Play interactive tour

Edit tour

Analysis Report Doc 4.pdf

Overview

General Information

Sample Name:	Doc 4.pdf
Analysis ID:	350996
MD5:	eda427284c20d9ccdab5720ad668339e
SHA1:	799c2f40e91e826b0c76dc626ca408922e0b926d
SHA256:	52622aa7ea8bb24c0ed0571e5a79f9f3b6a2845ee2108236e4ff3fd19b1ec855
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Startup

System is w10x64

AcroRd32.exe (PID: 6108 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Doc 4.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 5632 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Doc 4.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 6300 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6520 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=423575862015348718 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=423575862015348718 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6640 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1206426949822889881 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6852 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2497566699547521627 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2497566699547521627 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 7036 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2002958810221507696 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2002958810221507696 --renderer-client-id=5 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

iexplore.exe (PID: 5504 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5996 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5504 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 173.194.76.155:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.194.76.155:443 -> 192.168.2.4:49806 version: TLS 1.2

Networking:

Source: Joe Sandbox View	IP Address: 173.194.76.155 173.194.76.155
Source: Joe Sandbox View	IP Address: 80.0.0.0 80.0.0.0

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: 148505[1].htm0.19.dr	String found in binary or memory: <div>Do not use Drive as a replacement for a content distribution network. For broad video distribution, YouTube is a better fit. Drive will restrict usage and access when it appears that it's being used for broad video distribution.  If you use Drive to share a video widely or share a link to a video that anyone can access, that video content must also comply with<a href="https://www.youtube.com/howyoutubeworks/policies/community-guidelines/" rel="noopener"> <u>YouTube Community Guidelines</u></a>.</div> equals www.youtube.com (Youtube)
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: data private, safe, and secure.</p><p class="rfNEoc"><a href="https://safety.google/principles">Explore our Privacy and Security Principles</a></p></div></div><div class="AD0Dze"><div><h2 class="Z6jTqd">Google Product Privacy Guide</h2><div class="p60SJ"><img alt="" class="m49pib" src="https://www.gstatic.com/policies/images/product_privacy.png" srcset="https://www.gstatic.com/policies/images/product_privacy_x2.png 2x"><p class="rfNEoc r0hqg">As you use Gmail, Search, YouTube, and other products from Google, you have the power to control and protect your personal information and usage history. The <a href="technologies/product-privacy">Google Product Privacy Guide</a> can help you find information about how to manage some of the privacy features built into Google's products.</p></div></div></div></div></div></div><div jscontroller="wmlPKb" jsaction="IBB03b:wKZqRb" data-tracker-id="UA-28138501-1"></div><div jscontroller="yJVP7e" jsaction="rcuQ6b:npT2md"></div></div><c-wiz jsrenderer="wX26lb" class="SGBcfd" jsshadow jsdata="deferred-i2" data-p="%.@.]" jscontroller="krBSJd" jsaction="change:msyOCf(O1htCb)" data-node-index="1;0" jsmodel="hc6Ubd"><div class="Uh4Mac"><div class="JzIyE"><div class="Fq8qrb"><label class="gZggid" for="i3">Change language:</label><select class="iCthae" id="i3" jsname="O1htCb"><option value="af">Afrikaans</option><option value="id">Bahasa Indonesia</option><option value="ms">Bahasa Melayu</option><option value="ca">Catal equals www.youtube.com (Youtube)
Source: so[1].htm.19.dr	String found in binary or memory: ,[36,"YouTube","0 -2829px","https://www.youtube.com/?gl\u003dGB","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: so[1].htm0.19.dr	String found in binary or memory: ,[36,"YouTube","0 -2829px","https://www.youtube.com/?gl\u003dGB\u0026tab\u003du1","_blank",false,null,""] equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: stats.g.doubleclick.net

Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/)5)
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/.3/1
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, cb=gapi[1].js0.19.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/hO
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/8L
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#U
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/j
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#q
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#L
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: http://www.broofa.com
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: http://www.google.com/help/chatsupport/loading.html
Source: 148505[1].htm0.19.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/~
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000002.836445328.000000000CC2B000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/4g
Source: AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/U
Source: AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/4
Source: AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/n
Source: AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/jgJ
Source: AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://about.google/
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://account.google.com/
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fsupport.google.com&jsh=m%
Source: so[1].htm0.19.dr	String found in binary or memory: https://ads.google.com/home/?subid
Source: analytics[1].js.19.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comL
Source: AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRLt
Source: cb=gapi[1].js.19.dr, googleapis.proxy[1].js.19.dr, rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr, so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://apis.google.com
Source: m=_b,_tp[1].js.19.dr, so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://apis.google.com/js/client.js?onload=%
Source: proxy[1].htm.19.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: postmessageRelay[1].htm.19.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://artsandculture.google.com/?hl
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://autopush-moltron-pa-googleapis.sandbox.google.com
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://books.google.co.uk/?hl
Source: so[1].htm.19.dr	String found in binary or memory: https://calendar.google.com/calendar
Source: so[1].htm0.19.dr	String found in binary or memory: https://calendar.google.com/calendar?tab
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://casespartner-pa.clients6.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://casespartner-pa.youtube.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://client-channel.google.com/client-channel/client
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://client-channel.youtube.com/client-channel/client
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://clients4.google.com/invalidation/lcs/client
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, cb=gapi[1].js0.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://console.developers.google.com/
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://contacts.google.com/?hl
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[1].js.19.dr, cb=gapi[1].js0.19.dr	String found in binary or memory: https://content.googleapis.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr, cb=gapi[1].js0.19.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://dev-externalultron-pa-googleapis.sandbox.google.com
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: AcroRd32.exe, 00000001.00000002.835214477.000000000B40C000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com
Source: AcroRd32.exe, 00000001.00000002.836445328.000000000CC2B000.00000004.00000001.sdmp, {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://docs.google.com/
Source: so[1].htm0.19.dr	String found in binary or memory: https://docs.google.com/document/?usp
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform
Source: AcroRd32.exe, 00000001.00000002.832501492.000000000A3E4000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000002.826919055.0000000009051000.00000004.00000001.sdmp, Doc 4.pdf	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform)
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewformR
Source: AcroRd32.exe, 00000001.00000002.836445328.000000000CC2B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewformo
Source: AcroRd32.exe, 00000001.00000002.836445328.000000000CC2B000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewformu
Source: so[1].htm0.19.dr	String found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm0.19.dr	String found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: so[1].htm.19.dr	String found in binary or memory: https://drive.google.com/
Source: so[1].htm0.19.dr	String found in binary or memory: https://drive.google.com/?tab
Source: so[1].htm0.19.dr	String found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm0.19.dr	String found in binary or memory: https://earth.google.com/web/
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://externalultron-pa.clients6.google.com
Source: css[1].css.19.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)format(
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)format(
Source: css[1].css.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff)
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format(
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)format(
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format(
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://gstatic.com/support/content/resources/
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://gstatic.com/support/content/resources/%
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://gsuite.google.com/learning-center/?utm_source=hc-docseditors&amp;utm_medium=referral&amp
Source: so[1].htm0.19.dr	String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000001.00000002.826833605.0000000009014000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: so[1].htm0.19.dr	String found in binary or memory: https://jamboard.google.com/?usp
Source: so[1].htm0.19.dr	String found in binary or memory: https://keep.google.com
Source: so[1].htm.19.dr	String found in binary or memory: https://mail.google.com/mail/
Source: so[1].htm0.19.dr	String found in binary or memory: https://mail.google.com/mail/?tab
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://maps.google.co.uk/maps?hl
Source: so[1].htm0.19.dr	String found in binary or memory: https://meet.google.com?hs
Source: 3PWVHDZB.js.19.dr	String found in binary or memory: https://myaccount.google.com/
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://myaccount.google.com/?utm_source
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://myaccount.google.com/privacypolicy?hl=
Source: so[1].htm.19.dr	String found in binary or memory: https://news.google.com/
Source: so[1].htm0.19.dr	String found in binary or memory: https://news.google.com/?tab
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://ogs.google.com/
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: so[1].htm.19.dr	String found in binary or memory: https://photos.google.com/?pageId
Source: so[1].htm0.19.dr	String found in binary or memory: https://photos.google.com/?tab
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://play.google.com/?hl
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://plus.googleapis.com
Source: so[1].htm0.19.dr	String found in binary or memory: https://podcasts.google.com/
Source: so[1].htm.19.dr	String found in binary or memory: https://policies.google.com
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr, MYHJ0Q0H.htm.19.dr, policies[1].htm.19.dr	String found in binary or memory: https://policies.google.com/
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://policies.google.com/-GB/policies/IKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://policies.google.com/0Privacy
Source: policies[1].htm.19.dr	String found in binary or memory: https://policies.google.com/?hl=en-GB
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://policies.google.com/terms?hl=
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://policies.google.com/terms?hl=en-US
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://realtimesupport.clients6.google.com
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-sta
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://realtimesupport.youtube.com
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://realtimesupport.youtube.com/inapp/rts_frame
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://safebrowsing.google.com/#policies
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://safety.google/
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://safety.google/principles
Source: lazy.min[1].js.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://ssl.gstatic.com
Source: postmessageRelay[1].htm.19.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p1_cfd8cf40.png
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p2_136ed2e0.png
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://ssl.gstatic.com/inproduct_help/guidedhelp/guide_inproduct.js
Source: imagestore.dat.19.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: imagestore.dat.19.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico~
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/
Source: operatorParams[1].json.19.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/1612774887636/operatordeferred_bin_base.js
Source: so[1].htm0.19.dr	String found in binary or memory: https://stadia.google.com/
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://staging-casespartner-pa-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://staging-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://staging-supportcases-pa-googleapis.corp.google.com
Source: analytics[1].js.19.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://support.corp.google.com
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://support.google.com
Source: 3PWVHDZB.js.19.dr	String found in binary or memory: https://support.google.com/
Source: operatorParams[1].json.19.dr	String found in binary or memory: https://support.google.com/chat-upload/support-cases/resumable
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://support.google.com/docs/answer/148505
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://support.google.com/docs/answer/148505?hl=en-GB
Source: 148505[1].htm.19.dr	String found in binary or memory: https://support.google.com/docs/answer/148505?visit_id=637485399344018949-2538812545&hl=en-GB&am
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://support.google.com/docs/answer/148505?visit_id=637485399344018949-2538812545&hl=en-GB&rd=1
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://support.google.com/docs/answer/148505?visit_id=637485399344018949-2538812545&hl=en-GB&rd=1xA
Source: answer[1].htm.19.dr	String found in binary or memory: https://support.google.com/drive/answer/148505?hl=en-GB
Source: imagestore.dat.19.dr	String found in binary or memory: https://support.google.com/favicon.ico
Source: imagestore.dat.19.dr	String found in binary or memory: https://support.google.com/favicon.ico~
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://support.google.com/inapp/rts_frame
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://supportcases-pa-googleapis.corp.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://test-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://test-externalultron-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://test-realtimesupport-googleapis.sandbox.google.com
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://test-supportcases-pa-googleapis.corp.google.com
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://translate.google.co.uk/?hl
Source: m=_b,_tp[1].js.19.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: so[1].htm.19.dr	String found in binary or memory: https://www.blogger.com/
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.blogger.com/?tab
Source: AcroRd32.exe, 00000001.00000002.826554795.00000000086BD000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 3PWVHDZB.js.19.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.19.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: 3PWVHDZB.js.19.dr	String found in binary or memory: https://www.google.
Source: analytics[1].js.19.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: so[1].htm.19.dr	String found in binary or memory: https://www.google.co.uk/finance
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.google.co.uk/finance?tab
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.google.co.uk/intl/en-GB/about/products?tab
Source: so[1].htm.19.dr	String found in binary or memory: https://www.google.co.uk/intl/en/about/products
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.google.co.uk/save
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://www.google.co.uk/shopping?hl
Source: so[1].htm.19.dr	String found in binary or memory: https://www.google.co.uk/webhp
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.google.co.uk/webhp?tab
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.google.com
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.google.com/
Source: rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.google.com/accounts/TOS?hl=en-GB&loc=GB
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.google.com/chrome/?brand
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://www.google.com/enterprise/marketplace
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
Source: terms[1].htm.19.dr	String found in binary or memory: https://www.google.com/intl/en-GB/policies/
Source: {E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat.18.dr	String found in binary or memory: https://www.google.com/intl/en-GB/policies/IKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform
Source: 3PWVHDZB.js.19.dr, rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr, 148505[1].htm0.19.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.google.com/policies/terms/
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?onload=%
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.google.com/search?q=
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: operatordeferred_bin_base__en_gb[1].js.19.dr	String found in binary or memory: https://www.googleapis.com
Source: cb=gapi[1].js0.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[1].js.19.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: analytics[1].js.19.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: 3PWVHDZB.js.19.dr	String found in binary or memory: https://www.gstatic.
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://www.gstatic.com
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.eSPh6Zm95AI.
Source: so[1].htm.19.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.ckn3ognyy4M.
Source: so[1].htm0.19.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en_GB.gm9s6uNg4
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/my_account.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/my_account_x2.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/privacy_security_answers.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/privacy_security_answers_x2.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/product_privacy.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/product_privacy_x2.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/shields2.png
Source: MYHJ0Q0H.htm.19.dr	String found in binary or memory: https://www.gstatic.com/policies/images/shields2_2x.png
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/support/content/resources/
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/support/content/resources/%
Source: lazy.min[1].js.19.dr	String found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: so[1].htm0.19.dr, so[1].htm.19.dr	String found in binary or memory: https://www.youtube.com/?gl
Source: 148505[1].htm0.19.dr	String found in binary or memory: https://www.youtube.com/howyoutubeworks/policies/community-guidelines/

Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805

Source: unknown	HTTPS traffic detected: 173.194.76.155:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.194.76.155:443 -> 192.168.2.4:49806 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean1.winPDF@17/109@1/3

Source: Doc 4.pdf	Initial sample: https://docs.google.com/forms/d/e/1faipqlscddmh7lun_pjdrnt26ioikrjiuculzy77pioe6_tk9znsi3g/viewform
Source: Doc 4.pdf	Initial sample: https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9R86qzj0_1g8cyst_4cg.tmp

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Doc 4.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Doc 4.pdf'
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=423575862015348718 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=423575862015348718 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1206426949822889881 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2497566699547521627 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2497566699547521627 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2002958810221507696 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2002958810221507696 --renderer-client-id=5 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5504 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Doc 4.pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=423575862015348718 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=423575862015348718 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1206426949822889881 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2497566699547521627 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2497566699547521627 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2002958810221507696 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2002958810221507696 --renderer-client-id=5 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5504 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: Doc 4.pdf	Initial sample: PDF keyword /JS count = 0
Source: Doc 4.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Doc 4.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Hooking and other Techniques for Hiding and Protection:

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Source: AcroRd32.exe, 00000001.00000002.835283014.000000000B44C000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00A20490 LdrInitializeThunk,

1_2_00A20490

HIPS / PFW / Operating System Protection Evasion:

Source: AcroRd32.exe, 00000001.00000002.821037905.00000000056B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000002.821037905.00000000056B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.821037905.00000000056B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.821037905.00000000056B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Spearphishing Link1	Windows Management Instrumentation	Path Interception	Process Injection2	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Doc 4.pdf	2%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://iptc.org/std/Iptc4xmpExt/2008-02-29/8L	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/~	0%	Avira URL Cloud	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://www.google.co.uk/intl/en-GB/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en-GB/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en-GB/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en-GB/about/products?tab	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/hO	0%	Avira URL Cloud	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://api.echosign.comRLt	0%	Avira URL Cloud	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/U	0%	Avira URL Cloud	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/webhp	0%	URL Reputation	safe
https://www.google.co.uk/webhp	0%	URL Reputation	safe
https://www.google.co.uk/webhp	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/jgJ	0%	Avira URL Cloud	safe
https://api.echosign.comL	0%	Avira URL Cloud	safe
https://www.google.	0%	URL Reputation	safe
https://www.google.	0%	URL Reputation	safe
https://www.google.	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/n	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/)5)	0%	Avira URL Cloud	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
https://safety.google/	0%	URL Reputation	safe
https://safety.google/	0%	URL Reputation	safe
https://safety.google/	0%	URL Reputation	safe
https://www.gstatic.	0%	URL Reputation	safe
https://www.gstatic.	0%	URL Reputation	safe
https://www.gstatic.	0%	URL Reputation	safe
https://.OKCancelEdit	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://www.google.co.uk/finance	0%	URL Reputation	safe
https://www.google.co.uk/finance	0%	URL Reputation	safe
https://www.google.co.uk/finance	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://www.google.co.uk/shopping?hl	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
stats.l.doubleclick.net	173.194.76.155	true	false		high
stats.g.doubleclick.net	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://staging-realtimesupport-googleapis.sandbox.youtube.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
http://iptc.org/std/Iptc4xmpExt/2008-02-29/8L	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.npes.org/pdfx/ns/id/~	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/field#U	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
http://www.broofa.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://translate.google.co.uk/?hl	so[1].htm0.19.dr, so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://books.google.co.uk/?hl	so[1].htm0.19.dr, so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/schema#	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
https://casespartner-pa.youtube.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
https://www.google.co.uk/intl/en-GB/about/products?tab	so[1].htm0.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.co.uk/intl/en/about/products	so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.co.uk/webhp?tab	so[1].htm0.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://signaler-pa.youtube.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/hO	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://realtimesupport.youtube.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
https://www.google.co.uk/finance?tab	so[1].htm0.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.echosign.comRLt	AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cipa.jp/exif/1.0/	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/U	AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://www.google.co.uk/save	so[1].htm0.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/type#	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
https://www.google.co.uk/webhp	so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/jgJ	AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.echosign.comL	AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.	3PWVHDZB.js.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/n	AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://api.echosign.com	AcroRd32.exe, 00000001.00000002.836355563.000000000CBC9000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.npes.org/pdfx/ns/id/	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/drm/default	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cipa.jp/exif/1.0/)5)	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/type#L	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.19.dr	false		high
http://www.aiim.org/pdfa/ns/extension/	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/id/j	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false		high
https://www.blogger.com/?tab	so[1].htm0.19.dr	false		high
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/property#	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	operatordeferred_bin_base__en_gb[1].js.19.dr, 148505[1].htm0.19.dr	false		high
http://ns.useplus.org/ldf/xmp/1.0/	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://safety.google/	MYHJ0Q0H.htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.gstatic.	3PWVHDZB.js.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/id/	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false		high
https://.OKCancelEdit	AcroRd32.exe, 00000001.00000002.836445328.000000000CC2B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://about.google/	MYHJ0Q0H.htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.co.uk/finance	so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html	cb=gapi[1].js0.19.dr	false		high
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfe/ns/id/	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false		high
https://maps.google.co.uk/maps?hl	so[1].htm0.19.dr, so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.co.uk/shopping?hl	so[1].htm0.19.dr, so[1].htm.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cipa.jp/exif/1.0/.3/1	AcroRd32.exe, 00000001.00000002.835264173.000000000B432000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/schema#q	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
https://safety.google/principles	MYHJ0Q0H.htm.19.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	analytics[1].js.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/4g	AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://client-channel.youtube.com/client-channel/client	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
https://www.youtube.com/?gl	so[1].htm0.19.dr, so[1].htm.19.dr	false		high
http://www.aiim.org/pdfa/ns/field#	AcroRd32.exe, 00000001.00000003.817717792.000000000B2C7000.00000004.00000001.sdmp	false		high
http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.blogger.com/	so[1].htm.19.dr	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/y	AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/	AcroRd32.exe, 00000001.00000002.835392420.000000000B4F7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.quicktime.com.Acrobat	AcroRd32.exe, 00000001.00000002.821700618.0000000007800000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/4	AcroRd32.exe, 00000001.00000002.834876997.000000000B1D7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000001.00000002.826833605.0000000009014000.00000004.00000001.sdmp	false		high
https://staging-casespartner-pa-googleapis.sandbox.youtube.com	operatordeferred_bin_base__en_gb[1].js.19.dr	false		high
https://www.youtube.com/howyoutubeworks/policies/community-guidelines/	148505[1].htm0.19.dr	false		high
https://realtimesupport.youtube.com/inapp/rts_frame	148505[1].htm0.19.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
173.194.76.155	unknown	United States		15169	GOOGLEUS	false
80.0.0.0	unknown	United Kingdom		5089	NTLGB	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	350996
Start date:	10.02.2021
Start time:	08:43:04
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Doc 4.pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.winPDF@17/109@1/3
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 11 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .pdf Found PDF document Find and activate links Security Warning found Close Viewer Browsing link: http://www.google.com/google-d-s/intl/en-GB/terms.html Browsing link: https://support.google.com/drive/bin/answer.py?hl=en_GB&answer=148505
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 40.88.32.150, 52.147.198.201, 104.43.193.48, 23.32.238.128, 23.32.238.122, 23.32.238.129, 23.32.238.123, 23.32.238.113, 23.32.238.96, 23.32.238.162, 23.32.238.136, 92.122.146.26, 51.104.139.180, 92.122.213.247, 92.122.213.194, 8.253.95.249, 67.27.233.126, 67.27.158.126, 8.248.131.254, 8.253.95.120, 52.155.217.156, 20.54.26.129, 172.217.22.238, 88.221.62.148, 216.58.207.174, 172.217.23.42, 172.217.22.227, 172.217.22.195, 51.104.146.109, 172.217.20.228, 172.217.23.35, 152.199.19.161, 172.217.20.238, 172.217.23.46, 172.217.22.206, 216.58.207.142, 216.58.215.240, 172.217.168.16, 172.217.168.48, 172.217.168.80, 216.58.207.138, 216.58.207.141, 216.58.207.170 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, docs.google.com, ssl.gstatic.com, arc.msn.com.nsatc.net, storage.googleapis.com, policies.google.com, acroipm2.adobe.com, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, a122.dscd.akamai.net, audownload.windowsupdate.nsatc.net, realtimesupport.clients6.google.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, au-bg-shim.trafficmanager.net, www.google-analytics.com, google.com, fonts.googleapis.com, plus.l.google.com, acroipm2.adobe.com.edgesuite.net, db3p-ris-pf-prod-atm.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, www3.l.google.com, blobcollector.events.data.trafficmanager.net, cs9.wpc.v0cdn.net, scone-pa.clients6.google.com, e4578.dscb.akamaiedge.net, support.google.com, ogs.google.com, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, iecvlist.microsoft.com, go.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, www-google-analytics.l.google.com, accounts.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, ctldl.windowsupdate.com, skypedataprdcoleus16.cloudapp.net, armmf.adobe.com, play.google.com, go.microsoft.com.edgekey.net, apis.google.com Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:44:04	API Interceptor	11x Sleep call for process: RdrCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
173.194.76.155	http://naturalhub-diet.world/shake.php?a=1nou&c=diet&s=330788,UEMRADAPDP38712	Get hash	malicious	Browse
	http://www.george-law.com/	Get hash	malicious	Browse
	https://www.evernote.com/shard/s624/sh/23f89f62-f6a6-593d-7b2d-e1727bf0a5b9/8e13c642f2e3a2a6c9afb17e059a1de2	Get hash	malicious	Browse
	https://caribforum.org/Doc.htm	Get hash	malicious	Browse
	https://bit.ly/33rThah	Get hash	malicious	Browse
	LGwzOM1BAN.exe	Get hash	malicious	Browse
	https://click.mail6.lendingclub.com/?qs=c11e75b777567ff3b3ff802d432a6f281c17cf3a9f5366ad33ee865897794105026b0c7d65ac2b729d64fc5fad16c1be79b6311e6f208559	Get hash	malicious	Browse
	https://new-fax2.studio.design/	Get hash	malicious	Browse
	https://christianlike-seame.000webhostapp.com/mNeIOwPse/?id=php	Get hash	malicious	Browse
	https://event.on24.com/wcc/r/2331915/C11D25FB3A0EB93272CF44E759BE02AF?mode=login&email=bvarghese@magicleap.com	Get hash	malicious	Browse
	https://us10.campaign-archive.com/?u=57f154ea2e6418d58423943af&id=f547c7ddd2	Get hash	malicious	Browse
	2387052017.docx	Get hash	malicious	Browse
	http://barranquilla.permisocovid19.org/#/upload	Get hash	malicious	Browse
	https://thedigitalshiva.com/wwpp66/AfnGNvqj435dCPLRRzw4Uyb5UN4ivRzfm7HF9Dazry2uG5iphXjKrP/live/	Get hash	malicious	Browse
	http://tinyurl.com/yatvvyus	Get hash	malicious	Browse
	https://view.genial.ly/5ecb5d7a0d54500d8deff3ae	Get hash	malicious	Browse
	http://www.forestforum.co.uk/showthread.php?t=47811&page=19	Get hash	malicious	Browse
	https://sites.google.com/view/amamam54566/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9	Get hash	malicious	Browse
	https://sites.google.com/view/amamam54566/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9	Get hash	malicious	Browse
	https://sites.google.com/view/tdrsedrftg/%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9-%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9	Get hash	malicious	Browse
80.0.0.0	Swift.pdf.jar	Get hash	malicious	Browse
	0001.jar	Get hash	malicious	Browse
	FedEx-Shipment-90161131174.jar	Get hash	malicious	Browse
	FedEx-Shipment-61821461149.jar	Get hash	malicious	Browse
	FedEx-Shipment-8161131174.jar	Get hash	malicious	Browse
	agenciatributaria5668.vbs	Get hash	malicious	Browse
	Statement for T10495.jar	Get hash	malicious	Browse
	Statement for T10495 - 18-01-21 15-23.jar	Get hash	malicious	Browse
	TREKSTA 2021 Business Plan..exe	Get hash	malicious	Browse
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse
	2EB0.tmp.exe	Get hash	malicious	Browse
	muddydoc.exe	Get hash	malicious	Browse
	RQMofd68Ad.exe	Get hash	malicious	Browse
	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse
	http://quickneasyrecipes.co	Get hash	malicious	Browse
	https://dck12-my.sharepoint.com:443/:b:/g/personal/tanya_mckelvin_k12_dc_gov/EbGhLtD47K1Cl18cC--Ad0sBxiRFwsui9s7PYb2eA-FMZg?e=4%3arCBWhd&at=9__;JQ!!P4oOa0cl!xjyiOci-WnHuSIjf0v9YP9XHTo1mHg1DdlnrlGItn8ysOUKeJHjzL7gjiYG6nZ8pLQ$	Get hash	malicious	Browse
	https://public.3.basecamp.com/p/2D4prniZtSHtN5Qfx4XocXX3	Get hash	malicious	Browse
	https://bouthilletteparizeau-my.sharepoint.com/:b:/g/personal/jproulx_bpa_ca/EYQbKRRM1_VEjGeslLjc5GwB075qH34FcIdpShYIw3DxFA?e=4%3abltg7p&at=9	Get hash	malicious	Browse
	ds7002.lnk	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
stats.l.doubleclick.net	CONSTANTINE.xlsx	Get hash	malicious	Browse	108.177.15.157
	Document0098.html	Get hash	malicious	Browse	108.177.15.156
	yVn2ywuhEC.exe	Get hash	malicious	Browse	108.177.127.155
	VM859-7757.htm	Get hash	malicious	Browse	108.177.127.157
	Acunetix Premium v13.0.201112128 Activation Tool.exe	Get hash	malicious	Browse	74.125.133.157
	Jasper-6.10.0.docx	Get hash	malicious	Browse	74.125.140.157
	e-card.htm .exe	Get hash	malicious	Browse	108.177.15.154
	e-card.jpg .exe	Get hash	malicious	Browse	108.177.15.154
	https://new-fax-messages.mydopweb.com/	Get hash	malicious	Browse	108.177.15.156
	https://ozmmdmfly0ob6rsgyfcjja-on.drv.tw/GAlAFw&flowName=GlifWebSignIn&flowEntry=AddSession&response_mode=form_post&response_type=code+id_token&scope=openid+profile&state=OpenIdConnect.AuthenticationProperties=7I5fOQe2aVADfQrM2gnSPpnNXdJDFVEswOkTEzvRpizt0MxezF-fEHwkij9KPoULqpUnkx2n_0Dud0uKVG57peviUxksCdnZyX7ab0n1hx9UpfkPdjMq2wNzHOC_K3ig&nonce=636810071538546755.OTdjZTIwMDItYjU4Yy00ODAxLTkzMDgtMzAzNGIwNThmY2ZkZWI3OTkzNDUtN2NlZC00MDIxLWFlZDQtNzhkNmM0ODhmMzAz&/	Get hash	malicious	Browse	108.177.15.155
	https://web.tresorit.com/l/JG7xl#7YqXRnhV6spRT3ekJskNaw	Get hash	malicious	Browse	108.177.15.157
	http://search.hwatchtvnow.co	Get hash	malicious	Browse	108.177.15.155
	https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#test@test.com	Get hash	malicious	Browse	108.177.15.156
	http://bit.ly/3nlGvk0	Get hash	malicious	Browse	74.125.140.156
	https://cypressbayhockey.com/NO	Get hash	malicious	Browse	74.125.140.156
	https://pdfsharedmessage.xtensio.com/7wtcdlta	Get hash	malicious	Browse	74.125.140.154
	https://viewer.desygner.com/-M7QpDHAe3Y/	Get hash	malicious	Browse	74.125.140.157
	https://alijafari6.wixsite.com/owa-projection-aspx	Get hash	malicious	Browse	74.125.140.154
	details.html	Get hash	malicious	Browse	74.125.140.154
	https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_Jg	Get hash	malicious	Browse	74.125.140.157

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GOOGLEUS	RFQ 117839 ASIA TRADING LLC.xlsx	Get hash	malicious	Browse	34.102.136.180
	Purchase Order _pdf.exe	Get hash	malicious	Browse	34.102.136.180
	Purchase Order _pdf.exe	Get hash	malicious	Browse	34.102.136.180
	50.docx	Get hash	malicious	Browse	216.239.36.21
	50.docx	Get hash	malicious	Browse	216.239.38.21
	DHL Parcel Details.xlsx	Get hash	malicious	Browse	34.102.136.180
	SCAN_PO210205.exe.exe	Get hash	malicious	Browse	34.102.136.180
	SKM_36721012514070-2.ppt	Get hash	malicious	Browse	172.217.22.193
	wEcncyxrEe	Get hash	malicious	Browse	34.80.65.54
	Y8LGFkFl01	Get hash	malicious	Browse	172.217.22.206
	Y8LGFkFl01	Get hash	malicious	Browse	172.217.20.227
	MicrosoftEdgeSetup.exe	Get hash	malicious	Browse	8.8.8.8
	Attached_File_898318.xlsb	Get hash	malicious	Browse	35.228.31.40
	5ncC1M3Cch.exe	Get hash	malicious	Browse	74.125.203.99
	BsjoR9T7ul.apk	Get hash	malicious	Browse	216.58.207.163
	5DktGbEvIA.apk	Get hash	malicious	Browse	172.217.20.238
	5DktGbEvIA.apk	Get hash	malicious	Browse	172.217.20.238
	packing list.pdf.exe	Get hash	malicious	Browse	34.102.136.180
	mal.apk	Get hash	malicious	Browse	216.239.35.0
	RFQ - ASTROFREIGHT FEB21-0621pdf.exe	Get hash	malicious	Browse	34.102.136.180
NTLGB	wEcncyxrEe	Get hash	malicious	Browse	213.48.143.199
	Swift.pdf.jar	Get hash	malicious	Browse	80.0.0.0
	0001.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-90161131174.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-61821461149.jar	Get hash	malicious	Browse	80.0.0.0
	FedEx-Shipment-8161131174.jar	Get hash	malicious	Browse	80.0.0.0
	agenciatributaria5668.vbs	Get hash	malicious	Browse	80.0.0.0
	Statement for T10495.jar	Get hash	malicious	Browse	80.0.0.0
	Statement for T10495 - 18-01-21 15-23.jar	Get hash	malicious	Browse	80.0.0.0
	TREKSTA 2021 Business Plan..exe	Get hash	malicious	Browse	80.0.0.0
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	SPEPAY13012021-20-00000009.pdf.exe	Get hash	malicious	Browse	80.0.0.0
	2EB0.tmp.exe	Get hash	malicious	Browse	80.0.0.0
	muddydoc.exe	Get hash	malicious	Browse	80.0.0.0
	RQMofd68Ad.exe	Get hash	malicious	Browse	80.0.0.0
	https://awattorneys-my.sharepoint.com/:b:/p/fgalante/EcRfEpzLM_tOh_Roewbwm9oB4JarWh_30QaPZLGUdNbnuw?e=4%3aqmwocp&at=9	Get hash	malicious	Browse	80.0.0.0
	http://quickneasyrecipes.co	Get hash	malicious	Browse	80.0.0.0
	utox.exe	Get hash	malicious	Browse	82.27.253.120
	https://dck12-my.sharepoint.com:443/:b:/g/personal/tanya_mckelvin_k12_dc_gov/EbGhLtD47K1Cl18cC--Ad0sBxiRFwsui9s7PYb2eA-FMZg?e=4%3arCBWhd&at=9__;JQ!!P4oOa0cl!xjyiOci-WnHuSIjf0v9YP9XHTo1mHg1DdlnrlGItn8ysOUKeJHjzL7gjiYG6nZ8pLQ$	Get hash	malicious	Browse	80.0.0.0
	NormhjTcQb.exe	Get hash	malicious	Browse	82.1.160.234

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	footer.jpg.dll	Get hash	malicious	Browse	173.194.76.155
	Tuesday, February 9th, 2021 8%3A1%3A54 a.m., _20210209080154.8E45EAA12FF8DC21@sophiajoyas.cl_.html	Get hash	malicious	Browse	173.194.76.155
	acr1.dll	Get hash	malicious	Browse	173.194.76.155
	TRIGANOcr.dll	Get hash	malicious	Browse	173.194.76.155
	ct.dll	Get hash	malicious	Browse	173.194.76.155
	February Payroll.xls.htm	Get hash	malicious	Browse	173.194.76.155
	SecuriteInfo.com.Trojan.PackedNET.535.22246.exe	Get hash	malicious	Browse	173.194.76.155
	Tuesday, February 9th, 2021 83422 a.m., 20210209083422.7B8380338EC1D61B@sophiajoyas.cl.html	Get hash	malicious	Browse	173.194.76.155
	255423.jhertlein.255423.htm	Get hash	malicious	Browse	173.194.76.155
	index_2021-02-08-19_41.dll	Get hash	malicious	Browse	173.194.76.155
	BullGuard.dll	Get hash	malicious	Browse	173.194.76.155
	P012108.htm	Get hash	malicious	Browse	173.194.76.155
	Jidert.dll	Get hash	malicious	Browse	173.194.76.155
	Zoom Invita______tion 2021020104882460.html	Get hash	malicious	Browse	173.194.76.155
	Friday_ February 5th_ 2021 64427 a.m._ 20210205064427.64791275BD060468@juidine.com.html	Get hash	malicious	Browse	173.194.76.155
	Vu2QRHVR8C.dll	Get hash	malicious	Browse	173.194.76.155
	Jackson Collins@278180-3963.htm	Get hash	malicious	Browse	173.194.76.155
	header[1].jpg.dll	Get hash	malicious	Browse	173.194.76.155
	header.dll	Get hash	malicious	Browse	173.194.76.155
	Remittance58404.htm	Get hash	malicious	Browse	173.194.76.155

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	615
Entropy (8bit):	5.647534841128063
Encrypted:	false
SSDEEP:	12:vDRM92/UZiE5yDRM9Op/iZiEADRM9Q/OnZiE:7X/RE5Aj/fE29/PE
MD5:	0D928DF981E1E40AA6A374511F5F77F0
SHA1:	A1989BFD5988BC9D907D9BE3B3F10ABFA5970B9F
SHA-256:	96CDCA001DF78928F26E22BCFC19E6EDAC5682B7E55D423081BB38ED4A694E54
SHA-512:	10296ED09C800FA02987CCB53D255808636AED3863C6E09EEEADED149DC3F160A9A71D70815B2F5A0D16D76A24BC4B5A7B9E86A0BA31F21AA678446C6374E1D8
Malicious:	false
Reputation:	low
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .I..../....."#.Dp......A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo..................0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ..%i../....."#.D.A.....A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......./.;........0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .je.../....."#.D.......A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo......y..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.605984600346598
Encrypted:	false
SSDEEP:	12:V9zb39Gi9PQT9z0l/qRi9PQn9zLs/2z9PQn:Xzb9Gi9PQxz0l/qRi9PQ9zQ/O9PQ
MD5:	ED2ABF566E5A3486E3FB44DC511DB1C9
SHA1:	3EEDA5D2BD99C367EB5A9AB7BF831D1DACE753F2
SHA-256:	90808C6095A70E805BD733E30BE8B30A054422BE9935522257FF6D9BC32D1995
SHA-512:	74A39080E16705EC98E7A71337E071716AD6EE8768AC4DAE8C0048B8AC528DEADDBBCB9D3066B7BE416739C05A62F0055F3A284477DBF223243C78E8267C3619
Malicious:	false
Reputation:	low
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .t..../....."#.D.!....A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo.......o..........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .7.Y../....."#.D.H.....A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo..................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ....../....."#.DU.m....A.1.x.'.vI..*\|Z..o...+.4....0..A..Eo...................A..Eo......W#?g........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	738
Entropy (8bit):	5.62187512199021
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAF9l/+lUo6jf5yeRVFAFjVFAFP/blUo6jvyeRVFAFjVFAFD6t/Wl8:tB4v4H/+SBf3B4v4P/bSBRB4v4K/WSB
MD5:	8D38AE4EF087FFD579EB2128626B11E8
SHA1:	14776BBDF300023CFF454D2E7BAB58D7B5AD14C8
SHA-256:	CD4E95E7172D048E46BD73B2E8D2137D58A0E96B571755B27CAAA06E254C4B46
SHA-512:	FED210BAF83C51095B1ECC17C904A2263E7640BF34931F71388937EEFC74267F6BF720CB3900F9D400120E01D3EF5607CB7C0A5354C1F54026083AD1BEC670E7
Malicious:	false
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ....../....."#.D......A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......\|\.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..h../....."#.DBZ.....A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo......4.N.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ...../....."#.D......A..hvDO.N.t@.....n.*...... ....A..Eo...................A..Eo......n..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.655182859868271
Encrypted:	false
SSDEEP:	12:IbRkiDFql/jjjLWussMYbRkiDa/SPLWussW:OpDsl/fBtpDa/SV
MD5:	35748EFB2AB56D3FF8E7888C2F7B1D9C
SHA1:	60951921159F63376F175828C66C18F5273D6F56
SHA-256:	0E7207F327F40E8E2AF6BA64CDD5FD211C9C1AE54D1A20C089228070BD45C6EC
SHA-512:	ED79C02685A89CBFF9D7C6312E0EF7D51AB2474B4BE05AFA894B2A3C481EC58200E7E4986206EC1FE41E739AD9164AB8F406E8FE40BEB4ABF4E581052633EABC
Malicious:	false
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .mN.../....."#.D.......A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.......@=G........0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..wm../....."#.D]1.....A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo........?M........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.570082159714119
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVumhl/31Vyh9PT41TK6t:pyixRuMhl/31V41TE
MD5:	DBCAC759A64B752FA1C03E657160C511
SHA1:	D87FEC31BB43522133AD8ACABEF9C552B5EC09E6
SHA-256:	6737FD00F6AB97CE090CF74B8BCDE5B5EB403153A82D11A9929B03A60BB82A19
SHA-512:	20EF9ACDCF0683F40FA3AC560B0E0AB86B0F2B546F3B7501620DF2CA4B25E92FD90A0517CB4A8915EC67A9A3A9EF801BBB7D4BFB52E279583F6269E263D1E50A
Malicious:	false
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .h..../....."#.D.-.....Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo........(.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.619378344517608
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVOh8u/iSco2sZI8xeGvP5m1TK5kF:mvYOFLvEWdhwjQj/vLZIl6P41TK6tT/
MD5:	A0678DDEA2843B66B17945E80D75786F
SHA1:	44D31BA93B29EBCB44E7A129DD3EFB791EF488A4
SHA-256:	67A636AC94893E64915C15391C9C395DB19928D16F87F76BD0B0BB47A1D56024
SHA-512:	7FD69FAA2B8C86062E2099D0C1249CB44A8ED55AB8395CF309B770428992572CEFD57D8307DD890CCFEA2BBC27DFCEDECD7A3D3B239BD35BAAB0C4EB164E5A7D
Malicious:	false
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ....../....."#.DjN.....A.].>....uUf..N...k......c..l.A..Eo...................A..Eo.......6.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.546520976425829
Encrypted:	false
SSDEEP:	6:mJYOFLvEWdGQRQOdQR/7///Yo76g1TK6tw:2RHRQCOz//X71G
MD5:	11D3A41EE8475D660FE2CAB8F0F29815
SHA1:	E61D8631C27183C9C0FF941AFA9F85A1B2C9CA62
SHA-256:	424B6339426E49C8B2BA609EA20DAC26BDDA9684DFF6B997A8C6B028B32162BA
SHA-512:	CAAE1098DF87FF39A11E3592188A00C5431C1ED41BE262CDC6B7220814630B3DB536B6E2C0B9C6D92447A61EE54F922565BA0CE3BFF3B999867DD25FA614EEE0
Malicious:	false
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .-^.../....."#.D.N.....A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo........\|.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	537
Entropy (8bit):	5.630693942903176
Encrypted:	false
SSDEEP:	12:Z5MtrS5LMuR/EuJ5Mfl/PQUMuR/Eh975M5u/CLMuR/E:ZStrSCuR/EuJSfl/muR/Eh97S5u/Coum
MD5:	B62CAB2384D695673EFE5DB5E6470239
SHA1:	2D9A0401893E919409D169E2C6B4B632A3CB473D
SHA-256:	58D53C3973A80D52FAC2E78996E3596A7AC0737B00444C56C0DC2DD274A847F1
SHA-512:	A6C6BBAF914FEE459586FD7DD0E42C63220CDDF99701E93EE7AABA242CB19EFA688221A384140DEE3FF43F8216746B6E91274A57440A4E48B209431F6F644E30
Malicious:	false
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ....../....."#.D.b"....A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo........s[........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..[Y../....."#.D.......A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.......7n.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..'.../....."#.Db.m....A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo........f.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.548841866404311
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtut5t/Fuby0zBUKSAA1TK6tX99:pRKt/Fubep9
MD5:	2206BAC775605953B789CD490619431A
SHA1:	8DBA663B897DCF7919515C004A65E49EEBADD1E4
SHA-256:	FBE751798B89D5BD535B8A3688F0745777DB27CF59055A085AD9C184E6FE3FF9
SHA-512:	DEA20DD867EBE724566692B73F5F2C834E5CB2A7371CE9426D73A99E8DDE8826B8959DE8C8CAA3C362591C278BCDB7506466C28E8A1468E7981B6C7C7D817FA9
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js .].../....."#.DE......AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo.........X........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	531
Entropy (8bit):	5.5704241787926625
Encrypted:	false
SSDEEP:	12:KkXxKMSCvkez3tUlUkXxKMSCvMl/DtUloN4kXxKMSCvO/aW3tUl:KkXxiCMeLWUkXxiC0l/DWoikXxiCG/ab
MD5:	8DA75DBEA462CAF0C347BE00074BE3E2
SHA1:	9A43D47692EF269C433DDB2F09A1E27FB4095CB8
SHA-256:	F190ECFB605848DF56BA3C74B21DC36EB3973BAD3B71D6210DEF2A52CD7534C3
SHA-512:	2CEB71B7638BDFA296969DBFEBD31992C84DFD83E3B5FAB6160F445CDAE8247306588A63EBA655D735FC63BE91ED6528FDA114BAA111B46F47D09DA0B43F61D0
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .$..../....."#.D..!....A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......[.7.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .^XY../....."#.D......A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......?.'.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .{%.../....."#.Dp.m....A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo.........n........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	561
Entropy (8bit):	5.6029837717301385
Encrypted:	false
SSDEEP:	12:5h6OLql/1kEzh6OLXp/1kozh6OLw/OKEk:5h6Tl/qEzh6Wp/quh6H/Jx
MD5:	F96D152CA20B6D1AF6E6ED1C26306DD9
SHA1:	2E2358A5E2403BD345ECA629EE5BB0EC48A5F0CA
SHA-256:	26B7FA55EA3BA88E2882446D2D2B2D2317F293CD22729684ECD956B17F25F09D
SHA-512:	6DB917BDB8EA35E41ACD4EE869DC5DB0DB262929E03108D2AE273D9D8B48392F2CC0404C520A01CCDDB5B5126CDCAA81C04199FC46DA463314F21A5EA3EE8A20
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..B.../....."#.D!YT....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ..Sd../....."#.Dl.....A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......j\N.........0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .\|.../....."#.D.......A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......c0..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	732
Entropy (8bit):	5.64424972706246
Encrypted:	false
SSDEEP:	12:URVFAFjVFAFe+//K1wSeKaTLnfcRVFAFjVFAF2qKt/jW1wSeKaTLnTfRVFAFjVFb:UB4v4eu/AwzXLnfcB4v42b/gwzXLnTf7
MD5:	FC6AEA3C98489ECA7D6FA79A04C3E62B
SHA1:	93EFDA05CEE1B5955165416C5FBDA90A9392E120
SHA-256:	4AEF77ABABBC0BC591B7DE22339CC16FC1183C60EE1F0A1E8DED054D1E28CF17
SHA-512:	694AF7CFF755F55B77EB75FF91FF9BB0A97005361E7F04B50F4169DA020C78A3873AAC98325D40847B09890EC2525B053C5825D7620A14096A834628401D2680
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ....../....."#.D......A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo..................0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ./ki../....."#.D}\.....A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......K..........0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ...../....."#.Di.....A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo......0F..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.505236446719322
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXuml/bg11TK6t:BsR2Esell/bO
MD5:	FCF3AC1C894939ABBAAA70F42D8273ED
SHA1:	9DA5665DCBFF1FE7FA10CE3F4F8E21C69F685A3D
SHA-256:	984AD2CEEE80A336915A10A04F07427E94795AC5FC00EFFF9B59798F167EF31E
SHA-512:	9D326DFC85E7A104999AF68D6D1C6AA106D8992D681F82E7555D6C9709695D547ABAD432ABB3B81A9FC75825D8AFF5F8ADF91B02E81E3E2C868FC4ACDE691311
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .@..../....."#.D.k.....A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo......N..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.61946846674492
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQjDu/IGMB7OhKlvA1TK6tkX:RbR16Au/IGMBJk
MD5:	AB6499F7D4752CF5A758B527CF7467A7
SHA1:	800747C518531C2B9739AC786924DD277C211F4F
SHA-256:	1D6326B37F74FEA63A1202C51944DC6BA40BFAEA242317EF6E3AFE50C82D56CE
SHA-512:	BC5D0E61C8907293A805F1175268417DABB2D875F40BD38A509C71736B88D902067B8967E61F94D5ACF91254275B54661C8C0FFA4B628B016349D85B9A5014B5
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...../....."#.DA......A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.......H.E........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.575186308366446
Encrypted:	false
SSDEEP:	6:ms2gEYOFLvEWdGQRQVu/b/l/AWRQdFt1TK6t:B2geRHRQWbt/bR0
MD5:	2A32A3F311C5D862473FC16B0485487D
SHA1:	17854E1A64D232C5A77C754855D120F8B5079A4E
SHA-256:	8486BBE40DFDDCAF7B81414BF1595318828AD51AB50B6669A9347751014E16E6
SHA-512:	4CC83514813E71876205C4609E4D15A5CF505A504128AC1FEC5B52D46A51B26FA1BFE30DC715C7EC70CDE604D9D0D1A18722E5C99C0CBD737FEE66149CFDFFF0
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .w.../....."#.D.......A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	618
Entropy (8bit):	5.644991987420779
Encrypted:	false
SSDEEP:	12:WyeRlVb/ZRt1whYMyeRl5/0t1w4yeRl6p/Tat1wf:WJ9/ZRfwhYMJR/0fw4Jip/+fwf
MD5:	04E057A3B36DB8487619F3A0683483DF
SHA1:	EAEDA43CC84EEBFA5A832F8AFB0ED8F945A11547
SHA-256:	899766570114D0295A1D45092401D83B3C4F97BCA517A001EEDE40EC587EEAC8
SHA-512:	5B00C861B57D066A0AC9A5EFA81DA0069ED7171E1014F9510E372DCA49000850319E653A056472BE3733AC532DA9BC141E5F24D8CFB86FC317D106FF95AFFB5D
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .l..../....."#.DI+s....A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo......1./.........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ...f../....."#.DmT....A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo........5.........0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .M..../....."#.D.......A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.......{..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.559849151129058
Encrypted:	false
SSDEEP:	6:mnYOFLvEWdhwyu2u/m4/fqwK+41TK6tO:wRhC/m4/SwK+E8
MD5:	26D8011B7B9315F55978985B1B56BB1C
SHA1:	002B3599FF64894242CB18BBBA48298EB7843D41
SHA-256:	03E250384F9FE82801B99B2CB7A8303493E9496D3CFC740F30D419EB9749DEE4
SHA-512:	7D063F16F1AC5C0D807ECFB2F6A764CDEB0990DAB2801609471194F3DE8BEB627D4DC4147FDBE3B90A8689A4B86611ABD08E356A65004E1DF2A974F711FB3DB0
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ....../....."#.D......A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo......l.OG........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	690
Entropy (8bit):	5.608620261102095
Encrypted:	false
SSDEEP:	12:/RrROk/zp/ifLEk3RrROk/z/UfLE/jRrROk/Z/mfLES:/PJ/zp/i4oPJ/z/U4/jPJ/Z/m4S
MD5:	4E5F0EF4A6ED3A0DA617270E456134D8
SHA1:	24A972863771DFB00C5DC61D06FC9215183E87CE
SHA-256:	BF66DF5838916DA5AA359935E37809F6AC8E76E5631B956D34A7216E8CA8D21D
SHA-512:	4D47AB11448BB57327E1FA9E7F0553E60CE67539EBDA5B09B0AA2801A28E83C18577338080224C0FF454C0FA59B14BE8C0BBA60A09BDA952D0F9640268F3F616
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ....../....."#.D..s....A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo..................0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..f../....."#.D-?....A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo........;.........0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .K..../....."#.Dn.....A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......h(.)........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	558
Entropy (8bit):	5.661988563442232
Encrypted:	false
SSDEEP:	12:xqT0l/GCPLn6BqTg/k9SCPLnLqTH/C9CPLnGl:AYl/GMn6Q0/k4MnOj/IMn
MD5:	55C8B8546AB7D9CEA77E3E05D42FA930
SHA1:	FB650EA9F9C70BCE3709EEE49B13242116C033AD
SHA-256:	8A908B7CF623A76438E800B67639D51D68F000988241BF80B8B8015D1E9F78D1
SHA-512:	75D755D2AC2EFE11B51313E8EBA4615637D6EFA283D1B6F63FA7DE2B2CB256B9897777A631DF848E1164CBC5ED6B29063D3042BFDF7C6E5ECB00177A899C8072
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..0.../....."#.D"RT....A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......`...........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..Dd../....."#.D......A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......BP.,........0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...../....."#.D.......A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo......?..L........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.686483949408714
Encrypted:	false
SSDEEP:	12:zRMNl/5LsDaRMUt/6Z4LsDBRMjl/dLsD:z8/5oDa5t/6Z4oDByl/doD
MD5:	A4E12A7C9276DFA0D8976D7CEE280D7D
SHA1:	0D5E4E1CEB1C7E30FE517B8365A45ED996B0F3A8
SHA-256:	DFCE0EB3660E4F72E00B63DA7264D6DAC66644186E24000EE867A7CDF7271B43
SHA-512:	725A158D58BEC046B4B914F4F9681C86D0FA85DE92F969FCD51DDD2AB3AE2F2DA0CDC76CB4E751FBCE1C09D6D3EDA780F1A32E9F6800E1528F4B3C12E78A099C
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ...../....."#.D5}.....A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo................0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ...h../....."#.D.......A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo..................0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..0.../....."#.Dj.....A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......0>.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	630
Entropy (8bit):	5.627313372622406
Encrypted:	false
SSDEEP:	12:6lJR/l/mFoM1lJR4nb/k2FoMl//MlJRjl/u+FoM:Yj/mFoMR6nb/k2FoMtyJl/u+FoM
MD5:	224EA6702A45CA7D4565A18BFB680D26
SHA1:	2B91A02A7428163EA8AC77BAE3832E2AF1B57007
SHA-256:	7C9BCEFCB7239A7B36316B82E13E87FAAFCB0B083E56329395C5FA6FAD3B5411
SHA-512:	A14A73499AF7B5BE1A2FBCADBDE4B46411FB4538E9E595ADC699A5824B5A7EB11F3A350E9B5D69A2CFF4771165C07652A0540A39BD0965E1394207A161BAAE3D
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...../....."#.D......Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......b_.y........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .4.h../....."#.D.?.....Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......._.........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js .I3.../....."#.D?R.....Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	669
Entropy (8bit):	5.606290758195664
Encrypted:	false
SSDEEP:	12:F8hRrROk/Rb/n5e2an8hRrROk/b/0e2P/8hRrROk/Ap/Ze2:UPJ/Z/s2aSPJ/b/f2PqPJ/8/M2
MD5:	D0D482AC7E12CB20CB0F8ED5A99C2421
SHA1:	E5A981927601017EBCDF4978FECDA95F4967E5F4
SHA-256:	C20C1CA2102AEC6926AC55B2FE64457D483A7010903B487B3A19335352B21F58
SHA-512:	A5F097C9A06406A67E5AA20A18F16885DBFDB4A8140B6EE9C3EA944EA12239909070D722E69F4DB44F3964724D41D4EBF16F32A37C8FF9FA1C86DF859F411BFF
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ....../....."#.D..s....A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......lf .........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..~f../....."#.D./....A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......G..........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .?..../....."#.D.......A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......... ........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	639
Entropy (8bit):	5.720627512446174
Encrypted:	false
SSDEEP:	12:ehRcOk/qyRrNJICbdhRcV/cMrNJICIhRci/+hXrNJICF:ehW/qy7JIChhS/cQJICIhN/+HJIC
MD5:	2A0E27CC9C584387C691C97B2BA12431
SHA1:	DB7F02569266F6500EA5952A2C77CA9478C33D2E
SHA-256:	81C1B114A0483CBA32EB3808833B50E0FD4D76555ADCA1CE1E23CA26A25F460C
SHA-512:	3303A0024BD9642D412C7858901B0A34254057178FA618B733AAB9C282D176075D62DBB15842C692462177BDF0A0D7EA4ACD8A664F2EF237F247F4B1CC534FE2
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..*.../....."#.D.Ys....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......k.cI........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .R.f../....."#.D,.....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo......>...........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js .O..../....."#.D.].....A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.......J.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.619486231909815
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhufI//THdhLzgm2d/1TK6t2eOEYOFLvEWdrIhuvt/9chLzgm2dG:0RlI//T9ZReYcR//uZReFRB/dRdZRe
MD5:	9E2775D363BEB2C0F4FAE29947B44CD8
SHA1:	C5CD30C75623E5F6D31ED82C9C901FAB02C7E16A
SHA-256:	A01A4FE707FA66E8BA1F8B3EAD11EB7C6D07F8CCE9F7D8C9C97FF5616534E9CC
SHA-512:	E0F3D45797F840A481DBBE2BE163DD68B10ED9CEED54A1EFAE96BF604577F0CF3B703CEF6847730F1F9E38A22F79F027C8B4A58DECEF9F0EBE4DB5E8B641D2AB
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ....../....."#.D..r....AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......W\|.~........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ..]f../....."#.D .....AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo..................0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ....../....."#.DGV.....AZ.Z}Q..4.o....0+..[\|..n:*..U.W.A..Eo...................A..Eo.......6.'........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.655173302719874
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1Kk/C9vkx56uvp1TK6t5kAElVYOFLvEW1Ky//NNkx56uvp1TK6tX:6JJKECK0JJKy//NukDJJKyZl/Cn
MD5:	F51CFAC2C382A5E09722D8488CCFF887
SHA1:	B85037E00E40F82249A9625BF9E2E3FAE60A4518
SHA-256:	BC9A4690BD7CA8C29FA0EA40AFF96F9BFB4E2A76DD4A5F839B416106701F1020
SHA-512:	F0962A353C6410C6C10AE5D06273315E9FC263AE3C17F31345351BEB1BFCCB8974D90D0766F70B429005BF503F4F416718B3752041A4D165A13CFCA44C3F0E4D
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js .-{.../....."#.D..5....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo........S(........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..R\../....."#.Dk.....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......f...........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..;.../....."#.D+.~....Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......\.'........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.622197131913295
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvuEl/20yhUDLYtmOZn1TK6tK:xRBJjl/THDcFZLY
MD5:	65F2CFF1FF98B7AA20CADFC5F0AEC1A7
SHA1:	81619DBBD06E6C2CAAD9AE5D5E6E4E3811D34E39
SHA-256:	BFCE232477EFF54015D760C99B1BE00BEAA5A62D654962EDE5B4C834604047B0
SHA-512:	100A6E3972D6D1FEDDD134812AE7A3A6F126EF71C8D6B1D46CFD5FF3EC7A6EC0CF022A81B451222AA9689687DA9E77E1514BAACD76C1C21A67D00D9F7E91B8A2
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ....../....."#.D.......A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo........[.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.665410949155026
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp7d/s2EVPu1TK6tKsRPYOFLvEWIa7zp7ral/4/HVPu1TK6tWk:BPH/NEcjPH5al/+HcLPHCu/CJc
MD5:	5CE4BD643C989DD04797BD7E545F98A0
SHA1:	855FD61B6A3FADD409AF175F2DFC51818C6C79E2
SHA-256:	E3C9B4A3B1E21424D58DE70649237A805D50EA77F82282A5F1065A93032BA9BB
SHA-512:	E796CD5865B6C174D5B708C7FEE40C06E28AD60DBF9FC92E74970D9A36481351154E0E50B860A1DFA251C52F423C5E240096888CEC591154CE50227419707D4F
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .#..../....."#.D%."....A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .g^Y../....."#.D.......A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......`.P........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..).../....."#.D..m....A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo........fx........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.586820887922892
Encrypted:	false
SSDEEP:	6:mKPYOFLvEWdENU9QFu/C9kdiM3Y1TK6t:bJRT9H/CGdr0
MD5:	DE69AE068AE81B5DC67D5B828EE53F43
SHA1:	DDBAEDD8765C51E04A493B98EB348B9A0E155C80
SHA-256:	1282E5662C0D627417218FBA5892DBC37458E73C82760926287CF6E7CBF8D9AD
SHA-512:	D8C0A67F8F49C0D6A86171DDB3AFD0F9948D38591574B46776E9ABE30360735BB70C1FD555F47A86A6A6EB5C414FA7E4419557E9B0649B4008798E86B9CF9C8A
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .E..../....."#.D.G.....A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.615667041769044
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQRhl/SAcjBRCh/41TK6t0:XRc9Khl/SAcDi/Ei
MD5:	6A66472832130C5212B5E4C4334FB730
SHA1:	526B2B0A2615CB36FA35378F24254075E21A8EA8
SHA-256:	B5453BB107799B8D9394C04E996922B393367080AD9D5374019D675100786C00
SHA-512:	1D5B532458D8BB0EC2C059058DFFC8AC277D61F2BCD4BEA4CC99E245D3F6BEC3A454B0C3C93A6358DE4CFE374000D3468A380764660014C39B9E48FC464FD1EE
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .h.../....."#.D.e....APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo......6...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	462
Entropy (8bit):	5.59087294633749
Encrypted:	false
SSDEEP:	12:bs6xRkiS//paLlF4n1Es6xRkiiP/ZLLlF4n:brxpS//paoarxpiP/lo
MD5:	824DBB358FA97FDA600C541BF62399B5
SHA1:	BA8CCD2EA5572E4571F8805660450014E432A884
SHA-256:	1A95A4C7D20310F15FA4A9D1516A217B065F77037937B21DCB7B02F193C7D111
SHA-512:	7CCA03705CF1D5FC60C7DE6D5A1CA5E7C72D44CABDE5D3EE8C0466666C37738852D9C3CED88D8B8AE66B14C704ED6AC8CB04C17CAC25404F7BD82E0A652B7D4C
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js .9..../....."#.D#hy....A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo..................0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ...f../....."#.D......A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo......5.`.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.530957714447539
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvkBl8Kt/5OGCqrcu1isLK5m1TK5L:mhYOFLvEWd/aFuuf/C941TK6ta9
MD5:	529DAE608FC71B082A033292481881FE
SHA1:	289F2378172B673472042AE10AB637F3548D8913
SHA-256:	11F12E6E4019635B1B51D4946BA40E89B28E642DC7375CB402426ED9B782ABDA
SHA-512:	9CD8455AC92A7571C5ED20AD022133E7A8F62F788F7CB9F18C20B72AFEC8C72B7D4376003B9776FF88522DDC02AC26DAE44E4DDEEDFF8F337D284008ED7894C8
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ...../....."#.D.......A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo......C..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.520931768235154
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQtu/0qWBoBMqVd3G4K41TK6t:2DRuRau/VB9Vd2k
MD5:	A66FB7BE5FF0B0157040BE77EAF99079
SHA1:	F4D894469CEAEE56D402AC5C626DFF2F5F38897C
SHA-256:	BCD9DA9B4C47CAF46751F389F09048A7CE398A023A6D6432D2924FC404533F94
SHA-512:	1B7C785ECAA12026742126A6B49D234031C6885C1F12EFB0A49EAC96CD1B04D7E5263E26C21B4C95DA9D945034F977B1A325AC3B94A145AEDA563A552DB0F757
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .L..../....."#.DA~.....A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo.......u..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	5.661311027794607
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9QMal/dctuA424r1TK6tSMkqYOFLvEWd8CAd9Ql/OtuA424rF:+RQju/+crnk8RQa/OcrnBsRQP/acrnZ
MD5:	6AC39940CDD5780032A23B6A1ADEAA95
SHA1:	2661E4E52A168415A04A32A0613B2ACD0CDAE782
SHA-256:	FF984CCF0F028B1B525EDC85E9B05E1428FA86BA7995DFA703BFCDA4DF229CE3
SHA-512:	79B24EF670D2DCD15700AB4A3E1FB50D2E0AFEE904F6D4347B8B59FC282037E5B1DA8FB61A4900DE22CD685F271AC97D4A2F3FE58510813559F483EE07103D8D
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..Y.../....."#.DM......A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo......Tz..........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..(i../....."#.DrN.....A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo.........1........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .w..../....."#.D.....A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......W.[.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.5744049250165
Encrypted:	false
SSDEEP:	6:moXXYOFLvEWdENUAuN/i7gslAyC8n1TK6t:xhRTb/iXlA7Q
MD5:	722DE237E5F40A80B2C7A68843B67BA2
SHA1:	E789E98BAD3A6F7B51D9D1F87D28A014CC994421
SHA-256:	71620EEC498B9282109D4F1D1BC58CEDD440C7DFDFDE39DF1CE1DC491902F164
SHA-512:	CE80B3CDFDDC21C6EE66FC55442C700B110936A253A9BE89FF768FE81B7DB9939D1721FE04F4F6CB0F8AE85A5CAA0D8F19650495C71D875EA98D3A70F87F597B
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ...../....."#.D......A8.../...;.\\o....1..........+..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.6358933632373125
Encrypted:	false
SSDEEP:	12:nRrROk/Vecpbt/5Mm7RrROk/V0b/VmvRrROk/VK/vm:nPJ/v/r7PJ/eb/gvPJ/w/u
MD5:	BE2E10AFD33A5E67BAA07E9D8A06AA4F
SHA1:	A4946522904BAD0E78E8EA4110696A4B230F81A8
SHA-256:	3FF52FFE3BD357B64DE17F782B1D9C1F56226E4074C14B05675954B3614AE2F8
SHA-512:	0520690F991BC3ED24AD2BF6899E785113E5756C5D560D3EBFEFA70A70FC27F8F24A6EF67D3B0313DAD657F2B311EBE13A78FE4E31AD4C6CE25CC29263B24EAC
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..-.../....."#.DM.v....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......-...........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ./.f../....."#.Dq.....A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........iN........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .,.../....."#.D.......A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo........Yj........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.584087802070617
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWuuxjll/uSGPAdm9741TK6td:qxRcMj//uxAdu7E7
MD5:	1DDA73A6C62F573EC8D9C7676627C815
SHA1:	9CABD5E47C1518B06676A8A29198EC7C2BC1FFEA
SHA-256:	4164E3A11C8DF281399DEE5ADF54D907871F4D0FDF733EA3DB8B394DE8CDE23A
SHA-512:	85A891421D8702FCE125E6653E6BD333D078589A97A6EA3A540A2D0A9BFC764A7E88F37F5433A2EFD1EFE1F1C6FEDA29280E5603F41A8B46510B009E90C51557
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ...../....."#.D......A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo........>.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.5818316592977695
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvG/LGjTOB6shoq+Nem1TK5ktltl:mMOYOFLvEWdwAPVuM/KvrJn1TK6tlX
MD5:	A7063C6D1DC1197E400C6F18D82E8175
SHA1:	A1F227F1B94DEFB3451F22960560CC3FECD23CB6
SHA-256:	92AD0FA6A3413E51B967300569F469565F3D245C08C94436347A15DD0C708922
SHA-512:	95F4AABBAF2D8F00CA1E31C65CF4969B2D034F10C7D909E8B595AE18C5C289B47955FED5C7134266ACBAB1F708421034ABD49AEA189BB8CFC254394DB9B2C2C4
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ...../....."#.D......A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo.......>n.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.644976968357163
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQ1t/9zhcsBXIh1TK6t:mxRBJQgt/9DB0
MD5:	22D06BAF672DB06B70AE340D0B0EB583
SHA1:	29617B7FD48266577D48FF08E570CC9C1AF7A7F2
SHA-256:	A0DE3AFF1BFB6318D89504956311D4D5A25CB979DE0F8B65741006A8BB4EC846
SHA-512:	E8302883F887D9A0847A78EF21A633200617D33AB773B6C4C93EF6DCD8DFEB000C9EED25EE2753CB9FEA4CDC5A2F8FE2CB096187D0261E856CE0A826B4A0570B
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .Fa.../....."#.Dc......A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.651619036865572
Encrypted:	false
SSDEEP:	12:3RrROk/sWk/RsPHczNVRrROk/se//AHcyRrROk/sQp/gHc:3PJ/E/eP8zNVPJ/r//A8yPJ/t/g8
MD5:	2F86FA548CD3FBEF4F545285830F38CC
SHA1:	C95E1A7835FE02401CAD886F41E27F879F53659B
SHA-256:	B4A3783A68E85BB659D6215F7549595846A39BA29049E42DD0446247A52D931F
SHA-512:	90EAB038C48BF79D45D43F2BC4F23B5C1FC804830977109F48958F4DD9191A7225F4E797E123CE1F12D674BF76A410B8887C572CCAD187232167AC7F2B221889
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ..1.../....."#.D..x....A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo........E........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...f../....."#.D}.....A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo......<...........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...../....."#.D"......A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.........!........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	Maple help database
Category:	modified
Size (bytes):	1032
Entropy (8bit):	5.1251088088485215
Encrypted:	false
SSDEEP:	12:GUBuYnG02X0BmMzE8RtLdWCY0e6rY5tv/fSgAqtIO5+xFj:c22kBmMoysdC/yIOKj
MD5:	7859E92E81FD3618B378C4F6D0998777
SHA1:	10E5D6257953CAD1573380079B8C92B3BB9EFD2B
SHA-256:	694D0FFFCC2A6FBC36C949E76F956AED4D6C857A8EEB2437C1186B979FC18236
SHA-512:	994E03EAC20B9551E0A7509F3B03CFD590FDAD031FF85DEC8C1ED88A433D2836EB980644A1204BD9C3E5593201757115883C560DCCCAF3737A796891A047EA51
Malicious:	false
Preview:	.....=.9oy retne....)........T............3......../..........v...q..@.z../..........C..M.....k...............#...(...k.............]...I..Q\../..................k../...........6<\|...@.z../.........<...W..J@.z../..............oB@.z../...........a....@.z../...........;.y~A....../...........P....V...../.........F..=z;....../.............o....../................../...........2q........./.........Gy.'.h....../.............k7A....../.........:..N.A......./..........;/......./...................../............P[. q...../.........,+..._.#...../..........J..j......../..................../..........u\]..q...../.........!...0.o...../..........o..k......./.........^.~..z....../.........A?.2:......./..............q....../..........[.i..%....../..........+.{..'...../..........@..x...../.........)....J:...../..........&.S......../............MV3......./.............D.4....../..........~.,.4>..Z.../.........+.U.!..V.Z.../.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.170766674205235
Encrypted:	false
SSDEEP:	6:mx0vA3+q2Pwkn2nKuAl9OmbnIFUtpk0vZmwPk0tMVkwOwkn2nKuAl9OmbjLJ:00vM+vYfHAahFUtpk0v/Pk0GV5JfHAae
MD5:	AA82D3940ECE57385610822FB798B521
SHA1:	E41BD2F9195C8A8144278B437BA7A389B4BD8D50
SHA-256:	BAB0CAF78030ABD52B3561A6746973B19ED7F6F24CFECDFDF51EE66F75DDF3F3
SHA-512:	D6D5DA87BEB3C1DD5EF575DB035C841D40C46B643F4B5112D25F4DA68AA851704D4F954B9AE4B4171480CD1954AFEBF2284D4C5E3B175B66204A0576CCF3270A
Malicious:	false
Preview:	2021/02/10-08:44:09.550 129c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/02/10-08:44:09.551 129c Recovering log #3.2021/02/10-08:44:09.552 129c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.008399703044392193
Encrypted:	false
SSDEEP:	24:TmbsmbPXytHwytHwytHwytHwytHwytHwytHwy:TmwmEHRHRHRHRHRHRH
MD5:	05C31564F5D129E37A363E150A042D4D
SHA1:	FA62CA0C75E503D2C5E83FE48A9846CD48FFF480
SHA-256:	64044EF0EAA6C2CCA1F6D5E32B8C1AD305D642A8AF7F91C89CACC2BF8642C5D1
SHA-512:	895CB367D69A3A2D619868DBDA6DA0EB5FFDC20D6B9B2740E7CAE3F9ED91F29BFB9DBA5FA68E72998E92AE68B66BAB551A53B48575B3CD1C27ABE3C923E1FDAA
Malicious:	false
Preview:	VLnk.....?......).0k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210210074404Z-198.bmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 152 x -152 x 32
Category:	dropped
Size (bytes):	92470
Entropy (8bit):	2.5681165300078295
Encrypted:	false
SSDEEP:	1536:BkBRt1jgjfga16Ojj/pxejL1ibQZUmzN7ZZJMDX4:2jgjfga16Ojj/pxejL1ibQZUmzN7ZZJF
MD5:	E2F91D2104BFA10C997AE9009E591097
SHA1:	9B607CCC7FD0073EBDEB14655DA18DBECD73299C
SHA-256:	70018B0F378A8203F3CB5AB955F2B8EE3EAC1981F9D7296E3614B6EDECA3744B
SHA-512:	ACCCF49772419F4F18AF2F0F96271043AEB127F14D43ADF09C9369284F1C506D5961488320292CD34A780FE96A6A0FB4267324E09E49354D8D68359D97615A83
Malicious:	false
Preview:	BM6i......6...(.......h..... ..........................<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<...<

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.447326483013547
Encrypted:	false
SSDEEP:	96:k49IVXEBodRBkWCgOOh1CKTk49IVXEBodRBkWCgosOh1CKT049IVXEBodRBkWCgj:HedRBlHedRBYvXedRBYkFHedRBs6kFX
MD5:	00EC3B4C19B78FB4324337DE9ABACB41
SHA1:	4C07AC3B9EF5480F92F5D98AEDECE4D485ABC5B2
SHA-256:	B2AF194165318D36F184A93F9717AD70E6E115AFD9ED89C9B6119582E050C45F
SHA-512:	A5EAB08F0662FEE8AAF76C63D8638BB34FCB641A493E6AFC07B9CC00F38C0A9C1A1277EF3AF2B45E069F3AA9B3793CDA37D6BCBB709BCB564F99CDA3F450EE33
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	modified
Size (bytes):	34928
Entropy (8bit):	3.3143169832201327
Encrypted:	false
SSDEEP:	96:yCgOOhZCPmp949IVXEBodRBkACgOOh1CKT+t49IVXEBodRBkKCgosOh1CKTFOd4j:UpiedRBD+SedRBAv0CedRBpkFmyedRBy
MD5:	CD97D1CE09626D8BB9BEF89D942E45A4
SHA1:	75A4D1D3A831B0CF429FB31E69E56946D6C2BA94
SHA-256:	D03DA125BB669183489517E3DB9FA733429B45695EA12A97673B7498074954BB
SHA-512:	3800B22997AA0CCFF8781AFF892CB5418F2AF47AFFD0AFF1CAAE74588E77D12405D27F62009E95D84E873C5A8BC1EF3DF698899FDFB2CA7909B4DFEDD8CF8861
Malicious:	false
Preview:	.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....X.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.5632 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	157979
Entropy (8bit):	5.174259815365338
Encrypted:	false
SSDEEP:	1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3++:RNj3aRlQShhp2VpMKRhWa11quVJX+
MD5:	159ACCAFBA209FBC642499809CE2B513
SHA1:	6D94F57B63CE3BE71EDFB081ECB848B7D06EB2BE
SHA-256:	ACE286E29DFDB19080E514F3447F46E0E4ED658263AC209A9B4BBCECC36139D3
SHA-512:	E02BD1B88C1188CBBD4D6C1F5B31A44A278B213D991C6E9B9B06C620D66B1290DFBDF6D7BF92082D51A146C8AF772DAA659F9C2DC0A416C6BA9BE14B89C6E8B8
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.5632 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	9566
Entropy (8bit):	5.226610011802065
Encrypted:	false
SSDEEP:	192:eTA2j6Q6T766x626Oz6r606+6bfs6JtRZ65tsu6rtG16lMXY5B5Cfk:es4p0vTLcdfIfsmtRZEtsuatG1gMIzV
MD5:	63B24EA3A13EAC476D6309BB202EF459
SHA1:	89502C393549C20C933E4553F51F74F3DBE085EF
SHA-256:	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
SHA-512:	2CB315DD00867DEE3A2CBC4017B59C53B41E817216FE0111A60947E1F0D81FF6767D8F7B5C406AAF9E6516BE716A086642AFFABBEFBE4C5B260437C89E3535EC
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1426577652.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:Type1.FontName:AdobePiStd.FamilyName:Adobe Pi Std.StyleName:Regular.FullName:Adobe Pi Std.MenuName:Adobe Pi Std.StyleBits:0.WritingScript:Roman.OutlineFileName:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.DataFormat:sfntData.UsesStandardEncoding:yes.isCFF:yes.FileLength:92588.FileModTime:1426577650.WeightClass:400.WidthClass:5.AngleClass:0.DesignSize:240.NameArray:0,Mac,4,Adobe Pi Std.

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.4331110334817385
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiC0ZGfmGcopp748xmRNYT2WHj4BYyu:J0GpiyVFihGfmGNpp81RNg2K
MD5:	55C390B976E3EBB0619A99514E3E85CA
SHA1:	013266029412E75A95589F5465F1C69847F89BFA
SHA-256:	5F568E54472F5A85BBD9FDBB178469A4A5D887A046DD9790DD7EBBABCD9B80D1
SHA-512:	9A5C28AFDAC448F49505BC81BBE32AA2CBF53381BCFC478B8F8E62B5EFCFF1E47DF97EE8F9F2C0BD0834D3DD259B8FF31D88968942EEE6CF4C0D81DCAF3D7026
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\support.google[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aKb:JFK1rFKb
MD5:	132294CA22370B52822C17DCB5BE3AF6
SHA1:	DD26B82638AD38AD471F7621A9EB79FED448A71C
SHA-256:	451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
SHA-512:	6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C
Malicious:	false
Preview:	<root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E107B0E5-6B73-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32856
Entropy (8bit):	1.844020671254004
Encrypted:	false
SSDEEP:	192:rwZfZk229WUt6fLCtScIzWYgDTsfPcvjruHl:rghz2UAYWrveuQ
MD5:	1B0775A9B35A89E0EE4F7CD1B3556997
SHA1:	7036420BF2BFDCEB8D3E338A90B75531C98A7682
SHA-256:	16F1A4A09F633A0600A522C8E9AAEA157C0E1FA0C369B05AAF4139C29AB2F3C2
SHA-512:	3D336B192C3794DDDDE6ACD1FBD80A4CC04AFC970166F560B429866D460FD5F8E3C9CD438985ADD9EF8AE368FAA04CE8F99BA2031EDFBB5648A6FE9A5D065043
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E107B0E7-6B73-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	56372
Entropy (8bit):	2.447940094308112
Encrypted:	false
SSDEEP:	192:rQZfQvZBy4UByOZ6pByM9fByLXfByFQ0BymTHUByJQyl2yaywyFXi2QC2mYZpJE+:rAYBOMro0OSEwADajQdya+NmwhEQW4E
MD5:	DA8FC19A8FC268BB0C5F3D478B68437E
SHA1:	833D22F775189085B105DD670996DB2286D89D97
SHA-256:	760012DB84A4FBE577007E1C4E1A81ED3FFB5CC6501A6AF97470262F289E6647
SHA-512:	91419CB8FF5642DA4386807612481B2C1C17D7A9AE146327FC0088431C3E2722881EB00D9F320E84E9C91D4F5B0D9B11A5A0FD2CCCEC8F012FB554EBF2D2FF41
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E107B0E8-6B73-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5588998383732682
Encrypted:	false
SSDEEP:	48:IwLGcpruGwpacG4pQwGrapbSRrGQpKzG7HpRWsTGIpG:rRZGQ86OBSRFACTW4A
MD5:	C1943AAFC8DF93EAC36915FEFECB25D6
SHA1:	8B61DF1CE8A36817E3D4AE2D843177C8EBF0EBF2
SHA-256:	D6BAAFA6C11D259CDD10142A91B8E3912A712463E5EAD268B122FD04CA86230D
SHA-512:	B9D9B04756849502205954660A505BFECE5C211F3737B1272ACF11F986FF380E6D7DB927AC1F5211430ABED20F70A1BFEB432095AF437CA8E08055DCD32CEB17
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	11352
Entropy (8bit):	3.755884404875482
Encrypted:	false
SSDEEP:	96:aIJct+k47v+rcqlBPG91HvIJct+kHP47v+rcqlBPG9i:aI6tLqWceBPG7vI6t1PqWceBPGA
MD5:	D650350B85E944E7F4BBBF2F098777A1
SHA1:	A9153DD4B979B2E1A548FC34DFC2A37D62E41E34
SHA-256:	3112E6BC1DDC6E2EC29FB1922755C64D8643335843FDC4A2A02D9BFEAC20FDD2
SHA-512:	8B2493508F49D60A19F64EF29253749F550F77389084CC27A93CBC9FBADABE748CCD16C9BFE2C291A860FAEDD5F2AFF1785E4EBF49C7990C1F3CF28D3944E62F
Malicious:	false
Preview:	,.h.t.t.p.s.:././.s.s.l...g.s.t.a.t.i.c...c.o.m./.p.o.l.i.c.i.e.s./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\148505[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.549813549832294
Encrypted:	false
SSDEEP:	6:wRkrQWR0iYBtqWkT2apKHu5BLCRKVizKFuyrW+z6kToP:ekrY1t6Ks9CRKjuyLi
MD5:	CF4E024EF7FF64D6A05797DBAC4CB263
SHA1:	636ED052331A795E316F9A636B835DE78A03BD45
SHA-256:	F450B725E43D9F5EB5EC3638CD2A0013AEFF9064B42698BA3DCB56E74C517299
SHA-512:	1DF1C282F4A3531A1CBCB0DDDD499E06D316C689460D67D2070B4F4318CE333733FAF31D3758B426AD4C68D91B4396833DD563BFE589CE7E8D1C3BB8A1368231
Malicious:	false
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="https://support.google.com/docs/answer/148505?visit_id=637485399344018949-2538812545&hl=en-GB&rd=1">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26412, version 1.1
Category:	downloaded
Size (bytes):	26412
Entropy (8bit):	7.982191465892414
Encrypted:	false
SSDEEP:	768:BXFxTA19K8CdHMT6KHQO8LWhHCWN1ekhzLS:9f29ZYMTwO8qh1nm
MD5:	142CAD8531B3C073B7A3CA9C5D6A1422
SHA1:	A33B906ECF28D62EFE4941521FDA567C2B417E4E
SHA-256:	F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
SHA-512:	ED9C3EEBE1807447529B7E45B4ACE3F0890C45695BA04CCCB8A83C3063C033B4B52FA62B0621C06EA781BBEA20BC004E83D82C42F04BB68FD6314945339DF24A
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
Preview:	wOFF......g,................................GDEF.......q........GPOS.......%..+...RGSUB.......y......m.OS/2.......U...`i`..cmap...........~n...cvt ................fpgm...@.......uo..gasp................glyf......>F..m>Q..head..[\...6...6..'.hhea..[.... ...$...3hmtx..[..........<'3loca..^l...{...._.{.maxp..`.... ... ....name..a........V..4.post..a..........i]\prep..et.......^....x.D...Q...3..IX=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....g...x.....6.E..8..........affff.0.B..&.L...B.Nzy..n.T.t~w&..%[.dYzzz.Oe" ..lE.........m..7[s}...[l..)..)...(H.A.@q.57..S.@.._..]..j.-^N.R...'...]v.0..2n.6...~....X..xN.DN.T..b..Q5.E.).,QI.....M....6.P."..\|...tI5.......t..r.(...{M..T}..@.kbNP.I.9-...=E.U'.{.....p\|.t..qJE.9...'......z...L./.....rnXQ.6.\|.....n.V.....K.?.G...<..<..Q.....C..K(s.PR.x\(..P@.P..z.DL.1.$../.8A.8Q.r.Pr[e.Rt+~.}9.)E.'.U..z.G..G..OH/H...L.../..{S...EP.%........o.................uN...'.}%..9.F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBC03D12AA117F08073AEB9EE4AAABB7C681[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 150 x 72, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5444
Entropy (8bit):	7.875127154034644
Encrypted:	false
SSDEEP:	96:b2cdPQAW8YIr9yj17wOExBKlCsxFsdQkYbMwxTwACNjr60:VPLjYSw17vEhsn4hQ07l
MD5:	826B0A6894C61FAC6A67310BF626CC6D
SHA1:	7980A56550979F6D5A486A498B7BE3D40AE9165C
SHA-256:	638100CDEAF8D2F0D9495B2292E12ACC5CCB7014A8CAA1DB03C61E5D00C62E60
SHA-512:	3179C3EA65E2EFF751E947DDEA4A75CEB530D178E00C11A7C0CF7CBF64B17BBE0BCD84861678ECC9D9A0AB170E4D5FFD1CE139C31295035BA1670F8AD8BFB09F
Malicious:	false
IE Cache URL:	https://storage.googleapis.com/support-kms-prod/BBC03D12AA117F08073AEB9EE4AAABB7C681
Preview:	.PNG........IHDR.......H......5......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:347F2541029111E5A15CFD428ABA5792" xmpMM:DocumentID="xmp.did:347F2542029111E5A15CFD428ABA5792"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:347F253F029111E5A15CFD428ABA5792" stRef:documentID="xmp.did:347F2540029111E5A15CFD428ABA5792"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>/%.T....IDATx..]{t..y....}.J....y.02....&...&`B.\b.5..q}...'..I....sz.G.[..).M.;..8~.&...pL01/......@o...}..L..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19916, version 1.1
Category:	downloaded
Size (bytes):	19916
Entropy (8bit):	7.96782347282656
Encrypted:	false
SSDEEP:	384:JiNCb8EbT1rG/3rjJmQ8uLc5ZiRE5HWSiPTI45tKVr6+F7gLLdz:k4zbM3rjEQ8uQPiRERWSGIWtKVrWJ
MD5:	A1471D1D6431C893582A5F6A250DB3F9
SHA1:	FF5673D89E6C2893D24C87BC9786C632290E150E
SHA-256:	3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
SHA-512:	37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:	wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`t.#.cmap...........L....cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..:...j...w.hdmx..F....d........head..GD...6...6.Y.ihhea..G\|.......$...vhmtx..G....k.....\].loca..J.........g.L.maxp..K.... ... ...\name..L........\|..9.post..L........ .m.dprep..L........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19824, version 1.1
Category:	downloaded
Size (bytes):	19824
Entropy (8bit):	7.970306766642997
Encrypted:	false
SSDEEP:	384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
MD5:	BAFB105BAEB22D965C70FE52BA6B49D9
SHA1:	934014CC9BBE5883542BE756B3146C05844B254F
SHA-256:	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512:	85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MYHJ0Q0H.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	176965
Entropy (8bit):	5.655082721673856
Encrypted:	false
SSDEEP:	1536:PJllno+4fDhNRZqyW6Z/WUTCQxCWe9MLX8Sib4S1/Jyeco156+7V732jlMwi1H34:x2FHuNLVb4S1JJcoLV34
MD5:	7538C8DD14B20C81656AE16E504499E2
SHA1:	90D3967AA7CC78AE8F9B5DB2624985B989127386
SHA-256:	80EACD499A57782C12A6A808EA641D5ACDE4FB959B0F865B22AE857EB301ED31
SHA-512:	DCA551758C40D388171BBF6FA15161A31C24BF100C270BD674A7B4800623A452DD37352675A816A8DDB923277FFE78AD5708C704A855EA74A91BCCE97CEA8E29
Malicious:	false
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://policies.google.com/"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, maximum-scale=5, width=device-width"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-title" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="manifest" crossorigin="use-credentials" href="_/IdentityPoliciesUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//ssl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	51432
Entropy (8bit):	5.555402766212286
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WwXRF1OVxK4X:pK4ye0RkwXR+X
MD5:	380373FCD08CB642C251152059997DB6
SHA1:	12773E4A16BF1B1D37967CEF5FBA90666E93ABBB
SHA-256:	98C669FC51080B27E219227634C7054D28012A063D8E58FCDA823D3688A8A458
SHA-512:	8B2C0AEA25A3C5A50DBE4354307F9FFF03D13966F1557D59156347E06C443897DA2A764F806A95779D34F72BA387F079F9BFD0FCEE5C59B0503C5E547D93C571
Malicious:	false
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	259
Entropy (8bit):	5.077371913712612
Encrypted:	false
SSDEEP:	6:U+4OUr940FFJTfz+56ZRWHTizlpdiRWE2e0r37xANin:UJO6940FD7O6ZRoT6pYwEmr37uY
MD5:	F83608D76075EC8998D6C66002F06EA4
SHA1:	2E8CFBDF0B9AFE503403ADEC69F1A87A96C6DD3C
SHA-256:	02D9B2466FD75F595581E1CD08BFCC8CC6E0137207F7205D66DB77DBF380A806
SHA-512:	CB68D9056B82FF6232F080424C460FD70CC54A4D1CC93AD9E20D2E7A0804A69FB8CB7CBA8626AF603153410DF9B4B2B19C1FA01903DC0841D857C6188F873914
Malicious:	false
IE Cache URL:	https://fonts.googleapis.com/css?family=Product+Sans
Preview:	/. See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\googlelogo_color_74x24dp[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 74 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1622
Entropy (8bit):	7.861147443229629
Encrypted:	false
SSDEEP:	48:1iZ3jFWCXwymKs5AbKuyp/fvBheQdm+6QmWO:1iZ3ZWKZmKsCb0/fphH6QJO
MD5:	DE327BF69212B7255BBB0C8F40F52A3C
SHA1:	8C9E7517E6456E13F3F4640E39743B74F98B8F39
SHA-256:	0793CEFA320C6C622E8B143B35FAFB577BD7584C26796D3B5E1321463494FE76
SHA-512:	FDC82955CCBA3E9310CAC694197C43EB289CE9FFCB2A0784CCBAE0F3CEB5ADCF2F72D40C411290BDB6F3311E23321D13D3C2C6D20DC63E733A291A115E254060
Malicious:	false
IE Cache URL:	https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png
Preview:	.PNG........IHDR...J.........].k.....IDATx....t.h...Y.sww?../$p............../.'-....C...K..{?,m...73d.....\|z[..U..L./.....Zp.....<...D.......TZ.....^...a`.E......}@'.i.3.s.\|&.......2nty...` .r.A.._H..e.p.-..`.'%.....a..31x>>..h....z.~.............(..6........V^..P...@u.........;..y..FY....J.B>+.....p..R.r.X.......@..V...z.M....y..)..@v..Fe..O.-8.5u9..px.. \.k....@..r..[..Y.-.}.4E...B..l@..3.G6....j..<.of...a{j..d.L.r....7..a.../.@...Y.`.l......9A....r..u..9.J..1ryC........HOt.U....b.E..{3iC.-....&!X.,9.......d..!k6......M4...l..#4.............&\|...c..?OS....\~..v.q.A...........Q..2...@..G..P.x..@.j....d..@....(..........'.....%....._..Y...k...n<wkE .Wk\.............P<...p......\' d.@..X@...$......z..N)?......S., Q.T:...@..BMZ..Z...Y..@.J/X'.....:.P... ...'..X....`....6L?....3..)+...c.K..~)pF..d..s....B0`)......si.#..J.-...cl...s<.....z$'.#./x......%-...0.-.d.........x...+."."....N.b .....7....@EQ..W.ds....;.8J....^..9@.t.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=Wt6vjf,_latency,FCpbqb,WhJNk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	6576
Entropy (8bit):	5.501794818296567
Encrypted:	false
SSDEEP:	96:tytorCP1TYNedqDKZvZxdyMkUwKn6UHMDW2h5GQ5MBm5l237mRAkAP0KhPm5G:tIorIAWZhx8UwX+OeaRSsKpl
MD5:	BCCEB49ECB1A26DB90D9D6EFA306399D
SHA1:	826C33AA33EE4F64BFDBEF0AEA8259EC7B9EA4FE
SHA-256:	95F55CBB05F9A6AA00A42DFAAD02358F72512183E128A9782FBC6F886F9486C9
SHA-512:	54F78252C68C68CB2BFDFF7419E723D9E52D0428B0152745950B188DA2A423147410071BC1B08A0EF63172C38FEFE0911E29BBCF38AA59BDD537DD7E559F055C
Malicious:	false
Preview:	"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi\|\|{};(function(_){var window=this;.try{._.n("sy4v");./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.._.r();.._.n("Wt6vjf");.var jK=function(a){_.B(this,a,"f.bo",-1,null,null)};_.z(jK,_.t);jK.zd="f.bo";jK.prototype.rb=function(){return _.Lg(this,1)};.var kK=function(){_.Mh.call(this)};_.x(kK,_.Mh);kK.prototype.Eb=function(){this.qq=!1;lK(this);_.Mh.prototype.Eb.call(this)};kK.prototype.g=function(){mK(this);if(this.Tj)return nK(this),!1;if(!this.zr)return oK(this),!0;this.Gb("q");if(!this.$o)return oK(this),!0;this.An?(this.Gb("s"),oK(this)):nK(this);return!1};var pK=function(a){var b=new _.at(a.iy);null!=a.xp&&b.g.set("authuser",a.xp);return b},nK=function(a){a.Tj=!0;var b=pK(a),c="rt=r&f_uid="+_.de(a.$o);_.El(b,(0,_.p)(a.i,a),"POST",c)};.kK.prototype.i=function(a){a=a.target;mK(this);if(_.Ll(a)){this.Am=0;if(this.An)this.Tj=!1,this.Gb("s");else if(this.zr)this.Gb("t");else{

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=byfTOb,lsjVmc,LEikZe[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	36187
Entropy (8bit):	5.459178296907146
Encrypted:	false
SSDEEP:	768:CCKgf4qDl3hJhI+u8cgX2+ONUDt00sV50YZqCqF22K58pm9tjbD9tKDgV5y/bnMc:CCjhHL100sVG8qCqfmjjgco/bnMFW
MD5:	E82357728DB187A67C417CD85F513525
SHA1:	B4B0BB06510C470D363518F5200D002D17632176
SHA-256:	CCC9EE5B8091C4551419D670EA8DE5E88B0A369A43CF8424CC2A0A40966A7525
SHA-512:	2E056AC757C7DD3442C41B183602516F56E476191EC2021EC8908C140AE1114370198CE16E2990A0EC052672906F576A43854FFADC9918D53ABF9D5630EFFFD1
Malicious:	false
Preview:	"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi\|\|{};(function(_){var window=this;.try{._.n("sy51");.._.r();.._.Zs=function(a,b){a.sort(b\|\|_.Ea)};_.$s=function(a,b){return(b\|\|document).getElementsByTagName(String(a))};_.n("syu");./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var gt,it,Bea,jt,xea,wea,Aea,yea;_.at=function(a,b){this.j=this.v=this.o="";this.U=null;this.u=this.i="";this.s=!1;var c;a instanceof _.at?(this.s=void 0!==b?b:a.s,_.bt(this,a.o),this.v=a.v,this.j=a.j,_.ct(this,a.U),this.i=a.i,_.dt(this,et(a.g)),_.ft(this,a.u)):a&&(c=String(a).match(_.kl))?(this.s=!!b,_.bt(this,c[1]\|\|"",!0),this.v=gt(c[2]\|\|""),this.j=gt(c[3]\|\|"",!0),_.ct(this,c[4]),this.i=gt(c[5]\|\|"",!0),_.dt(this,c[6]\|\|"",!0),_.ft(this,c[7]\|\|"",!0)):(this.s=!!b,this.g=new _.ht(null,this.s))};._.at.prototype.toString=function(){var a=[],b=this.o;b&&a.push(it(b,jt,!0),":");var c=this.j;if(c\|\|"file"==b)a.push("//"),(b=this.v)&&a.push(it(b,jt,!0),"@"),a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\policies[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	1375
Entropy (8bit):	5.335779085208041
Encrypted:	false
SSDEEP:	24:hoyi4MiClJ2EtMkb57jCSXYwBwWHQUCKNUVqHUCJO1JenHpZpw4wVO1D141dJ1MB:SyijiQJ2kYSX/QZWqCZeUnK4KO9yxoI6
MD5:	02DDEE2EBA5EC537494DD9B3E4E39CFC
SHA1:	FFB85EDA83B06D0039025F4753E5E4442B1A246A
SHA-256:	B160CA9072DA80874F048160C63BA4CA4012B34B8A07736D9C92E2E0AF97C78C
SHA-512:	E94EDD5C03487D06AB2F3DEBFAFE3B2891E060E67688070EA61A4FE6C44D0F48C2FDC269B1C7D72F320AD38CA3E5F42D8573C137C7CDB81F5A5FAD43D2DF056A
Malicious:	false
Preview:	<!DOCTYPE html>.<title></title><noscript>.<meta content="0; URL=https://policies.google.com/?hl=en-GB" http-equiv="refresh"></noscript>.<a href="https://policies.google.com/?hl=en-GB" id="link">https://policies.google.com/?hl=en-GB</a>.<script nonce="iA3YmiO1sTXVZvne1VS26A">.var url="https://policies.google.com/";.try{var curl=window.location.href;var match=curl.match(/\/intl\/([^\/]+)\/policies/);var locale=match&&match[1];var hl;var gl;if(locale){if(locale.indexOf("_")>0){var parts=locale.split("_");hl=parts[0];gl=parts[1]}else hl=locale;if(hl=="ALL")hl=null;if(gl=="ALL")gl=null}.if (URL&&(!hl\|\|!gl)){ var cu=new URL(curl);hl=hl\|\|cu.searchParams.get("hl");gl=gl\|\|cu.searchParams.get("gl");}.if (URL&&curl.indexOf("authuser")!==-1){var cu=new URL(curl);var authuser=parseInt(cu.searchParams.get("authuser"),10);if(!isNaN(authuser))url=url.replace('.com/','.com/u/'+authuser+'/');}.if(!gl){var tld=location.hostname.split(".").pop().toLowerCase();if(tld&&tld.length==2)gl=tld;if(tld=="cn")url=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	121548
Entropy (8bit):	5.534165121082507
Encrypted:	false
SSDEEP:	1536:xg3NxhXAFtw5mpgMIbFXmdZwYfGbAbizbHRnmY3MVyYIXh/KAq4ti:gLXqItSrYL/HvdiABi
MD5:	B14CBED008814C9BAAEEA774DC0AA352
SHA1:	4E446FA9078A952B24CEEC73AEE8EA058E8498CA
SHA-256:	79B9362A62A3D31025A2CA5A6931880E8556A8FE77CAD926FECE1AB963A337E6
SHA-512:	7D53A67D11648886A14C68550C677A7417C2A3B812E05E85F6FE2F7837A3DB021675738F199EFA1BA013508E68F39F1FFBFD4653E591EA5CEEB32488B44EC326
Malicious:	false
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Mj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Nj=function(){};_.Nj.prototype.o=null;.var Pj;Pj=function(){};_.x(Pj,_.Nj);Pj.prototype.j=function(){var a=Qj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Pj.prototype.B=function(){var a={};Qj(this)&&(a[0]=!0,a[1]=!0);return a};var Qj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("T");}return a.A};._.Oj=new Pj;..}catch(e){_._DumpException(e)}.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Rj=function(a,b,c){a.j\|\|(a.j={});if(!a.j[c]){for(var d=_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rs=AA2YrTtxjxEt21GOiRO6UNC1lp5aHq4HRg[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	950
Entropy (8bit):	5.295864452549682
Encrypted:	false
SSDEEP:	24:efqcbAOWx3VY/s5Fff0gqRHl4kCHODYgqhvYHCu:eiVos5Fff0gyl4kCuDYgHf
MD5:	4EDE3133598C5CE04D5789F09A3A13D2
SHA1:	8DC6DD2C4F71B1346BA8964DE894ECD1F883C28F
SHA-256:	C5B984571B4FCA2BB8A351BCE70DAEE5496ED72E21247F6279593DD7D3A68C7F
SHA-512:	AEC371A1060BE5B3274FEAEF5506153FA5E510D44557F0324B1E80B70CE29BE60D8245E5CEB54A92108A7623FC7623B0D8AB5FDF6D1CA06152F6F6EC422D0E45
Malicious:	false
Preview:	.gb_Se{background:rgba(60,64,67,0.90);border-radius:4px;color:#ffffff;font:500 12px 'Roboto',arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000}.gb_Jc .gb_Ec{overflow:hidden}.gb_Jc .gb_Ec:hover{overflow-y:auto}.gb_Ve.gb_We{background:rgba(255,255,255,1);border:1px solid transparent;box-shadow:0 1px 1px 0 rgba(65,69,73,0.3),0 1px 3px 1px rgba(65,69,73,0.15)}.gb_Ve.gb_We .gb_gf{color:black;opacity:1}.gb_Ve.gb_We button svg{color:#5f6368;opacity:1}.gb_hf{background:#fff;border:1px solid transparent;border-radius:0 0 8px 8px;border-top:0;font:normal 16px Google Sans,Roboto,RobotoDraft,Helvetica,Arial,sans-serif;position:absolute;z-index:986;box-shadow:0 1px 1px 0 rgba(65,69,73,0.3),0 1px 3px 1px rgba(65,69,73,0.15)}.gb_if{cursor:pointer;line-height:24px;padding:8px;padding-left:64px}.gb_jf{color:#999;font-weight:normal}.gb_kf{background-color:#f5f5f5}sentinel{}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\so[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	46726
Entropy (8bit):	5.72767476792934
Encrypted:	false
SSDEEP:	768:rP/d9SvRuaYiM0rlXknoVahlsgFQPFJ/N49FOtCzEc:ZmMzno4higk1gFOCzEc
MD5:	4A2FD4D2696BF4D17DA53D52244092D4
SHA1:	9AEEF2DF08D54ABA9EF32AD40AB101650C3CE7E5
SHA-256:	367BB6B8E7622D1C9267CF9799C9BA29B6C81E3BC412B863CE02539E34E493DC
SHA-512:	6B6B95CDD11A1D00B8BDF59D3E21FD32D5D7AB234CD51AA18EB56D923CE7EA3D315562EBB78AD00901515AE96FBE1A985536695E75A3A17DBAF09974374678E8
Malicious:	false
IE Cache URL:	https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&spid=545&hl=en
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="7zH9abYR+kSBN3CgdqyKlg">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"8986674120124726408","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1612943132844327,179610794,2701375582]\n","ZwjLXe":545,"cfb2h":"boq_onegooglehttpserver_20210207.01_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333],"gGcLoe":false,"ikfjnc":["https://policies.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"OneGoogleWid

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2038943760-postmessagerelay[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	9875
Entropy (8bit):	5.579490775730224
Encrypted:	false
SSDEEP:	192:1TyJwMuoQ7zm1EeeFWLuivp3YiIJ1MfWXxPKPo5ulhIEkvwt:1TowMuoQ7zm1gC3ZIJvBiPKWaot
MD5:	7800A27DF1F2A78F5B6D6AAA9644802C
SHA1:	FE6DC96D677C9EEB610DB2B16B86B7C1C63C249C
SHA-256:	5BD9CA2F57B6C388332DD095D8C9BE87DC71C2E1B78B843515AE758FE05A1223
SHA-512:	EEC57D75897B295CD37E3588BA3ED4EEB2957B6F339979E9958DE7AA88B7ACAACF04E16B865F075C6307AC7EE0BBA683A44C9074624A8650A59AC7D458605508
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m=this\|\|self,w=function(a,b){a=a.split(".");var c=m;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var e;a.length&&(e=a.shift());)a.length\|\|void 0===b?c=c[e]&&c[e]!==Object.prototype[e]?c[e]:c[e]={}:c[e]=b},x=function(a,b){function c(){}c.prototype=b.prototype;a.A=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.v=function(e,d,h){for(var l=Array(arguments.length-2),n=2;n<arguments.length;n++)l[n-2]=arguments[n];return b.prototype[d].apply(e,l)}};function y(a){if(Error.captureStackTrace)Error.captureStackTrace(this,y);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}x(y,Error);y.prototype.name="CustomError";var z=function(a,b){a=a.split("%s");for(var c="",e=a.length-1,d=0;d<e;d++)c+=a[d]+(d<b.length?b[d]:"%s");y.call(this,c+a[e])};x(z,y);z.prototype.name="AssertionError";var B=function(a,b,c){if(!a){var e="Assertion failed";if(b){e+=": "+b;var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26180, version 1.1
Category:	downloaded
Size (bytes):	26180
Entropy (8bit):	7.9847487601205405
Encrypted:	false
SSDEEP:	768:axmLo3N7711ZHlB8N6yt/DvXjXjmDNzv6:bLodN78Ii7jKJv6
MD5:	4F2E00FBE567FA5C5BE4AB02089AE5F7
SHA1:	5EB9054972461D93427ECAB39FA13AE59A2A19D5
SHA-256:	1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
SHA-512:	775404B50D295DBD9ABC85EDBD43AED4057EF3CF6DFCCA50734B8C4FA2FD05B85CF9E5D6DEB01D0D1F4F1053D80D4200CBCB8247C8B24ACD60DEBF3D739A4CF0
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:	wOFF......fD................................GDEF.......\.......QGPOS.......#..+...QGSUB.......y......m.OS/2...\|...U...`h...cmap...........~n...cvt .......y........fpgm...........uo..gasp................glyf......=...m...5head..Z....6...6..'.hhea..Z.... ...$.0.5hmtx..[...........).loca..]....y.....K.6maxp..`H... ... .=..name..`h.......r.i6Ppost..a..........i]\prep..d....p..... ..x.U....Q.F..=#.0ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z..+..=Z...~.................0.8....r.\|...=s&oG....q.Fg...Y...:Wc..>..p..p....)......{.aX..}.?.k... .......N.=.c.Do.....~2.=.i$....0..>..!.'v.....q....>>.....o....30..0.w..\|hR&mrf....,.Y..........%<..0.#.~...._a.c......K.z...H1..u.2.Y_..0.9..`.,.:.=(.N~...a.<.D=.....V....\..>./.B.`iE..A9.S.\|?.g).Rj..8Q...h.y.G.^.kx.o.....(...#....9...,4I8...7..o.I\|@x..1.>'...H.m..$.yp..f..%..F$0.0.I.1...WR...E..8?a..\|"................A.(...ZJ.q.K\|...S.1..ht.ck....e...T.Zs,W..0..%.i.R...Ku.K.y.....j.RD..~..dpsh.fc.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4UaGrENHsxJlGDuGo1OIlL3Owpg[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26228, version 1.1
Category:	downloaded
Size (bytes):	26228
Entropy (8bit):	7.98323449413518
Encrypted:	false
SSDEEP:	768:DBOEuz6T0146JY/J6unqhOYK0GJenzOoyo6:DBHuea4j/vnqo304enzUo6
MD5:	6DD4AD69D53830BDF5232A13482BD50D
SHA1:	6FFF1079D7E5D02A2259CB5D7833E790239E01CF
SHA-256:	5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
SHA-512:	FC91E8C4EAE384D38667E330C5A5E4BF82EBAC9A23AB88439D7C22CCDD125DE7F1371DD953F18DEE60EF68B680DF49A32F684157D90F20E1DAC3BFFC9DF84118
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:	wOFF......ft.......`........................GDEF.......\.......RGPOS.......#..+..P.LGSUB................OS/2.......U...`h...cmap...........~n..cvt .......y........fpgm...$.......uo..gasp................glyf......=...m..N..head..Z....6...6..'.hhea..[.... ...$.0.6hmtx..[<.........})9loca..]....z.....&..maxp..`p... ... .>..name..`........r.i6Ppost..a<........O...prep..e....p..... ..x.U....Q.F..=#.`ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z.......%......033333333...e....r......U..u.r.....sV..Z..^..c..>v..p7.x...w.i...Y.....X...N<.k...0...kc];.u......4.j...@....y."......,....#.;..........9...1....q..b..c...{....i2.H..g..:.....du.FX.].w3...{y...G....E.....~..RdX.\|.\..U.^.x!....e.\|.:.RX.Wxg....&.5....2n.Q...5.{..2....Ia.Vb%....:.Yn..QI.Z...x..Z.6..?........G..W.^#.e..#\|l2p.S+.?'.<E..<....M.H..".>..d....>n%.(..."....<"........U/z.%..=...Le.cL3.4..4..znxgX!JD%.....s....&.a..z1._....O+..g.dm.?.9Vj.1...B...8..S........ ._.E.... .[#_..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47051
Entropy (8bit):	5.516264124030958
Encrypted:	false
SSDEEP:	768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5:	53EE95B384D866E8692BB1AEF923B763
SHA1:	A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256:	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512:	C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious:	false
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self,m=function(a,b){a=a.split(".");var c=l;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING\|\|[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\chatsupport[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7598
Entropy (8bit):	5.238477683745263
Encrypted:	false
SSDEEP:	192:+d36+swcre98YZwXO1JHq6PrLJRLwMKaSkZkF:Sz8Yjq6DLJ8aTZm
MD5:	81F4E76B75BC005C6C7C42E935F12BE1
SHA1:	1957A432A56569F9072DC082941222ECF58EE426
SHA-256:	EC79CAA8A2B64067631B65AFB295851C8C9F47CCA34B8AB53D341B32EA0C51E6
SHA-512:	79E2138BDDFEF6A632F38282CDF960CC86427A69EDE126159C47500152AEBFA5C5727D408F61D9A191A113382913FFB9CD1F1714B7AF5B6D91F7720345B0B012
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operator/1612774887636/chatsupport.css
Preview:	#topSection{width:100%;height:4px;overflow:hidden}#bottomSection{width:100%;height:calc(100% - 4px);overflow:hidden;box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 2px 6px 2px rgba(60,64,67,.15)}.chatsupport_a{width:12px;height:100%}.chatsupport_b{width:calc(100% - 32px);height:100%}.chatsupport_c{width:4px;height:100%}.chatsupport_d{width:calc(100% - 8px);height:100%;box-shadow:0px 0px 5px #888}.chatsupport_e{width:100%;height:8px}.chatsupport_f{width:100%;height:calc(100% - 8px)}.chatsupport_g{overflow:hidden;display:block;z-index:10000001;bottom:0px;position:fixed}.chatsupport_h{top:4px;position:relative;left:4px}.chatsupport_i{top:4px;position:relative;right:4px}.chatsupport_j{width:100%;height:100%;background:none;vertical-align:bottom;visibility:visible;opacity:1}.chatsupport_k{display:inline-block;vertical-align:top}.chatsupport_l-m.chatsupport_n-m{box-sizing:content-box;font-family:Arial,sans-serif;font-size:13px;position:fixed;width:400px;z-index:10000001}.chatsupport_o .cha

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\googleapis.proxy[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12544
Entropy (8bit):	5.463909257947373
Encrypted:	false
SSDEEP:	192:8iApwYKUa9uzv1cJJBA1pwgZCwm5Mi0+Sczlq:83pw9duQJO1pkwmR0+Scxq
MD5:	5B1BAFEA0F9841798E6CDD40737E5519
SHA1:	A4AD25A5DF5C93EDFE65C72819AD2A522A6F865E
SHA-256:	5343859EDF3D5ED87A8806CA4AB30B84E91783B5875C58BD56B66601780DFE4A
SHA-512:	4324D1118EF73DDFF224C2707B0924D3C00D0D30495E817B34BB6D15F911C0C1BB6D44D45F10FD83B11480FF97C019FE367363F12E65D50DCDBB90127652217E
Malicious:	false
IE Cache URL:	https://apis.google.com/js/googleapis.proxy.js?onload=startup
Preview:	var gapi=window.gapi=window.gapi\|\|{};gapi._bs=new Date().getTime();(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var g=this\|\|self,h=function(a){return a};/. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]\|\|c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].&\|[#])jsh=([^&#])/g,d=/([?#].&\|[?#])jsh=([^&#])/g;if(a=a&&(c.exec(a)\|\|d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=_b,_tp[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	149810
Entropy (8bit):	5.474554300802887
Encrypted:	false
SSDEEP:	3072:AkgdKYECFL6ta01Y3K/aza2fuXMSNP+4m:AvdRJLbbwnXjm
MD5:	A7D5A2A24932380D69F661A31D263E2A
SHA1:	6E094BEF01CAF640FFADFAFF917E7B5A30252C7C
SHA-256:	0D01404FFD034A7DF502851E44F1BE9DBE1361C5CBE93AAF838705CFDE841B9A
SHA-512:	C4034B5A7BF3DBA5DBBA07A75EE235ED07CB858BE2270D51DAFE54D502283253C42F843F25D4C71AA87E0577C05646F47821C2D1869830EC4AB07F6A5A980924
Malicious:	false
Preview:	"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi\|\|{};(function(_){var window=this;.try{.var ha,aaa,Xa,baa,$a,caa,daa,cb,faa,gaa,haa,iaa,jaa,yb,paa,naa,qaa,aa,Wb,Xb,raa,$b,ac,saa,dc;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){return aa[a]=b};_.da=function(a){_.m.setTimeout(function(){throw a;},0)};_.ea=function(a){a&&"function"==typeof a.Rc&&a.Rc()};ha=function(a){for(var b=0,c=arguments.length;b<c;++b){var d=arguments[b];_.fa(d)?ha.apply(null,d):_.ea(d)}};._.ia=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.ia);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a));this.g=!0};_.la=function(a){return a[a.length-1]};_.ma=function(a,b,c){for(var d="string"===typeof a?a.split(""):a,e=a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};_.oa=function(a,b,c){b=_.na(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};._.na=function(a,b,c){for(var d=a.length,e="string"===typeof

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\my_account[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 60 x 60, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	764
Entropy (8bit):	7.442445402566963
Encrypted:	false
SSDEEP:	12:6v/7iIORCZDbWu6iXjhfwnfNTSlT8pMRu7EKptG9d4Nmvzi0KPDGYWAOEg3MD4TE:+ORC5WniTWVTWmMR4rqd9bDKjWApIwUC
MD5:	C5174426CC01079A2AFF919E9A71C798
SHA1:	41D7A19FD8A167C690FBE6C6683B429B78B6F5ED
SHA-256:	C49DD682B10000C9C5E88950D9CA7C00BA0AFB12FEE34658B883B2F889A14BD2
SHA-512:	67982D71792679A2F44BC3BB1D1FFF164A101E7EB6A5C1769602B230C022EA5B134B38B220E7928A78A70D8F35D9199CDB0BF8A01ACC45FA15E99D0C95CC2BA1
Malicious:	false
IE Cache URL:	https://www.gstatic.com/policies/images/my_account.png
Preview:	.PNG........IHDR...<...<......")@....PLTE...B..B..B..B..B..B..B..B..B..B..B..>}.8r.4j.1d.?..={.3h.5l.A..6n.>n.......@..2f.X........Kw.:u...<y....B.....B.....~..B..e..B..q..7p.B..k..n................}..N...........e...S7D....tRNS..P....0p.. ..............................@..`.Q.U....IDATx....r.0.@.5l...fN........H.<...;+.3..\|....V,.Q...`.G....d..X.4,.f.......q-...MP..7...jy.v...m....n......q.O..p..........6....X....#iJB."n.I.)$4-b.<.)..f.1_p8RB.:.q..\|$.aba.g......P6......);^]..Z...1..X.o...>.-\)...].+%.j..b..Q..".mJ.......}L......W....[.V.Q9^t..]Z..-oA...>.[...."h8.h.F:.:.>hU......_5s.=j.GdU.....2...Pz~9K_.P......._?.Q...fo....>...`.... E.S-.HS.4.(y.^..............Po.6J.s.vJ6....{.._..~..P.8.......e.y<6.}..*...?..X."..6....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\operatorParams[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1317
Entropy (8bit):	4.854668912641909
Encrypted:	false
SSDEEP:	24:D76bBSzFvVdG4xp9kM/rgk4oV4SRv/4QBEwrlcKmlQFHMhfY0ypgkvVlXdR/rBE+:H8eNA4xpKI8Pe4A34EE6cfAsG42hf1E+
MD5:	F0473AD0065DA4E6650E6D4A70CDE8A7
SHA1:	D5DFC66EC974EDC162F0CB9D84E03E1D412FA606
SHA-256:	EAB4B2876EBFB6967A8FF4394DF9C66C23999AF9AB5433763D8536B35B4706AE
SHA-512:	7153FC4C9C2F691FF9DE9E081EE4458717B9374D71238E9199983EDD68F5A5DBA03D276D5C0D3C4AF2353CE834BE5616B67B664FA6BFB91D410120976F07DB2B
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operatorParams
Preview:	{. "operatorDeferredUrl": "https://ssl.gstatic.com/support/realtime/operator/1612774887636/operatordeferred_bin_base.js",. "eagerLoadHostnamePattern": "((https://www\\.google\\.com/express)\|((adwords\|campaignmanager\|support\|support-content-staging.sandbox\|business\|fi\|.+\\.corp)\\.google\\.))",. "eagerLoadHostnameFlags": "i",. "cbfVersion": 1612774887636,. "experiments": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment": true,. "enable_desktop_screenshare_email_fallback": false,. "enable_emojis": true,. "enable_youtube_specific_endpoints": true,. "mole_show_survey_url_percentage": 100,. "mole_skin_version": 2,. "operatordeferred_report_rpc_events_percentage": 10,. "screenshare_skin_version": 3. },. "settings": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment": true,. "enable_customer_can_end_chat": tr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\postmessageRelay[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.236434407182491
Encrypted:	false
SSDEEP:	12:haxyErYfhVkrC9sA0xnEGwPSx7JmWmM8ytrI:haJspVkO9sl3wcaSI
MD5:	C286E9010BD895648A629EF518A7E3E5
SHA1:	D2D19E78F0061DFFD0390020385AA866AD85FD22
SHA-256:	2561FC8BFC22B2225915F171372FD0130F6D42246B08C148D43895A72C2C4C33
SHA-512:	2A9EDB0B658A0B4DBA0F8BE569BB1F82C603D2963703E00EF0920F9726F0A61BAEF05B9209528637B5FF740FADFBE5DF41041D677B873DFB3DF959ECE8579B92
Malicious:	false
Preview:	<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="9n0yVPPZHgj2PN9RmTuTGw" src='https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js'></script></head><body ><script nonce="9n0yVPPZHgj2PN9RmTuTGw" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\product_privacy[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 61 x 61, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1102
Entropy (8bit):	7.755959747709278
Encrypted:	false
SSDEEP:	24:vA6QqwPXXLU3Wp/u950gJD4oFH2vn+qNTX3DRd9p:/2PX7U38/Yf7FHIn+yDNp
MD5:	73B121C01B94FF4147A6A7BAC42A8CC0
SHA1:	C8F2FAFEFA1D922401723E0A057DA657ECC8288D
SHA-256:	91F55DDCAC5AFE92683CAD3C208A109B7CF598362944435B6DD697C1D2417B75
SHA-512:	A037FF4B54F76A1AE5C437D48992598F1A2F66ABEF30769757CB0943A7790D138D45D64497A100178D4B94AE51EAC9E386EF0686305E60B9C503D274DED04917
Malicious:	false
IE Cache URL:	https://www.gstatic.com/policies/images/product_privacy.png
Preview:	.PNG........IHDR...=...=......ba.....IDATx.....A.@/W....m.m...m;..:..N2U..1....z..7=..w...:..........s.mK...0....n.~..W5..d.L.aD..(..$IU.VNu..T.}.9....N....n.!..&H.q.....I.. oZKL.\|..Ab>..%..'.....].s.$g.0{cN".u$...Up6U...c..y9.m..IaA....]Yv.X}.c..P../...%..T..3......mS.k.W..A\^R....Se..5..y.%..\....-.+...U.W7cng....>...v}lf....:..W5../.^......!..1.....$..a..? Mu....e.Ec......2{....%.5.).z.@a.4....L.R......d5.aQ...+...7..3G......GWSY...........R.7.;...du..=.Vu.?y..j....bi.....<K.43.4Su..[].+.\K..y..u.fI....k.B..c.S+]...._...h.^.~....$a%E..&...T.....aaa\|i...Mw.v..=.u..W...W.....V...J.hd..I3DFF...]4.w.Kh{.7.0e..N....<.t....\bcc!$$D.t_6.V..Sz..'.^.....l\|{.......v.c.-.$....HBB......`..Bc.a..T.K.....OX.#...DKiJTT.\|iZm..+\..\|.M..NR+.6.....IJ...~<.K.,...+{ci...p...x.@..3..2NN....>.=...\...>.\|.....vs...f......~%.5... Q..!.+..m.A .&.....9..f.-./A...UW.u....3..GiVXkN..P.$.Mzl.H#u.$-H.t7..F....g....X(8.J..\=I..,......3K...'ig...P?(.0..H..^...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\shields2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1548
Entropy (8bit):	7.824178786656278
Encrypted:	false
SSDEEP:	24:C5ZDJxXAGFrQTu15zDg1pmOoEoI36LtThmRrhpnaV7pF1goQ4YMie1aSAISLwiqF:AvA60CPE1pm7hmRraAhSsw
MD5:	E94E4F538E0D3C83D95A6335E4FD4C5F
SHA1:	5B9B70C6AAAC2309709CBB9766E773A664339AE3
SHA-256:	EF9EA4C6D3BAC8FF569894FEA572411F3282B23CC98DB1A38CFCC131702136B2
SHA-512:	752DDAB1D8A87B7D6992A43A67BDBF834E59219BC853E8E17D0E8B2091C147B9DF5A1AE0FAD4B5741DF573ECC97EE8E4D73D4CDA6EBD862409E8E7959226EBE2
Malicious:	false
IE Cache URL:	https://www.gstatic.com/policies/images/shields2.png
Preview:	.PNG........IHDR...<...<.....:..r....IDATx...!..... ..../L@..........h.(.o..m.b.l.m.m.m......Ws.;.{3.']..F=.1.........%..+....Z..-.....K.o(.&.y.+.JS)......#.a..v....m.g..j.*.8.-........g.......G....P.u.O........dDl.$D.x(..K.2.R.M.:.:../]Q..>..()....t.{x.... .....^.............6..T..^.^E..F.+..IGz.o9...q.......[g....y.ob..[(.e7\|._.u.nq...W.8. ..O....w..M.T...k..>.."..,.4......N.}..m.2.C.. ..K....ub..V..>..8.!......;.......sN.....\.Ga...x.d...'...H..l....G.~..6_...r.!....x.Vl.Q......,zt....Zz..3w....a}....j....G.Z. ..........v...H 1'CZ.L.\k=..y.y..X.lU.m.....{y.R`..Z..gG..z.3dD_.^....Y.q..7...G...l.1.{.6....5.....H..}.^..is..^.. b.v.r..2r.%...".7...r.....@.d.Nf.&...{.&zy.9+.V`.~.\|h;4).-.L.S.8%X..p.j.Q..l.6O..r..X^Q/H;. .L...1@+N^."....@k..h.a.<.:.m..FN.$...;.B..zh..X....2$.\|"%.i.8....>y.:..}f.......d.<.I..Tp.j.....a/....Tq5..a}j;.%....=..M=;..'...K..f#...}.S`..q#y.).!..yk..g........<u.1....!./uHO ..is..k.~.H...l...?.......8}.%6.y.!}.q-...m...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26464, version 1.1
Category:	downloaded
Size (bytes):	26464
Entropy (8bit):	7.981932066790926
Encrypted:	false
SSDEEP:	768:OIYb4Auz6mM1gBEL1WuL1BU91c6HJ8Y4mAS:OI84AueNmwHpBU91qY4m7
MD5:	08F80DE0ACF68D82AABAB974A47D9E5F
SHA1:	E6F1C0F5395A9C297AA162468961C1FAF0EC1ED9
SHA-256:	4070911A1BB9CC52C4E4CD5E85CA186DCDE89308A0517A8FAA4715C2E0A9D45E
SHA-512:	720DE47FDDA648AF7CE5F3F574EFA3322191C4D0001E31181739D65FFE0CCECED56635AF58E5E828072A17EEE1ED1E318AF467B8ED7F4185EE0F5155501CD8D0
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
Preview:	wOFF......g`.......d........................GDEF.......q........GPOS.......$..+..K.MGSUB................OS/2.......U...`i`..cmap...........~n..cvt ................fpgm...T.......uo..gasp................glyf...(..>W..mNU!.)head..[....6...6..'.hhea..[.... ...$...4hmtx..[..........1'jloca..^....~......t.maxp..a.... ... ....name..a4.......V..4.post..a.........O...prep..e........^....x.D...Q...3..I.=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....i...x..Z...6.=r...............q`.>....m.....fy.g..y4N...tAg.."KWWW.j.....8...n.3..:..1....9.+.}...b]....0..6V..).G.r........N...,R(.o.t.LU....;.{.l.y....i..w.{F..;p'.....,.........:3...\|..,.`pGPAV.?....q!......=.(cn.'<......sK_...]..U.W.......b....E\|.o..Jp.n.uX....J.q'SFy...l..Cd..XZ..RP...#.w...C)..s../..D..1.G...Sx...e.....x.o.mJ...~./L..r...Y..sD./.......>$R`..&.v......D..w.). .f.Y."<..V/.zQ{.8./...X................B..Jp#%.7.e>+L.Q.1..hd..k._...f..u....+....Q...N..\|....$Lv.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20012, version 1.1
Category:	downloaded
Size (bytes):	20012
Entropy (8bit):	7.966842359681559
Encrypted:	false
SSDEEP:	384:Yc6bX9TagDCXKqs4+W5XVgaflKHjsGdZtlh3K/qzWz/scZpuB:YcCVaeCaF4ea9KHYQZtlh3Kgy4B
MD5:	DE8B7431B74642E830AF4D4F4B513EC9
SHA1:	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
SHA-256:	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
SHA-512:	57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:	wOFF......N,................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......R...`t.#.cmap...4.......L....cvt .......\...\1..Kfpgm...@...2......$.gasp...t............glyf......:...j.'..hdmx..G,...f........head..G....6...6...rhhea..G........$....hmtx..G....a......MOloca..JP........\v@zmaxp..L,... ... ....name..LL..........:.post..M(....... .m.dprep..M<.......S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19888, version 1.1
Category:	downloaded
Size (bytes):	19888
Entropy (8bit):	7.96899630573477
Encrypted:	false
SSDEEP:	384:0c6bX9TSzYzCrQH+qXM6C0ouF0xcYye+5x/U3S0X5v+obEgm:0cCV8GuPVyzx/MS0X5v+oI/
MD5:	CF6613D1ADF490972C557A8E318E0868
SHA1:	B2198C3FC1C72646D372F63E135E70BA2C9FED8E
SHA-256:	468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
SHA-512:	1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......M.................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......P...`u.#.cmap...0.......L....cvt .......H...H+~..fpgm...(...3...._...gasp...\............glyf...h..:q..i..+ Ohdmx..F....f........head..GD...6...6...\hhea..G\|.......$.&..hmtx..G....d.....E#loca..J.........\s@.maxp..K.... ... ....name..K........~..9.post..L........ .m.dprep..L........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\answer[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	252
Entropy (8bit):	5.3420190501614275
Encrypted:	false
SSDEEP:	3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DGCBLCRvnXVU:wRkrQWR0iYBtqWt2aSyu5BLCRaUdToP
MD5:	F78C065517FA9A32A9D74AD9F0696705
SHA1:	46CC0BBC0C83EBB46C793480F083AD7E80B95261
SHA-256:	83A1BF0311DD33B561AF616583899C2D13C37F5ED83CE134CE207D81383ED150
SHA-512:	61958E5DB731168B25EED879B1AD4056D166BFDBF4EE0D1DA12DD9B9A4D32C1AFA0A110D0D98BB2915CAC4D6CBAFA3567DA6A780A9FDAD6340E3C66003F11652
Malicious:	false
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://support.google.com/drive/answer/148505?hl=en-GB">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	213220
Entropy (8bit):	5.518438460669518
Encrypted:	false
SSDEEP:	3072:pUnq59U3zzVB2UM8aLCLLbJlco3/TqOJPKB/FL6+LClcL2JDBJt4yU8JMPGBNnX:pOZzlL3JupF2+acaVBJt4ytJMPGBNnX
MD5:	68F7670315C465CF9017576197206812
SHA1:	1A1544DB510EBB9A571A99F6232F603492C31C4A
SHA-256:	5CD7BB98D47F6001973B383BC2C43913D2606F8AD3FACE658A51FBFF4D7C0EC8
SHA-512:	3998CA94E911D8DFE6DE57E5290985BD315EB4919B13CD2B7DA2DA86452C21A1C66A9167FC90C5EF2D50761EA904540761B3579C833FE31F94B13BBC9D02B40E
Malicious:	false
Preview:	/* JS / gapi.loaded_1(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var Rx=function(){};Rx.prototype.VD=null;Rx.prototype.getOptions=function(){var a;(a=this.VD)\|\|(a={},_.Sx(this)&&(a[0]=!0,a[1]=!0),a=this.VD=a);return a};.var Ux;Ux=function(){};_.O(Ux,Rx);_.Sx=function(a){if(!a.WG&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.WG=d}catch(e){}}throw Error("la");}return a.WG};_.Tx=new Ux;.._.Le=_.Le\|\|{};.(function(){function a(c,d){return String.fromCharCode(d)}var b={0:!1,10:!0,13:!0,34:!0,39:!0,60:!0,62:!0,92:!0,8232:!0,8233:!0,65282:!0,65287:!0,65308:!0,65310:!0,65340:!0};_.Le.escape=function(c,d){if(c){if("string"===typeof c)return _.Le.escapeString(c);if("Array"===typeof c){var e=0;for(d=c.length;e<d;++e)c[e]=_.Le.escape(c[e])}else if("o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	63996
Entropy (8bit):	5.575641152056994
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WgU3zKXRF1OVxKRNc/VC:pK4ye0RkgU3zKXRG4
MD5:	325C4FA4DF8F45F58DAF1D5FE8FBC10D
SHA1:	D8F614488C718BD543B2A2BDF77893E1E593395B
SHA-256:	5E020E137CC87D25C4F921F1BAC926B28B9D98C4E916A685F636DA792B8F2DF0
SHA-512:	BD32609868C0F47259FD8F28476B18A5B707497D1ED92C61C279C00FCA9367037B0D7DC4FB1FFF1A8D21FCEC9C593EC0BAB564FE831FA61AB65FDBA6F569B44E
Malicious:	false
IE Cache URL:	https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.L7mys-cL6BM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg/cb=gapi.loaded_0
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/policies/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[2].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
IE Cache URL:	https://support.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\privacy_security_answers[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1507
Entropy (8bit):	7.833468895711971
Encrypted:	false
SSDEEP:	24:AY5B+ji9JZTWX+Xzf8T/p3R5W7xwOW8jOrmh4TA0pNF2qWZD0IWBN6FypV:pB+j+WX+Xc/p3RcD4VKZD0IWBi2
MD5:	223E35E334DFACC0FC2739C81CA13F14
SHA1:	D11D12403D5F98AEEE6B1A2DFBAA055CE2CEAA81
SHA-256:	90C6C1B9D61C22A6E233035793F7ADFF1C4509093210E78B4E2716F586402A54
SHA-512:	C568B2910097CDAD47D7B0495E7990F89355DD8270547B2A775BB6B1999041C0E3236DE654639CA912AC1F12C43ECF299E1C5D1DFC670170E57840D911A3D6E7
Malicious:	false
IE Cache URL:	https://www.gstatic.com/policies/images/privacy_security_answers.png
Preview:	.PNG........IHDR...<...<.....:..r....IDATx..ep.F..]..2..K....9Lg.....0MFaff..U.[S.....ez}Os.Ykt.b.3?.v...-.'.S.s..2.qt.\|...,,.Q.EiH^...... .......#Sq..kL./..w~..t.z..%....'"RX.-.A.@.... .....kn.kF.3Q.\..'..'...+...m..w.H.1.3.BU~...("G.W5R3.?.y.). ppVsxwok.-i.6..k...;........^...4Khr?....9%..,..3.oA.eE....3.ZY..;..*[?..........X.c....V....4I.vG.E..Vm5....vP}$.L.i..)U...%.1.tk8.0..M..U.....\.......[..K.......4.+.&..%3.....&..6.K.]...#.Y.U.....%........i $..........Q..D.u~.,.+.s.D?.....-L?.(.n.....j..e....,.u...]}4YLx.%.. ..{.%.4x..D+.......0#._?V./...}....G...,%{.Z5j;.....0.%#.b ..U....[..`.....}.Yy.C..#/.....y........H..p...D6.[.B.._....sX..4..M.\|DFt..P>+.....&0.Q..3...l`a....rf......OLf...@.h..x..^.Q).........C.P8...C.P8.n..+.G(\.@P...rq. ....t..?...)D.. ........3g..H..$a=.Y..y>s.xNl..#.%.O...Y..........vv....1....vc....Nv..Q................o.........Y6..8.u...wGnM...G!.....,f...L..Y.M...Z.._B.Ko..gF@7`J....#.t._..93.v.4.e.=.....w.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rpc_shindig_random[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12542
Entropy (8bit):	5.463869772094116
Encrypted:	false
SSDEEP:	192:8iApwYKUa9uzv1cJJBA1pwgZCwm5Mi0+Sczle:83pw9duQJO1pUwmR0+Scxe
MD5:	C040F26CDE55C1FDAE194D59A3F0D116
SHA1:	BADDFD319108081F4F4F4789E44615ABAAD1BB6D
SHA-256:	11657D06995B4AC167D7006AEAD184C36293854D25F4EF4615AAE990EB89EA21
SHA-512:	F20B482E06DB3AB5156C4CEF05E404FE941628232F96EA13C8EDF67BD517153776BB34C199F8D9BCC344D98BA577ED7BBD60DC5C314752229B275D23603F4D94
Malicious:	false
IE Cache URL:	https://apis.google.com/js/rpc:shindig_random.js?onload=init
Preview:	var gapi=window.gapi=window.gapi\|\|{};gapi._bs=new Date().getTime();(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var g=this\|\|self,h=function(a){return a};/. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]\|\|c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].&\|[#])jsh=([^&#])/g,d=/([?#].&\|[?#])jsh=([^&#])/g;if(a=a&&(c.exec(a)\|\|d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rs=AA2YrTsJPxuxlT5x60-Aao0xFyPNS2O7OQ[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	117077
Entropy (8bit):	5.538347426463972
Encrypted:	false
SSDEEP:	1536:xg3NxhXAFtw5mpgMIbFXmdZwYfGbAbizbHRnmY39h/KAq4ti:gLXqItSrYL/HvziABi
MD5:	FCB17CBA4A79C29BD12A554D7B381593
SHA1:	87C687D712EDEDA5E32B3C94BEF25F3C387FF52B
SHA-256:	A7E36CF1DCDBF1244317119A2295D2461DA765807D92AF6C9B2F8FF53F282146
SHA-512:	7246B531F6FCBED9CCEEA3FB3AD531F036FE28FAD3331AF51843C5A09AF345B4D9F1FD02224FA2A29C405B2E177BB2BA595A7601D461634E8F88BF372D1DE4BD
Malicious:	false
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Mj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Nj=function(){};_.Nj.prototype.o=null;.var Pj;Pj=function(){};_.x(Pj,_.Nj);Pj.prototype.j=function(){var a=Qj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Pj.prototype.B=function(){var a={};Qj(this)&&(a[0]=!0,a[1]=!0);return a};var Qj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("T");}return a.A};._.Oj=new Pj;..}catch(e){_._DumpException(e)}.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Rj=function(a,b,c){a.j\|\|(a.j={});if(!a.j[c]){for(var d=_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rs=AA2YrTtxjxEt21GOiRO6UNC1lp5aHq4HRg[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	301
Entropy (8bit):	5.192037061010406
Encrypted:	false
SSDEEP:	6:6ZwTcqcA2n6gt9VvKcZWbnRVIM6RoeSjIUVY29g+7s8agMNDzY/:6ZfqcA26gAcZWfp6SVY/soY/
MD5:	5E1BA7773FBAB75FDF7B3E74BD4AB2F1
SHA1:	C0EFB23EA4A186B9936A9D441C3DC4907C507D2A
SHA-256:	EB4D490B39F02AE67360FB75D13BEAAE29BBE932C08034A688890A28692C8E1E
SHA-512:	CC62BFDE42DE77EE97AB514DF29155A7A6D3992B1C2E30DC3EA97C364CDF073F46F9937DDFD027274E2F1F6A6C6836ACB75046ED0C06DDCEA0EA64175921A822
Malicious:	false
Preview:	.gb_Se{background:rgba(60,64,67,0.90);border-radius:4px;color:#ffffff;font:500 12px 'Roboto',arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000}.gb_Jc .gb_Ec{overflow:hidden}.gb_Jc .gb_Ec:hover{overflow-y:auto}sentinel{}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\terms[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	240
Entropy (8bit):	5.270894146236966
Encrypted:	false
SSDEEP:	3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DISLIqTKA8iw:wRkrQWR0iYBtqWt2aSyujLIqXzAk9oP
MD5:	3678630FA728F43986CF961AFA853529
SHA1:	706B5F098955D32CA3AB985DAD3C7963AB9C6B9B
SHA-256:	F5095E84323DA2B828904860B5245F131309D35E05121A49DF0AC32366D62746
SHA-512:	997ED30D5012B8D8E6B18907B219A943C17554E3991BD411CAD90335EE54DB9CE68C359722C3B1380026457DF69A0E29D039B7D853E5DB2A07E6D6D20231557B
Malicious:	false
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://www.google.com/intl/en-GB/policies/">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\148505[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	805907
Entropy (8bit):	5.594187994890181
Encrypted:	false
SSDEEP:	12288:6iGtTnydEIzUPhVPPj2VWxJbwhPF6T0BqQhuaIpk2S/:61tTnydEQUPhVz/xFwhPF6T0Ru5pk2S/
MD5:	F960603FF802A515027396E6900889D2
SHA1:	02C5BD19E6725B2E8F75ABC435ABF8546F00D4E7
SHA-256:	1F989C6D1D7A715166F104FA3F8A90C7511A1DA08E060F8893A962464D14829F
SHA-512:	40B48FE3CCA28EA8126685CEA6713CF0EA228EB08C8D1D9DBF6400DF494C90E20068E3A26A79732452963A80035ED4CF1AA29FE7E9F3F5F35D3905CFF59C0341
Malicious:	false
IE Cache URL:	https://support.google.com/docs/answer/148505?visit_id=637485399344018949-2538812545&hl=en-GB&rd=1
Preview:	<!doctype html><html class="hcfe" data-page-type="ANSWER" lang="en-GB"><head><title>Abuse Programme Policies and Enforcement - Docs Editors Help</title><meta content="email=no" name="format-detection"><meta content="nofollow,noindex" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="The programme policies below apply to Drive, Docs, Sheets, Slides, Forms and new Sites. The policies play an important role in maintaining a positive experience for everyone using Google products.&nbs" name="description"><link href="https://support.google.com/docs/answer/148505?hl=en-GB" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/ro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\3PWVHDZB.js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	271811
Entropy (8bit):	5.5775962674220345
Encrypted:	false
SSDEEP:	6144:HupoD1qFe1Nv/PIGrSXftD+zqCSe4JdTT:ZhwoNv/PJxuN
MD5:	CC44353EC2E6F179C89B09CB96059BEF
SHA1:	C35C24C9F8F683D2A6D8916E43F4D6143943D5ED
SHA-256:	BD34F7729A6F779614C3BB74A07FC9C2AB047BE5A9AA0B97D813A46FF2329FCF
SHA-512:	D0E5E760250AD6126BF3279A26F8E7CE013824B60471C92CE2087B661D349C75201B3B18D6B59B644639225E8620C5386636B3A4690537DED47C5200680EBD29
Malicious:	false
Preview:	"use strict";_F_installCss(".EDId0c{position:relative}.nhh4Ic{position:absolute;left:0;right:0;top:0;z-index:1;pointer-events:none}.nhh4Ic[data-state=\"snapping\"],.nhh4Ic[data-state=\"cancelled\"]{transition:transform 200ms}.MGUFnf{display:block;width:28px;height:28px;padding:15px;margin:0 auto;-ms-transform:scale(0.7);transform:scale(0.7);background-color:#fafafa;border:1px solid #e0e0e0;border-radius:50%;box-shadow:0 2px 2px 0 rgba(0,0,0,0.2);transition:opacity 400ms}.nhh4Ic[data-state=\"resting\"] .MGUFnf,.nhh4Ic[data-state=\"cooldown\"] .MGUFnf{-ms-transform:scale(0);transform:scale(0);transition:transform 150ms}.nhh4Ic .LLCa0e{stroke-width:3.6px;-ms-transform:translateZ(1px);transform:translateZ(1px)}.nhh4Ic[data-past-threshold=\"false\"] .LLCa0e{opacity:.3}.rOhAxb{fill:#4285f4;stroke:#4285f4}.A6UUqe{display:none;stroke-width:3px;width:28px;height:28px}.tbcVO{width:28px;height:28px}.bQ7oke{position:absolute;width:0;height:0;overflow:hidden}.A6UUqe.qs41qe{animation-name:quantumWiz

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26164, version 1.1
Category:	downloaded
Size (bytes):	26164
Entropy (8bit):	7.983292364847896
Encrypted:	false
SSDEEP:	768:L9QwjnXN11zY7+dePzz5Othh7STtySTygbOg9zp:L9pjz1kCePzQthJSYgbRp
MD5:	CCDA7B53E281A638F36ED62514815268
SHA1:	CF6D39BAB2A012D008EC9EDF95F4F4BDACF93770
SHA-256:	673F112749C21E5BE0D1338E1709A1D981053E239E98CE09D0BB849BB34FCD98
SHA-512:	20645A09B2FF157E50C71D862AA4FE6729FFD8BE18FB3D390B3714DEEC4F4FFF49FAC16EC509F8D620E476DC1942C67C95A95ABF14A06585F5B504FB4BE89F58
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff
Preview:	wOFF......f4.......\|........................GDEF.......q.......~GPOS.......#..+...UGSUB.......y......m.OS/2.......U...`j(..cmap...........~n...cvt ............(...fpgm...`.......uo..gasp...(............glyf...4..=...k....head..Z<...6...6.x'.hhea..Zt... ...$....hmtx..Z...........%.loca..] ...y......%.maxp.._.... ... ....name.._........Z.L3.post..`d.........i]\prep..d$........t...x.E......E.}&$a......A.. ....,....`..}....q....+o...9 ....B.J..WS..w2.{...o.D~!X.D:..Muq...[1 ..[.I...]..#-..0...x....+..E.pg....bfffffffff.0.+ef.5..N.0..K..r....Y...@..V.t.~.......[q....h+..y...1s.#.>.%....CX.,@.F..t.H..t..{.q.c.>..\?..J.".J.+.M.L...:l%..I\....<......._....M..-....7.BP.J.d2.T..,G...E?.Z.p..].w..=z....9.p{..<._O+..r._...]U.]..?.r.JoQi..k..P........=.X.:U.....\.....h.....r....L....J..Sn..<9..V..=.x=:x..x..yCr.#e.._..o.>...s.<!M.......!..o....!....j.#$.:A..Bn.2.$..,..E...{...G_.....L............jw..P.]!..wE.R..a..rK4...k.._.W24^...cuh..fTIH.Z.TJ....&.x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	100884
Entropy (8bit):	5.524623565937768
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WCjfyQUEZPpIJYoDpA1/HNpHWNXRRF1OVxK4c:pK4ye0RkCjiE3IJTpoHNpHkR+4roC
MD5:	9534D32DE45A6E13B5E87DC9FCBF2B14
SHA1:	D299559588546F555EFE81E77BE17A7C10F82CD1
SHA-256:	79F21D811C42ACBDED1B2A1B86D7E9BB45D58A1F477E6ACF86B5CEC33EFE46C6
SHA-512:	EA05BD5432EFDA0655A27AB00649E5B6902215AC042BF3CEF2E8D0107A4DA64803EEF58684B0558B5CC8509F3347BFE7757567A05AC6EDF0036AFBAF9988899A
Malicious:	false
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\googlelogo_clr_74x24px[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
IE Cache URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\googlelogo_color_116x41dp[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 116 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2408
Entropy (8bit):	7.8989590488026415
Encrypted:	false
SSDEEP:	48:adcls8jg/0B2EeZDjqtstuXgBsC4Z/zOCN4cfuptv0M+kXggLyr:hlsEVeZiW8XE4Z/zO3cf47+Igxr
MD5:	A62A4E4A142FBC4A6583B50C154AA1BD
SHA1:	105DAF8E2CCDD2AD5C18D507CDAE5926FBA0E764
SHA-256:	A9CEF4D58336842DC12848055C5E8D17A02B2FEF3EEC87E5AD171DC699D49D23
SHA-512:	A3B84323F28035829E5F16AA84D1314BE328037D97BCB91AF2DCF17EA65F580CD17C0135DDDD627320C8D04F0A3F12E5C952C4FA8A6AD7F1876F1803A7996B4F
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_116x41dp.png
Preview:	.PNG........IHDR...t...).........../IDATx..[}..e.~ao..S...E..x..........^.."`s..DD...4......+4..$.kL...@....J..(Pi.......~....\..=w.=1..vnwf....$ovw......}~.o..8K....iys..3z...>.3.....5.E....?.B.\|(..g..;5..Ts...ok..t.:...X.........u>..G.9.. ._3^..'.dg1bO..&...c......+Y........).. ..g..y}H.4..2A.).e..!.v.U/e.z.."jv8N..cD.(Gh..:$t..E..U.O.LC.w0.:..d.=....d..B..G..9.....$..\%S...CB..P.....{..I.bv.J.r... ..9.1;..X[?.V..Ys!;.(...j\.(./.U.k(%-..;..@}.-..D.Z.....jmf.f...H}...S..]h.;]C.J..$.hw..._QV..j.k.%....8.....su./.3...'RR.;.......JJlGQ..i%.-M......D..G.....K{s\|S..+...$...O.#D.....zH,..E..%.h"..&....#..t................@......_...N...~.IW.Kla.?...k.F../...a..3.{0Qv...ZL.ZQ.....~..s.....o.V...0+.6.3..n.f.n...{..W.....dyn....."&`E.:.V....d.0."..BhEi.he..2F...J..Wc.[=m.~.......<......8.4y.3....}....%5~.Q.t.{8...+.l...[..h...]D+.....~Z......L...NCE.F[P..........MPB16l#.U.{......(..'..@....:Bn....$T.p)%u:oV......>...J.t.Aj.t.Gf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lazy.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	71494
Entropy (8bit):	5.470073255549039
Encrypted:	false
SSDEEP:	1536:UkioniK+uqgdDCS2c1eFHHHMT2AHF0F4Ej16:7nicDpIZn9k
MD5:	D895924C0AEAD876FB9A223D845650DD
SHA1:	826379FF4F6AAD28D597A8340C030A5B3529BA1C
SHA-256:	30B04F9232865AC456DE86957624D97774C7A09E4F996CC1F9461F3610F14299
SHA-512:	0D5D6DAA6113C7540AA64C5C535A25404A440FBAFD5DB0BF242C1492D599D2D2DB24E6C2ABC9E3E0B8DF4B6F6005DD5268768DA6956055A7D0379614004A2AC3
Malicious:	false
IE Cache URL:	https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},p=ca(this),t=function(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.t("Symbol",function(a){if(a)return a;var b=function(e,f){this.Ub=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\m=krBSJd,uiNkee,wmlPKb,IavLJc[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2470
Entropy (8bit):	5.287196352387517
Encrypted:	false
SSDEEP:	48:ty6pMgkMhwDympiqUOdf3d/EDBlhnlNcjsrG:tycjk+wyq7vWHnAEG
MD5:	78C20CDE0DB9CC11D21A8AC0EFD54E47
SHA1:	24844F0963559D4DB2EB4239659D4A92BE09058E
SHA-256:	B576D9EA3B947335BB09DF34D9B5AE03E3DFD02C83F94D923A7929028D287E4F
SHA-512:	1BB0A824CE164DF0BD8E62B0553D86E219D501949F31D332A84DAD38C95D6B3FC32E645D830666DC45A5A8EB3EE71E600CEF74D9E07E15229AF6E51DC2853391
Malicious:	false
Preview:	"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi\|\|{};(function(_){var window=this;.try{._.n("krBSJd");.var h3=function(a){_.U.call(this,a.ma)};_.x(h3,_.U);h3.T=function(){return{}};h3.prototype.sG=function(){var a=this.Da("O1htCb").H().value;if(a){var b=new _.at(this.getWindow().location);b.g.set("hl",a);_.ce(this.getWindow().location,b.toString())}};_.V(h3.prototype,"msyOCf",function(){return this.sG});_.iI(_.Xda,h3);.._.r();.._.n("uiNkee");._.Cm(_.Ko);.._.r();.._.n("wmlPKb");.var k2=function(a){_.U.call(this,a.ma);this.i=a.W.rk;this.o=a.W.view;this.j=this.getData("trackerId").Qa(void 0)};_.x(k2,_.U);k2.T=function(){return{W:{rk:_.h2,view:_.WH}}};k2.prototype.ZF=function(){var a=this.i,b=this.o.getCurrentView().g.j,c=this.j,d=void 0,e=void 0;d=void 0===d?a.i.location.href:d;b=void 0===b?a.g.title:b;e=void 0===e?a.g.referrer:e;_.j2(a,"location",d,c);_.j2(a,"title",b,c);_.j2(a,"referrer",e,c);_.i2(a,"send",["pageview"],c)};_.V(k2.prototype,"wKZqRb",function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\operatordeferred_bin_base__en_gb[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	383864
Entropy (8bit):	5.205248349958609
Encrypted:	false
SSDEEP:	3072:kVHKnPmAsyajH8dLrsFS+HgPpSA3metEkSnOD4Zo6ng3hYUjPcXaU4EFs8P82q6T:xKK9PEkD6ng3hYUjPcX2EF7U2X2rc
MD5:	E0D75FDF5C9D7A67DCB8389158D9ABF9
SHA1:	891AD1BE82B7C82FE7D0E34D649537658CC3B0AF
SHA-256:	DD40B603CB57B21A92658540534549C8E67CBDDC22FC43E14E0F548533087441
SHA-512:	7345DC604947B8FEF6FD4DFA0512EF23385ACDDD299CCC08E527A79CA929D162D7975D3C41DE2D2F2E9014EF233A5548E906629E5D038C2CFE6190E15DE86DB7
Malicious:	false
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operator/1612774887636/operatordeferred_bin_base__en_gb.js
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var rtsinternal_,rtsinternal_aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},rtsinternal_ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},rtsinternal_ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&.c.Math==Math)return c}throw Error("Cannot find global object");},rtsinternal_da=rtsinternal_ca(this),rtsinternal_a=function(a,b){if(b)a:{var c=rtsinternal_da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&rtsinternal_ba(c,a,{configurable:!0,writable:!0,value:b})}};.rtsinternal_a("Symbol",function(a){if(a)return a;var b=function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\proxy[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	436
Entropy (8bit):	5.292067289790646
Encrypted:	false
SSDEEP:	12:hYA0HqJmqG779hLFBkAAqJmPm/esHb44Nbx4IQL:hYPcBeBvPz744NW
MD5:	4BC9A4C56DD22E715A475B1800878469
SHA1:	9A7ABE1FF3C3AAAA12577180F3B6B12512E08053
SHA-256:	D4B709195614A984E254050D7C71F3B1D645CFDB69270E5C0F1A156F5B949B03
SHA-512:	0E7C9F4DD6DA8E3E33C1141D6445CB78505A316AA0BAC2DED5CB014B194FF3E66E2139458D50383D77BC12A83CDCFBC22836E477D3274A8439A4850A0BF49C95
Malicious:	false
IE Cache URL:	https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.L7mys-cL6BM.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg%2Fm%3D__features__
Preview:	<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="uqyh1/2IIC6hKj74xWwtNg==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="uqyh1/2IIC6hKj74xWwtNg=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 40068, version 1.1
Category:	downloaded
Size (bytes):	40068
Entropy (8bit):	7.986363416256898
Encrypted:	false
SSDEEP:	768:SZjhV5AtCnIR51aT0aCfvoIypmLL5V+VQLwv0JR9D2juelmPrldaC+Qac7:S5r5KRnECf6aL5V+VQLtmk4QaC
MD5:	3ABA54A73723BD3E90CB74D603687CCD
SHA1:	2C3D597CD36CA5856587C8482557B07DD8633329
SHA-256:	A94234B7387BC4E9FA7B73DEDD34E5CC1189A28D526F4DADDECD1C9AB7B86840
SHA-512:	78F4E6514CD81CECC898D151B31B691122715D0239A47AB5D53ACA4F45FC1707DDD8464543D523E355DC1C19FF257C14DF4490D0938518D02BA35AECD72482B6
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
Preview:	wOFF..............`.........................GPOS..........<.?..GSUB...........l..ROS/2.......V...`h...cmap...l...<....T.S$cvt .......g...l...wfpgm...........a.A..gasp...............!glyf......Wm.......Nhdmx..i...(...O.....head...p...6...6..N{hhea....... ...$...Uhmtx.......x......+.loca...@...\...\y"..maxp....... ... .J..name...........,+.I.post............]/1.prep..............oNx.d..G.Q.....5.....n. ....d..d..p..o.........Q.....o..y~.....<..0 ....h..'c..d8.;.N'.....@...._.........LC.@.v......:.<.....r~.c....i..&.C.!Gt.x.jF...r....K...R}H@G.la./i.#..C./Q....pl+..\..$..o.....Hm\......Z..t.".S..-....p..W\...9..a\|IH...9..c.s,.<88dI...%&GD.4..$D$D$.w;.=..%.4N6N].R...V>..O...0q.D$.Ow.HP....7!..v..7.%#.#...;...&?a.W..\oS....P..t+T..........+.K...,.V..h.D.'t......qW......,.e1.n.......}.....G...q..b>.(........#.....#Z./?0~FZ.5...O.".d4.'..\|.ki..G...G.......Sv.w.@.qs`G@K.&.G..yk.......z.2.zB3.g....Mo.......E9..2lq...~H.B\.H..8...&..../.4.k..*6..]R.;.X..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pxiDypQkot1TnFhsFMOfGShVF9eI[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 38064, version 1.1
Category:	downloaded
Size (bytes):	38064
Entropy (8bit):	7.985282250659124
Encrypted:	false
SSDEEP:	768:FmLfShvXTNLstzb6V8QZ3+ibkkftFHdur7Lh9JVIzdMIWRirfqiW5Pm9WmX:FmzSdXOhOOA5uDzHIz3WUrPYtmX
MD5:	E7BBF7E9E89975E144CBC167F2293FDE
SHA1:	0CB43D4E0ECF79C8AF6629CA1C386EA23FA02C02
SHA-256:	A87A298223B431522629F284F2D237773F8257B2DB427904CA95EC20DFC34CDD
SHA-512:	75AD4EF05603116A2C0D16E9C7F793D47602044611F369A83A6AED4D14279809064C43B6EA3BEA28F889F3CE65199DA67CF0685819A8F0C01F5DFC0C97969A7F
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
Preview:	wOFF..............G.........................GPOS.......K..:X....GSUB............!?-.OS/2.......Y...`k..cmap...(... ....)9.8cvt ...H...g...l...wfpgm...........a.A..gasp...............!glyf......TD...$...yhdmx..c...'m..Kha`98head...h...6...6..N{hhea....... ...$...Chmtx.......^...l}..loca... ...8...8...Pmaxp...X... ... .8..name...x........ P<.post...L...\|...{#_.sprep..............oNx.d.%@E1....wVpw......]z$S...HT.L&.L.g8.M.....ib....&.......]..${..i..<..A..Y............+.... .[..x...pL.=L.]`.mv...+..x.J.1..G<.$.B&..r..5.zs.q..W..... ?./.1.i.....?...?..uk.&~.I..\YF.6...\|<!.:..Jxg.\|...0.bb..\|..=.=.=G....&!&!CB...Y"............)ij.....r.....ku.j.9q"....hs...D"._.........X.+02.{>...";>.....3.([a.'y.L.&."..2.O....*....`..L~.l}....h>x .J...V.8u<..."..Wh......FF"#.8...........=#Q.K..........!.S}...9........bv..V......W.."/....9U}.....5....g.{"..{.....Y.v...T..o..i.s.....\|V.Hs..8d..N=..lg..g.HV...E.{;W.w6...R3&.mV..Q"%.<.3tlE.i.3yB62.....>K...l....s.(.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\so[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47221
Entropy (8bit):	5.734249686883081
Encrypted:	false
SSDEEP:	768:i3U/d9SvRuOYGM0v5rknoVkhlIdrvQPFJ/N4eDlQtPvWk0:nWMfnoqhadrS1EXWk0
MD5:	D529D96CB75BAAC8126C3145092D9ED4
SHA1:	98EF8090F958A135C8CC2A29EE23C49E0FCA0805
SHA-256:	8C8E8FE3D9F84DFD9DECC18FD931E33C76452A92E2FDC4B710B842F006C871BF
SHA-512:	D2F83921D54C5A681CC4EB0F90F2B093200CB1378C53C63ED7193CA4DE9921213891A38D3F653D7832E2ACE1F82C161219AD01691EC4DDD2E016027D17B79CE6
Malicious:	false
IE Cache URL:	https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fsupport.google.com&cn=app&pid=117&spid=117&hl=en-GB
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="vEJSNUMr1OHx6EtQf2lf9Q">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"-2871960802639969141","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1612943136795360,173045647,2886380614]\n","ZwjLXe":117,"cfb2h":"boq_onegooglehttpserver_20210207.01_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333],"gGcLoe":false,"ikfjnc":["https://support.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"OneGoogleWid

C:\Users\user\AppData\Local\Temp\~DF22FB5118188845E4.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.49512988836703464
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loCa9loCK9lWCWY+9+JjYCZajaYCHn:kBqoIicpQ3n
MD5:	F8AC4DEB4F972D3EDEA7A4215C7B5A04
SHA1:	7A16A7076E8D9809044C18F01928836C1C3F8381
SHA-256:	6DE9DB981EBAC29746C4972915D8E682EF0AD64F196F360A45CE58F3400722C9
SHA-512:	1C7B94C9E29145C21D66EFA6B442F40839F29FCB0DAE0770E5F5BECBA9837BE0D756A7B86579B0B9C2749D087DBD0A763E353B211E56265350951404688B56F4
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF66EE9F86DDBD4A66.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFEFFFA862AEB14D1A.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	67530
Entropy (8bit):	1.3586486152074673
Encrypted:	false
SSDEEP:	192:kBqoxKnByQByjBygByGpByBpBy2fByMfByCByhBy/yl2yaywyFG2b2yaywyFkCPb:kBqoxKnrADf4N/xCrgGqCPHL4PyrKtW
MD5:	D8F4CF530BC2178D947BF5886D4CC26D
SHA1:	F72E0B074DF46D133418527971F24ED447540717
SHA-256:	6879DE39FAFF051445824929DD98765F16002DB8C787EB52BB79D15A16BA9ADB
SHA-512:	7BAFB3BC4F6F38FCC3A50739B514F7AD317F4CE76394AE47A472C5E020271EC6F14D755F9E78D0EA4B30D1C6C85615BDAB4855ACF580087FE610E5D9B734FCFF
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PDF document, version 1.5
Entropy (8bit):	7.981508917521468
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Doc 4.pdf
File size:	111926
MD5:	eda427284c20d9ccdab5720ad668339e
SHA1:	799c2f40e91e826b0c76dc626ca408922e0b926d
SHA256:	52622aa7ea8bb24c0ed0571e5a79f9f3b6a2845ee2108236e4ff3fd19b1ec855
SHA512:	1b01c785fc09ab3faf5d1055fe20d2ecaff8b98ebe47a25aa170f796e27722c471cc93469204baf484eec8eec9c068b9b338697d76265d901524ed789326adaa
SSDEEP:	3072:4DchAdRVvix4r690qeBBIq9arrIUY30qUQLO:/7x4lBvarogQLO
File Content Preview:	%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 14 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 7 0 R>>/

File Icon


Icon Hash:	74ecccdcd4ccccf0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.981509
Total Bytes:	111926
Stream Entropy:	7.988068
Stream Bytes:	107664
Entropy outside Streams:	5.289866
Bytes outside Streams:	4262
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	18
endobj	18
stream	7
endstream	7
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	1
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2021 08:45:34.079760075 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.079837084 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.132360935 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.132415056 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.132478952 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.132523060 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.133419037 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.133666039 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.185873032 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186559916 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186625957 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186674118 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186716080 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.186721087 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186760902 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.186779976 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186799049 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.186836004 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186862946 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.186871052 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.186894894 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.186935902 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.197077036 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.197889090 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.197932959 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.198865891 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.199378014 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.249936104 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.249984980 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.250097990 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.250133991 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.250381947 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.250746012 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251100063 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251131058 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251157999 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251173019 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.251205921 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.251575947 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251610041 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251672029 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.251673937 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.251709938 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.251796961 CET	443	49805	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.251998901 CET	49806	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.252027988 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.252568007 CET	49805	443	192.168.2.4	173.194.76.155
Feb 10, 2021 08:45:34.304681063 CET	443	49806	173.194.76.155	192.168.2.4
Feb 10, 2021 08:45:34.310504913 CET	443	49805	173.194.76.155	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 10, 2021 08:43:49.581470013 CET	63153	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:49.630595922 CET	53	63153	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:50.382018089 CET	52991	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:50.431288004 CET	53	52991	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:51.213344097 CET	53700	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:51.265319109 CET	53	53700	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:52.107158899 CET	51726	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:52.158704042 CET	53	51726	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:53.210218906 CET	56794	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:53.270457029 CET	53	56794	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:54.404601097 CET	56534	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:54.453358889 CET	53	56534	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:55.911350965 CET	56627	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:55.962919950 CET	53	56627	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:56.845441103 CET	56621	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:56.902637959 CET	53	56621	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:57.806865931 CET	63116	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:57.855475903 CET	53	63116	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:58.812386990 CET	64078	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:58.866368055 CET	53	64078	8.8.8.8	192.168.2.4
Feb 10, 2021 08:43:59.651163101 CET	64801	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:43:59.699841022 CET	53	64801	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:00.434881926 CET	61721	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:00.483447075 CET	53	61721	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:01.269715071 CET	51255	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:01.322823048 CET	53	51255	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:13.052493095 CET	61522	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:13.058897972 CET	52337	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:13.113887072 CET	53	61522	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:13.120728016 CET	53	52337	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:14.044888973 CET	52337	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:14.044996023 CET	61522	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:14.104681015 CET	53	52337	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:14.104703903 CET	53	61522	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:15.076277971 CET	61522	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:15.076391935 CET	52337	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:15.137886047 CET	53	52337	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:15.138189077 CET	53	61522	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:17.122246027 CET	61522	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:17.123300076 CET	52337	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:17.183289051 CET	53	52337	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:17.183327913 CET	53	61522	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:19.957408905 CET	55046	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:20.005980968 CET	53	55046	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:21.125056028 CET	61522	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:21.125109911 CET	52337	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:21.186633110 CET	53	61522	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:21.187294006 CET	53	52337	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:25.348634005 CET	49612	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:25.407088041 CET	53	49612	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:38.955573082 CET	49285	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:39.004317045 CET	53	49285	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:39.998605967 CET	50601	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:40.072884083 CET	53	50601	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:40.777731895 CET	60875	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:40.835000992 CET	53	60875	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:41.368630886 CET	56448	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:41.425843000 CET	53	56448	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:41.860905886 CET	59172	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:41.917989016 CET	53	59172	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:41.978111982 CET	62420	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:42.026751041 CET	53	62420	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:42.370121002 CET	60579	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:42.427638054 CET	53	60579	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:42.988183022 CET	50183	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:43.045238018 CET	53	50183	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:43.592338085 CET	61531	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:43.665174961 CET	53	61531	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:44.399903059 CET	49228	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:44.456888914 CET	53	49228	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:45.345118046 CET	59794	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:45.404105902 CET	53	59794	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:45.868438005 CET	55916	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:45.925828934 CET	53	55916	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:51.317677975 CET	52752	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:51.379769087 CET	53	52752	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:55.664402962 CET	60542	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:55.714303970 CET	53	60542	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:55.770477057 CET	60689	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:55.841455936 CET	53	60689	8.8.8.8	192.168.2.4
Feb 10, 2021 08:44:59.048469067 CET	64206	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:44:59.110060930 CET	53	64206	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:02.051981926 CET	50904	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:02.104347944 CET	57525	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:02.110485077 CET	53	50904	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:02.169871092 CET	53	57525	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:03.168628931 CET	53814	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:03.239919901 CET	53	53814	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:03.922605038 CET	53418	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:03.988132954 CET	53	53418	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:04.193806887 CET	62833	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:04.208983898 CET	59260	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:04.253544092 CET	53	62833	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:04.273885012 CET	53	59260	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:28.860722065 CET	49944	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:28.917838097 CET	53	49944	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:29.158457041 CET	63300	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:29.218210936 CET	53	63300	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:29.787389994 CET	61449	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:29.836132050 CET	53	61449	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:30.967015982 CET	51275	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:31.024497986 CET	53	51275	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:31.366203070 CET	63492	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:31.431318045 CET	53	63492	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:31.765307903 CET	58945	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:31.830127001 CET	53	58945	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:31.860147953 CET	60779	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:31.917273045 CET	53	60779	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:32.081439972 CET	64014	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:32.129818916 CET	53	64014	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:32.356831074 CET	57091	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:32.421662092 CET	53	57091	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:32.564183950 CET	55904	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:32.631210089 CET	53	55904	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:32.894296885 CET	52109	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:32.945904970 CET	53	52109	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:33.093214035 CET	64014	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:33.142038107 CET	53	64014	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:33.442655087 CET	54450	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:33.494106054 CET	53	54450	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:33.555485010 CET	49374	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:33.620534897 CET	53	49374	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:33.890806913 CET	52109	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:33.942365885 CET	53	52109	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:34.011122942 CET	50436	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:34.076519966 CET	53	50436	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:34.095288038 CET	64014	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:34.106789112 CET	62605	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:34.143928051 CET	53	64014	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:34.171397924 CET	53	62605	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:34.895261049 CET	52109	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:34.942027092 CET	54256	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:34.946810007 CET	53	52109	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:35.010236979 CET	53	54256	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:36.094722986 CET	64014	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:36.143426895 CET	53	64014	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:36.416465044 CET	52189	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:36.484215975 CET	53	52189	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:36.894186020 CET	52109	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:36.945669889 CET	53	52109	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:37.819607973 CET	56131	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:37.884674072 CET	53	56131	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:37.920465946 CET	62992	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:37.988421917 CET	53	62992	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:40.104892969 CET	64014	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:40.153713942 CET	53	64014	8.8.8.8	192.168.2.4
Feb 10, 2021 08:45:41.181725025 CET	52109	53	192.168.2.4	8.8.8.8
Feb 10, 2021 08:45:41.233268976 CET	53	52109	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 10, 2021 08:45:34.011122942 CET	192.168.2.4	8.8.8.8	0x68d1	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 10, 2021 08:45:34.076519966 CET	8.8.8.8	192.168.2.4	0x68d1	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Feb 10, 2021 08:45:34.076519966 CET	8.8.8.8	192.168.2.4	0x68d1	No error (0)	stats.l.doubleclick.net		173.194.76.155	A (IP address)	IN (0x0001)
Feb 10, 2021 08:45:34.076519966 CET	8.8.8.8	192.168.2.4	0x68d1	No error (0)	stats.l.doubleclick.net		173.194.76.157	A (IP address)	IN (0x0001)
Feb 10, 2021 08:45:34.076519966 CET	8.8.8.8	192.168.2.4	0x68d1	No error (0)	stats.l.doubleclick.net		173.194.76.154	A (IP address)	IN (0x0001)
Feb 10, 2021 08:45:34.076519966 CET	8.8.8.8	192.168.2.4	0x68d1	No error (0)	stats.l.doubleclick.net		173.194.76.156	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 10, 2021 08:45:34.186674118 CET	173.194.76.155	443	192.168.2.4	49805	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 19 08:57:05 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Apr 13 09:57:04 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 10, 2021 08:45:34.186674118 CET	173.194.76.155	443	192.168.2.4	49805	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 10, 2021 08:45:34.186836004 CET	173.194.76.155	443	192.168.2.4	49806	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Jan 19 08:57:05 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue Apr 13 09:57:04 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 10, 2021 08:45:34.186836004 CET	173.194.76.155	443	192.168.2.4	49806	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exe PID: 6108 Parent PID: 5952

General

Start time:	08:43:55
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Doc 4.pdf'
Imagebase:	0xf40000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: AcroRd32.exe PID: 5632 Parent PID: 6108

General

Start time:	08:43:56
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Doc 4.pdf'
Imagebase:	0xf40000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6300 Parent PID: 6108

General

Start time:	08:44:03
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0x1120000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6520 Parent PID: 6300

General

Start time:	08:44:05
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=423575862015348718 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=423575862015348718 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x1120000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6640 Parent PID: 6300

General

Start time:	08:44:07
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1206426949822889881 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0x1120000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 6852 Parent PID: 6300

General

Start time:	08:44:10
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2497566699547521627 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2497566699547521627 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x1120000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RdrCEF.exe PID: 7036 Parent PID: 6300

General

Start time:	08:44:14
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1728,3584952680276048467,6224213320872237424,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=2002958810221507696 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2002958810221507696 --renderer-client-id=5 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x1120000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: iexplore.exe PID: 5504 Parent PID: 6108

General

Start time:	08:45:01
Start date:	10/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://docs.google.com/forms/d/e/1FAIpQLScDDmh7LUn_PjdRnt26ioIKrJIuCuLzy77PIOe6_tK9ZNSI3g/viewform
Imagebase:	0x7ff7db6d0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5996 Parent PID: 5504

General

Start time:	08:45:01
Start date:	10/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5504 CREDAT:17410 /prefetch:2
Imagebase:	0x1260000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: AcroRd32.exe PID: 5632 Parent PID: 6108 AcroRd32.exeCOMMON

Execution Graph

Execution Coverage:	13.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00A20490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2049A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction ID: dc75ffabba8814b48a17d033f0984fb2a9035d733e297edd9a57b3a039a1f517
Opcode Fuzzy Hash: 7830058f739be9e807bb2883cc68450b3d0ad54f260b5cc72515f8eef6f4d6c7
Instruction Fuzzy Hash: 219002B235100412D10061998404706010557D0252F75C416E4915A59DCA95887176B1

Uniqueness

Uniqueness Score: -1.00%

Function 00A20003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2001A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3d620d0a1973733c9faabd85299fb14751ec466898eb0cf486dca02a801ef7de
Instruction ID: f258d105d31166d877e586cd74b49de368476bdc23af8af76cecff926c809e5b
Opcode Fuzzy Hash: 3d620d0a1973733c9faabd85299fb14751ec466898eb0cf486dca02a801ef7de
Instruction Fuzzy Hash: 1BC04C9655E7D14FD30353311CBA9D33F605AA315276E81DBD4C08B4A7D508056BA3B3

Uniqueness

Uniqueness Score: -1.00%

Function 00A20310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2031A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction ID: 1f14c0301f252ee66b21e6df110de22638a0819805648e23fc3ebb19975f718c
Opcode Fuzzy Hash: 6b0e49e62aaf32367c18b4e18acef3a91b20ead87f034af1d8f4553fc4695e7e
Instruction Fuzzy Hash: E69002F239100452D10061598414B06010597E1352F75C019E5455A55D8A59CC7272A6

Uniqueness

Uniqueness Score: -1.00%

Function 00A20110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2011A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction ID: 3ed44c08c7666d614783edf70731b5aa79830fd7454534b98d3d50788e5b021e
Opcode Fuzzy Hash: 6cef22ba8517f1445852656ce91cddb37d02ff9edd3d0212ab3176af27751966
Instruction Fuzzy Hash: 4F9002B235504452D10065599408A06010557D0256F75D015A5455A96DCA758871B2B1

Uniqueness

Uniqueness Score: -1.00%

Function 00A20790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2079A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction ID: 26e3dea896c42bfeab0cdb761e74b6aa3cf7b4b4d0381474557ec5c156c2cf89
Opcode Fuzzy Hash: 2d3a4181f50a67ea5cbb07d62e5bf5e7c573b085f94f822ecb3ee7b96b0b511f
Instruction Fuzzy Hash: 229002B235100013D140715994186064105A7E1352F75D015E4805A55CDD55887673A2

Uniqueness

Uniqueness Score: -1.00%

Function 00A206D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A206DA

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction ID: 465a09edf5ea60179b39aad8b90334e8123a842b8562880c9d388c0f1d36c1dc
Opcode Fuzzy Hash: 453c836ac7315fdc7ddca8c049f84ca66f2b46638ecaa7f34f4eb2f5d5457aa9
Instruction Fuzzy Hash: 169002B235100412D10065999408646010557E0352F75D015A9415A56ECAA588B172B1

Uniqueness

Uniqueness Score: -1.00%

Function 00A202D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A202DA

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction ID: 30cb670778274678d56fcf8907a14621337dca94910be3f64a19c8659533bc21
Opcode Fuzzy Hash: 609d4ec934d80820c17be95c5a1f34e2b9cceb86d86d921df8e00783b05bcfd2
Instruction Fuzzy Hash: 289002B236114412D1106159C404706010557D1252F75C415A4C15A59D8AD588B172A2

Uniqueness

Uniqueness Score: -1.00%

Function 00A201D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A201DA

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction ID: 9918b74e632fcd3d1b31f7d3a03c2f1573884ea35a078b67e3b3a8884a0b532e
Opcode Fuzzy Hash: 7ad0004db5e6ea1a72979f14435f062ba1d59ce6376b1a9cd5b730a42e7990b0
Instruction Fuzzy Hash: 069002B235100852D10061598404B46010557E0352F75C01AA4515B55D8A55C87176A1

Uniqueness

Uniqueness Score: -1.00%

Function 00A20050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2005A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction ID: 6c55b338d32cd10ece8d0e6d1269f09b0cb56311f4a20d98312035b5480b70a4
Opcode Fuzzy Hash: da6a0286f3ec37af36a24133cbb002be7764f9b8ca21499af6c6f0d1f9c08588
Instruction Fuzzy Hash: B49002B275500412D14171598454706011957D0292FB5C016A4415A55D8A958B76B7E1

Uniqueness

Uniqueness Score: -1.00%

Function 00A20350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2035A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction ID: 1d28f8cc84da3763fe6bb75591b49d450728c1d969056bb61d4c38dfde1b1205
Opcode Fuzzy Hash: 0a982526819cb8d6284cbb06124953424569db33ba066e32f1fdfe41716d9d1a
Instruction Fuzzy Hash: 279002F235504092D11162598404F0A420957E0296FB5C01AA4445A95C89658972F2A1

Uniqueness

Uniqueness Score: -1.00%

Function 00A20750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00A2075A

Memory Dump Source

Source File: 00000001.00000002.818544881.0000000000A20000.00000020.00000001.sdmp, Offset: 00A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_a20000_AcroRd32.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction ID: 7258feafc68531a7033f7131bf19b585ad54808ba7a20bc2043926cd6484e6ef
Opcode Fuzzy Hash: 9d9adaa82d18c7334ffd2c0d2a3b804777be0b53c66a7559b373ee51635b09a0
Instruction Fuzzy Hash: F89002BA36300012D1807159940860A010557D1253FB5D419A4406A59CCD55887973A1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to elicit sensitive information and/or gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments.
Tactics:	Initial Access
Data Sources:	DNS records, Detonation chamber, Email gateway, Mail server, Packet capture, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Doc 4.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 6108 Parent PID: 5952

General

Analysis Process: AcroRd32.exe PID: 5632 Parent PID: 6108

General

Analysis Process: RdrCEF.exe PID: 6300 Parent PID: 6108

General

Analysis Process: RdrCEF.exe PID: 6520 Parent PID: 6300

Function 00A20490, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20003, Relevance: 1.5, APIs: 1, Instructions: 11
libraryCOMMON

Function 00A20310, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20110, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20790, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A206D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A202D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A201D0, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20050, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20350, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Function 00A20750, Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON