Windows Analysis Report
Remserv.pdf

Phishing

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

Joe Sandbox AI: Score: 8 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'docusharingportal.centralfilecloud.de' does not match the legitimate domain 'microsoft.com'., The domain 'centralfilecloud.de' does not appear to be associated with Microsoft., The presence of 'docusharingportal' and 'centralfilecloud' in the URL suggests a third-party service, which is not typically associated with Microsoft's official domains., The email domain 'remserv.com.au' does not match the brand 'Microsoft', which raises suspicion about the context of the input fields. DOM: 0.6.pages.csv

Source: Yara match

File source: 0.6.pages.csv, type: HTML

Source: PDF document

Joe Sandbox AI: PDF document contains QR code

Source: Chrome DOM: 0.3	OCR Text: Microsoft Online safety check underway. Verifying... CLOUDFLARE Your connection must pass a security review by Microsoft before proceeding.
Source: Chrome DOM: 0.4	OCR Text: Microsoft Online safety check underway. Verifying... CLOUDFLARE Your connection must pass a security review by Microsoft before proceeding.

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: Number of links: 0

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: Invalid link: Privacy statement

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: <input type="password" .../> found

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au	HTTP Parser: No favicon
Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au	HTTP Parser: No favicon
Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au	HTTP Parser: No favicon
Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au	HTTP Parser: No favicon

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: No <meta name="author".. found

Source: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au

HTTP Parser: No <meta name="copyright".. found

Compliance

Source: unknown	HTTPS traffic detected: 104.21.72.35:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.132:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:54483 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:54485 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:54482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:54484 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.128.193.190:443 -> 192.168.2.5:54487 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.35:443 -> 192.168.2.5:54489 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.248.49:443 -> 192.168.2.5:54488 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.208.32:443 -> 192.168.2.5:54490 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.106:443 -> 192.168.2.5:54491 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.16.181:443 -> 192.168.2.5:54493 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.16.181:443 -> 192.168.2.5:54499 version: TLS 1.2

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.3.dr

Networking

Source: global traffic	TCP traffic: 192.168.2.5:54473 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:60203 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:54757 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.122.30
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 23.40.158.218
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.138
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /1yyKo/?e=caden.riley@remserv.com.au HTTP/1.1Host: docusharingportal.centralfilecloud.deConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logos/assets/PNG/Microsoft_Logo_512px.png HTTP/1.1Host: mailmeteor.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92208327b99941e3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: docusharingportal.centralfilecloud.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.auAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=srq99onentrm86f8km14acngq0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/92208327b99941e3/1742256686444/6ae81c29490897fe914a5535cbaf8d14959b2e391f3260aca256081ae6ed3992/gLgQZ8UNPBD6QpJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/679264478:1742254055:ogPlVAJOvY7M1Zchlhq8hrE4J2JKz4t5CZJ_YzKCP-Y/92208327b99941e3/.3IbnBDvWxHQgNI_uCslprYJRGV37dm1Sb9ktZCfYYg-1742256682-1.1.1.1-XICiQxvVpCObUwzilxB3cLAdRp.o924.osys7yEHLGp1xhSVPQOkjULXXZJc0GAu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92208327b99941e3/1742256686446/W2CrS8eGznR58xt HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92208327b99941e3/1742256686446/W2CrS8eGznR58xt HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/679264478:1742254055:ogPlVAJOvY7M1Zchlhq8hrE4J2JKz4t5CZJ_YzKCP-Y/92208327b99941e3/.3IbnBDvWxHQgNI_uCslprYJRGV37dm1Sb9ktZCfYYg-1742256682-1.1.1.1-XICiQxvVpCObUwzilxB3cLAdRp.o924.osys7yEHLGp1xhSVPQOkjULXXZJc0GAu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/auto_timeout/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=92208653bdfc439f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/auto_timeout/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/269770329:1742253932:SuUxJIi3_ObzKwPVC5N9nITTUlaRkSUbbN-z0vFuG7A/92208653bdfc439f/wfVeqx.Mtb3dvRZhcvq9S2rEISu.ENCxMRMzZz8QHnQ-1742256812-1.1.1.1-H8u4amLAbEsh554wdoA6oF7jrlNMs3DJ7huPF_8O3KPrL836tXFJwf2CgPppIRf8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92208653bdfc439f/1742256813816/GkFY4RROlOCx4NM HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/auto_timeout/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/92208653bdfc439f/1742256813816/GkFY4RROlOCx4NM HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/92208653bdfc439f/1742256813819/4e7feb4a55c0c41e2ebcdae56ef01e9df05495a3adc89d32bdc7a2e84ae3e021/u-xL1UHdTHsPKMJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/auto_timeout/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/269770329:1742253932:SuUxJIi3_ObzKwPVC5N9nITTUlaRkSUbbN-z0vFuG7A/92208653bdfc439f/wfVeqx.Mtb3dvRZhcvq9S2rEISu.ENCxMRMzZz8QHnQ-1742256812-1.1.1.1-H8u4amLAbEsh554wdoA6oF7jrlNMs3DJ7huPF_8O3KPrL836tXFJwf2CgPppIRf8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/269770329:1742253932:SuUxJIi3_ObzKwPVC5N9nITTUlaRkSUbbN-z0vFuG7A/92208653bdfc439f/wfVeqx.Mtb3dvRZhcvq9S2rEISu.ENCxMRMzZz8QHnQ-1742256812-1.1.1.1-H8u4amLAbEsh554wdoA6oF7jrlNMs3DJ7huPF_8O3KPrL836tXFJwf2CgPppIRf8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://docusharingportal.centralfilecloud.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.2.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveOrigin: https://docusharingportal.centralfilecloud.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://docusharingportal.centralfilecloud.desec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap.min.js HTTP/1.1Host: 2142379142-1317754460.cos.ap-bangkok.myqcloud.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dxetjqzbe/image/upload/v1742052868/6059C6BA-9C9F-4199-8218-8895A9F0C3C8_ctielh.png HTTP/1.1Host: res.cloudinary.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dxetjqzbe/image/upload/v1742052868/6059C6BA-9C9F-4199-8218-8895A9F0C3C8_ctielh.png HTTP/1.1Host: res.cloudinary.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /google.php HTTP/1.1Host: vgtz.centralfilecloud.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://docusharingportal.centralfilecloud.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /google.php HTTP/1.1Host: vgtz.centralfilecloud.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: docusharingportal.centralfilecloud.de
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: mailmeteor.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: 2142379142-1317754460.cos.ap-bangkok.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: vgtz.centralfilecloud.de
Source: global traffic	DNS traffic detected: DNS query: res.cloudinary.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/679264478:1742254055:ogPlVAJOvY7M1Zchlhq8hrE4J2JKz4t5CZJ_YzKCP-Y/92208327b99941e3/.3IbnBDvWxHQgNI_uCslprYJRGV37dm1Sb9ktZCfYYg-1742256682-1.1.1.1-XICiQxvVpCObUwzilxB3cLAdRp.o924.osys7yEHLGp1xhSVPQOkjULXXZJc0GAu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3780sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: .3IbnBDvWxHQgNI_uCslprYJRGV37dm1Sb9ktZCfYYg-1742256682-1.1.1.1-XICiQxvVpCObUwzilxB3cLAdRp.o924.osys7yEHLGp1xhSVPQOkjULXXZJc0GAucf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/0tqdh/0x4AAAAAAA_r0mTQzp8SSMPE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 00:11:26 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJn25rEtSJ8fKL9vZVy%2B1TIM0UC0LbK9%2BY4jU9LG5TOz%2Fz9VYAMF3GHt36Bq7YyeeyAPH4p6XZyyTTn2%2FCiIhAIbAxeAaLvX%2BixI4qbWWlKQM8kVDMILz88i6HwMQVfdCN3kmjmoNGXqiO3tqjiUQuNJcBxt9ick"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 922083419a1f3448-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2006&min_rtt=1998&rtt_var=765&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1290&delivery_rate=1416100&cwnd=75&unsent_bytes=0&cid=bf8aa6473cc8b412&ts=346&x=0"

Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_330.6.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: Google.Widevine.CDM.dll.3.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://2k.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://33across.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://360yield.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://3lift.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://a-mo.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://acxiom.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ad-score.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ad-stir.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ad.gt
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adentifi.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adform.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adingo.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://admatrix.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://admission.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://admixer.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adnami.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adnxs.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adroll.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adsafeprotected.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adscale.de
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adsmeasurement.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adsrvr.org
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adswizz.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adthrive.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://adtrafficquality.google
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://advividnetwork.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://aggregation-service-site-dot-clz200258-datateam-italy.ew.r.appspot.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://akpytela.cz
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://alketech.eu
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://amazon-adsystem.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://aniview.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://anonymised.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://apex-football.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://aphub.ai
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://appconsent.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://appier.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://appsflyer.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://appsflyersdk.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://aqfer.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://atirun.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://atomex.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://audience360.com.au
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://audienceproject.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://authorizedvault.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://avads.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ayads.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://azubiyo.de
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://beaconmax.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://bidswitch.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://bidtheatre.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://blendee.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://bluems.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://boost-web.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://bounceexchange.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://bypass.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://casalemedia.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://cazamba.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://cdn-net.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://clickonometrics.pl
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://connatix.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://connected-stories.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://convertunits.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://coupang.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://cpx.to
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://crcldu.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://creative-serving.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://creativecdn.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://criteo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ctnsnet.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://d-edgeconnect.media
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dabbs.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dailymail.co.uk
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dailymotion.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://daum.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://deepintent.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://demand.supply
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://display.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://disqus.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://docomo.ne.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dotdashmeredith.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dotomi.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://doubleclick.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://doubleverify.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dreammail.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://dynalyst.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ebayadservices.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ebis.ne.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://edkt.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://elle.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://elnacional.cat
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://eloan.co.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://euleriancdn.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://explorefledge.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ezoic.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://fanbyte.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://fandom.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://finn.no
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://flashtalking.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://fout.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://fwmrm.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gama.globo
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://get3rdspace.com
Source: chromecache_316.6.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_315.6.dr	String found in binary or memory: https://getbootstrap.com/)
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://getcapi.co
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://getyourguide.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ghtinc.com
Source: chromecache_315.6.dr, chromecache_316.6.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_315.6.dr, chromecache_316.6.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://globo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gmossp-sp.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gokwik.co
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://google-analytics.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://googleadservices.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://googlesyndication.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://grxchange.gr
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gsspat.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gumgum.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://gunosy.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://halcy.de
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://html-load.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://i-mobile.co.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://im-apps.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://impact-ad.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://indexww.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ingereck.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://inmobi.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://innovid.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://iobeya.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://jivox.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://jkforum.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://kargo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://kidoz.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://kompaspublishing.nl
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ladsp.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://linkedin.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://logly.co.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://lucead.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://lwadm.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://mail.ru
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://media.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://media6degrees.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://mediaintelligence.de
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://mediamath.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://mediavine.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://metro.co.uk
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://microad.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://momento.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://moshimo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://naver.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://nexxen.tech
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://nhnace.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://nodals.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://onet.pl
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://onetag-sys.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://open-bid.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://openx.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://optable.co
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://outbrain.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://paa-reporting-advertising.amazon
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://payment.goog
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://permutive.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://pinterest.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://postrelease.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://presage.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://primecaster.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ad-server.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-a.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-b.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-x.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp-y.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-dsp.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-a.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-b.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-x.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp-y.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-demos-ssp.dev
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandbox-test.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ad-server.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-a1.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-b1.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-x.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp-y.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-dsp.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-a.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-b.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-x.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp-y.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://privacy-sandcastle-dev-ssp.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://ptb-msmt-static-5jyy5ulagq-uc.a.run.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://pub.network
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://pubmatic.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://pubtm.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://quantserve.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://quora.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://r2b2.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://relevant-digital.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://retargetly.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://rubiconproject.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://samplicio.us
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://sascdn.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://seedtag.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://semafor.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://sephora.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://shared-storage-demo-content-producer.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://shared-storage-demo-publisher-a.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://shared-storage-demo-publisher-b.web.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://shinobi.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://shinystat.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://simeola.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://singular.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://sitescout.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://smadexprivacysandbox.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://snapchat.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://socdm.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://sportradarserving.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://stackadapt.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://storygize.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://superfine.org
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://t13.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://taboola.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tailtarget.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tamedia.com.tw
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tangooserver.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://teads.tv
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://theryn.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tiktok.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tncid.app
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://toponad.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://torneos.gg
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tpmark.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tribalfusion.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://trip.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://triptease.io
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://trkkn.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://tya-dev.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://uinterbox.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://undertone.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://unrulymedia.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://uol.com.br
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://usemax.de
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://validate.audio
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://verve.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://vg.no
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://vidazoo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://vpadn.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://washingtonpost.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://weborama-tech.ru
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://weborama.fr
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://wepowerconnections.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://worldhistory.org
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://wp.pl
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://yahoo.co.jp
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://yahoo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://yelp.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://yieldlab.net
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://yieldmo.com
Source: privacy-sandbox-attestations.dat.3.dr	String found in binary or memory: https://youronlinechoices.eu

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54499
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 60211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 54491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 54476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60206
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60205
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60210
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54500
Source: unknown	Network traffic detected: HTTP traffic on port 54484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54478
Source: unknown	Network traffic detected: HTTP traffic on port 54483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54485
Source: unknown	Network traffic detected: HTTP traffic on port 49684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54484
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54483
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 54478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54489
Source: unknown	Network traffic detected: HTTP traffic on port 60209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54487
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54492
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54490
Source: unknown	Network traffic detected: HTTP traffic on port 54489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 60212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 54492 -> 443

Source: unknown	HTTPS traffic detected: 104.21.72.35:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.19:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.132:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:54483 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.5:54485 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.5:54482 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.5:54484 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.128.193.190:443 -> 192.168.2.5:54487 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.35:443 -> 192.168.2.5:54489 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.56.248.49:443 -> 192.168.2.5:54488 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.208.32:443 -> 192.168.2.5:54490 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.106:443 -> 192.168.2.5:54491 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.16.181:443 -> 192.168.2.5:54493 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.16.181:443 -> 192.168.2.5:54499 version: TLS 1.2

System Summary

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir8428_979311488			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543\privacy-sandbox-attestations.dat			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543\_metadata\verified_contents.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1029060543\manifest.fingerprint			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir8428_1999349553			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\Google.Widevine.CDM.dll			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\_metadata\verified_contents.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\manifest.fingerprint			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8428_979311488

Jump to behavior

Source: Google.Widevine.CDM.dll.3.dr

Static PE information: Number of sections : 12 > 10

Source: classification engine

Classification label: mal64.phis.winPDF@48/90@40/16

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 20-11-16-601.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Remserv.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docusharingportal.centralfilecloud.de/1yyKo/?e=caden.riley@remserv.com.au
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1580,i,12866351744111678173,13124259548509417654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2096,i,10605036410454102785,17967967239515792625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1736 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2096,i,10605036410454102785,17967967239515792625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4948 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1580,i,12866351744111678173,13124259548509417654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2096,i,10605036410454102785,17967967239515792625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1736 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2096,i,10605036410454102785,17967967239515792625,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4948 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.3.dr

Source: Remserv.pdf	Initial sample: PDF keyword /JS count = 0
Source: Remserv.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9fzgoo7_81ct27_64o.tmp.1.dr	Initial sample: PDF keyword /JS count = 0
Source: A9fzgoo7_81ct27_64o.tmp.1.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Remserv.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Data Obfuscation

Source: Google.Widevine.CDM.dll.3.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.3.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.3.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.3.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.3.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping8428_1535456231\Google.Widevine.CDM.dll

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior