	msapplication.xml4.22.dr	false		high
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000001.00000002.807174804.0000000007700000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/id/2	AcroRd32.exe, 00000001.00000002.821335217.000000000B282000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/extension/7	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/schema#U	AcroRd32.exe, 00000001.00000002.821224641.000000000B173000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
80.0.0.0	unknown	United Kingdom	5089	NTLGB	false
199.192.16.144	5starsae.com	United States	22612	NAMECHEAP-NETUS	false
69.49.234.75	palacememorial.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	406020
Start date:	06.05.2021
Start time:	16:33:23
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Totem attachment.pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.phis.winPDF@17/77@5/4
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .pdf Found PDF document Find and activate links Security Warning found Close Viewer
Warnings:	Show All Excluded IPs from analysis (whitelisted): 52.113.196.254, 40.88.32.150, 20.82.210.154, 13.107.3.254, 92.122.145.220, 52.255.188.83, 92.122.146.26, 23.32.238.241, 23.32.238.219, 23.32.238.243, 23.32.238.235, 23.32.238.169, 23.32.238.240, 23.32.238.224, 23.32.238.233, 23.32.238.232, 13.88.21.125, 23.32.238.218, 104.42.151.234, 104.43.139.144, 92.122.213.194, 92.122.213.247, 52.155.217.156, 67.27.235.254, 8.248.147.254, 67.26.83.254, 8.241.9.126, 67.27.235.126, 20.54.26.129, 20.50.102.62, 88.221.62.148, 152.199.19.161 Excluded domains from analysis (whitelisted): e4578.dscb.akamaiedge.net, s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, acroipm2.adobe.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, teams-9999.teams-msedge.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, acroipm2.adobe.com.edgesuite.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, s-ring.s-9999.s-msedge.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, armmf.adobe.com, s-9999.s-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, teams-ring.teams-9999.teams-msedge.net, teams-ring.msedge.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:34:16	API Interceptor	11x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
80.0.0.0	Autofactura generada mes de Abril 27-04-2021.pdf.exe	Get hash	malicious	Browse
	Autofactura generada mes de Abril 27-04-2021.pdf.exe	Get hash	malicious	Browse
	1RIA_IT_Formazione di Base Compliance_IT.pdf.exe	Get hash	malicious	Browse
	1RIA_IT_Formazione di Base Compliance_IT.pdf.exe	Get hash	malicious	Browse
	123.exe	Get hash	malicious	Browse
	123.exe	Get hash	malicious	Browse
	EiK2ZuecHv.exe	Get hash	malicious	Browse
	File6512365134_7863_20210413.html	Get hash	malicious	Browse
	DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exe	Get hash	malicious	Browse
	DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe	Get hash	malicious	Browse
	DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exe	Get hash	malicious	Browse
	DHL_Express_Shipment_Confirmation_BKKR005545473_88700456XXXX.exe	Get hash	malicious	Browse
	APRILQUOTATION#QQO2103060_SAMPLES_KHANG HY_CO_CORPORATION.exe	Get hash	malicious	Browse
	#U260f8284.HTML	Get hash	malicious	Browse
	HunpuKMHQt.exe	Get hash	malicious	Browse
	JbQoNNPVOk.exe	Get hash	malicious	Browse
	_vm583573758.htm	Get hash	malicious	Browse
	March 17, 2021, 101142 AM.HTM	Get hash	malicious	Browse
	message_zdm.html	Get hash	malicious	Browse
	0000001_Carved.pdf	Get hash	malicious	Browse
199.192.16.144	Vinci-construction Payment.html	Get hash	malicious	Browse	www.vinci-construction36998900.the221b.com/br/?cm9tYWluLmhhY3F1YXJkQHZpbmNpLWNvbnN0cnVjdGlvbi5mcg==
199.192.16.144	Synchronoss Payment.html	Get hash	malicious	Browse	www.synchronoss75398900.the221b.com/br/?YmVsaW5kYS5ib3NAc3luY2hyb25vc3MuY29t

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
UNIFIEDLAYER-AS-1US	statistic-1906694268((Unsaved-308830951474448751)).xlsb	Get hash	malicious	Browse	192.185.71.135
	statistic-1906694268((Unsaved-308830951474448751)).xlsb	Get hash	malicious	Browse	192.185.71.135
	statistic-1906694268((Unsaved-308830951474448751)).xlsb	Get hash	malicious	Browse	192.185.71.135
	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	192.254.225.104
	#U260e#Ufe0f PAudioMessage_8211-911.htm	Get hash	malicious	Browse	69.49.235.22
	file.msg.exe	Get hash	malicious	Browse	192.254.190.168
	DHL Receipt_AWB811470484778.exe	Get hash	malicious	Browse	192.185.226.16
	PO-NO#1086089 Order xlsx.exe	Get hash	malicious	Browse	162.144.13.239
	Order PO-NO065979_Quote pdf.exe	Get hash	malicious	Browse	162.144.13.239
	file.exe	Get hash	malicious	Browse	192.185.186.178
	krcgN6CaG9.exe	Get hash	malicious	Browse	162.241.226.70
	Quotation.exe	Get hash	malicious	Browse	74.220.199.6
	PO#110090059-BH0124 REF#SCAN0217252 EXW HMM SO#GHE0080947.xlsx.exe	Get hash	malicious	Browse	162.144.13.239
	PO#110090059-BH0124 REF#SCAN0217252 EXW HMM SO#GHE0080947.xlsx.exe	Get hash	malicious	Browse	162.144.13.239
	26033710 HBL.exe	Get hash	malicious	Browse	192.254.180.165
	9cf2c56e_by_Libranalysis.exe	Get hash	malicious	Browse	162.241.92.219
	April outstanding remittance.htm	Get hash	malicious	Browse	69.49.228.180
	Transfer slip.exe	Get hash	malicious	Browse	192.254.236.251
	8jT3S04j5r.exe	Get hash	malicious	Browse	192.185.161.67
	SecuriteInfo.com.Mal.Generic-S.21221.exe	Get hash	malicious	Browse	192.185.129.69
NTLGB	8UsA.sh	Get hash	malicious	Browse	82.32.79.178
	x86_unpacked	Get hash	malicious	Browse	82.17.192.153
	Autofactura generada mes de Abril 27-04-2021.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	Autofactura generada mes de Abril 27-04-2021.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	rIbyGX66Op	Get hash	malicious	Browse	86.18.93.173
	1RIA_IT_Formazione di Base Compliance_IT.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	1RIA_IT_Formazione di Base Compliance_IT.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	J76uxxiy.exe	Get hash	malicious	Browse	86.18.99.199
	123.exe	Get hash	malicious	Browse	80.0.0.0
	123.exe	Get hash	malicious	Browse	80.0.0.0
	EiK2ZuecHv.exe	Get hash	malicious	Browse	80.0.0.0
	File6512365134_7863_20210413.html	Get hash	malicious	Browse	80.0.0.0
	DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exe	Get hash	malicious	Browse	80.0.0.0
	DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe	Get hash	malicious	Browse	80.0.0.0
	DHL_Express_Shipments_Invoice_Confirmation_CBJ190517000131_74700456XXX.exe	Get hash	malicious	Browse	80.0.0.0
	DHL_Express_Shipment_Confirmation_BKKR005545473_88700456XXXX.exe	Get hash	malicious	Browse	80.0.0.0
	APRILQUOTATION#QQO2103060_SAMPLES_KHANG HY_CO_CORPORATION.exe	Get hash	malicious	Browse	80.0.0.0
	#U260f8284.HTML	Get hash	malicious	Browse	80.0.0.0
	HunpuKMHQt.exe	Get hash	malicious	Browse	80.0.0.0
	1.sh	Get hash	malicious	Browse	62.254.90.3
NAMECHEAP-NETUS	doc_391200004532000450.exe	Get hash	malicious	Browse	199.192.23.253
	7c1896ee_by_Libranalysis.exe	Get hash	malicious	Browse	199.192.24.139
	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	198.54.117.215
	Sample_3.exe	Get hash	malicious	Browse	198.54.122.60
	8c2d96ab_by_Libranalysis.exe	Get hash	malicious	Browse	162.0.229.247
	Order Purchase List.xlsx	Get hash	malicious	Browse	68.65.122.209
	DHL Receipt_AWB811470484778.exe	Get hash	malicious	Browse	198.54.117.217
	NEW ORDER.exe	Get hash	malicious	Browse	198.54.117.217
	DHL_document11022020680908911.doc.exe	Get hash	malicious	Browse	198.54.122.60
	bb6fc5f4_by_Libranalysis.xlsm	Get hash	malicious	Browse	68.65.122.58
	bb6fc5f4_by_Libranalysis.xlsm	Get hash	malicious	Browse	68.65.122.58
	assQrm2phi.exe	Get hash	malicious	Browse	198.54.122.60
	Payment Report (Tue, 04 May 2021).hTMl	Get hash	malicious	Browse	198.54.115.249
	0876543123.exe	Get hash	malicious	Browse	198.54.117.210
	Payment Report (Tue, 04 May 2021).hTMl	Get hash	malicious	Browse	198.54.115.249
	j4X6nUwn8O.exe	Get hash	malicious	Browse	198.54.126.101
	g1EhgmCqCD.exe	Get hash	malicious	Browse	198.54.117.216
	XB4xS94168.exe	Get hash	malicious	Browse	198.54.122.60
	MmiM8P47UX.exe	Get hash	malicious	Browse	198.54.122.60
	Payment.xlsx	Get hash	malicious	Browse	198.54.117.210

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	scan 0094775885895555.html	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	4LIsYL2H6J.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	1v65bsIDAE.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	settle invoices.pdf.exe	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	Hanglung859.html	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	qpdzgvcyy.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	MuZ2I=GZ.htm	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	Introduction Quotation Request pdf.exe	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	April outstanding remittance.htm	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	f241f1c4_by_Libranalysis.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	OneDrive Received anonymized.html	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	evZLIWscXJ.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	evZLIWscXJ.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	qFhBOs5IMr.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	RW5h3IpKZl.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	cchambers@fultonbank.com_ProjectDocument.HTML	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	Payment Report (Tue, 04 May 2021).hTMl	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	29164761_by_Libranalysis.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
	29164761_by_Libranalysis.dll	Get hash	malicious	Browse	199.192.16.144 69.49.234.75
37f463bf4616ecd445d4a1937da06e19	7c1896ee_by_Libranalysis.exe	Get hash	malicious	Browse	69.49.234.75
	statistic-1906694268((Unsaved-308830951474448751)).xlsb	Get hash	malicious	Browse	69.49.234.75
	Revised_PO_758869.docx	Get hash	malicious	Browse	69.49.234.75
	FileZilla_3.53.1_win64_sponsored-setup.exe	Get hash	malicious	Browse	69.49.234.75
	ACH Payment.html	Get hash	malicious	Browse	69.49.234.75
	#U260e#Ufe0f PAudioMessage_8211-911.htm	Get hash	malicious	Browse	69.49.234.75
	build.exe	Get hash	malicious	Browse	69.49.234.75
	5.exe	Get hash	malicious	Browse	69.49.234.75
	build.exe	Get hash	malicious	Browse	69.49.234.75
	viruss.xlsb	Get hash	malicious	Browse	69.49.234.75
	27N6bVRGKS.exe	Get hash	malicious	Browse	69.49.234.75
	a3d5e9ee_by_Libranalysis.exe	Get hash	malicious	Browse	69.49.234.75
	7z5Zs2d7lR.exe	Get hash	malicious	Browse	69.49.234.75
	27ac1959b9c2137b608a59a1cdf.exe	Get hash	malicious	Browse	69.49.234.75
	2JzcRAqDzA.exe	Get hash	malicious	Browse	69.49.234.75
	a57ilxvTJa.exe	Get hash	malicious	Browse	69.49.234.75
	5.exe	Get hash	malicious	Browse	69.49.234.75
	quicbook_update_fixed.ps1	Get hash	malicious	Browse	69.49.234.75
	k9vZ2cjsSK.exe	Get hash	malicious	Browse	69.49.234.75
	SDQMGfkwEk.exe	Get hash	malicious	Browse	69.49.234.75

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	615
Entropy (8bit):	5.694742546219323
Encrypted:	false
SSDEEP:	12:vDRM9ncNZiEzhDRM9omeZiE1nDRM9BnZiE:7GcmEz1VmbElYQE
MD5:	656E976CFBBC994B1B45F401D6FD318E
SHA1:	67CE9D42C2F40B5A64AACA514F030B217F445AF4
SHA-256:	D4D634FDEFA7F1CAD470F4EF7C23CCE1B98B58ED51852F8E268DD65BE4DDFD05
SHA-512:	F8506F861DF9285FFCF0FC8DD9ADFAD4E25CC8912C539B7E2E9A622BACCEEF3A811F9BD1AEAF5DE768749CDD027A8EFDB5C22779995122C53DB79EE59373070F
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...}@ /....."#.D....$.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.................0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .q..}@ /....."#.D,./..$.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......nd.........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..L&~@ /....."#.DSX...$.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......(..B........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.632996456028587
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkOVzBbjF8Be7Ywcr1TK6tDi9NqEYOFLvEkmj1TUF8Be7Ywcr1TKV:V9zu9BbjF9PQ89z1F9PQh9zPQUF9PQ
MD5:	1944D54F1C03BE8871E01CB62B9CD4D8
SHA1:	D038A4DBB90B6305CE83E935D6E97C1A3BCFDC09
SHA-256:	E6358E9BBED34E65256107AE9628E181B6A81A69F882A7A5C3BA5A7363458BE5
SHA-512:	F0EFC234A7B44287DA966FF36950039BC352E915DD4F775AF8E77ACC65A17831977DD87E95F7AA80659ED62467F17B46D83EDB2534978C18030EF40E9F310555
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .Q.}@ /....."#.D.A{..$.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.......B..........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....}@ /....."#.D....$.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.........2........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .(j.~@ /....."#.D.....$.A.1.x.'.vI..*\|Z..o...+.4....0..A..Eo...................A..Eo....../...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	738
Entropy (8bit):	5.5905138434339054
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAFz/kuvlUo6jQeyeRVFAFjVFAFfuvlUo6jX5yeRVFAFjVFAFJvdv2:tB4v440SBQGB4v4MSBHB4v4p5SB
MD5:	2303A89CA99B676E45195BD35F54AAE3
SHA1:	554551BF6F41C191B0EA5DA9BD6EF081A3501FE2
SHA-256:	A5D7C2F1AE714D874B18438CE54205121C8F94FB49F48DE475F6C9B2D81D5B6F
SHA-512:	21D6D911AF46BAC9E57EB08D4A1B0001115534D8CE5E368C02B2D233191213BE13762B0159E95D8B49C2B3322D0E69EC1D327B272391A8C7AE3699A33B6DB72D
Malicious:	false
Reputation:	low
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..[.}@ /....."#.D....$.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......bk..........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...}@ /....."#.D.r-..$.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......#...........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...$~@ /....."#.D^....$.A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo........Z.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.681219655843123
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5Rskwta60iWulHyA1TK6tONtVYOFLvEWdFCi5Rs41Kyu0iWuA:IbRkiDKUUWuss+bRkiD14Wuss
MD5:	882067AAD55D893EA971E1528C23C0BE
SHA1:	FA2637D77A42E9CCE4659BF9A46B44F40A6C5CDD
SHA-256:	0A86A64E2947F4A45AF16F7C5B90A5622BEF398FA30284082BA82E183185F268
SHA-512:	72BCDA880C294B47FDA06AEED878FAFA924303031506FEBB573736D5B376F204F6FBA1A21AA78D8FCE4FD89E29F2591D845A67A4C571630906A53FE48717E22F
Malicious:	false
Reputation:	low
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ....}@ /....."#.D....$.A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo........%.........0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ....}@ /....."#.D.=..$.A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo........y}........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.581940373979228
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVuGl1e/RVyh9PT41TK6tY:pyixRurRV41TEm
MD5:	2D5785BC9943E85F3B75CFF3E4786FB1
SHA1:	027B4C1F20144D29DA2B2054CDB57F69644BD1AF
SHA-256:	AEF413EDB382AA78BACF547098E162B5D50C59AC81690DC1903657FCFE1C7F55
SHA-512:	B9DE7CEAAF9E921770CC54F8703F800D210FFF34FDDD5BB0DDCEC292D2F310BACE4E54A8BBF47299283859BFD08AB7FFC9342CC3E3D71F65FAB5D86FA90C9BBD
Malicious:	false
Reputation:	low
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ...%~@ /....."#.D~5...$.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo......+T.h........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.585073207785122
Encrypted:	false
SSDEEP:	6:mvYOFLvEWdhwjQDBQ4ZKGLZIl6P41TK6tW:0RhksTjLZCk
MD5:	98211C78CFCFE5AF51BD9DAAC8F825D0
SHA1:	0AE804555411918698AB6159F4F9250BCB43C9C1
SHA-256:	645B43335A1BA0D570D72BCCFAED3721DE664157A3C866DE0EB98B7FAA406379
SHA-512:	419CC17D490AF31C405B9464B7231A0C14AACB9AEFAD6F2B4332215301B1A16D4673DF8E326D78EE61D6A1F4369169AE53E06635BDC983177563481BD9BB070D
Malicious:	false
Reputation:	low
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .%.!~@ /....."#.D.I..$.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo........o.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.542909074501602
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVZawlltOVaB2VcyxMtv9EWm1B:mJYOFLvEWdGQRQOdQS1UV6g1TK6tB
MD5:	EAA664B5D66CFD3D42C729EAC2C69016
SHA1:	C878D6C95287755050D49E80D7570FEAF121DF8D
SHA-256:	F3A8E19FE9F305E955D850BE95518C3D9DDFFEA5B39310886F7F83D7A840B053
SHA-512:	C4E4A597A870E2A47202FF2ABB38D74712C016247D4F77D64F2BE79D210D5124BFB42BBA26735EBA3F082289CD54750B5E3050FF434EA0A6D5B43ABF4A3AF79D
Malicious:	false
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .P.%~@ /....."#.DbJ...$.A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo.........{........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	537
Entropy (8bit):	5.640616959856705
Encrypted:	false
SSDEEP:	12:Z5MKNMuR/EZ5MVi6IMuR/ES5MO1/eMuR/E:ZSZuR/EZSViSuR/ESSO1vuR/E
MD5:	E89E065C68ABBB948A1A5F485191B00A
SHA1:	10BAE127972D5EB025126651F6CCF566F2C021C4
SHA-256:	D036334FDA094410FDE0E1E55669D5FF44C302999BB795E895B340C0E0195AE8
SHA-512:	AB22006C92E856BB1E8B79DC48E67E393BA21F403299FC30F36DA608AF924A0887C92B0F03B8C9B8AABDD300530167B2293BB2F9194AB714E6853A3D4810C7BE
Malicious:	false
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .A..}@ /....."#.D..{..$.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.......K8.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .T..}@ /....."#.D....$.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......P..i........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....~@ /....."#.DD4...$.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.519567742542208
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuV57b9sby0zBUKSAA1TK6t:pR+Rsbe
MD5:	6A5C27B3EEB6E1735CC0AF17204191E4
SHA1:	1FE614D44B18139AAE982B43208EC1240EC9FADB
SHA-256:	92A57FD995854BD8AB58FFC3BF74DB38179F410117D1782CC8CD1D9B983D05D5
SHA-512:	E7EC86E674510B2D50C2DE96EB07DBC788E2B0932FCDAF3642A0253D1FC4B0839CCE9A422630ACB61963CB6CFFF3D27DCA805806CFC64EC5829FEF15471379CB
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ...&~@ /....."#.D.p...$.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......YO+.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	531
Entropy (8bit):	5.590313043076245
Encrypted:	false
SSDEEP:	12:KkXxKMSCv1PtUlnkXxKMSCvxQPytUlYakXxKMSCv3KZtUl6/:KkXxiCRWnkXxiCMyW7kXxiCiZWK
MD5:	3239C800CB50BD91B38FDD8313AA20A4
SHA1:	12179D53952F86AC96349D1750FC634D0953E0DA
SHA-256:	C78C97B94E1A1B7EF0D3704C1A41FF26106F10859B4BCB753AB0B56B68B0D4E5
SHA-512:	CF119634CCBEC7B1A23DA3D301A88698D0187C1020989800EC54E931598A5CDD092032C2C94AF5D11663FF9C661456D44C15D80E570A25D167744CF1FEE15F6B
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...}@ /....."#.D=b{..$.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......&.P.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....}@ /....."#.D....$.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.......(.Y........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ..l.~@ /....."#.D.,...$.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo........ja........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	561
Entropy (8bit):	5.629759591268303
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOLMICyyM+VY1TK6tkEkl9YOFLvEWsfOLplX9/yyM+VY1TK6tOFt:5h6OLMkabh6OLLNkAFjh6OL/Bbkil
MD5:	20DB46C5D634EEC024DCBEBA7A5060CB
SHA1:	563887D695F27806E59CAA9AB22B940CA87CB69A
SHA-256:	38B5E010CBDC7187954F8E2FA8A92DF930B0773B61DAA94E02FF3687134FB3A1
SHA-512:	ACDCD31BDB7CAD9AE9DAE6624338F2502B93A0D5163F68409E90F03504FF772A3DFFC4B49D33DA56146D7517ABC2D58F6691928A5DF50FEA47DA39AB52821BA2
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ....}@ /....."#.D....$.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo.......RS.........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .\|..}@ /....."#.Dx....$.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......z..j........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ....~@ /....."#.Dd<..$.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......MT5+........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	732
Entropy (8bit):	5.6633377320583165
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFQ3wSeKaTLnXYRVFAFjVFAFjXwSeKaTLnSRVFAFjVFAFdQd+wSeKaC:UB4v4Q3wzXLnoB4v4DwzXLnSB4v4dQYP
MD5:	C8409B31A639624D7C9532988CDAA9F6
SHA1:	64E9C55E6DD5F80DB6DF3475D21256A1D1A796F8
SHA-256:	FF65DB1BA6DFB34DF2D76890829E9D1040CCDEAC69137248D026EC30CE441BE2
SHA-512:	472A67E8B704927CB9837EDFA9AEE075CDD399675B2C7B3C4DEFD8277D32C801680F0DEF542CC6CC612AE550BF4ADA9659D0BA6A0BBCCD516E8CA18F033B857C
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....}@ /....."#.D....$.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......._./........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....}@ /....."#.D.)3..$.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.................0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .B.%~@ /....."#.DY....$.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.481180607117062
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXuEQ0pD511TK6tG:BsR2Ese/zk
MD5:	F04BD64C8CE11E7615261110294CF8E4
SHA1:	D3DFCE1C782DA23E25A1566BC2E6159929E9E09E
SHA-256:	9A2CFC378189BBEB48A3FB1A06618210605513EBA4BD218543F814FA24CB9569
SHA-512:	97C3601E443D0F4351443DC8A77B72E1F88E51F90AFDA6CA863A3BF2D27735C4FBB10FF8D8A0182B93416B6B7ED703D4CC5CB59B690DEB0EAF395A5086B94A8F
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .='%~@ /....."#.D.....$.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo........c.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.645434370199556
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQDBQz+oB7OhKlvA1TK6txut:RbR16yy+oBJkH
MD5:	35CDABEB0A5BCC62A148A744A713E21F
SHA1:	6DEC24FCAD4042CF3A2DA2D1BCCEAB22B622B9E7
SHA-256:	06DEB80C8848A834D01312354A41AF7A0B73A976EDCF9CF35038AA1FA735236B
SHA-512:	2F8C8EB71A66BCED02CC856979E93AD260D4A983D30234CAEE84594A754E346DB0F9B2D7198BA277D40A193541FE2CD191FC4407BB8D0D21B22D22A8D8374A86
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...!~@ /....."#.D....$.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.......W.?........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.5621299694936335
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVuD9ASQdFt1TK6t1g:B2geRHRQvS0
MD5:	52CE467D06C43C7FC15804AD94516AE3
SHA1:	CA891094B0EFC611A4782A89144B747CF0E56F9C
SHA-256:	6F45CE573374A4616AF7F74ECD82540BF1E3F2462110788ECB07141487DEF7A9
SHA-512:	459CB68E1AD694C86A34FDCA2A7B8C04650811E262F27D8D714D418CA2FC39B4E8737F81DFAC258A0FE4C94349234E6DCFC0DA1DBF0DCC2E80178CD2ABD8D485
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..%%~@ /....."#.DC....$.A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo......fL..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	618
Entropy (8bit):	5.672842385717549
Encrypted:	false
SSDEEP:	12:WyeRlbkSt1w1yeRlt9At1w8tmyeRlq6yt1w5:WJjdfw1JnAfwdJTyfw5
MD5:	32900A908FDCE382F0FBBB6EEA5F9682
SHA1:	ED4637562CE9F751E5FB44F98E2B588CD34F14BE
SHA-256:	4085042ABDCD10B8FAF4216B847DE016A238E154DE163BAD690B1CADBD8840B3
SHA-512:	4A658BDA0199EE3C83F800AD7FA4F8A0FE891AB4E56AC45253AA927F855ADD15EEF7ED0C78F2E1CD9E9CD0185D59E3FF0BBBA129B7EF778AE541C24808784C81
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..n.}@ /....."#.D....$.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......Z.L.........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..w.}@ /....."#.D..!..$.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......[...........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .y..~@ /....."#.D.....$.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......\|.4........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.528478781673692
Encrypted:	false
SSDEEP:	6:mnYOFLvEWdhwyuTCm17KOqwK+41TK6tRv:wRhkCRwK+E/
MD5:	444766A9371826BCA58652373DDACA6A
SHA1:	F6D0D7362F3ABB2E35030DD1C785F876F24CDD1C
SHA-256:	CA60B71AF35C8F35737911F8BA72FFFFD40A429A13120AB6B10934BC5340B36A
SHA-512:	093FF5C811BE2D3EAB836DA47E218EAD78F644BD094C673A963FA083E3AFCACB59E02C819E0F4ACD34A816628DEB1557BDD54C5A2D1D8713485791FDA28E5A09
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ..r!~@ /....."#.D-...$.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo.......{..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	690
Entropy (8bit):	5.619900419990685
Encrypted:	false
SSDEEP:	12:/RrROk/qytdfLEXlRrROk/fGfLESNRrROk/gVKrfLEC:/PJ/ptd41PJ/u4CPJ/kE4
MD5:	D19971A0C81B25BEC9E1677F99F4BF7B
SHA1:	4F28C989260570C2F20389570EBFB74EB3ACDAF6
SHA-256:	8C6EF4FC0E1AB269ECE7E57E4C655990EF77B76C444F121C867202EF36D512F8
SHA-512:	4E86867E20A8B4E6343F4E4DE22211CA06B460735B27CC8BB4E83D2F40173C7F11AA72CE45344BECA6802D423795A19F16E4FED0228F79A835C468F2D46D2662
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..i.}@ /....."#.Dd?...$.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo.......U........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .2t.}@ /....."#.D..!..$.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......._..........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ....~@ /....."#.D....$.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......k...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.64037648250455
Encrypted:	false
SSDEEP:	12:xqThHQRKCPLn4qqTCTKCPLnX3qTBpDCPLn:A6RKMnsG2MnX61pDMn
MD5:	944000CD9B44A6C6D34D3107D232FBB7
SHA1:	AAD8EA23CDC5CABCC8B7EDCF66C317F4CAA319E4
SHA-256:	C3AAE12512EDB9AF25054778932F3D248FCB8ECC6D21FD84E66E414C6D1D308C
SHA-512:	217F959A78BCB182D65B5B812142B98607C506E15CFA07E9ACB5DBCAE61A637C495955D48F6DF8F1903031B2821EBEA0A2206E97C24E02765C91E30FF33043E0
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .a..}@ /....."#.D.u...$.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......fWd.........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js .&..}@ /....."#.DK....$.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ....~@ /....."#.D.3..$.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.643942511485756
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAuRIQXWmx/sEJ41TK6tto/252YOFLvEWdMAuO/XjEG/sEJ41TK6m:zRMzIQmg/sDcRMQ9/sDcRMZxsDp
MD5:	AB4543AE217F4F10F9969B639BBF8E28
SHA1:	36AB586C56514D13FC8858A5B94864415B3DA288
SHA-256:	5B0E91EF7E0079A428B15850D65B857070834A0573B060CD42545A1DB30263A5
SHA-512:	3D09A8D075E267A7EAEF93F5CBC896D0CB484C329826F89D79015DA28D1FA75C840A23B10BDE64AE220279956244D925F164B3F0348907B7DF4F8D184094D9A5
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..V.}@ /....."#.D....$.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo........K.........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ....}@ /....."#.D..-..$.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......q...........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js .6Q%~@ /....."#.D.....$.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......../e........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	630
Entropy (8bit):	5.62456348619117
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuaeDGMSFong1TK6tN8YilPYOFLvEWd8CAdAuzHMSFong14:6lJRS+FoMTclJRITFoMrClJRnQFoM6
MD5:	E3DE8FE1D48F9CEEAAF4C5E437674B1D
SHA1:	A76A1090A0A86A7560D716F261E77A1684700398
SHA-256:	E591CDDB037BB3074F70BF86CAD65D9893628AC166FD04D8BCDB0DAB7CDF4DFD
SHA-512:	87DD82713312443A85F25B290D2FFD282FF9271002E279FDD32AF5C58384A280EEEC21E5B6F0FF97A72CDE82430D7C67782D55F8E13598EDA76A01A54B8D8AD8
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .'Y.}@ /....."#.Dn...$.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......6^.........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ....}@ /....."#.DOY-..$.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........}_........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..%~@ /....."#.D.....$.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo........B........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	669
Entropy (8bit):	5.632568531988718
Encrypted:	false
SSDEEP:	12:F8hRrROk/l2Ri2e2C8hRrROk/lm2e2In8hRrROk/9d2e2:UPJ/Qc2/PJ/A2ISPJ/R2
MD5:	A29D87E6A1958E6AE7B906456A1E9E53
SHA1:	B2603901209F3A9BB618A7DE96AD1E134DD4CD71
SHA-256:	982444C521CCFEB98D5C0917712C71A6F2ECDE7C29F25166F202A8691F0F40B9
SHA-512:	A991D4F7E1A14A0960EE0F21610F85C559648C165600BE1CC775D97BFACC70053D29FE379F2332F35CD14A0F0C5EB6AE760D1F0147A02C4FCAE45B9ECAFC561C
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..&.}@ /....."#.D.[...$.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.........Q........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..C.}@ /....."#.D.. ..$.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo........z........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....~@ /....."#.DbN..$.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	639
Entropy (8bit):	5.71692579344226
Encrypted:	false
SSDEEP:	12:ehRcCygrNJIC2hRcCFg9rNJIC/hRcZrNJIC:ehRysJIC2hMfJIC/hQJIC
MD5:	E40B12715DDB6876160497AE6B7A05BD
SHA1:	ED25B43ED16AC44CC6194D3737DC57175F5392FB
SHA-256:	8A3F15DF6A20F1C4A18DD4D9F5FA96D4057EB3690FD82BD31596F1F6163340C1
SHA-512:	A81DDE3381FE48C7827F8A13256DFE411C4CE5319581E1CE1C2258A6E6703F75E494E95779C51E226A9DEB9D349385CAE88183A1183E1415D42F69C879B6FA97
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .\|q.}@ /....."#.DT..$.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......Z%.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .qy.}@ /....."#.D.E!..$.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......Ap.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .{..~@ /....."#.D`[...$.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......1..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.611441106366925
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuofatD6Lzgm2d/1TK6ttlllMOEYOFLvEWdrIhuhlXMwLzgm2d7:0RKfad0Reh/CR2GRe1RqRe
MD5:	7A451D2A30766A542F2F757769342367
SHA1:	C1AFC98C2CACC89A7D3F9DE7C756373296A30335
SHA-256:	5B97CA190F586AB68F439B317A32638CFE113F4269F71E49723FA193F7BE4DD0
SHA-512:	83E0ADF9FBEABA9C45E236D19A7207A13034977C098250AC7320A082257BC753809944B4D48E7EEBB8D73FE850077D88FDA954DDD3DFED75515AC270ACEB71FE
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .f#.}@ /....."#.D9....$.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo..................0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..A.}@ /....."#.D%. ..$.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.......I..........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ....~@ /....."#.D. ..$.AZ.Z}Q..4.o....0+..[\|..n:*..U.W.A..Eo...................A..Eo......K...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.634632105852651
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1KOi2kx56uvp1TK6tzlEAElVYOFLvEW1KymmQir2kx56uvp1TK6j:6JJKbAJJKaQymJJKSbGbKK
MD5:	BD4E3DE33ACEB99B99B570A164B984BC
SHA1:	F7473697B8B470FB8B5C6B99A72DD0E1974FDA6E
SHA-256:	2BCE9A6BE23D3B2D734670D13C8F8493619E76F2500823C8B9B5C2159482E844
SHA-512:	08F92F791B1C3786070FEA2CF6DB7E9D80F04F2702531E3491531A701D12F49F835A3B5CC9A46C8F8637A925A0006A9536626FDD1CE67CAE04C8B8FB4FA92D38
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .r<.}@ /....."#.DF....$.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......H*.........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .%S.}@ /....."#.D.5...$.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo..................0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ....~@ /....."#.D....$.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.632779666990352
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvu5Uw5ihUDLYtmOZn1TK6t9/:xRBJKXDcFZLb/
MD5:	9A1684FA154B0D8546E28FE805EBB57B
SHA1:	A64C60A05D0E721C45F1515238802920BBFED766
SHA-256:	046FEEE6224AD10CA35E3A068E235CF1E14954E513F2A274D8ADE75C45B87AFB
SHA-512:	8B21D15628BAF25D2CF3A33E424831E6935693BB9E2F3D7BE33BD564E035CAA5D4C28B9D8264669346CD3DF744FDEF5F89EB0C05903337887345FB5B8986A5CE
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .6M%~@ /....."#.DG....$.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo.......X.1........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.654385889500425
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp79WaVPu1TK6tbH/2sRPYOFLvEWIa7zp7zXlkdaVPu1TK6tq3:BPHSacdZPHkacyPH82acr
MD5:	70B43B965DBE5B2032350F5FBFB33CA3
SHA1:	9D1E2BEA6D8128F45D82497DB61F7508B6733492
SHA-256:	90D5CF9EC03664E3D1696E67D66DBF0DF0EA0BFD701753FC34A0FB124085A5A4
SHA-512:	DCF0E9A57313D5FA19F1DB173E555778857FFA1CBFCD2C7B2578C0567D2A6E81B4A09820EB014A35F495712B08DF7BCAA47E1FCF51E2DF7075F4E3679A6E2E3F
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....}@ /....."#.D..{..$.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo......._..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .N..}@ /....."#.DZ...$.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo........mv........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....~@ /....."#.D/k...$.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.589768859327156
Encrypted:	false
SSDEEP:	3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVWiK1hs4XVAZ+8cV3vRm1TK5ktC:mKPYOFLvEWdENU9Q9iehDiM3Y1TK6t6
MD5:	225143D1B61694B2E126FB311F98C641
SHA1:	48B7AF01C039865C5E38E9720B8E8215B4E89C16
SHA-256:	A0DE54D272DFDD92A3A5B1783BA0AC17815F5E13722ACCC2B2D0322320BAD148
SHA-512:	4B0A03EA5BD13A0AF70CD2B20539C0A3E33DCA8F78FB4A33A0E72192B28808C44067F033DE5BF152F2723C43B72BA982FCC92C33D06EB35EC6CE05EBDF5BB021
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ...!~@ /....."#.Dt...$.A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo.......,.7........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.6197764310588205
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQ5mZQjBRCh/41TK6tS9:XRc9yrDi/E
MD5:	D142127FB550D74C93A94C44FE800972
SHA1:	8476CC5887D4E301C2061F2279BA4FE48E8B3845
SHA-256:	638433BF7D669D0E31B3701375FA3415E7843A618C377EFB6FF559B564C44ADC
SHA-512:	D84B1D176EFA53210ED7BA42F64CBDC00CEC356096BB74D1F805161C45E1E01A23893AE3FA00426535CFAFC617995BF0A74CD15F83BB0B0603B4CE38C9929F72
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .H.%~@ /....."#.D.d...$.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo......v..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	462
Entropy (8bit):	5.609632401639627
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhuYQNULlF4r1TK6teqs6XYOFLvEWdFCi5mhusflQ5ULlFh:bs6xRkiW9LlF4nds6xRkiqbLlF4n
MD5:	BF1122DA86C89A11E5D0DE6F344E4C51
SHA1:	892E7BC16B21CBF725EEC05FF0A1DDB1D4FBF18D
SHA-256:	061089D293D01DED89081779D494CF2E27DABF2A1327DABABDA6660998B7289F
SHA-512:	C6CC6C64A5E92C48EA8F466FE5820F9D012959F4D788FCD1770F94182A9869B743D3567F1F6F4B740611579CCDF5CAEFEE7217A1426E8435942D7C0D46D538B8
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ...}@ /....."#.Dq<...$.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.......u.........0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .}..}@ /....."#.D.4"..$.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.........U........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.48795719120179
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFv2FQXYRGTcu1isLK5m1TK5kt9X:mhYOFLvEWd/aFuEFQXK941TK6t9X
MD5:	597F91F1351AA6A3D4B30033C369D6E3
SHA1:	2163EDEB5D53ADEF23E15B76EE910774B9C4F1CE
SHA-256:	A8F79DF504010608C57D39991510251A1172DE5FE0092E011A4E311C04FC20A1
SHA-512:	6EAF8993C86A94833C171F3397D0866D237BAE179508EFA7B39F065707656DDE72D358A27309B2406B1A07A3F43AC3D8202349B01334456D8137B0124DEBD12C
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .f.&~@ /....."#.D.{...$.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo.......A.2........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.526917886013214
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQSmyoBMqVd3G4K41TK6tF9/:2DRuRxGB9Vd2k
MD5:	88D83E5F0CBC3A67A6F5D877BBE07BD4
SHA1:	3182D476ED0D1270D7FD654C4CB28B5143C61227
SHA-256:	93FCFF15277209101490F50F10A59F53448FE34AACA9617F79DC83CC3B361006
SHA-512:	05AAE77095774BC20705E06E2281895131BE691624E0608235AABC6A966CBFC48478B691A76FF75A30E3125DDA9363C180C6146AD2DAAB3F9A4520190FA05B46
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ...&~@ /....."#.D;S...$.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......AQ.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.6117125726114825
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9Qy3CSOuA424r1TK6tbNMkqYOFLvEWd8CAd9QL6JacSOuA42y:+RQ9CSBrnpN8RQnUcSBrn8RQnIHSBrn
MD5:	14A5891CB5BA77E0CE8B9E0C1005FD0B
SHA1:	E6FB461883E2D0775B2ED54416D1FC947E1BC1C3
SHA-256:	1472B59ED76391D0EEC425BF2546D90B001D9F0B14F62DC795BDBED9EEA074F1
SHA-512:	C51BBA7CA1612D707785452BE60B60FA7AE13B42414BC9246D2875FB941598F1B1EF3ABD6CD5A2D2186880AC9ED3D04DCDACB4A3703A1E17A43911A3EDC01755
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...}@ /....."#.D.-..$.A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......4...........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ....}@ /....."#.D..0..$.A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......l.p........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...&~@ /....."#.DB....$.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo....../.1.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.540579196217641
Encrypted:	false
SSDEEP:	6:moXXYOFLvEWdENUAupyDIyC8n1TK6t7k:xhRTSI7QR
MD5:	8AB380802C6C671CF1A1C0444444D98F
SHA1:	9535A1348D2910732B7EA35DA4C28BA3FA45043C
SHA-256:	E2604D2FBCC9B67DAE364B2C37E9F85C4C67CD9A5ACE4159E6B610164E98E66D
SHA-512:	D742BDD90ECD3ED593C8B5FAE553CFFCF7BCC59F0C926606FEFF87815B39D5CCCC04A203D655E8DB0EA34D6A6C6C97D541AE15332A1419A9FAFC5E8E61E1261B
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js .Bo!~@ /....."#.Dg...$.A8.../...;.\\o....1..........+..A..Eo...................A..Eo........E........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.6204433681734915
Encrypted:	false
SSDEEP:	12:nRrROk/VLf6NmpRrROk/VQuNm5/RrROk/VjfRYBkNmJ/:nPJ/df64pPJ/yu4xPJ/1fRYy4J
MD5:	11990004BF1B88BB9F265A14F4CAD68F
SHA1:	0A548F5D14623573C8E0850876FC997D0CF0DD12
SHA-256:	69847B05B8FC51E7FCE0C141E23883EECFB0F4D0E7E64F67708A2AF9E462387A
SHA-512:	F9A3436F7D7A3863DECFBA9DD097D40AA03DCB48AD9CEB405C72981EC7750FFB36FA1D07521E9F5DD91C6DC1357383DDCE22905A3AC05FE192B4AF76ED436CA0
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .Ls.}@ /....."#.Db-...$.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......W.0o........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..}.}@ /....."#.D.`!..$.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......H.X.........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ... ~@ /....."#.D.....$.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........3.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.5531819687578885
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWu6m1fTAdm9741TK6tx:qxRcNZTAdu7E
MD5:	DAB2D9062FCDA5392CA7C41F0E9523AB
SHA1:	5E78C78D325E94E40AC899154DEB69D0AD35D6C1
SHA-256:	E893C8B7F822144687E0B18834B3B604E3601A9DC96BC1BB6DDEB0621C3C40F5
SHA-512:	E3B019E35DE6A3255D6CD7FB5AA38A88B81F282C886D7EFC74F922336F19531536898CF6BB34E296AAB92BE5B3E2803D8E6D74317A5F143EAC6A632BE9E33DC8
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...$~@ /....."#.D.....$.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo.......l..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.564626879864794
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvA7nXK7Pp6shoq+Nem1TK5kt5X:mMOYOFLvEWdwAPVuy7XK4Jn1TK6tJ
MD5:	6D8A017E9B65ABF524B53D60A944C8A6
SHA1:	027B07F8158A25B45E9A642E1409288C63E968CB
SHA-256:	AC8E4BB19426928DBBA75EF2F89F07049502527207B743876D2409D1F8AE56AB
SHA-512:	B3287E8EE0512869B5E4C89562F4294A308AE6D8F6ADAFD7DED8CB75541DD5174CD6692AC080FD600493F584ED19919C110245C3319B0B8C5552F61FAD4253AA
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js .lk!~@ /....."#.D...$.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......%..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.6510475177807615
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQ1e5fzhcsBXIh1TK6tD/:mxRBJQ9DB0
MD5:	00207BDA0DBA0CA41F189D71DFC1D401
SHA1:	9479AC43D8204106C4BC2E2B5DC16D46591D1284
SHA-256:	84416256009542B1BDD70DCB66D68E8384608F8887084EA8BABAA1066442748F
SHA-512:	7D851E6FCB577E54B5A1C94F485C1ADEC83CAD3420A2DDC0655EE131B69E3E010662E2C1B136D2A3CE259F64CCDD845185724AA854114A83B64022E4D959C23B
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ..J&~@ /....."#.D\....$.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo........Y.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.627062653235516
Encrypted:	false
SSDEEP:	12:3RrROk/sqaAcCRrROk/sZDcr8dRrROk/sOvc:3PJ/qVCPJ/cgr8dPJ/y
MD5:	3807D657212B68CB2AC0DA95A16AE9FA
SHA1:	3896B3925852FACE9D1EE67D41BAE1F99F56E058
SHA-256:	8093C5DE25DB4DE0B665220F6FCAD2EA0A167B723E5CDD0E56BCC04EC1E3E4F3
SHA-512:	542A44BECAA60103F62DFF0E195C1BD402F4B8F99D79ECD1770ABB0B272629F9774EDA3CFC38F327DD45B5143D8932099407CBE940C08A0C1116EB1E4267E67F
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ....}@ /....."#.D.....$.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.................0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .H..}@ /....."#.D.!..$.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......7Km.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ... ~@ /....."#.D.....$.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.08585004323195
Encrypted:	false
SSDEEP:	12:tyrUofTuZG6RzIXMzlFPRlfLIcIe3MB8V7hIABRoojyjVGB5t06MfWzd16kl:ty7qfOXMHoOMByZUojyI+Vuzn6s
MD5:	6A7BDA3F3B5A9940A5C26E7197AF9861
SHA1:	86F195B969788D96EBFAEB09C97B46A43AB4033C
SHA-256:	C6E57798362947AB562F60974794F0F64CFC7668540CC075EA6E729C77071882
SHA-512:	6CF725DDDFCF568630162E3D4F1E45F4BCDE7903C13C397E12AC06C30B948D75876AE1DE1C713943879EEE39C1EB7F8355C8F30EB8EB7EA59C47EB82C715E640
Malicious:	false
Preview:	.......]oy retne....)........T............3......~@ /..........v...q.....~@ /..........C..M.....k...............#...(...k.............]...I....}@ /...................}@ /...........6<\|....I.~@ /.........<...W..J.I.~@ /..............oB.I.~@ /...........a.....I.~@ /...........;.y~A....~@ /...........P....V...~@ /.........F..=z;....~@ /.............o....~@ /................~@ /...........2q.......~@ /.........Gy.'.h....~@ /.............k7A....~@ /.........:..N.A.....~@ /..........;/......~@ /...................~@ /............P[. q...~@ /.........,+..._.#...~@ /..........J..j......~@ /..........@..x....~@ /.........)....J:...~@ /..........&.S.......~@ /.........A?.2:.....~@ /..............q....~@ /..........u\]..q...~@ /.........!...0.o...~@ /..................~@ /..........o..k.....~@ /.........^.~..z....~@ /..........[.i..%....~@ /..........+.{..'...~@ /............MV3.....~@ /.............D.4....~@ /.........=....m.....~@ /.........+.U.!..V...~@ /.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.244430610910203
Encrypted:	false
SSDEEP:	6:mzreQiQyq2Pwkn2nKuAl9OmbnIFUtpAreTQG1ZmwPAro9YQRkwOwkn2nKuAl9Omt:Qr9iVvYfHAahFUtpArbG1/PAroiI5JfC
MD5:	F7173A487E289AB79C847E9593EC0656
SHA1:	D0978A783F9AB7E46D985FD7CED7B61B62BD1515
SHA-256:	B700BA6BAC252396EB99361F51592CCA0179618E7293D7B562261FDA731FF816
SHA-512:	0B781E476E369E429CF99AC22C4A35E9B5DF582718CB462165FC5B07EEF8ED782D70D60C12DC0C0471709977E9E9169D6F6355D402D4106CFBEBF8721D92481C
Malicious:	false
Preview:	2021/05/06-16:34:22.895 1270 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/05/06-16:34:22.896 1270 Recovering log #3.2021/05/06-16:34:22.904 1270 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.008399703044392193
Encrypted:	false
SSDEEP:	24:TmbsmbPXytHwytHwytHwytHwytHwytHwytHwy:TmwmEHRHRHRHRHRHRH
MD5:	05C31564F5D129E37A363E150A042D4D
SHA1:	FA62CA0C75E503D2C5E83FE48A9846CD48FFF480
SHA-256:	64044EF0EAA6C2CCA1F6D5E32B8C1AD305D642A8AF7F91C89CACC2BF8642C5D1
SHA-512:	895CB367D69A3A2D619868DBDA6DA0EB5FFDC20D6B9B2740E7CAE3F9ED91F29BFB9DBA5FA68E72998E92AE68B66BAB551A53B48575B3CD1C27ABE3C923E1FDAA
Malicious:	false
Preview:	VLnk.....?......).0k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210506143417Z-194.bmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.4221016268339233
Encrypted:	false
SSDEEP:	48:JCf/885K6bNX8VAgXWDqdPlPUtO0ORf06xgw8+dar33qwh6btQ:JY5fXiQD9IpRf06cCAa7btQ
MD5:	F53D86D5AD81108A823E53D914D0CA85
SHA1:	3974BCD963FC20294D78D9957C8572BFB7B7034D
SHA-256:	409B1216267185C0ECB13E0683F6054A2EC63CAE85CDAA80467F2513D9E00E76
SHA-512:	3E4B5EF5944B30CE83B8FFD48741EA9795073451B314413A424B6F0F2606886101EA48F7CFB6474BDA3ACA747959392EBACCD799FDDE699DD725EF060A00CB1E
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.4501138205969237
Encrypted:	false
SSDEEP:	96:k49IVXEBodRBkWCgOOh1CK449IVXEBodRBkWCgROh1CKI49IVXEBodRBkWCgROhW:HedRBBedRB2edRBredRBe
MD5:	014E26A84C8E695BF36E55A0D88B7AF2
SHA1:	5B4463128E361226BF5FEAEBDEC7D22753349236
SHA-256:	56E54F2EDD5695430C5FD4FD650B1F376B0149F8472213A62B6857D8DC7CC026
SHA-512:	12CC76A163A4D5F784E771810B19D0A05F7F0CC0A4F2A60923C8193C005B4A3622A224D7263C1E5D058BCA507FC26F560553BBFCDEB613AC0FE278CEE2769906
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	modified
Size (bytes):	34928
Entropy (8bit):	3.3165562986169372
Encrypted:	false
SSDEEP:	96:0CgOOhZCPa949IVXEBodRBkOCgOOh1CKpt49IVXEBodRBkoCgROh1CKAd49IVXEy:aiedRBTSedRBrCedRBIyedRBY
MD5:	3F1957342494BFE874945C64716B7653
SHA1:	DF6ABD66C67260B8C740F873C69C97ED9E2AA7A9
SHA-256:	9D2DC0B3A18AE05184B8A76BAF7D920A11C77AB36155917F7630BAD2B9706E59
SHA-512:	4B3C5FF6A2612BDAFA2BBD4669C2A8A37E4234B982240A14A134A1895FF0D510235EE76BA9A7074E2F2C536C14364DA2462F5C96DE0800A810F94854AA96A289
Malicious:	false
Preview:	..............C..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.7152 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	157979
Entropy (8bit):	5.174259815365338
Encrypted:	false
SSDEEP:	1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3++:RNj3aRlQShhp2VpMKRhWa11quVJX+
MD5:	159ACCAFBA209FBC642499809CE2B513
SHA1:	6D94F57B63CE3BE71EDFB081ECB848B7D06EB2BE
SHA-256:	ACE286E29DFDB19080E514F3447F46E0E4ED658263AC209A9B4BBCECC36139D3
SHA-512:	E02BD1B88C1188CBBD4D6C1F5B31A44A278B213D991C6E9B9B06C620D66B1290DFBDF6D7BF92082D51A146C8AF772DAA659F9C2DC0A416C6BA9BE14B89C6E8B8
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.7152 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0Zl9lcD7arkTYziExf3ie0voy46YYyu:J0GpiyVFihlDcD7arkMziuf32YK
MD5:	623979B25F13607AA64863429DDAA7A5
SHA1:	4A28EC104753A36170AE5C22BBE93D3516A67D8E
SHA-256:	E09E235CFEA5085EAC0280F6A81D43FD9B7B5E96FB07C185A5251D88F783CDDD
SHA-512:	6444EE93239B75AF79764EECD9FBCBB72E3AD50D31BA6A296745A933D3A7A62E7B35BC792DB6FAAE982AB10A5BD98D701F5D62E37447F90DF28A21F67DB03C43
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{446DB64F-AE78-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32856
Entropy (8bit):	1.8453775588975403
Encrypted:	false
SSDEEP:	192:rYZLZ42RWMt5HfQCtZxFzW9NDiHBUytwx4j3:rYdvg45/v8HC7r
MD5:	CE06B40459E4F48844C8639A119044EA
SHA1:	5209ABE86DDFB790AEBE96EB3916A4363710AE74
SHA-256:	EFB16C58C56BFE039F7C197E65CA39A1EC1932820CB037CABD616F574EEB2544
SHA-512:	0C2F2BEFF62B15E9CE6E36C15E243C29D17D6340F3B7BE5EFEC31567ACA3FEE58CE7348F61B0463A06ECDBE86B9F9EFCA61F6B277DA2A5DDA037C666DB073EC0
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{446DB651-AE78-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	26524
Entropy (8bit):	1.8754659228768553
Encrypted:	false
SSDEEP:	192:rWZlQdikcP0kc7DFKkcjuWkce2kc5vkciPkcRO2To5r:rSaw87RK5lVw4US
MD5:	DEED14A0B7A075CDAD85ADA84A75FEDA
SHA1:	FD2CEB6F052F254FC83A0FB51ACB3C3B7528009F
SHA-256:	C49CE2327ACB45DA3EA5E8BD922AD63356436132051104C2C6A664C390AC5AC1
SHA-512:	C338FB22A79E4F608E98256DD2E96CC4989B94FBFA4DEEA6BAE95620D4292A9BA0502293A8D91B747213159956A61AE633A957243E62FE050B87F8BBCFD88176
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4BE10DF3-AE78-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5659379840820042
Encrypted:	false
SSDEEP:	48:IwcjGcproGwpaRjG4pQNGrapbS5GQpKEG7HpRETGIpG:rcZwQn6tBSTAPTAA
MD5:	538B00093EF5EFB2AE08CE7ABF6C35E0
SHA1:	74C0C81EFA62B5007560847C3B9D97D34314951A
SHA-256:	3AEBF6A0338600C3C92822DDF5C46B0519A573623E5E4D46DB931CA09A3C4426
SHA-512:	2243BBFF06698A42EC1311ED8F7EEC6329F8E7C1BEDA4188E942067F6274337AFBB5DF8B9653D2D0FD2146DD4279EA530EE50CA0447EFA759956B17223969049
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1026221446859195
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEnoKyMoK1nWimI002EtM3MHdNMNxOEnoKyMoK1nWimI00OYGVbkEtMb:2d6NxO2SZHKd6NxO2SZ7YLb
MD5:	41DD918122D9E26BD2918A9717079273
SHA1:	B20425440C3D510D7AF0E19D340BE461DCDE7CDF
SHA-256:	DAD3CA37785981597885312A8714F4D28A0BDC823F7EF82C8D0D27CAE04B9D66
SHA-512:	3932425896BD569C107AC723061052013980576083F143CB6D0F3ED7760A7B5B4214B3018752CCB5EDB79A68CDBA523208CC7746ECB7762316A02AA42014DC4E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.141185599533713
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kkRKyfRK1nWimI002EtM3MHdNMNxe2kkRKyfRK1nWimI00OYGkak6t:2d6NxrHhASZHKd6NxrHhASZ7Yza7b
MD5:	1BBE9E27A2286EF57BADD6A1FE22BD27
SHA1:	986992CCE4D6A6CA7BEE0373132C483BBB31AF82
SHA-256:	3EB0B22B448364E5E27A3DEA4E634C00FC6B63B20B8B7B1E56AA046CE80000A2
SHA-512:	3701C4A35ED5E362C8B496BB2F7C6FE03348C534348461729C83960B72B6738DAB518D172962675048059D5186C0FCDE5894EDBEBEE444D51C6212BC93BC16E6
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x1cd86fc4,0x01d74285</date><accdate>0x1cd86fc4,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x1cd86fc4,0x01d74285</date><accdate>0x1cd86fc4,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.130415534919135
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLJy81nWimI002EtM3MHdNMNxvLJy81nWimI00OYGmZEtMb:2d6NxvvSZHKd6NxvvSZ7Yjb
MD5:	E6E16212EB5A397685EAF5FD7538EFC2
SHA1:	613F5E37DEA1A9746890C15CD0B4CA8A29259155
SHA-256:	7902C8E3A60C8485DC8703990608DE8F6F4E5CA41F9D16E514380C9510A8E116
SHA-512:	F394C8B57E3392F25561792B14FF02E131CC914FCBC24D66E8D4F1347E1B7BE74427B1000A94BCEB728316F61AC870F672B1907B1777967D67E50057FECFC983
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.121465485513259
Encrypted:	false
SSDEEP:	12:TMHdNMNxiBkykk1nWimI002EtM3MHdNMNxiBkykk1nWimI00OYGd5EtMb:2d6NxgWqSZHKd6NxgWqSZ7YEjb
MD5:	4E8E032A72DC7695F896241A28567444
SHA1:	1C3988FE27EBB4D31831A3C51AA48FD9C00EB032
SHA-256:	59642F15A0405A422A54B82724E487D6E6DCCCAC594BF862E305AF6889815915
SHA-512:	42DDD90016B4DEA6EC3CDFC38071F2CDD3FEBFB5CC36BA0498BB74DC3529D15B282622FAC3216EAB452CF243AB9DC97FF54566FA73327FD95F97F82AACE335AE
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.146800938518671
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwJy81nWimI002EtM3MHdNMNxhGwJy81nWimI00OYG8K075EtMb:2d6NxQOSZHKd6NxQOSZ7YrKajb
MD5:	37CE655F02C13C4D2E1B781B7589F75F
SHA1:	76902DE87FD88B5FD9C014231CA57B19F84122F0
SHA-256:	3B1F59733B179EF8F125313264036D098ECB741B381A8849C9AC394E55203206
SHA-512:	4EF6927EB6A3740A18CFD2C4489DCDC9774413C1B8E69713C3887224EDD91238F69FBCFE3B174EB0F724C14316250D8732A844C11BC1119CB305EA542A215FC1
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d0359fa,0x01d74285</date><accdate>0x1d0359fa,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.103873963794306
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nnoKyMoK1nWimI002EtM3MHdNMNx0nnoKyMoK1nWimI00OYGxEtMb:2d6Nx0TSZHKd6Nx0TSZ7Ygb
MD5:	3DEC110B034C1D247B0F305A2E9F99EB
SHA1:	6768E7FDDE6DA694FCA2E8ECC2BA2A2F899E5A40
SHA-256:	EA2C034723FEABA2C4B53B3FD4A5676ADC5FB9CCE35AA482243459F47D70273A
SHA-512:	D669EDEE4017914948663BFD5D2210EE974BADF0E387535443F81BBD2AFD39B574D9AC21575BD24937FBC27605E0D810A69202168E77AC079334877DDD2EC7A3
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x1d00f79f,0x01d74285</date><accdate>0x1d00f79f,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.14547309256056
Encrypted:	false
SSDEEP:	12:TMHdNMNxxBkykk1nWimI002EtM3MHdNMNxxBkykk1nWimI00OYG6Kq5EtMb:2d6NxbWqSZHKd6NxbWqSZ7Yhb
MD5:	9740B1E0F4373DA1B34E69615B6588D8
SHA1:	F02BAB200351DEDFB414A0387ECE7EE35A9D6235
SHA-256:	E5CCFE6B5435BB48B642A7BB089CEDA341E87794DCC9C3A1C13DEB090897B5C4
SHA-512:	9EA5CC8EBC1E1FF2FDABC7BBC6ECDBD91484F2AB394D681059931CA82D7F275024CE6CDE41B21ABCB2AB8496D14F36E62B132FC5CF1F9836F45052A7F860FC61
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.110560972747286
Encrypted:	false
SSDEEP:	12:TMHdNMNxcpUkyOUk1nWimI002EtM3MHdNMNxcpUkyOUk1nWimI00OYGVEtMb:2d6NxAHlSZHKd6NxAHlSZ7Ykb
MD5:	34A9FEAE45B7ED905BB3727B9C30BA73
SHA1:	23CDEFF274222AB1478500703F3E17EE749CC344
SHA-256:	2ADD5A6D3BF661386AA4148C22762A4B4E2DC2D74A0C3719572D81286C59069A
SHA-512:	83D752D90C6EE186BABEC56EF05FF7DA8E761B132BCC4D29B7A6713E601196EB4926CD404FD61153BB8DD9801AB3BFDE17708B424C9E36B3605FDD94A1E374C5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1cfc32e8,0x01d74285</date><accdate>0x1cfc32e8,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1cfc32e8,0x01d74285</date><accdate>0x1cfc32e8,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.106697766719956
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnBkykk1nWimI002EtM3MHdNMNxfnBkykk1nWimI00OYGe5EtMb:2d6NxJWqSZHKd6NxJWqSZ7YLjb
MD5:	1DE75CCD54759CDD3AC4CB150C897AE4
SHA1:	A7461E1CBA3B4114D794A433E6E13491F266F33E
SHA-256:	57C2E0021044088DDA8A2C31FE9D02159CBC475153368194B02FC6846EE67F70
SHA-512:	5DA689E82A6D9A20A8AB6B7376421FFFBBAC307F0CFE6C63F402F1E71E441E73EAB0C5E5AAF6E3254711291FA0ADE7654727E66606DAE9A5BFB3F3240DD31649
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1cfe9530,0x01d74285</date><accdate>0x1cfe9530,0x01d74285</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	1318
Entropy (8bit):	4.979084986959477
Encrypted:	false
SSDEEP:	24:Kn9k+5QOyrQZ9FjFjFjFAZ4qCYORlzi+fzi+fzi+fziAVR9e:Kn9yOyoBBB6ZvORlzi0zi0zi0ziGR9e
MD5:	5D49B28460997996C5E799C2287C87EB
SHA1:	7A87641C3C034AE2B1F2FB5B6C4A5BE912014A54
SHA-256:	9F2632A9AF638BE18A3A41FD407D9BCFCA2F6C4DD4E107C5759C26E3DBE4E330
SHA-512:	4B67B95BDDF36912E4990EE9E756A59A80BAEFB89D6F2A2DBE5E206737EE5003D70D30F92A001E57BCD222179443677D8A51615F4780B1884E8EB47BDF818D5E
Malicious:	false
Preview:	A.h.t.t.p.s.:././.p.a.l.a.c.e.m.e.m.o.r.i.a.l...c.o.m./.m.i.c.r.o.s.o.f.t./.O.f.f.i.c.e.3.6.5./.i.m.a.g.e.s./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ...........................P..$..%..%..%..%.."...}.....9e..<h..<h..<h..<h..;f..c....2.....................f.w....K...N...N...N...N...L..Iq...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...2.....................f.u....I...L...L...L...L...K..Gp.......g...i...i...i...i...f........................................f...g...g...g...g...e...........g..i..i..i..i..h....../...........................j...d....{...}...}...}...}...\|.6..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...f.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	153
Entropy (8bit):	5.170190165624896
Encrypted:	false
SSDEEP:	3:gnkAqRAdu6/GY7voOkADFoHDnKXI41J2T6WYsQQKhcITL1bEyVFOyVUYLn:7AqJm7+mmHLlT6RsFOcI9bbVgyKYL
MD5:	9A69E690B6124238B645D61453B0D96C
SHA1:	2BB6C391196FFA1F2AE589636C0475AE2CDFAD1D
SHA-256:	6114D63FFF050D9EDE92475B17A15A453B56C6447CB75E4D4C2F77ADD3966418
SHA-512:	50FFA0DC47B080A1B958B8EB9388129AC6EAD8247B33D972870EB566B3C3BBD28D9CF83C4717C465711DEF81DD1446F60E00A2D0811D78B7E711E92670379412
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Phisher_2, Description: Yara detected Phisher, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Y2hyaXN0aWFuQHRvdGVtLnRlY2g=[1].htm, Author: Joe Security
IE Cache URL:	https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=
Preview:	<script type="text/javascript">window.location.href = "https://palacememorial.com/microsoft/Office365/?ss=2&email=Y2hyaXN0aWFuQHRvdGVtLnRlY2g="</script>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\forgpass[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 121 x 20, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	713
Entropy (8bit):	7.532865305314849
Encrypted:	false
SSDEEP:	12:6v/7WGu/MYrBNPY+iJy9aiXYgAITAmdQWjCxKy8wQg+dBH6m67tjtbYjGNgUFu56:3TrBNP7iJy9adGrQWjoDZOSUGNB4vOOm
MD5:	B19CAC60E41C79BD974C1080088C6FEF
SHA1:	FFE553D8CA430DD309494E910A989271648A4DDD
SHA-256:	E29DB32031DC537AEE9CB557B408395F3324F1E0F744349C0CDF943A3AF39296
SHA-512:	04169E96DD18AA3BB6A56D60388D05CEF24418CB109A7613E2378F275E65BE57A1D4057E12BB90126A07CAC89578830A66E2036835CE0817CB6E22BC11BA0A19
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/forgpass.png
Preview:	.PNG........IHDR...y.........&.......sRGB.........gAMA......a.....pHYs..........o.d...^IDATXG.V...0..C..H..-..."U....Q...]...xn......yz+.8.;.B.z?t..C............=.7.t9....hj...B..Q..y?.N?^^.\..}<.3%t<...R,2..D...&..s.:XAkr5,..D .J.....u.a...nl%.c.&4...k.,_..+7.B.Y.1GEyA-.......#p..b....r.nSb.....tu.F.q.^...b.B..?/.6....s4`.C.. ..5f...:.._p...._.+.w...[O.S...@.I.d0..."i..hcLA^.......<F.t...VnIEQ.7.C..2.P.^Ekhg.Hx.$...%F..%@....K..l[.Z#.cN.jZY:hg.Z.E.aYk..RvZ.....{....LH.[..bK.\|... ..}..Z..G.*.\|j.t.k.....ON..a.1..D.......$..pT.v..8.J....F.....1..!....D\y......g..n......#<..d.q.i!0...H>z..ZA\.-.].4.......G.....8..e..f..%Z....z.7....E...}....~.Z..^x....Q,.........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sigin[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 108 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	736
Entropy (8bit):	7.584671380578728
Encrypted:	false
SSDEEP:	12:6v/7KF/hTNSsk9V/G4ifz5SwtGfgzKf8v2zbuht0NNCXxT52FBrORsnwClc:N09NG4iL4WGfgqo23v6XRW1CI7lc
MD5:	681B83E88BA6AACCC72705FBF9F2257B
SHA1:	D69957C47026108511225160BE9BD15788D26E14
SHA-256:	F32A760F15530284447282AF5C7D0825BABF8BC4739E073928F6128830819F7A
SHA-512:	393795EAC16AFBEFA38034360C7C886FEA65016A5CEB55E1A91718474B0AE8F3AE7DFC0EA7F6C1C97334C1C6269B702A1C85236A398B78E16D19E696F2135216
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/sigin.png
Preview:	.PNG........IHDR...l... .............sRGB.........gAMA......a.....pHYs..........+.....uIDAThC.AK.A...)Th...!...^....x.......S{K.'.O...[.'...K".I.K...Pj.B(T.$...tf..M"....}?.2ofv..?...!.z...;.+0A.c.......".3D0f.`....1....Z..M..!g_U.p........X..aX...Y.+../K.91l9{.....h..>...;...".P..V..*.">Cv....8.$.V.8.%.v..bJ...Sw:c..]D:.LcT.6...[.}N.wi....1.t.#....O.a..E.....\|...n.p..i....v.3..$.^...\|.;-e;s.g..Y.F...c......u. .L..........1jd.h.w&v6.T.>..A...nXVk\|i..{Wx..1.i}a...n.5]ok....<...z..+h..3U=n..OqX.j.....j.......m.x.E..\|T.U..LFK0.......:`...of....c....._.Kgb.Z.l.C...wu.\.>u.]..z00+....4......7.!.0.2K.XY...O:.Rw...M..7...y...3.FtBb.....3...7....D..e.\|....!1x.`....!.1C.c.......".+...\|..z......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ellipsis_white[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.877322891561989
Encrypted:	false
SSDEEP:	24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	5AC590EE72BFE06A7CECFD75B588AD73
SHA1:	DDA2CB89A241BC424746D8CF2A22A35535094611
SHA-256:	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
SHA-512:	B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/ellipsis_white.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterpass[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 170 x 29, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	1446
Entropy (8bit):	7.796535000569005
Encrypted:	false
SSDEEP:	24:5CytrnsaVZjZ6+qQALzcF6zSyf/UTR8F2DFHTT6bFol73+M2XdU4:5HQaVZ/qQ7Quyf/UVIb+J3+MqU4
MD5:	BD6E291A9A3CC17ED37605E4FF0010CC
SHA1:	6C1EFD74231E3D253E0F51E4656ECED2F3335D71
SHA-256:	706DE242E7C3CFC4B16BA8174723F26FB80566C3171E9E795F057476011A5DE1
SHA-512:	D940D950167404FE53BD6A7AABAAA8C57AC58878AAD045B9F09B1FA331743A8DB5ECA2568F7E1C3D92EDA4C3AC8F1BE11240917102862F65BB0372EE1D82B333
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/enterpass.png
Preview:	.PNG........IHDR...............`.....sRGB.........gAMA......a.....pHYs..........o.d...;IDAThC.Y/..<.~?..T..U..B..PU(T?...U.Z.BUUU..PU.I23.@`.z....n.f&.?....+..U.Ec...X._......E..... o...2.Y.Gw9.Y.....+.5....np..a...X._4~_~i...E....`..k...)....z>$..?....~. =.b.F......8.k..X......k.".#3.....8D5&N.V.....m.Q..7h.S.rhp...t.`.....0.L.q...9\|JO.pp.Nzl...X..i...C..L..R..D.....2.n..6......\.F.............o....9..8.ZJ...S...K..5...yz.6.FF.45q.X..?.......E/..Z...;......A.7.^/..Y...S....4......nE".B.........gA..(r..@N.6!>...).g..;mu....9..3.`....G. .i.ak.}`(D.!.4.g.OLb..{..#...e.....%.s....O......Y..<li.Dd.=...a..Y.5.x.;l..J.....[Pp...:.Yhc?..U...9.aD./:.\@w.x..4=....8.}s0L\|"..O.UB....ls3E.fT3.. X0+..7.....[.@.....\|i..:.yF....E..O-...Z.....:>..s.VO.83.t+.(!..b<.qB1I...p...\mo.......)..)O~..?..U.E..`o...lvE}..tU",...V.v).....K..S.x.......tL.3..k!..u+.....k.C....S{.N`._.%./..r#.}._.N.N.]`.\|..j..O.qV.a........V.....03......k..T:a...;...&. =G..qkr.<..&..`.c'.Pk.."o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	4.895279695172972
Encrypted:	false
SSDEEP:	24:NrQZ9FjFjFjFAZ4qCYORlzi+fzi+fzi+fziAVR9:NoBBB6ZvORlzi0zi0zi0ziGR9
MD5:	7CDD5A7E87E82D145E7F82358F9EBD04
SHA1:	265104CAD00300E4094F8CE6A9EDC86E54812EAD
SHA-256:	5D91563B6ACD54468AE282083CF9EE3D2C9B2DAA45A8DE9CB661C2195B9F6CBF
SHA-512:	407919CB23D24FD8EA7646C941F4DCEE922B9B4021B6975DD30C738E61E1A147E10A473956A8FBB2DDF7559695E540F2CDF8535DB2C66FA6C7DECDA38BB1B112
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/favicon.ico
Preview:	............ .h.......(....... ..... ...........................P..$..%..%..%..%.."...}.....9e..<h..<h..<h..<h..;f..c....2.....................f.w....K...N...N...N...N...L..Iq...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...3.....................g.w....L...O...O...O...O...N..Jr...2.....................f.u....I...L...L...L...L...K..Gp.......g...i...i...i...i...f........................................f...g...g...g...g...e...........g..i..i..i..i..h....../...........................j...d....{...}...}...}...}...\|.6..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8..0...........................k...f....}...................~.8../...........................j...e....\|...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\firstmsg1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 353 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3372
Entropy (8bit):	7.90561780402093
Encrypted:	false
SSDEEP:	48:akK0iImj1oaWNTm9Nu4Und08QwVu4IrwfrRUN1t4VQ5sjSPJEGNjqLNecGyuSWn9:LRbSVWN6GCwVwikjsa1MctS41FXi4
MD5:	B7EA3983E3C2D7E5F61B8D1B42758189
SHA1:	FE0817947CA4BC53152ED9378470675D9AF189FD
SHA-256:	7B6CF23AC2454B039DDF4F51B7074636ED5B08B6A1D254A47430C4ACE2A3569D
SHA-512:	6B8CD1CD56B4FF84FCAC4F605558AE32B5EF713CFA42EEDE35B7EA0E0737C53B084FB308185422D3515C4C1BD6B5A6426A65BB0D66DEC54B4AB3F018DDBB7FB7
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/firstmsg1.png
Preview:	.PNG........IHDR...a...)......b....sRGB.........gAMA......a.....pHYs..........+......IDATx^.=R#=..{.;.m..K............p..~....3..-.09.M.h..!x.[.L.F......Ty.{F?.......a.......7..0...a.0.-bF.0.c......N..`O..+......{S...9.~s.7k....6N......N.o..x..1...../.m.5.s.t...........>._...n.?](=......O....}}..N......s}.............,o..Ml...g........Ox......4.....-I.{...j.>.S~Nsr..=./?..%V.........u^..,.T...l..?.._G.m..R.....@Z..%.V.H.Z.=u:Yf...a.. .Z.O..^.....j..}.._^.W..J...d...$...a..!...d.[dZO...NB..d.u]2rp.j..]....;)..#..s.].<.>Y......R.&..l].W..d.0?...6...n..X..#..^r.T]N.yj~\|..n..Q.....E>.8.....,....k.wMb............(-Q\.h..c.........:R.A?.k....z...B...u.*M......b^.:.t......C.........oA......>V..Bu....g..}].r....nD....~.#!.........mC.<.t..E........T.7.ma&<..`.......4.G......a...sx...-,...;%..g.x...7.s....FKx...wb....T...t9..B.y6^..T....Q.........q...../@....`6..H..c8....Q...Og#U/....G.0Z>.S_I.k....Z..0.X.........2......0Y.u }.7.Fb.=8<t+...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\inv-big-background[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	174883
Entropy (8bit):	7.933595362471097
Encrypted:	false
SSDEEP:	3072:NCe5AF33GgclaMBMtNxgFlxIUtjFJIj6lTmE/ORHhAFPy+huXdVnwNAH:NTOFeKtN6DIUtjdl3TgoyH
MD5:	62DDD263C8A6A4C9074E205B91182D04
SHA1:	1B56D11B012DD79DD99212EBB54ADCFB60920A9D
SHA-256:	A59EA699D353D00FF2999111F9FA11FB73A47EDA7800642609CA230560EA3703
SHA-512:	0BDAE93DDE9753BB7FB2B80B63226F3AC04F9CF58D3F954F0E9B8900F4AE5971D3B1270D4E5101E9A346B218689F7A40D70823683FBB719248A53648C02648F2
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/inv-big-background.png
Preview:	.PNG........IHDR.......8.......1q...bPLTEqart]c)L.qpwC..ykfX...pC.xHw`..m.JQ.7M.lYK..th.r..?...j<hW}e...lKit...^T....S..r@M.gUouZ.XR.?..m.!J.h;.k..i.+K.@..m..ZQ._U.WQ.K...mB._..g..l.\|\.._Vog.M..JQ..k..h..cL8M.c..Z..~^..c.RP.._.fX..nJ.xS>L.dn.gV...j.`..c._~.ZU..e.eU..i.{\|r5N.Zu.0J..ye.b..g..b@S~..e.{.{.\IqZ..a.lTcNN.?L..`..d.v[.xXVHM..g..uX.e:.d.aQp.{^.d..g..zg.e.XO}k...f..d.<...c.u.tvVV.c7.......vtRNS/.-.-/.-0/&.-/-,/)/./-1.20--0/.-&"))/-.++11,+-)+.&-(.,/-././'000-,-)/0/-+/-,**/.+++000+,-,$-/)0,*,'0&(,)!.Y]$....IDATx..A..0.Eg.;..U.d....9......._..%..(.p.$.....}.......yg.vV...V.A<.WW..V...yP.5....5...F}Y.\|..\|...?.`...M...6'.....<w..x.a;'..=.5....l...\....].On.I[gdg....\|^.YO....x.LE..p...._........0.$..Ky..L...]m]...v..!.IL.[..#x.uz..^M(...A.RE..';..e..\|.#.<b}..J..GC...0i.[.[-ZW/._P8....M.,.....q........dg...B.Q...M.\|.j...XwD....d.bJ..../......_.....z5.P...}.....^...K..=rH..k.p%g...+:..-}_..6...^%0.z.V.n..C#.a....y....`...h...{.%.{..05.1ry..p..'.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\passwrd[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 69 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	902
Entropy (8bit):	7.5760721199160015
Encrypted:	false
SSDEEP:	24:D8kvmvmvmvmvmvmvmvp/Hsj2IruKpPUjMFp5z/xkvAVtaWpX9gCEQ:D8mYYYYYYYRMquHnn5OvIaK8Q
MD5:	4F2A1D382216546E2C3BC620497FD4E3
SHA1:	F785EC5967B5666387304F779306F9C3E3359FF4
SHA-256:	105C03D3360CDB953585482374B2CC953D090741037502B0609629F5BB0135B7
SHA-512:	6307ADD035382E50C1B8751E567810AF9C258D8A126C536A9582D2B80C6BEDB87308E991519C7BA07041B9F108C058FF80D90BCC3E36E1FA965C287097522473
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/passwrd.png
Preview:	.PNG........IHDR...E..."......\|......sRGB.........gAMA......a.....pHYs..........+......IDAThC.r.0...n............e1..#..E.....a....aX..o.-.r..c.~3......3....L.-... .. .. .. .. .. .. .. .. .. ...OcH.4.[.TNo..H....X.Q..v.X.e{..T..i.n.e{..w..u(.w.0\|6.2s.K#.?.'r....".X.S...J:...v..A.P.c;>...1..;.lLc.d.m....d.H....2.M..x.7\|..C.{.<.e8a{.n...P.+.ZJ....zi.......z/...C..?...-..3..cw=a.?......YJ}>..XFpQ...n.i..ZJ.Un....D...kZ+C.>6........gCY.....(....32...I.g.^.MJ0{.L.#...s.F:.;.p]..(.`........F1%..w...."#.Y].. ..}..T..X.n0..=8.e0N..{0.v_!.#n>.....n.x..u......R.L..=...y..n.e...\|&.Y....g..7...<gN.1Z..:.C..k...".W\|)Z...[u.*.Qf.JHq.V.J...GxnA...0..'.v..'....e....c. ...M.`SR.qn.k.....n.Wm.p..&nJb.{....UE.....^.m..?..w..T..#._....g..p.L.......V.H....a..6[.c...8.....x.....6..=.....J.c..R.7W.......O.........x..x..x..x..x..x..x..x..\|......Z=..z....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\arrow_left[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/arrow_left.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	26568
Entropy (8bit):	4.368926057807423
Encrypted:	false
SSDEEP:	384:5ZAyFUahj/q6D6p6e6R6L6H4cnYbDXILLS8b9VYBL:dWa/q6D6p6e6R6L6HgD4yBL
MD5:	A100E83CDFDA2788BDC3051F31543CDE
SHA1:	8140084BFCE09D87766A2D73EA9922EAD38EDEA0
SHA-256:	ABC0D2C3136E779C30216AA9359B27204D4E081AED9E9ACC9E781BD846710416
SHA-512:	BBC768EE85E4C7684339DB8346120A95D45A7FF8F884ED27A122AB62B28A7FCB72847FB91543FD66E93C3CAEC9AC0988AE9D9A9DB084D59B9146FD2CE834744E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\authorize_client_id_vfjx2y74-wh74-r8dz-umq0-3glnip5b786c_zsy6q7lmhctpnwogb80idf534v1j2xr9kaeuxqah3nw5mzu91ed4jcki2go7pb60ltrvs8fy9q5uxh4bwzotpgal2v3ksn1i07crdymf8j6e[1].htm, Author: Joe Security
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.<html dir="ltr" class="" lang="en">.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <title>verify your email</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="-1">. <meta name="referrer" content="no-referrer"/>. <meta name="robots" content="none">. <noscript>. <meta http-equiv="Refresh" content="0; URL=./"/>. </noscript>. <link rel="icon" href="images/favicon.ico" type="image/x-icon">. <link href="css/style.css" rel="stylesheet">.</head>..<body id="ojw70q5" class="nd bgsnt1du" style="display: block;">...<div id="zniwyg">. <div>. <div class="background n8rzy" role="presentation">. <div style="background-image: url("imag

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/images/ellipsis_grey.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	96336
Entropy (8bit):	5.237139828082104
Encrypted:	false
SSDEEP:	1536:qUBpw+kGaazA/PWrF7qvEAFiQcpm7tEGyf5c:qiS7yfC
MD5:	9F94F80A5DC09BB962778175292195BC
SHA1:	A7F2E32B422AC9654F39EA870E403599791FCE1C
SHA-256:	1CF4B3AD7ABF3189E78C1B3BD07308C92A03FA795FDBC5821FCDE24030CFEAD0
SHA-512:	85BADDE06E879CBF558163B123BD6A35D58498F15013B981EDB849699C31FC1915B2494595C6FF0E146365413E007C2D3AB32BC83AC70632E64EE08B2B040E44
Malicious:	false
IE Cache URL:	https://palacememorial.com/microsoft/Office365/css/style.css
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}but

C:\Users\user\AppData\Local\Temp\~DF0CBEAAF167783AD9.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	39493
Entropy (8bit):	0.5887257247379464
Encrypted:	false
SSDEEP:	192:kBqoxKYkcxkc9kc2kczKkc9Kkc1kcHkchkcykcSkc72ToM:kBqoxKYx92zK9K1HhyS7UD
MD5:	6E21DB7A29B0A3539B813E73DC87ECCA
SHA1:	740466EEA08DDB72FA7D57624E0B90E1665E5FAE
SHA-256:	121670187BD2D17CA78EB1A097362F264995501275F5C980718BD060FE94D503
SHA-512:	3C5EAFBDFD5EA71483B2C8362B1530FEFED5F847381B6A902D6864A9356B441B9F22B3C182DA5E0CA71A0E0B59DE0C62D2D66FC4089F8A6DA58CA9736389E8CA
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF106EE147778D046A.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.49979972030804476
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loA9loQ9lWGv6wujRdI:kBqoI7dGv6Tjs
MD5:	E21F0427C390A307F229B67F8289892F
SHA1:	653DC5F777CC7E72C20E095A93D15B98820308E2
SHA-256:	CEE8DB2C9A8F0BB9E1F83B06DA6F9DF2E3D340B6B6B69E35578A5C7BBFE5B55B
SHA-512:	729AB863F4231F9CEF3177DF4E3B0F9F8F738BF4F0465A71129F73525B1959AFAA2E56F8830F301262F1C9A1DF2D8167E27F8A23E054EBE10A7CAD2DAFA4F4D9
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF2C573856150FE741.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PDF document, version 1.3
Entropy (8bit):	7.782882394603559
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Totem attachment.pdf
File size:	22514
MD5:	aa597acde904a03b7299dafea8351de2
SHA1:	cc422cfb82083fd7d9f24faa6bcc029d385a45ae
SHA256:	e1efc4a70e40698bfe7fcff6d3b452bf30a16f7c6c102349800b71a030368a7d
SHA512:	c42f8239a24dee894d1a7701854c90bebeab7f3e4bc1849f09f6308e37e76dd8bf0ef2ed6c5930cbc646890530b4d2c9fecf751a432786e113be22f4a2a5a9c3
SSDEEP:	384:rwzHWI9A+OwuYYZLOVdy0gW/v2QkkggjPKUn/tT0yYho:rmH7NnujNW/HkkggLb/toyYho
File Content Preview:	%PDF-1.3.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R./F2 9 0 R.>>./XObject << ./I1 12 0 R./

File Icon


Icon Hash:	74ecccdcd4ccccf0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	7.782882
Total Bytes:	22514
Stream Entropy:	7.794663
Stream Bytes:	20401
Entropy outside Streams:	0.000000
Bytes outside Streams:	2113
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	13
endobj	13
stream	3
endstream	3
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
12	c040201008040201	df5ffc29d8b7bfd7e99359b8203d9f42
13	10d0cc3430b054e0	1558629bb0df34ece1a16aec1fa4a09a

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2021 16:35:16.143706083 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.143783092 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.335203886 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.335241079 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.335349083 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.335400105 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.345932961 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.345972061 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.537467957 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.537525892 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538577080 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538624048 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538674116 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538721085 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538774967 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538779974 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538806915 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538852930 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538855076 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538887978 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.538887978 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538892031 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538903952 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538908958 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538928032 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.538940907 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.540205956 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.540244102 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.540296078 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.540312052 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.594075918 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.595592976 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.600733995 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.785777092 CEST	443	49767	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.785841942 CEST	49767	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.786978006 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.787069082 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:16.830585957 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:16.830698013 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:17.510215998 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.510960102 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.672179937 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.672827959 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.672983885 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.676027060 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.676347971 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.676662922 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.833725929 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.834239006 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.834320068 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.834336042 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.834347010 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.834363937 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.834439039 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.835771084 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.836184025 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.841061115 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:17.848509073 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:17.848910093 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.010905981 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.020751953 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.033528090 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.033581018 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.033624887 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.033652067 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.034066916 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.034699917 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.034792900 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.038315058 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.141606092 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141664028 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141695976 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141726971 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141752958 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141767025 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.141779900 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141804934 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141833067 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.141834974 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.142029047 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.142044067 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.142158031 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.181926966 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.181974888 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.182199955 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.203111887 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.203162909 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.203495979 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303323030 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303384066 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303425074 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303462982 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303500891 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303519964 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303536892 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303544998 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303572893 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303585052 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303620100 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303626060 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303663969 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303668976 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303709030 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303709984 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303744078 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303745985 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303782940 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303782940 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303817987 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303821087 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303858995 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303894043 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303905010 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303946972 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.303951979 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.303989887 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.304024935 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.304027081 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.304060936 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.304124117 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.343225002 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.343286991 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.343318939 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.343379021 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.343478918 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.345643044 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.543994904 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544043064 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544080973 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544114113 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544116974 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544142962 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544164896 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544169903 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544173956 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544178009 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544187069 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544194937 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544220924 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544228077 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544240952 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544245958 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544267893 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544270992 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544302940 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544306040 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544332981 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544338942 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544358015 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544363976 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544401884 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544414997 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544423103 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544434071 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544459105 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544462919 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544483900 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544490099 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544507980 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544540882 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544543982 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544552088 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544557095 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544574976 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544600010 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544601917 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544625044 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544627905 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544651031 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544652939 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544667006 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544677973 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544707060 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544733047 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544734001 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544740915 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544753075 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544768095 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544792891 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544797897 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544823885 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544830084 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544846058 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544851065 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544878006 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544888020 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544900894 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544903994 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544929981 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544929981 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544955015 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.544964075 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544977903 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.544991016 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545011044 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545021057 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545046091 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545046091 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545068026 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545072079 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545098066 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545099020 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545119047 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545124054 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545150042 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545157909 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545171976 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545175076 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545193911 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545228958 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.545485020 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.545559883 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.569968939 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.570988894 CEST	49771	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706212997 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706264973 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706315994 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706352949 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706365108 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706402063 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706417084 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706440926 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706481934 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706491947 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706528902 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706546068 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706593037 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706620932 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706630945 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706676960 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706705093 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706722975 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706757069 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706779957 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706829071 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706839085 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706867933 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706904888 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706914902 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706940889 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.706962109 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.706979036 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.707017899 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.707040071 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.707123041 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.717797041 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.722582102 CEST	49772	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.724011898 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.724747896 CEST	49774	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735212088 CEST	443	49771	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735306978 CEST	49771	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735378981 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735449076 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735452890 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735493898 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735512018 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735531092 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735548973 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735569000 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735579967 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735606909 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735619068 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735644102 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735656023 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735681057 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735692978 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735719919 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735733032 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735768080 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.735769987 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.735816002 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.736370087 CEST	49771	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.882386923 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.882466078 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.883405924 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.885431051 CEST	443	49772	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.885541916 CEST	49772	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.886353970 CEST	49772	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.887165070 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.887257099 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.887303114 CEST	443	49774	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.887377977 CEST	49774	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.888441086 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.888540983 CEST	49774	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900434017 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900480032 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900516987 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900523901 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900551081 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900564909 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900610924 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900618076 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900640965 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900649071 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900680065 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900680065 CEST	443	49771	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900724888 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900728941 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900754929 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900788069 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900835037 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900850058 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900881052 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900893927 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900917053 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900934935 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900954008 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.900969982 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.900991917 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901005983 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901027918 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901043892 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901065111 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901078939 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901102066 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901117086 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901149035 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901158094 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901191950 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901204109 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901230097 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:18.901243925 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:18.901281118 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.045406103 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.045478106 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.045494080 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.045547962 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.047457933 CEST	443	49772	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.049556017 CEST	443	49774	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.049818993 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.051255941 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065599918 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065669060 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065718889 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065721035 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065763950 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065781116 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065824986 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065834999 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065893888 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065915108 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065948009 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.065984011 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.065995932 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066039085 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066050053 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066095114 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066101074 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066149950 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066152096 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066205025 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066215992 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066253901 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066287994 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066313028 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066350937 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066370964 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066409111 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066425085 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066468954 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066478968 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066524029 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066531897 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066572905 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066580057 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066631079 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066632986 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066682100 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066689014 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066740990 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066761017 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066797972 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066826105 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066845894 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066884041 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066900969 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066937923 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.066946030 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.066998005 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067033052 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067054987 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067080021 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067117929 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067133904 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067178011 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067184925 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067231894 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067244053 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067296028 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067300081 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067344904 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067359924 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067398071 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067414045 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067446947 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067471981 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067498922 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067547083 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067550898 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067600965 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067609072 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067662001 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067673922 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067715883 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.067732096 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.067796946 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.213155031 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.213210106 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.213244915 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.213260889 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.213287115 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.213344097 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.217047930 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.233100891 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.233135939 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.233155012 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.233221054 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.233338118 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.269789934 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.274327993 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.392504930 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.392843008 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.435235023 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.439016104 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.439977884 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.440129995 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.441636086 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.607105970 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.853168011 CEST	443	49772	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.853449106 CEST	49772	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.853841066 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.854248047 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.856076002 CEST	443	49771	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.856703997 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.856803894 CEST	49771	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.858511925 CEST	49771	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.865736008 CEST	49772	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.872987986 CEST	443	49774	69.49.234.75	192.168.2.4
May 6, 2021 16:35:19.876792908 CEST	49774	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:19.881791115 CEST	49774	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.018093109 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.022589922 CEST	443	49771	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.028765917 CEST	443	49772	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.044436932 CEST	443	49774	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.263727903 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.264347076 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.430737972 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.463293076 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.463316917 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.463435888 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.463464022 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.465516090 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.466116905 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.519769907 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.525733948 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.539352894 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.687607050 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.687678099 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.688843012 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688868999 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688884974 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688901901 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688918114 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688934088 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688939095 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.688951015 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688966990 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.688978910 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.688987017 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689004898 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689013004 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.689019918 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689033031 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689038992 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.689043045 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689063072 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689079046 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689094067 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689110041 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689112902 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.689126015 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689146042 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689163923 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.689166069 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.689202070 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.689227104 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.700817108 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.701992989 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.703799009 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853462934 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853485107 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853497982 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853513956 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853529930 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853544950 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853565931 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853569031 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853584051 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853605986 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853605986 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853625059 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853637934 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853645086 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853661060 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853672028 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853681087 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853702068 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853708982 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853720903 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853729963 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853740931 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853781939 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853898048 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853915930 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853930950 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853946924 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853967905 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.853982925 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.853988886 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854006052 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854021072 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854031086 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854043961 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854063988 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854065895 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854082108 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854089975 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854101896 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854120970 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854121923 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854139090 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854145050 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854159117 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854175091 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854191065 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854197979 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854238033 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854238987 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854274035 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854290009 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854296923 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854316950 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854330063 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854337931 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854357004 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854357958 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854374886 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:20.854402065 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:20.854429007 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.018069983 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018125057 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018279076 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018302917 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.018364906 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.018627882 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018671036 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018724918 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.018739939 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.018817902 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.018976927 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019016027 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019059896 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019071102 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019097090 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019124031 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019133091 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019177914 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019221067 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019238949 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019269943 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019284010 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019320011 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019328117 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019370079 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019383907 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019419909 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019427061 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019468069 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019481897 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019515991 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019530058 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019573927 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019623041 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019676924 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019685030 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019726038 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019735098 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019773960 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019788027 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019830942 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019830942 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019880056 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019887924 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019928932 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019937038 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.019977093 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.019990921 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020025969 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020035028 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020071983 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020086050 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020122051 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020128012 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020169973 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020178080 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020226002 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020226955 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020277023 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020282984 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020323992 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020338058 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020373106 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020385981 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020421028 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020433903 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020469904 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020478010 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020520926 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020529032 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020577908 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020579100 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020637989 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020684004 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020724058 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020741940 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020781994 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.020879984 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.020952940 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021003008 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021043062 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021090984 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021106958 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021142960 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021151066 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021190882 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021203995 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021239996 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021248102 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021289110 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021298885 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021357059 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021543980 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021625042 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021666050 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021698952 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021718979 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021723032 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021766901 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021851063 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021899939 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021945000 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.021966934 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.021996021 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022011042 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022041082 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022066116 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022094965 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022100925 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022141933 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022156954 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022203922 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022243977 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022284031 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022309065 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022336006 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022344112 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022383928 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022397995 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022429943 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022444963 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022479057 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022485971 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022528887 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022542000 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022583008 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022587061 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022631884 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022645950 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022690058 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022701025 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022722006 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022741079 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022757053 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022780895 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022790909 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022808075 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022823095 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.022844076 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.022869110 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.541368008 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.541495085 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.542083025 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.543880939 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.722944021 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.722976923 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.725033998 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.728068113 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.813045025 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:21.834043980 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:21.834073067 CEST	443	49768	199.192.16.144	192.168.2.4
May 6, 2021 16:35:21.834184885 CEST	49768	443	192.168.2.4	199.192.16.144
May 6, 2021 16:35:21.979732990 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.979770899 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:21.979856968 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:25.692766905 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:25.692816973 CEST	443	49770	69.49.234.75	192.168.2.4
May 6, 2021 16:35:25.692904949 CEST	49770	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:25.706784964 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:25.706810951 CEST	443	49773	69.49.234.75	192.168.2.4
May 6, 2021 16:35:25.706965923 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:25.707014084 CEST	49773	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:26.025701046 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:26.025815964 CEST	443	49769	69.49.234.75	192.168.2.4
May 6, 2021 16:35:26.025926113 CEST	49769	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:26.985059977 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:26.985171080 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:26.985214949 CEST	443	49775	69.49.234.75	192.168.2.4
May 6, 2021 16:35:26.985299110 CEST	49775	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:41.865808964 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.028935909 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.029094934 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.034173965 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.195130110 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.196038961 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.196063995 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.196079016 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.196086884 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.196252108 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.197436094 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.197602987 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.215039968 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.376533031 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.376763105 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.381916046 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:42.553504944 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:42.553704023 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:47.558299065 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:47.558341980 CEST	443	49776	69.49.234.75	192.168.2.4
May 6, 2021 16:35:47.558368921 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:47.558393955 CEST	49776	443	192.168.2.4	69.49.234.75
May 6, 2021 16:35:51.841131926 CEST	443	49768	199.192.16.144	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2021 16:34:01.699765921 CEST	54531	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:01.734314919 CEST	49714	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:01.748785973 CEST	53	54531	8.8.8.8	192.168.2.4
May 6, 2021 16:34:01.767498970 CEST	58028	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:01.793648958 CEST	53	49714	8.8.8.8	192.168.2.4
May 6, 2021 16:34:01.833812952 CEST	53	58028	8.8.8.8	192.168.2.4
May 6, 2021 16:34:01.988492966 CEST	53097	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:02.040159941 CEST	53	53097	8.8.8.8	192.168.2.4
May 6, 2021 16:34:06.847441912 CEST	49257	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:06.913723946 CEST	53	49257	8.8.8.8	192.168.2.4
May 6, 2021 16:34:11.127623081 CEST	62389	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:11.179305077 CEST	53	62389	8.8.8.8	192.168.2.4
May 6, 2021 16:34:13.718723059 CEST	49910	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:13.770462990 CEST	53	49910	8.8.8.8	192.168.2.4
May 6, 2021 16:34:14.821017981 CEST	55854	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:14.872632027 CEST	53	55854	8.8.8.8	192.168.2.4
May 6, 2021 16:34:16.930493116 CEST	64549	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:16.982388973 CEST	53	64549	8.8.8.8	192.168.2.4
May 6, 2021 16:34:19.530044079 CEST	63153	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:19.587167025 CEST	53	63153	8.8.8.8	192.168.2.4
May 6, 2021 16:34:21.447997093 CEST	52991	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:21.498142958 CEST	53	52991	8.8.8.8	192.168.2.4
May 6, 2021 16:34:26.776009083 CEST	53700	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:26.776514053 CEST	51726	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:26.835457087 CEST	53	53700	8.8.8.8	192.168.2.4
May 6, 2021 16:34:26.841842890 CEST	53	51726	8.8.8.8	192.168.2.4
May 6, 2021 16:34:27.778573036 CEST	51726	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:27.778633118 CEST	53700	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:27.836056948 CEST	53	51726	8.8.8.8	192.168.2.4
May 6, 2021 16:34:27.836106062 CEST	53	53700	8.8.8.8	192.168.2.4
May 6, 2021 16:34:28.241244078 CEST	56794	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:28.298804998 CEST	53	56794	8.8.8.8	192.168.2.4
May 6, 2021 16:34:28.810868979 CEST	53700	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:28.812431097 CEST	51726	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:28.870368958 CEST	53	53700	8.8.8.8	192.168.2.4
May 6, 2021 16:34:28.877739906 CEST	53	51726	8.8.8.8	192.168.2.4
May 6, 2021 16:34:29.121043921 CEST	56534	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:29.173583031 CEST	53	56534	8.8.8.8	192.168.2.4
May 6, 2021 16:34:30.654237032 CEST	56627	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:30.704948902 CEST	53	56627	8.8.8.8	192.168.2.4
May 6, 2021 16:34:30.816416025 CEST	51726	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:30.816498041 CEST	53700	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:30.875051022 CEST	53	53700	8.8.8.8	192.168.2.4
May 6, 2021 16:34:30.880338907 CEST	53	51726	8.8.8.8	192.168.2.4
May 6, 2021 16:34:31.577307940 CEST	56621	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:31.628001928 CEST	53	56621	8.8.8.8	192.168.2.4
May 6, 2021 16:34:32.679828882 CEST	63116	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:32.731729031 CEST	53	63116	8.8.8.8	192.168.2.4
May 6, 2021 16:34:33.460330009 CEST	64078	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:33.511343002 CEST	53	64078	8.8.8.8	192.168.2.4
May 6, 2021 16:34:34.547844887 CEST	64801	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:34.598870993 CEST	53	64801	8.8.8.8	192.168.2.4
May 6, 2021 16:34:34.861397028 CEST	53700	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:34.861633062 CEST	51726	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:34.912602901 CEST	53	53700	8.8.8.8	192.168.2.4
May 6, 2021 16:34:34.921300888 CEST	53	51726	8.8.8.8	192.168.2.4
May 6, 2021 16:34:35.711003065 CEST	61721	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:35.759953976 CEST	53	61721	8.8.8.8	192.168.2.4
May 6, 2021 16:34:36.788577080 CEST	51255	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:36.839581013 CEST	53	51255	8.8.8.8	192.168.2.4
May 6, 2021 16:34:37.616789103 CEST	61522	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:37.676865101 CEST	53	61522	8.8.8.8	192.168.2.4
May 6, 2021 16:34:37.915169954 CEST	52337	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:37.966672897 CEST	53	52337	8.8.8.8	192.168.2.4
May 6, 2021 16:34:38.829807043 CEST	55046	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:38.878732920 CEST	53	55046	8.8.8.8	192.168.2.4
May 6, 2021 16:34:39.934664011 CEST	49612	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:39.983371973 CEST	53	49612	8.8.8.8	192.168.2.4
May 6, 2021 16:34:42.503422022 CEST	49285	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:42.561728954 CEST	53	49285	8.8.8.8	192.168.2.4
May 6, 2021 16:34:56.761648893 CEST	50601	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:56.910950899 CEST	53	50601	8.8.8.8	192.168.2.4
May 6, 2021 16:34:57.423289061 CEST	60875	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:57.572839975 CEST	53	60875	8.8.8.8	192.168.2.4
May 6, 2021 16:34:57.645550966 CEST	56448	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:57.702800035 CEST	53	56448	8.8.8.8	192.168.2.4
May 6, 2021 16:34:58.120867014 CEST	59172	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:58.124808073 CEST	62420	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:58.180155993 CEST	53	59172	8.8.8.8	192.168.2.4
May 6, 2021 16:34:58.199990988 CEST	53	62420	8.8.8.8	192.168.2.4
May 6, 2021 16:34:58.639005899 CEST	60579	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:58.699340105 CEST	53	60579	8.8.8.8	192.168.2.4
May 6, 2021 16:34:59.249525070 CEST	50183	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:59.301347971 CEST	53	50183	8.8.8.8	192.168.2.4
May 6, 2021 16:34:59.840384960 CEST	61531	53	192.168.2.4	8.8.8.8
May 6, 2021 16:34:59.899893045 CEST	53	61531	8.8.8.8	192.168.2.4
May 6, 2021 16:35:00.342885971 CEST	49228	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:00.393773079 CEST	53	49228	8.8.8.8	192.168.2.4
May 6, 2021 16:35:01.109246969 CEST	59794	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:01.170815945 CEST	53	59794	8.8.8.8	192.168.2.4
May 6, 2021 16:35:01.983886003 CEST	55916	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:02.041047096 CEST	53	55916	8.8.8.8	192.168.2.4
May 6, 2021 16:35:02.545975924 CEST	52752	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:02.712672949 CEST	53	52752	8.8.8.8	192.168.2.4
May 6, 2021 16:35:04.055239916 CEST	60542	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:04.282071114 CEST	53	60542	8.8.8.8	192.168.2.4
May 6, 2021 16:35:11.934058905 CEST	60689	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:11.999841928 CEST	53	60689	8.8.8.8	192.168.2.4
May 6, 2021 16:35:12.233247042 CEST	64206	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:12.293332100 CEST	53	64206	8.8.8.8	192.168.2.4
May 6, 2021 16:35:14.942811012 CEST	50904	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:14.990339994 CEST	57525	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:15.002509117 CEST	53	50904	8.8.8.8	192.168.2.4
May 6, 2021 16:35:15.157876968 CEST	53814	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:15.216181993 CEST	53	53814	8.8.8.8	192.168.2.4
May 6, 2021 16:35:15.359899044 CEST	53	57525	8.8.8.8	192.168.2.4
May 6, 2021 16:35:16.070964098 CEST	53418	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:16.128393888 CEST	53	53418	8.8.8.8	192.168.2.4
May 6, 2021 16:35:16.996865988 CEST	62833	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:17.488925934 CEST	53	62833	8.8.8.8	192.168.2.4
May 6, 2021 16:35:41.803486109 CEST	63300	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:41.862406015 CEST	53	63300	8.8.8.8	192.168.2.4
May 6, 2021 16:35:44.941649914 CEST	61449	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:44.990528107 CEST	53	61449	8.8.8.8	192.168.2.4
May 6, 2021 16:35:45.903853893 CEST	51275	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:45.930588007 CEST	61449	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:45.955513954 CEST	53	51275	8.8.8.8	192.168.2.4
May 6, 2021 16:35:45.979294062 CEST	53	61449	8.8.8.8	192.168.2.4
May 6, 2021 16:35:46.905126095 CEST	51275	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:46.948406935 CEST	61449	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:46.970223904 CEST	53	51275	8.8.8.8	192.168.2.4
May 6, 2021 16:35:47.011321068 CEST	53	61449	8.8.8.8	192.168.2.4
May 6, 2021 16:35:47.914774895 CEST	51275	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:47.966432095 CEST	53	51275	8.8.8.8	192.168.2.4
May 6, 2021 16:35:48.962358952 CEST	61449	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:49.011074066 CEST	53	61449	8.8.8.8	192.168.2.4
May 6, 2021 16:35:49.020622969 CEST	63492	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:49.079265118 CEST	53	63492	8.8.8.8	192.168.2.4
May 6, 2021 16:35:49.930563927 CEST	51275	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:49.983506918 CEST	53	51275	8.8.8.8	192.168.2.4
May 6, 2021 16:35:50.435929060 CEST	58945	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:50.512871027 CEST	53	58945	8.8.8.8	192.168.2.4
May 6, 2021 16:35:52.962507963 CEST	61449	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:53.013886929 CEST	53	61449	8.8.8.8	192.168.2.4
May 6, 2021 16:35:53.946477890 CEST	51275	53	192.168.2.4	8.8.8.8
May 6, 2021 16:35:53.998161077 CEST	53	51275	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 6, 2021 16:35:04.055239916 CEST	192.168.2.4	8.8.8.8	0x4206	Standard query (0)	5starsae.com	A (IP address)	IN (0x0001)
May 6, 2021 16:35:14.990339994 CEST	192.168.2.4	8.8.8.8	0xb323	Standard query (0)	5starsae.com	A (IP address)	IN (0x0001)
May 6, 2021 16:35:16.070964098 CEST	192.168.2.4	8.8.8.8	0xd3d6	Standard query (0)	5starsae.com	A (IP address)	IN (0x0001)
May 6, 2021 16:35:16.996865988 CEST	192.168.2.4	8.8.8.8	0x67ae	Standard query (0)	palacememorial.com	A (IP address)	IN (0x0001)
May 6, 2021 16:35:41.803486109 CEST	192.168.2.4	8.8.8.8	0xe4cc	Standard query (0)	palacememorial.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 6, 2021 16:35:04.282071114 CEST	8.8.8.8	192.168.2.4	0x4206	No error (0)	5starsae.com	199.192.16.144	A (IP address)	IN (0x0001)
May 6, 2021 16:35:15.359899044 CEST	8.8.8.8	192.168.2.4	0xb323	No error (0)	5starsae.com	199.192.16.144	A (IP address)	IN (0x0001)
May 6, 2021 16:35:16.128393888 CEST	8.8.8.8	192.168.2.4	0xd3d6	No error (0)	5starsae.com	199.192.16.144	A (IP address)	IN (0x0001)
May 6, 2021 16:35:17.488925934 CEST	8.8.8.8	192.168.2.4	0x67ae	No error (0)	palacememorial.com	69.49.234.75	A (IP address)	IN (0x0001)
May 6, 2021 16:35:41.862406015 CEST	8.8.8.8	192.168.2.4	0xe4cc	No error (0)	palacememorial.com	69.49.234.75	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 6, 2021 16:35:16.540205956 CEST	199.192.16.144	443	192.168.2.4	49768	CN=5starsae.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sun Mar 28 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sun Jun 27 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 6, 2021 16:35:16.540244102 CEST	199.192.16.144	443	192.168.2.4	49767	CN=5starsae.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sun Mar 28 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sun Jun 27 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 6, 2021 16:35:17.835771084 CEST	69.49.234.75	443	192.168.2.4	49770	CN=palacememorial.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed May 05 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Wed Aug 04 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 6, 2021 16:35:18.034699917 CEST	69.49.234.75	443	192.168.2.4	49769	CN=palacememorial.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed May 05 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Wed Aug 04 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 6, 2021 16:35:42.197436094 CEST	69.49.234.75	443	192.168.2.4	49776	CN=palacememorial.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed May 05 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Wed Aug 04 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exe PID: 7084 Parent PID: 5924

General

Start time:	16:34:09
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Totem attachment.pdf'
Imagebase:	0x1330000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: AcroRd32.exe PID: 7152 Parent PID: 7084

General

Start time:	16:34:10
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Totem attachment.pdf'
Imagebase:	0x1330000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 5012 Parent PID: 7084

General

Start time:	16:34:16
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0x260000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 2460 Parent PID: 5012

General

Start time:	16:34:18
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8364937068833634580 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8364937068833634580 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x260000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6708 Parent PID: 5012

General

Start time:	16:34:20
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=15405785800115108371 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0x260000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6744 Parent PID: 5012

General

Start time:	16:34:22
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14175672014211180875 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14175672014211180875 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x260000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 1052 Parent PID: 5012

General

Start time:	16:34:28
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5164584895585780615 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5164584895585780615 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x260000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: iexplore.exe PID: 5560 Parent PID: 7084

General

Start time:	16:35:13
Start date:	06/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=
Imagebase:	0x7ff6c8930000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5652 Parent PID: 5560

General

Start time:	16:35:14
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2
Imagebase:	0x2d0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: AcroRd32.exe PID: 7152 Parent PID: 7084 AcroRd32.exeCOMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 005FE050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE05A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction ID: 6c55b338d32cd10ece8d0e6d1269f09b0cb56311f4a20d98312035b5480b70a4
Opcode Fuzzy Hash: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction Fuzzy Hash: B49002B275500412D14171598454706011957D0292FB5C016A4415A55D8A958B76B7E1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE01A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f4cb3c404ca839cf0089ef84be54cb085ffe34b36c3cb845dfaabd2d905c5e8d
Instruction ID: f84c0c4f141f5220ea08070264f8d1d6382e6a8aa923fb1f0e9cbbae4e821383
Opcode Fuzzy Hash: f4cb3c404ca839cf0089ef84be54cb085ffe34b36c3cb845dfaabd2d905c5e8d
Instruction Fuzzy Hash: 41C04CA619E7D05FD30353741C76AD62F651E93112B9F81DBD0C08F4ABC4084AAA9373

Uniqueness

Uniqueness Score: -1.00%

Function 005FE6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE6DA

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction ID: 465a09edf5ea60179b39aad8b90334e8123a842b8562880c9d388c0f1d36c1dc
Opcode Fuzzy Hash: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction Fuzzy Hash: 169002B235100412D10065999408646010557E0352F75D015A9415A56ECAA588B172B1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE2DA

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction ID: 30cb670778274678d56fcf8907a14621337dca94910be3f64a19c8659533bc21
Opcode Fuzzy Hash: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction Fuzzy Hash: 289002B236114412D1106159C404706010557D1252F75C415A4C15A59D8AD588B172A2

Uniqueness

Uniqueness Score: -1.00%

Function 005FE1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE1DA

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction ID: 9918b74e632fcd3d1b31f7d3a03c2f1573884ea35a078b67e3b3a8884a0b532e
Opcode Fuzzy Hash: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction Fuzzy Hash: 069002B235100852D10061598404B46010557E0352F75C01AA4515B55D8A55C87176A1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE75A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction ID: 7258feafc68531a7033f7131bf19b585ad54808ba7a20bc2043926cd6484e6ef
Opcode Fuzzy Hash: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction Fuzzy Hash: F89002BA36300012D1807159940860A010557D1253FB5D419A4406A59CCD55887973A1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE35A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction ID: 1d28f8cc84da3763fe6bb75591b49d450728c1d969056bb61d4c38dfde1b1205
Opcode Fuzzy Hash: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction Fuzzy Hash: 279002F235504092D11162598404F0A420957E0296FB5C01AA4445A95C89658972F2A1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE31A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction ID: 1f14c0301f252ee66b21e6df110de22638a0819805648e23fc3ebb19975f718c
Opcode Fuzzy Hash: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction Fuzzy Hash: E69002F239100452D10061598414B06010597E1352F75C019E5455A55D8A59CC7272A6

Uniqueness

Uniqueness Score: -1.00%

Function 005FE110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE11A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction ID: 3ed44c08c7666d614783edf70731b5aa79830fd7454534b98d3d50788e5b021e
Opcode Fuzzy Hash: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction Fuzzy Hash: 4F9002B235504452D10065599408A06010557D0256F75D015A5455A96DCA758871B2B1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE49A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction ID: dc75ffabba8814b48a17d033f0984fb2a9035d733e297edd9a57b3a039a1f517
Opcode Fuzzy Hash: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction Fuzzy Hash: 219002B235100412D10061998404706010557D0252F75C416E4915A59DCA95887176B1

Uniqueness

Uniqueness Score: -1.00%

Function 005FE790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 005FE79A

Memory Dump Source

Source File: 00000001.00000002.804921706.00000000005FE000.00000020.00000001.sdmp, Offset: 005FE000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5fe000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction ID: 26e3dea896c42bfeab0cdb761e74b6aa3cf7b4b4d0381474557ec5c156c2cf89
Opcode Fuzzy Hash: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction Fuzzy Hash: 229002B235100013D140715994186064105A7E1352F75D015E4805A55CDD55887673A2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Totem attachment.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Totem attachment.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8364937068833634580 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8364937068833634580 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=15405785800115108371 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14175672014211180875 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14175672014211180875 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5164584895585780615 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5164584895585780615 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Totem attachment.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://5starsae.com/google.com/google.com/Y2hyaXN0aWFuQHRvdGVtLnRlY2g=	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8364937068833634580 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8364937068833634580 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=15405785800115108371 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=14175672014211180875 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14175672014211180875 --renderer-client-id=4 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3658322468150431793,4192548662675222257,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=5164584895585780615 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5164584895585780615 --renderer-client-id=5 --mojo-platform-channel-handle=2136 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2	Jump to behavior

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to elicit sensitive information and/or gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments.
Tactics:	Initial Access
Data Sources:	DNS records, Detonation chamber, Email gateway, Mail server, Packet capture, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Totem attachment.pdf

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Image Streams

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 7084 Parent PID: 5924

General

Analysis Process: AcroRd32.exe PID: 7152 Parent PID: 7084

Function 005FE050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Function 005FE6D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE2D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE1D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 005FE790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON