Play interactive tour

Edit tour

Analysis Report http://cvlga-in-authet.ml/?login=do

Overview

General Information

Sample URL:	http://cvlga-in-authet.ml/?login=do
Analysis ID:	396819
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Found iframes

HTML body contains low number of good links

HTML title does not match URL

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Startup

System is w10x64

iexplore.exe (PID: 1644 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6020 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1644 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\R29GXBMD.htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: http://cvlga-in-authet.ml/?login=do

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 980108.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\R29GXBMD.htm, type: DROPPED

Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Iframe src: Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Iframe src: Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm

Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: Number of links: 0
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: Number of links: 0
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: Number of links: 0
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: Number of links: 0
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Number of links: 0
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Number of links: 0

Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Title: Sign in - Adobe ID does not match URL
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Title: Sign in - Adobe ID does not match URL

Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: HTML title missing
Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: HTML title missing

Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Has password / email / username input fields
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Has password / email / username input fields

Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Form action: pic.php
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: Form action: pic.php

Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="author".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="author".. found
Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: No <meta name="author".. found
Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: No <meta name="author".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: No <meta name="author".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: No <meta name="author".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login?idp_flow_type=login&client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="author".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login?idp_flow_type=login&client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="author".. found
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: No <meta name="author".. found
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: No <meta name="author".. found

Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="copyright".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="copyright".. found
Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: No <meta name="copyright".. found
Source: https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html	HTTP Parser: No <meta name="copyright".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: No <meta name="copyright".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2	HTTP Parser: No <meta name="copyright".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login?idp_flow_type=login&client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="copyright".. found
Source: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login?idp_flow_type=login&client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims	HTTP Parser: No <meta name="copyright".. found
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: No <meta name="copyright".. found
Source: http://cvlga-in-authet.ml/?login=do	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 54.73.76.208:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.73.76.208:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.202.205.86:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.202.205.86:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.212.164.82:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.212.164.82:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.4:49776 version: TLS 1.2

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 23 Apr 2021 18:18:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveVary: Accept-EncodingContent-Encoding: gzipAccept-Ranges: noneContent-Length: 10109Keep-Alive: timeout=5, max=75Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 72 ff 72 1c 37 92 e6 df 56 84 de 01 53 33 b4 e4 0b 55 37 c9 96 28 99 ea a6 82 16 c5 3d c6 7a 6c 9f 69 ad 66 76 62 a2 02 05 64 57 a5 89 02 60 00 d5 4d 6a 63 23 ee 69 ee c1 ee 49 2e 81 aa ea 5f 6a d2 d2 ec ec b5 e5 22 f2 d7 97 99 5f 7e d3 3f 5c fc f8 f6 97 bf fe f4 8e d5 a1 51 67 8f 1f 3d 7e 34 8d 2f 26 79 e0 b9 55 5c 40 6d 94 04 97 cf 8d 68 fd 2c 9b 73 e5 21 63 42 71 4f 56 d6 e7 f1 0a 34 6f 60 96 29 53 a1 ce 98 e2 ba 9a 65 a0 b3 b3 e9 1f f2 7c fa 87 bf 81 96 38 ff 7b 9e 9f 4d 6b e0 92 fa b0 fe 37 6d 20 70 6a 1e 6c 0e bf b5 b8 98 65 7f c9 df 9f e7 6f 4d 63 79 c0 52 c5 5e 46 07 d0 61 96 5d bd 9b 81 ac 20 fb a4 bc eb fd f3 8f df fd f8 cb f5 46 fe 0f 3f 5e fd 70 f1 ee 2f cf d8 0f 3f 5e fe f8 fd f7 3f 7e b8 af b2 f1 4b 28 25 72 9a 3e d7 b0 5c a2 96 66 d9 3a b5 81 f5 3f 3e ad dd 1c fa 6d 97 97 ff 72 67 37 27 0e 70 1b c6 91 cf d7 4c d4 dc 79 08 b3 f7 bf 5c e6 af 22 d8 57 5f 6d 0f e1 4c 69 82 df 28 d6 86 e6 80 db 98 bb 99 57 19 53 29 a0 dc 2f 48 8d 5b fd 7f 83 f6 1a ad 85 90 08 fb c7 ee b3 87 5f 2e 6a c8 23 cb ce a8 ad 6e b9 0f c6 c1 3f 54 29 62 e8 cb 2b ad c3 05 0f 0f 14 fe e4 78 d5 f0 7b 7a 7d f5 d5 57 53 2f 1c da c0 bc 13 b3 27 bf fa f1 af bf b5 e0 ee f2 e3 d1 f1 68 32 6a 50 8f 7e f5 4f ce a6 e3 2e eb 8c 31 2a 62 43 4d 20 81 f5 ba fa 95 2f 78 e7 8d b8 7f 7a 2a 8d 68 1b ea f7 cd c8 01 97 77 4f e7 ad 16 01 8d 7e fa 0d fb 8f 38 ea 82 3b 36 37 ae 61 33 f6 a7 a7 4f fe c8 3f f2 27 df bc 66 e3 71 9a 93 8b 90 82 43 a2 6f cb 06 43 9f 0a cb 36 a6 c6 dc de 5f b6 21 18 3d 24 73 05 ae cf 1d a5 f7 6d 8f dc 05 24 2e 22 36 f3 b5 59 f6 ae 06 bc e7 15 0c 00 ca 70 09 ae 47 e8 0c 42 78 fc 28 c6 09 26 4d dd 77 86 05 ad 18 fd d1 39 a2 ed 9e 74 81 27 cf d8 6a 61 e8 37 66 0c 46 d6 a5 8a 0b 98 f3 56 85 a7 dd 5c bd 93 c9 ce bb d9 80 ea c6 e3 84 cd 49 c5 5a 3e 7d 32 47 05 84 1e 89 c0 a6 ba d2 f6 c9 37 7f 3b fc fb 28 ba 3d 3d e2 9c 03 b5 17 9c a4 30 63 1a 96 ec b2 37 9f fe e9 69 a8 d1 7f d3 67 c6 a1 fe 34 e2 bf f2 db a7 fd 88 8c b5 4e 9d b2 27 16 c5 c8 d6 96 3a 0d 1b f3 b4 4d 0c 0f 99 f1 fa 94 fa d3 8f d7 bf 6c e4 f5 cc 90 0e 6b 23 59 05 61 6c 8d 0f 7d 0d 25 49 1a e3 97 ae b2 0e 8d ea 2a 1d 89 15 7c 27 28 16 dd e3 5f bd d1 e3 db 46 6d 17 9e 76 44 7b 70 c8 15 7e 84 a7 df a4 f2 95 dd 8d 10 33 93 4e fb df ba 32 72 f0 2c 45 b8 bf d3 82 9c 5c 79 78 36 6c c4 04 17 35 7c ea 25 49 d2 81 ba a9 77 62 40 57 ee b6 69 e8 76 68 b9 0b e9 60 79 6c fa 64 9d 67 9d 11 24 b3 8b 6e 94 1e 83 e6 e8 3f 5d 52 09 54 0a d7 74 e8 d3 b5 7e 56 f2 89 bf 24 d8 d1 9c 34 f9 63 1b f5 43 e5 5f 75 12 4d ce 2b dd fb fe f4 34 fb a3 d1 90 7d b3 93 1b fd 61 69 76 fc 3d 78 64 32 5d 6f 14 4f f0 f4 c9 f7 04 8c ba 1a 8d 46 4f 3a a5 8a 9a eb 0a 86 13 97 6d 08 a4 88 00 b7 c3 79 d9 7f ae 16 f6 ad 88 fb 6e ec
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 23 Apr 2021 18:18:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Fri, 28 Jun 2019 12:16:40 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 16010Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 b2 8b 72 db c6 b6 2d fa 2b d8 76 b9 4a da 56 53 e0 4b 92 81 72 2a f2 33 7e 25 b1 9d 95 2c c7 db b5 aa 81 9e 00 da 6c 74 23 dd 0d 3e c4 e2 ae f3 2d f7 d3 ee 97 dc d9 00 48 81 24 28 c9 49 d6 39 a7 f6 35 12 0a 98 8f 31 c7 1c 73 7c 1f 67 54 1b b0 de bd d2 26 e4 e2 5e d8 8b 4a 6b 95 ec e5 8a 91 84 c6 10 29 35 09 22 48 94 86 93 76 2e 55 2a 15 b0 c9 c4 b4 30 42 c5 13 a2 a4 57 7d 10 2e 19 8f a9 55 9a f0 3c c5 82 0c e2 89 54 16 6b 79 ac e4 06 1b 3f 59 41 12 a1 66 44 a8 54 61 31 4d b1 a6 a0 c6 cc 94 66 44 c3 14 a8 00 dd 53 49 e2 ed 87 6b f0 8e 6a 79 87 e2 52 80 21 82 1b 4b b8 85 fc 33 a3 96 92 29 15 1c 5f 38 52 34 96 da d2 3c b6 ba 84 2f 9b 45 77 bb dd ce 0d 67 53 68 c4 79 aa f2 5c c9 93 1b 64 3c a4 e2 32 a2 f1 24 d5 aa 94 ac 86 0c 4a 2d 8e 7a bd 53 a4 7d 5a 83 f7 0a 99 1e 87 ad 3a 0d 05 50 1b 48 d5 bc b5 73 86 5f 41 d0 1f 8d 8a b9 d7 1f 9e 17 f3 55 cf 4c 53 ef c6 03 ef 16 ec 5c b9 4a df 7a ea ba ea fa de d5 f7 ce d1 eb 58 d7 e5 ab cc b7 9d ff 50 cb 61 0f ec 74 fc 19 23 74 42 b4 dd e0 f2 5b 96 a8 42 b7 a9 ff 57 cc 81 fd c7 ab 5e 2c 80 ea 84 cf 03 9a 58 d0 cb ea 33 88 94 cd 42 3c 81 05 69 83 7b f7 42 c6 4d 21 e8 22 b0 34 12 b0 aa c6 65 9c 31 90 cb 75 46 2a 89 89 17 02 e6 1c 4b c8 53 ec a5 5c 22 e0 56 6b 58 fd 12 fc 56 a5 0d 70 2a b0 70 c6 99 cd 82 be ef 3f e8 ea af 57 e7 42 fc 00 3c cd ec 32 ab fe ec 96 7f 50 b3 ed 41 44 ab d9 76 be d6 08 c3 07 20 9e e2 aa a0 9f d6 3b ef 80 c5 20 44 38 05 6d d1 b7 82 e0 a5 53 19 e4 b8 bf d8 5e 59 94 b9 ec ea 2c 28 63 5c a6 44 40 82 63 07 c5 7c f5 7d 0e 8c 53 4f 49 b1 f0 4c ac 01 a4 47 25 f3 8e 72 3a 27 b5 1e a3 0b bf 98 1f 2f f7 e0 b7 b0 2e 10 6a 8f 01 ca aa d1 9a 71 c6 05 db 2e f7 f7 6a af 45 69 5d e1 73 2c d0 a7 ff f9 38 d5 9c fd eb cb 32 11 8a da c0 01 6c 16 d1 95 80 67 38 7d bb 36 c0 0f 4b 54 42 ec a2 80 a6 b1 aa dd e9 f4 6f ea 6b f8 6f a3 54 f6 da 6e 7a b8 c3 73 6b 55 c7 ad e7 12 f1 da 48 df e2 ef 0a b1 df 68 32 18 3f 58 47 86 4d 68 38 ec 0d f1 df 3a 3e 68 c2 63 7f 1d 59 17 9e 6f 7a 47 6d 85 ef 7c fe 03 2b d6 2a 8e 6e d1 ff 66 cd 6f 94 6f 54 19 ab ca c4 28 11 ea 76 7d 86 30 a7 3a e5 32 f0 3d 5a 5a b5 be ac 33 57 b5 55 05 b0 dc 11 f4 3a 43 aa d7 ed 3c 89 41 88 70 0a da f2 98 0a 42 05 4f 65 60 55 b1 df 57 f9 b5 66 44 a6 cb 9d 8e 9c 33 b6 33 ac 39 71 d7 b8 ad 7d fb e8 97 db 08 34 58 7f 92 42 d5 66 0a 1a 03 31 39 15 02 25 dd 62 70 e1 0c bb df f6 5d 4f ab 59 90 70 8d 77 8d 33 2e d8 b2 56 9f 20 3b 94 fc 7b 32 83 68 c2 2d 99 c0 22 d1 34 07 e3 d1 a5 ff 60 a9 70 10 b7 0b ac b0 6a f3 d1 5f ad be bf 63 5d 2f a1 0c 5e c9 e5 1a 9e 4a 9e 53 cb 95 0c a8 d7 37 e1 f6 e7 aa c7 91 ed 46 63 2e 05 97 40 22 a1 e2 49 9d 22 54 e3 16 b5 31 22 1a 4f 52 ad 4a c9 08 62 a4 10 94 5a 1c f5 7a a7 3c 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 23 Apr 2021 18:18:50 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Fri, 28 Jun 2019 12:16:40 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 8235Keep-Alive: timeout=5, max=75Content-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 6b 73 db 38 96 fd ae 5f 81 9d 54 d7 3a 6e 41 22 f5 88 6d e6 cb a4 33 93 9a 54 4d ef 74 4d d2 d5 fb 15 24 20 09 63 10 60 03 a0 1e 71 e9 bf ef 05 48 4a 94 45 49 94 2c a7 7b 6d 11 12 2f ee e3 dc 73 4e 8f d0 f8 67 33 fd 28 38 93 f6 37 4d b2 8c 69 f4 06 82 29 04 95 b4 84 4b 08 dc 76 51 af 5d 62 14 b3 89 d2 ac 7d 3e 99 58 f8 7e ea 20 14 ab 25 36 fc 1b 97 d3 08 7e 6b ca 34 86 d0 fb ce ba d3 ae 57 4f e5 76 41 34 fd 20 79 4a 2c f3 3d ad 26 d2 70 cb 95 8c 90 ca 48 c2 ed 0a 0d 83 20 35 ef e1 92 f8 44 b8 c3 92 a4 0c 12 8a fa 54 cd d9 ee 35 cd 35 29 7a 34 d4 5a 9e 02 64 3c c9 65 52 e4 24 79 cc 13 1c b3 6f 9c e9 9b a0 8b dc a7 37 ea a2 f0 ad 2b c4 0b 16 3f 72 8b 8f 22 ab 92 4e 20 dc 4f 6b 40 ba 9f 74 2e e2 54 7d 3b 01 d7 65 9c c2 ba 9b d3 04 74 37 e3 2c 94 eb ce 5f 1f d9 6a a2 61 b2 a9 4f f6 26 08 7e f0 5f a5 1b c0 9e 69 84 4c 42 04 bb 09 7a f7 43 bf 23 aa 96 8a 50 e0 de d7 f0 84 c1 e1 c2 f0 79 55 58 54 01 8e 8a ef 3f 0d 1e 47 eb 9f 04 4c 8f d0 f8 67 33 fd 28 38 93 f6 37 4d b2 8c 69 f4 06 82 29 04 95 b4 84 4b 08 f4 ca 80 25 7e 02 e5 26 13 04 da 48 25 bd 95 92 5c 1b a5 23 94 29 2e 2d d3 75 93 c7 4a 53 a6 b1 26 94 e7 26 42 ef 82 6c b9 b1 d6 81 bb 43 61 92 3c 4e b5 ca 25 c5 89 12 6e dc 9b 4f 9f 3e 6d 0b 22 34 c8 96 c8 28 c1 29 7a 33 0e dc ff 2e 90 25 36 33 42 d5 02 48 f3 a9 23 78 f4 34 26 95 75 9d 7b c3 f1 db 1a bc 33 2a ce 4a ce 08 a5 5c 4e 4b f5 16 9c da d9 76 cf 19 e3 d3 99 dd be a7 44 4f b9 74 5d 49 6e 95 8b 58 b6 b4 98 08 3e 85 68 c2 2a c6 7d 94 b2 44 69 62 b9 92 5b 75 26 a0 23 36 fc 1b 03 86 ca 9e 15 81 c3 d1 e8 61 ec 93 e6 4c 5b 0e 66 a9 fa a6 9c 52 e1 6f c0 9f 02 5c b0 ed 57 13 82 a7 64 0a 37 b9 16 37 c4 18 66 4d 3f b1 a4 67 e6 d3 b7 cf 12 cb f1 a3 3d 29 35 cb 18 b1 ae 79 f9 f3 d9 7d a6 0c 77 eb e0 65 7d d7 a6 04 67 eb fb a2 bf 82 6d 26 c2 49 31 e7 86 c7 c5 1e 55 62 84 26 7c c9 a8 0b 7d c3 5c 52 06 9d 1f b6 7f 2e de bf 45 56 73 22 a7 82 a1 a9 66 4c 76 a1 46 1b db 45 31 83 b6 e8 b6 ff 2c 69 31 e3 96 75 91 92 c8 aa cc 5d af 3b 3d 42 e3 9f cd f4 a3 e0 80 fa 37 4d b2 8c 69 f4 06 82 29 04 41 11 02 9c 6a d4 2b 03 96 54 3f b1 55 4a 58 9e a1 27 98 41 b9 c9 04 59 6d b9 df 2e 41 62 b0 7a 6e 59 cd 4f 50 9a 01 c9 bd 71 c1 42 15 8d 95 b5 2a 6d b8 10 6c 02 cc 0f 77 83 ba 70 5f 19 ad 79 27 1c 3c f3 a3 7b 71 ce c0 95 63 c3 b2 7f ac 34 65 60 2f 28 40 00 92 53 f4 e6 ee 9d fb af 5b 6f 32 99 ec 2a 19 d5 b3 52 b2 c4 0b 4e ed cc 79 36 a8 da 16 7b dc 95 ef 29 97 55 ce 7d 19 2a c1 e3 0a 2b 5e b0 f8 91 5b 5c 20 c2 9a 50 9e 9b 08 95 36 c4 a9 fa 76 e0 aa 29 fa 72 4d a3 28 66 13 a5 99 d7 36 81 02 68 13 a1 bf fc e5 b0 b2 d5 ce f8 dd ce 82 c3 12 66 b5 fe 0e e8 32 08 29 fe 09 6a 57 c6 ae 04 48 e9 45 a9 85 2b 4d 0a fe c1 d6 44 9a 8c 68
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 23 Apr 2021 18:18:51 GMTServer: ApacheLast-Modified: Fri, 28 Jun 2019 12:16:40 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 10734Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 92 6d 93 a3 38 b6 e7 df 4f c4 7c 87 da 7a 33 f7 a1 b3 4b 02 e3 4a cf ed ee d8 c4 20 48 6c e4 44 e8 01 74 ef 46 07 20 2a 31 08 4c da a4 8d d9 d8 ef be e4 c3 54 f7 6c cf de 3b d3 11 fb a6 d6 19 c9 e1 1c 89 a3 a3 df ff ff c3 7f 73 76 6b 9a 3e b8 1f aa a1 d5 3f fd f1 0f 3f bc c4 0f 6a 7f fc f1 a3 1e 8e 1f 3f e8 ac 7b fc f1 63 d9 7d fc e9 87 aa cc d4 4f 3f b4 e5 90 cd 9b 87 fe a6 7c 7a de 9f 7f fc b8 3e 74 43 d9 0d 37 f4 da 97 1f 3f 14 6f d9 8f 1f 87 72 1c 3e bd 34 fb b7 0f 45 95 1d 4f e5 f0 23 a3 e8 e6 f6 e3 cb 21 bf 69 92 dc b0 bb 9b f5 a1 ed b3 61 9f eb 5f f7 b9 77 7f 2c d5 63 f9 fa d9 69 b8 ea f2 c3 30 1f f4 de bf 38 9d 5e 16 3e fd cb 87 e2 7a dc 6b bd 2f 6e e6 f2 87 7f f9 f4 c7 3f fc f7 2f 73 87 9b 2f 59 51 7e f8 9f 7f fc c3 87 0f ef 69 bb d7 d7 3f 7f f8 13 39 e4 87 e1 f0 a7 7f fb ba f2 da fa cf 1f ba c3 b1 cd f4 2f e5 4b b9 7f ac 86 3f 7f 58 00 f0 5a 3c 1d 8b 3f 7f d0 87 22 d3 ff f4 de e3 03 29 1f 9f 75 76 fc d3 3f 7f f7 d7 0b 37 bf 5a 78 3e ea 7f fa f4 e9 a5 e3 e9 fb c7 d3 30 5f b2 f8 be 38 b4 9f 4e 9f 8e af 7b 3f 9d e1 ed a7 0d da b5 eb ee c9 7d 5e 19 e8 08 c3 e7 cf c6 b8 d9 4d e9 f7 97 c3 97 2f c6 3f cf f3 cc a3 0d ff f4 a7 d7 f4 4f ff fc 3a ce 73 b7 2f 0e aa bc 39 ce 2a cd d3 b3 7f 05 8b 25 b8 01 96 81 be 9b 13 b8 be 05 37 f3 e3 f6 25 31 80 bd 78 8d 8e 0b 6e 0c 07 bd ee b8 5b 2e c0 cd dd 72 f5 9a 20 d7 70 6f e6 07 9a 5b ff af bf 82 fa 8d 00 b5 da df 03 14 cc 40 17 d6 2b 21 b0 58 bd 24 2b f8 96 d8 2f 89 fd 9a 18 10 2e bf 62 7b 3c 96 65 f3 2d 19 f1 77 70 83 68 e6 06 11 42 7f 4d e5 1b 21 b2 10 bf c3 49 e6 e7 d9 2f e6 af 88 9c f7 e5 d0 65 6d 79 2a bf 11 2c 9f 7f 0f 16 08 8c 9b f9 61 7e f7 9a c0 99 11 84 f0 25 81 ee dd 6c 21 17 ad 5e 12 03 dc d9 5f c1 e9 79 9c ee a6 1c 87 6f 85 9b f7 bb b8 cd a8 8c 05 7a e5 66 58 ab 37 64 e0 15 19 7a 43 66 80 77 74 e0 e6 85 df 7b e2 cc c9 fa 6d 07 84 af d8 8d f5 72 de b1 fe fc 5a bc fb 6c 80 9b bb cf bf f2 e9 2b ee 6f 04 f5 a2 1d 37 ff 18 67 f0 c2 19 bc 21 05 d0 84 6f d1 7a 31 ad f5 66 5a c3 b6 67 25 ec f5 5b b2 5e be 45 e7 ee 3d ae df b8 83 17 11 96 ef ca 7c 5e bc 8b f1 b6 08 0d e3 2d ae e0 7b 7c d3 65 5e 78 8f d6 4b 44 ef ca 22 84 9c af ea 14 d7 e3 5e eb 7d 71 53 8e c3 ff 03 91 ac ff bb 48 61 a9 f6 cf ed 6f 35 fa a5 fe f7 4a a4 7f 25 51 eb b2 d5 97 35 29 16 ee e9 ee 1f 53 6a 31 bb 18 58 c6 2b 22 b8 be 05 37 f3 e3 f6 8d b3 fd c6 db 71 67 11 9c 37 88 77 cb c5 ec f3 e5 ea 8d a8 6b b8 37 f3 03 fd 06 eb 37 83 f4 ce fe 3d 48 67 d7 82 85 f5 ca 08 2c 56 2f c9 9b 45 c1 c2 7e 49 ec 77 bf c2 e5 57 70 8f c7 b2 6c be 2d 33 fe 0e 72 10 cd e4 20 42 e8 af b9 7c 33 4c ec f1 77 b8 c9 fc 3c 7b c6 fc 15 93 f3 be 1c ba ac 2d 4f e5 37 03 66 fd 7b c0 40 60 dc cc 0f f3 bb d7 04 ce 94 20 84 2f 09 74 ef 66 1b b9
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 23 Apr 2021 18:18:51 GMTServer: ApacheLast-Modified: Fri, 28 Jun 2019 12:16:40 GMTAccept-Ranges: noneVary: Accept-EncodingContent-Encoding: gzipContent-Length: 5567Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6b 77 da c8 b2 fd 2b 98 95 e1 76 1d 15 8a 24 1e 36 16 8d 57 46 51 32 f1 38 b2 35 c1 93 38 8a 72 97 0c 6d c3 04 81 46 08 33 1e d0 7f bf d5 2d f1 b2 9d f3 e9 26 cb a8 bb aa ba 6a d7 de fb f5 7f 2a 6f a6 d9 b8 3e 4f a2 58 af 7c 8e a6 59 25 9b 55 e6 d1 63 65 24 26 93 d9 59 c5 99 4d b3 68 90 55 d8 6d 34 17 ed 26 54 6e e2 8e f1 b5 f1 e7 68 10 fb d9 8d d5 59 0c df bf fb 6b e8 fe 3a bd b5 3a d3 db f7 d7 0b 8a 65 95 ff bc ae bc 5b 4c 07 d9 78 36 65 ff f3 10 a5 95 3f f9 2a c7 7f e5 8f 7f ce ef 36 a9 18 5d f4 d1 41 0f 56 77 b3 94 31 16 eb ef f8 5d 34 99 0b 74 78 10 22 dd c7 e5 3d d6 bf 70 ba be df 3d 8e b0 8f 09 0a 5c e2 35 ac 52 91 2d d2 29 bb e6 6c c9 99 d8 15 6d 32 15 11 24 fa ef 1a 5b d2 e7 d7 90 73 de 87 fa d1 b5 ba 84 39 26 3c 1b 8d e7 f8 c2 2b 06 39 60 a2 df 01 2e 81 aa af c2 5d eb 8f b0 92 4d bd 90 7f cc 71 a9 92 2c 02 8c f8 32 47 03 d0 e3 06 c6 a0 ff c1 1f 66 e3 61 85 ce fa a4 88 7c de 45 3e 3c d9 66 3b 37 79 61 83 28 c7 fe 0b e1 84 20 62 3f 90 0b 1c c0 13 b0 8a b8 a0 54 2e 87 0e b8 d5 a2 81 11 b1 6a 9b d6 49 cf b3 3d 4d 03 27 20 f4 9f b2 74 3c bd d7 ef d2 59 ec 8c a2 d4 99 0d 05 f3 c0 66 57 24 cf de 8f fa 35 cd 96 bc aa 73 fb 64 2f dd 3a 96 62 c5 bc a8 6a 35 ca 94 27 35 fb fc 91 ef 0a db a6 2c fc f7 86 b3 a2 4b a7 ec d2 31 ca 11 9b 9f 27 f3 cd f6 71 79 68 e0 d3 d4 26 d1 29 0f 56 7b 73 30 9f d6 aa 9f 93 ce fe 6b ab f5 34 df 2c 23 26 81 0a d4 c9 32 8d 43 4c 1d 4b ae f1 9b 34 69 ac bf 92 1f 03 00 3b 0d 90 d2 c7 80 ad 0e 5a 46 f3 04 f0 a9 c0 77 74 30 b1 05 eb 35 eb f3 48 bf 65 64 af f2 7b 45 a9 04 f7 05 dc b8 f0 21 9a d0 35 67 91 7e c9 fa 40 ff 72 1a 66 b6 69 94 81 46 f8 74 08 0a 5c e2 35 92 3f c7 77 8c 09 ce 12 fe 86 6d a7 45 f4 b4 5a a5 af fe 0a 02 cb e8 84 70 37 4b d9 92 cb de 74 05 bc 26 9b 7e e4 4b 7d 22 a6 f7 d9 c8 4e ea 75 1b ae 39 bb d6 de 90 bd e1 97 8f 28 34 ee 04 cb e0 3a 0c 6d 31 99 8b 8a 7c 5f 94 a9 8c 1a 13 da 57 0a 8c 28 a0 76 5a 8a 98 e3 ce 4b 58 61 25 6b 09 42 81 75 87 54 fe ca cf 25 2b 8e 87 e7 44 41 4e 00 fb 80 13 45 9d ec 45 f3 f0 1f d6 94 05 66 b3 79 38 ee 09 fb 0b da 47 91 de d7 ff a4 bf b7 7a 94 24 93 47 d6 d7 1d ba 5d 28 96 f7 9e c3 ea 77 f9 b8 dc c7 02 b4 4e a8 bd 65 b6 9f ce e8 f3 1d 4a 1c a9 18 35 32 5b 1d 45 41 10 c2 73 0e 60 f5 cc 0c 62 2b 97 d2 3c 28 76 0d 55 ef 82 d4 c2 97 d6 33 87 29 32 f7 69 84 a2 b1 94 5d 2b 1d 94 83 f2 eb 27 c5 d2 f1 f3 35 2d 59 71 fc dc bd 3f ef 5d e0 db eb ff 7c 47 72 a3 7c 77 ae 27 b3 84 b8 59 49 df 94 eb da 46 37 91 16 82 cd da fd 40 c8 5d 5f d1 c7 a6 0f 4d 0c 5a 9d 50 7e 4c cb 2c 32 f2 50 b8 98 32 92 64 65 46 89 b0 63 51 fc a6 34 b0 e2 6a 25 7f 2c e3 e4 45 ea 7f e2 3a f5 b9 02 2a 14 58 ac b5 5e 17 5b 16 7a 5a 2f 7b b9 e8 b6 94 0d 7f 2e 6a c1 d2 a1 b5 a1 70

Source: global traffic	HTTP traffic detected: GET /?login=do HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /js/jquery-2.2.3.min.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/light.css HTTP/1.1Accept: text/css, /Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/AdobeMessagingClient.css HTTP/1.1Accept: text/css, /Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/18cb1a8608f7a71cbd8c572d73a95cb6.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/sprite.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/styles__ltr.css HTTP/1.1Accept: text/css, /Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/recaptcha__en.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htmAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/icons/chevron-right.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/indicators/radial-indeterminate.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://cvlga-in-authet.ml/?login=doAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cvlga-in-authet.mlConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: cvlga-in-authet.mlConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: cvlga-in-authet.ml

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 23 Apr 2021 18:18:51 GMTServer: ApacheLast-Modified: Tue, 23 Apr 2019 05:23:37 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 462Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41|nIPy"4mU1d}{*<g|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs|C^N?!

Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/4http://cvlga-in-authet.ml/
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/?login=do
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/?login=do$Sign
Source: {58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/?login=do.ml/ogin=doRoot
Source: {58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/?login=doRoot
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/?login=doh
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/ogin=do
Source: ~DFAC29DBD3E615EA7B.TMP.1.dr	String found in binary or memory: http://cvlga-in-authet.ml/ogin=dol/?login=do
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://docs.jquery.com/Plugins/Validation
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: http://regexr.com/3gfmk)
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: glm4yoq[1].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f83
Source: glm4yoq[1].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f85
Source: glm4yoq[1].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f86
Source: glm4yoq[1].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f88
Source: glm4yoq[1].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f8c
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://underscorejs.org
Source: spectrum_body[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	String found in binary or memory: https://ade0164.d41.co/sync/
Source: {58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://adobeid-na1.se
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: https://adobesearch.adobe.io/autocomplete/completions
Source: RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC1a83c357d323419db9d2ba211efeeaa
Source: RC32e8eb91f06d47d18918e9b9bcc17a00-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC32e8eb91f06d47d18918e9b9bcc17a0
Source: RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC6f46e43fa6d44dbeb45cc5801ffded0
Source: RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC89c6d3bd15f043db95a5a0a4b5cc9da
Source: RCe26b98274fee43abbdb260d3b3d8fefc-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RCe26b98274fee43abbdb260d3b3d8fef
Source: launch-EN919758db9a654a17bac7d184b99c4820.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.js
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: https://asurion.com/adobe/?utm_source=adobe&utm_medium=bannerad&utm_campaign=adobesupport
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js
Source: headIE.fp-99254388ab2bb00e43cbc5fbabe0e392[1].js.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/NodeList/forEach
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: spectrum_body[1].js.2.dr	String found in binary or memory: https://github.com/mailcheck/mailcheck
Source: spectrum_capsindicator[1].js.2.dr	String found in binary or memory: https://github.com/nosilleg/capslockstate-jquery-plugin/
Source: spectrum_capsindicator[1].js.2.dr	String found in binary or memory: https://github.com/nosilleg/capslockstate-jquery-plugin/blob/master/MIT-LICENSE.txt
Source: {58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://helpx.adobe.co
Source: {58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://helpx.adobeRoot
Source: login[1].htm.2.dr, start_forgot_password[1].htm0.2.dr	String found in binary or memory: https://ims-na1.adobelogin.com/ims/adobeid/SunbreakWebUI1/AdobeID/token?redirect_uri=https%3A%2F%2Fa
Source: login[1].htm.2.dr, start_forgot_password[1].htm0.2.dr	String found in binary or memory: https://ims-na1.adobelogin.com/ims/denied/SunbreakWebUI1?redirect_uri=https%3A%2F%2Faccount.adobe.co
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: https://static.adobelogin.com/imslib/imslib.min.js
Source: login[1].htm.2.dr	String found in binary or memory: https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/c
Source: login[1].htm.2.dr	String found in binary or memory: https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/s
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: login[1].htm.2.dr	String found in binary or memory: https://use.typekit.net/
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/a?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=fff1a989570eb474b8c22c57cc719
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/a?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/a?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/l?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/a?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/a?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=fff1a989570eb474b8c22c57cc719
Source: glm4yoq[1].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=fff1a989570eb474b8c22c57cc719
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: ecr2zvs[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: enterprise-id-faq[1].htm.2.dr	String found in binary or memory: https://use.typekit.net/glm4yoq.css
Source: anchor_002[1].htm.2.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: anchor_002[1].htm.2.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 54.73.76.208:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.73.76.208:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.91.69:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.202.205.86:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.202.205.86:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.212.164.82:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.212.164.82:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.4:49776 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/92@12/10

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58092ABF-A460-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA6B70237803D5966.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1644 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1644 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol4	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol5	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer4	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://cvlga-in-authet.ml/?login=do	3%	Virustotal		Browse
http://cvlga-in-authet.ml/?login=do	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/?login=do	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/recaptcha__en.js	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/18cb1a8608f7a71cbd8c572d73a95cb6.png	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/ogin=do	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/favicon.ico	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/ogin=dol/?login=do	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/4http://cvlga-in-authet.ml/	0%	Avira URL Cloud	safe
https://adobeid-na1.se	0%	Avira URL Cloud	safe
https://ade0164.d41.co/sync/	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/?login=do$Sign	0%	Avira URL Cloud	safe
https://helpx.adobe.co	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/light.css	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/styles__ltr.css	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/img/indicators/radial-indeterminate.png	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/?login=doRoot	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/img/sprite.png	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/?login=doh	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/js/jquery-2.2.3.min.js	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/AdobeMessagingClient.css	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/img/icons/chevron-right.png	0%	Avira URL Cloud	safe
http://cvlga-in-authet.ml/?login=do.ml/ogin=doRoot	0%	Avira URL Cloud	safe
https://helpx.adobeRoot	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dd20fzx9mj46f.cloudfront.net	13.224.91.69	true	false	high
cvlga-in-authet.ml	192.185.71.147	true	false	unknown
adobelogin-origin.prod.ims.adobejanus.com	52.213.176.171	true	false	unknown
services.prod.ims.adobejanus.com	54.73.76.208	true	false	unknown
cdnjs.cloudflare.com	104.16.19.94	true	false	high
adobe.com.ssl.d1.sc.omtrdc.net	15.237.76.117	true	false	unknown
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	18.202.205.86	true	false	high
adobe.tt.omtrdc.net	52.212.164.82	true	false	unknown
cdn.cookielaw.org	104.16.148.64	true	false	high
geolocation.onetrust.com	104.20.184.68	true	false	high
use.typekit.net	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high
ims-na1.adobelogin.com	unknown	unknown	false	high
assets.adobedtm.com	unknown	unknown	false	high
favicon.ico	unknown	unknown	false	unknown
dpm.demdex.net	unknown	unknown	false	high
static.adobelogin.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/recaptcha__en.js	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/18cb1a8608f7a71cbd8c572d73a95cb6.png	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/favicon.ico	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/?login=do	true		unknown
http://cvlga-in-authet.ml/	true		unknown
http://cvlga-in-authet.ml/?login=do	true		unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/light.css	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/styles__ltr.css	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/img/indicators/radial-indeterminate.png	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/img/sprite.png	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/	false		unknown
http://cvlga-in-authet.ml/js/jquery-2.2.3.min.js	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/AdobeMessagingClient.css	false	Avira URL Cloud: safe	unknown
http://cvlga-in-authet.ml/img/icons/chevron-right.png	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC89c6d3bd15f043db95a5a0a4b5cc9da	RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min[1].js.2.dr	false		high
http://jquery.org/license	spectrum_body[1].js.2.dr	false		high
http://cvlga-in-authet.ml/ogin=do	~DFAC29DBD3E615EA7B.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://underscorejs.org	spectrum_body[1].js.2.dr	false		high
http://sizzlejs.com/	spectrum_body[1].js.2.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://cvlga-in-authet.ml/ogin=dol/?login=do	~DFAC29DBD3E615EA7B.TMP.1.dr	false	Avira URL Cloud: safe	unknown
http://docs.jquery.com/Plugins/Validation	spectrum_body[1].js.2.dr	false		high
https://use.typekit.net/af/cb695f/000000000000000000017701/27/	ecr2zvs[1].js.2.dr	false		high
https://static.adobelogin.com/imslib/imslib.min.js	enterprise-id-faq[1].htm.2.dr	false		high
https://github.com/nosilleg/capslockstate-jquery-plugin/blob/master/MIT-LICENSE.txt	spectrum_capsindicator[1].js.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js	enterprise-id-faq[1].htm.2.dr	false		high
http://www.opensource.org/licenses/mit-license.php	spectrum_body[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RCe26b98274fee43abbdb260d3b3d8fef	RCe26b98274fee43abbdb260d3b3d8fefc-file.min[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
http://cvlga-in-authet.ml/4http://cvlga-in-authet.ml/	~DFAC29DBD3E615EA7B.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/a?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f8c	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://typekit.com/eulas/0000000000000000000176ff	ecr2zvs[1].js.2.dr	false		high
https://adobeid-na1.se	{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC1a83c357d323419db9d2ba211efeeaa	RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/iabData.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
http://typekit.com/eulas/000000000000000000017701	ecr2zvs[1].js.2.dr	false		high
http://typekit.com/eulas/000000000000000000017703	ecr2zvs[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/iab2Data.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/a?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://ade0164.d41.co/sync/	RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://asurion.com/adobe/?utm_source=adobe&utm_medium=bannerad&utm_campaign=adobesupport	enterprise-id-faq[1].htm.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC6f46e43fa6d44dbeb45cc5801ffded0	RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/	login[1].htm.2.dr	false		high
http://cvlga-in-authet.ml/?login=do$Sign	~DFAC29DBD3E615EA7B.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://helpx.adobe.co	{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://ims-na1.adobelogin.com/ims/adobeid/SunbreakWebUI1/AdobeID/token?redirect_uri=https%3A%2F%2Fa	login[1].htm.2.dr, start_forgot_password[1].htm0.2.dr	false		high
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/	ecr2zvs[1].js.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/a?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.js	launch-EN919758db9a654a17bac7d184b99c4820.min[1].js.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://github.com/nosilleg/capslockstate-jquery-plugin/	spectrum_capsindicator[1].js.2.dr	false		high
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/a?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://cvlga-in-authet.ml/?login=doRoot	{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/s	login[1].htm.2.dr	false		high
https://github.com/mailcheck/mailcheck	spectrum_body[1].js.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/l?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/a?primer=fff1a989570eb474b8c22c57cc719	glm4yoq[1].css.2.dr	false		high
http://cvlga-in-authet.ml/?login=doh	~DFAC29DBD3E615EA7B.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://use.typekit.net/glm4yoq.css	enterprise-id-faq[1].htm.2.dr	false		high
https://p.typekit.net/p.gif	ecr2zvs[1].js.2.dr	false		high
https://ims-na1.adobelogin.com/ims/denied/SunbreakWebUI1?redirect_uri=https%3A%2F%2Faccount.adobe.co	login[1].htm.2.dr, start_forgot_password[1].htm0.2.dr	false		high
https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/c	login[1].htm.2.dr	false		high
http://cvlga-in-authet.ml/?login=do.ml/ogin=doRoot	{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://helpx.adobeRoot	{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/	ecr2zvs[1].js.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/NodeList/forEach	headIE.fp-99254388ab2bb00e43cbc5fbabe0e392[1].js.2.dr	false		high
http://regexr.com/3gfmk)	enterprise-id-faq[1].htm.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f83	glm4yoq[1].css.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC32e8eb91f06d47d18918e9b9bcc17a0	RC32e8eb91f06d47d18918e9b9bcc17a00-file.min[1].js.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f85	glm4yoq[1].css.2.dr	false		high
http://bassistance.de/jquery-plugins/jquery-plugin-validation/	spectrum_body[1].js.2.dr	false		high
http://jquery.com/	spectrum_body[1].js.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f86	glm4yoq[1].css.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f88	glm4yoq[1].css.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
52.212.164.82	adobe.tt.omtrdc.net	United States	16509	AMAZON-02US	false
18.202.205.86	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
54.73.76.208	services.prod.ims.adobejanus.com	United States	16509	AMAZON-02US	false
13.224.91.69	dd20fzx9mj46f.cloudfront.net	United States	16509	AMAZON-02US	false
104.16.148.64	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
104.20.184.68	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
192.185.71.147	cvlga-in-authet.ml	United States	46606	UNIFIEDLAYER-AS-1US	false
52.213.176.171	adobelogin-origin.prod.ims.adobejanus.com	United States	16509	AMAZON-02US	false
15.237.76.117	adobe.com.ssl.d1.sc.omtrdc.net	United States	16509	AMAZON-02US	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	396819
Start date:	23.04.2021
Start time:	20:18:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 53s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://cvlga-in-authet.ml/?login=do
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/92@12/10
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: http://cvlga-in-authet.ml/ Browsing link: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims Browsing link: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/newwindow?new_url=http%3A%2F%2Fwww.adobe.com%2Fgo%2Flearn-more-enterprise-id Browsing link: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/start_forgot_password?client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims&idp_flow_type=login_t2 Browsing link: https://adobeid-na1.services.adobe.com/renga-idprovider/pages/login?idp_flow_type=login&client_id=SunbreakWebUI1&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FSunbreakWebUI1%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26scope%3DAdobeID%252Copenid%252Csunbreak%252Cacct_mgmt_api%252Cgnav%252Csao.cce_private%252Csao.digital_editions%252Ccreative_cloud%252Cread_countries_regions%252Csocial.link%252Cunlink_social_account%252Cadditional_info.address.mail_to%252Cadditional_info.account_type%252Cadditional_info.roles%252Cadditional_info.social%252Cadditional_info.screen_name%252Cadditional_info.optionalAgreements%252Cadditional_info.secondary_email%252Cadditional_info.phonetic_name%252Cadditional_info.dob%252Cupdate_profile.all%252Csecurity_profile.read%252Csecurity_profile.update%252Cadmin_manage_user_consent%252Cadmin_slo%252Creauthenticated&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FSunbreakWebUI1%3Fredirect_uri%3Dhttps%253A%252F%252Faccount.adobe.com%252F%2523from_ims%253Dtrue%2526old_hash%253D%2526api%253Dauthorize%2526reauth%253Dtrue%26response_type%3Dtoken&locale=en_US&relay=ddcce430-88ef-4aa0-b6eb-26a40eedb300&flow=true&flow_type=token&idp_flow_type=login&ctx_id=accmgmt&reauthenticate=force&s_account=adbadobenonacdcprod%2Cadbims
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 52.255.188.83, 13.88.21.125, 88.221.62.148, 172.217.20.228, 104.43.139.144, 216.58.207.131, 23.57.80.166, 95.101.22.195, 23.57.80.54, 23.32.238.176, 23.32.238.192, 23.37.33.211, 104.80.20.86, 23.57.81.34, 152.199.19.161, 92.122.213.240, 92.122.213.202, 13.224.95.95, 13.224.95.110, 13.224.95.72, 13.224.95.20 Excluded domains from analysis (whitelisted): e7933.dscd.akamaiedge.net, e6653.dscf.akamaiedge.net, e4578.dscg.akamaiedge.net, cn-assets.adobedtm.com.edgekey.net, helpx.adobe.com, geo.adobe.com.edgesuite.net, wwwimages2.adobe.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, china-wildcard.adobe.com.edgekey.net.globalredir.akadns.net, go.microsoft.com, use-stls.adobe.com.edgesuite.net, ssl-delivery.adobe.com.edgekey.net, helpx.adobe.com-cn.edgekey.net.globalredir.akadns.net, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, china-wildcard.adobe.com.edgekey.net, client.messaging.adobe.com, helpx.adobe.com-cn.edgekey.net, sstats.adobe.com, p.typekit.net-v3.edgekey.net, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, geo.adobe.com, ie9comview.vo.msecnd.net, e7933.dscg.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, stls.adobe.com-cn.edgesuite.net, adobeid-na1.services.adobe.com, skypedataprdcoleus17.cloudapp.net, e7808.dscg.akamaiedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, a1815.dscr.akamai.net, geo2.adobe.com, skypedataprdcolwus15.cloudapp.net, www.adobe.com, a1988.dscg1.akamai.net, cs9.wpc.v0cdn.net, a1049.g2.akamai.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\adobeid-na1.services.adobe[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	134
Entropy (8bit):	4.655426129078939
Encrypted:	false
SSDEEP:	3:D90aK1ryRtFwsnObemKmlULF0VqHlJR3TVcER6IAqSfva8LKb:JFK1rUFjgemKm6GVqHlJR3TVcvlHa8ub
MD5:	317696911CDFD9A490D15E02C47A91AA
SHA1:	7041BA538378D6AC2C6EA9FE2AA31B4C69741AC5
SHA-256:	DE00C4A225905DF25ECCDAE7667CACEA0EFE98C83958B1ACA3FE9CF1EE226703
SHA-512:	DA51141750FE1E65477D46EDA1D2C73D36704B257EAF8C26CE00DD2BB4403ABFCB4C3B88EFA3B145B9E2658B690847F0B391FC784EAEDB78B958FC5F6F957737
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="680090304" htime="30881901" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\helpx.adobe[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	497
Entropy (8bit):	4.7511066436666916
Encrypted:	false
SSDEEP:	12:JsrUGemKm6Fz5yiHa8yrUGemKm6Fz5yiHa8yrUGemKm6Fz5yiHa8yrUGemKm6Fza:WU1mKm6DyiKU1mKm6DyiKU1mKm6DyiKb
MD5:	94033A0FE882333E09675D17D3A63F80
SHA1:	B37550D7F04BE2984412F8A3C5EE62C350263124
SHA-256:	A4487020B842A1F811871466B6D8FF31E42E83F5B50B1C086D9933C2C156D27B
SHA-512:	EB9867EF59DCB9A11F881841D0026C1398AB5812DBC29DEA30028401FA440431C20C82E64A75EB2E3B19DB74FA673D98EEB3714C12B68A77C4159CD208A6DC54
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="727510304" htime="30881901" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="727510304" htime="30881901" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="727510304" htime="30881901" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="727510304" htime="30881901" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58092ABF-A460-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.850606463120417
Encrypted:	false
SSDEEP:	192:r4oZWpZG2RWKtfifgZnzMvfBNlDixsfiZlZmjX:r4oW/9gC4pBfdr
MD5:	8424C7C2121857CC23D5FE4A4CF6598C
SHA1:	E2EC8F71527C854093FA0EA4899B04A0EA56AE8F
SHA-256:	2DCA2FD85D4DEF7F17EEA3BF9EB66CE8E23BF09D05E888128B13D438A7BAC084
SHA-512:	E4FC5B23F746261A074A232550E1A2C4234E4D33691B20C66A18AC975B7D68CC4EA2C5653DBD4C8E37EB1062E84FF6D169A9FEFD83B7A8C27B78D33588E103DD
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58092AC1-A460-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	193312
Entropy (8bit):	3.3809320284946747
Encrypted:	false
SSDEEP:	768:mpQBSY7aWhuMngSY7aWhuMnmpqgjiO5W0/DG2fpQBSY7aWhuMngSY7aWhuMnmpq7:98srf
MD5:	5D998FAD4D4BD2FC2E9D81BDCEF57198
SHA1:	0D044AAB84E1709A93F859519DB4B562E75FA0E3
SHA-256:	1C6ED36B6B299D8B1097C82E7DC6A39F5959A74D361BF13C3BD18EE7AFC3FBBE
SHA-512:	3CA222A487D6E038DA086DAE408CFF5130D07A08F4AA2528204427A657F5F6A7025C9BAD9C22BB2A2AEF47930452BF010F5FB765474956A3BB34D9AB1B9E31F0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E60EB9B-A460-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5651135172919277
Encrypted:	false
SSDEEP:	48:IwRGcprk7GwparG4pQzGrapbSyGQpKcG7HpR+TGIpG:rnZkVQt6XBSaA3T6A
MD5:	72AB72AF3514F97A8CEACAA7E6669CD4
SHA1:	780DBDE1CD7E17103972D8F2D8B18E20AAF8A6C4
SHA-256:	75FFC5E0E71D9E1EEC502609EF9332C4821AE23FCCB8456DA8B54BD84C36AC79
SHA-512:	507A5B5E167C709848D755513D7A0DC37C9CD477EA2B1BE0DE111DF079B10265A13FD7FE06A21BAA42F0EAA447C3139E8BE81F5E704E35890D7AA16E3F4C072E
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	15482
Entropy (8bit):	3.3006253078572465
Encrypted:	false
SSDEEP:	96:N1zahTj0L/zt+bzyB1BwqZPc2gVLlOHq2UmYZdvlLTQZZfg/ErSkB:nzuTQLrtCYfUz2UmY7lLkzwI
MD5:	D8ED09C05F134D9604FA57ED33665DC3
SHA1:	EA701CC4174527C091CF0E2DBC935AFABA70739D
SHA-256:	8E3A28380DE84D556B33DC55435C8697641DFF5CA500D4B24F1D6D866BF45FDE
SHA-512:	351B1C39DD710DB44DF7A93B89AABE7D013519CD1E218B5AFCD947A211E447628738F6C59172183FDBC1CB6B0E7B91C80D4734BFAAEA6FF115828FCD41FF7BAA
Malicious:	false
Reputation:	low
Preview:	2.h.t.t.p.s.:././.a.d.o.b.e.i.d.-.n.a.1...s.e.r.v.i.c.e.s...a.d.o.b.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................................................................8...........................................................8...................................Q...........#......................................."...@...@.......................................x...............H...................M...............x...............................................................................X...............s...........v...............X.....................................................................................................................................................................5...5...............................................................................................................p...........................p................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AdobeMessagingClient[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	43023
Entropy (8bit):	5.093775594974975
Encrypted:	false
SSDEEP:	192:t3CRpHzGF0nOCsnuETVaEBark4KxclmJPuiftIQgZq49N6N6B6zXv:MlOCe/MlmJ72Uv
MD5:	5266C0496AEA1B7C81096892463F494E
SHA1:	9FE262885D2904B5E7AA1A20D0BE3A9AC3EF7A23
SHA-256:	42A7E891FBD24FC0F4CF796EAA6CDEB5C8C02F12E0FFC97F0495A7B1547DC6DD
SHA-512:	E5F207FD74CFDE14B81A12CFABB2A0CBC1AC13C5F0EECBDC6B96A1B2E16199B3214F3A53377A56797E4DA3C398176CE0D294584D07DC08F4464004C25B647B7E
Malicious:	false
Reputation:	low
IE Cache URL:	https://client.messaging.adobe.com/latest/AdobeMessagingClient.css
Preview:	.adbMsgClientWrapper #adbmsgContainer *, .adbMsgClientWrapper #adbmsgContainer :after, .adbMsgClientWrapper #adbmsgContainer :before{box-sizing:border-box}.adbMsgClientWrapper #adbmsgContainer .outwardAnimate{transition:opacity .3s;animation-name:a;animation-duration:.3s;animation-timing-function:cubic-bezier(0,0,.4,1);-webkit-transition:opacity .3s;-webkit-animation-name:a;-webkit-animation-duration:.3s;-webkit-animation-timing-function:cubic-bezier(0,0,.4,1);-moz-transition:opacity .3s;-moz-animation-name:a;-moz-animation-duration:.3s;-moz-animation-timing-function:cubic-bezier(0,0,.4,1)}@keyframes a{0%{transform:scale(.83);opacity:0}to{transform:scale(1);opacity:1}}.adbMsgClientWrapper #adbmsgContainer .adbmsgCta{display:none;cursor:pointer;border-radius:60px;background-color:#fff;border:2px solid #505050;box-shadow:0 2px 4px rgba(0,0,0,.15);padding:0;width:60px;height:60px;margin:0 auto;text-align:center;text-decoration:none;font-size:20px;color:#34495e;vertical-align:middle;outlin

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AdobeMessagingClient[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	78603
Entropy (8bit):	5.275331044452091
Encrypted:	false
SSDEEP:	1536:tJNl9DG2TEKA1ilkFjiHSr77p6YILJ5WEqVmka1D:pl9DdPlkRiHSr77p6YonsAjd
MD5:	885B1B93E4818EA799A14A259A0691D4
SHA1:	9004D3C0A166A84E5FE02DF77AAEFCCD64371A85
SHA-256:	57AB2691EBB502B47A2A9AA0ABE261ADDFD6E2C70019FA196C1CF23CC8A6177E
SHA-512:	3E2C064849E8ED58599C77AEC8E7F659ED4FC3C8EF053679AC303F8F17B5DB3E34E04243E05036FBEA47375515D87E352F04B942330845E7A20AEEE2231CBC3F
Malicious:	false
Reputation:	low
IE Cache URL:	https://client.messaging.adobe.com/latest/AdobeMessagingClient.js
Preview:	!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.AdobeMessagingClient=t():e.AdobeMessagingClient=t()}("undefined"!=typeof self?self:this,function(){return function(e){var t={};function n(a){if(t[a])return t[a].exports;var i=t[a]={i:a,l:!1,exports:{}};return e[a].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)\|\|Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:a})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=17)}([function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var a=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var a in n)Object.prototype.hasOwnProperty.call(n,a)&&(e[a]=n[a])}return e},i=function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\R29GXBMD.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	27742
Entropy (8bit):	5.071592262484377
Encrypted:	false
SSDEEP:	384:N5TCABI5YtuCxbm29bmVMFYHlS8qX+ZElyIVilcjMeB:D3fuC5ntqNl7MYIjrB
MD5:	01149FAD7886618D73F4DB948FC4E529
SHA1:	EEBAE40E1196EE341F9B7653545C780460425018
SHA-256:	205658A843126C2889CBD4643A915030AC162159B7DC391113A081DC0673EED8
SHA-512:	6C3524FBB3626870195C1F72E5F10A675073133C214EF8C87B743606C776B25F568DD3F9F6D161A80C29E58D66E86892CFB49C8223AC4F2313EE8B28F3AC9218
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\R29GXBMD.htm, Author: Joe Security
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/?login=do
Preview:	<!DOCTYPE html>....<html data-placeholder-focus="false" class="" data-pagename="login" lang="en"> <![endif]--><head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="ROBOTS" content="NOINDEX, NOFOLLOW">.. <meta name="mswebdialog-newwindowurl" content="*">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <meta name="robots" content="noindex">..<meta name="googlebot" content="noindex">..<meta name="googlebot-news" content="noindex">..<meta name="googlebot" content="noindex">..<meta name="googlebot-news" content="nosnippet">.. <meta name="ROBOTS" content="NOINDEX, NOFOLLOW">.. <meta http-equiv="Cache-Control" content="no-store">.. <meta http-equiv="Cache-Control" content="no-cache">.. <meta http-equiv="Cache-Control" content="private">.. <meta http-equiv="Pragma" content="no-cache">.....<script src='js/jquery-2.2.3.min.js'></script> ... <script type="text/javascript">..$(document).ready(function() {

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2503
Entropy (8bit):	5.2493520765521735
Encrypted:	false
SSDEEP:	48:15Mn9KNNFeHD7Bbg8m9wPjwPbeffSQLYno4BXo5iTJWN+BJ6Nu4CuMgG+/T1zcwo:1GneNFeHDNbg76s6nSjXSiTJWMBJ6kZ1
MD5:	CD452281994696B2F9AC0C3BB75B3CB8
SHA1:	EA61A2E5798FEFD4E1AD324C0146AA6B95CD4983
SHA-256:	0BE24A3E3D7CCA3DAE5900994EC07F3CBD719BA59E4EA00C4FCEF1106D7619E2
SHA-512:	763C3B307458AC66F5D7DC10BB1D6E7C7233FB95E917C04F4DF8A3EA5487CEB3933D7026608CBC23EA948855581BF16871D1F9A68C4ADB6FFAD87CB5CC670FA2
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC6f46e43fa6d44dbeb45cc5801ffded0e-file.js`..function searchAsYouType(){function g(e){for(var t=1,a=document.body.previousElementSibling?"previousElementSibling":"previousSibling";e==e[a];)++t;return t}function c(e,t,a){for(var n=a.toLowerCase(),r=0;e&&e.parentNode;){if(e=e.parentNode,r++,"tagName"===t&&e.tagName.toLowerCase()==n)return e;if("id"===t){if(e.id.toLowerCase()==n)return e}else if("className"===t){if(5<=r)return null;if(e.className.toLowerCase()==n)return e}}return null}document.getElementsByClassName("Gnav-menu-content").length&&document.getElementsByClassName("Gnav-menu-content")[0].addEventListener("click",function(e){var t;if(e.target&&("A"==e.target.nodeName\|\|"SPAN"==e.target.nodeName\|\|"IMG"==e.target.nodeName)){var a=e.target.className.split(" ");if(a)for(var n=0;n<a.length;n++){if(-1!==a[n].indexOf("SAYT-")&&-1===a[n].indexOf("SAYT-advancedSearch"))if(c(e.target,"id","

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	821
Entropy (8bit):	5.144246167975323
Encrypted:	false
SSDEEP:	12:jvgeASPRzXfcSfUuW5y6Z8KEp8MnbtL8re4yifdfddfdfdALCI/LZSqlhUeAda4F:15LcSMueyrpjBKe4llldllALxTb0aVM/
MD5:	024774CF8EFB1C45E0478FF1EEB2A0F8
SHA1:	B04E27BD89550A331C037A805C05192A05A1A21F
SHA-256:	AD736B237B2AEDD436A44B6EA706473B047D7494920C2C30B795435C4957889E
SHA-512:	9081C000BF7E936CB74B17C94515BB827CC0D248BF4807FF728E6F2B45EBE91B1D6D08AC2D0F9DA77EDAD9AEADC19F410BC64A4AB489434904AB02681ECA1B56
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.js`..!function(){function u(e){var a=1e13*(Math.random()+""),n=document.createElement("iframe");n.style.display="none",n.style.width="1",n.style.height="1",n.src=e+a+"?",document.body.appendChild(n)}var d=window;window.marketingTagInfo=[],_satellite.windowProperty=function(e,a,n){var r=d.location,t=r.hostname,c=r.pathname,s=unescape(unescape(unescape(r.href))),i=unescape(unescape(unescape(document.referrer))),o="";switch(e){case"host":o=t;break;case"path":o=c;break;case"href":o=s;break;case"referrer":o=i;break;case"dClick":u(a);break;case"substr":o=function(e,a){return-1!==e.indexOf(a)}(a,n);break;case"addPixel":marketingTagInfo.push(a);break;default:return!1}return o}}();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\account_chooser_screen1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 350 x 338, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	21892
Entropy (8bit):	7.953996906269373
Encrypted:	false
SSDEEP:	384:yhelb493lUHNsNLgpcvxjw5KN3u86zKrFGzf/+sm2oWKVSIl4:yt9KHNsrxc5KN358KrFGza2oWWSIu
MD5:	8B39A5FEBC7F5F16659196467A4C6130
SHA1:	584DC2D49393512CC4C009C83DCEF72AE52F2D54
SHA-256:	0BD40DF50D12D966E281A4CCA8CBFCC4412CDC2048C92948B3C2B34CBC74D2FE
SHA-512:	081C347745CACACFE9C2903F41F5F19BBF29DBC9616396BE02ED288D9BFBD7AA2EA594CC139318C442A59E1D274D0DDD320D46813AAF0BA37ECDCFB03C3F1ADB
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/enterprise/kb/enterprise-id-faq/jcr_content/main-pars/multi_column_1238126036/col-50-50-c2/image_1547526190_cop/account_chooser_screen1.png
Preview:	.PNG........IHDR...^...R.......a....sRGB.........gAMA......a.....pHYs..........(J...U.IDATx^...`.e...'.I...]hi.e..eO...*....... K.-n.."C."{.=K...B.t.f....r....k...447r..$....E!0 ..".....B.L(x.!Df...."3.^B..../!.....BdF.K.!2..%...Q..B..(x.!Df...."3.^B..../!.....BdF.K.!2..%...Q..B..(x.!Df...."3.^B..../!.....BdF.K.!2..%...Q..B..(x.!Df...."3.^B..../!.....BdF.K.!2..%...Q..B..........".be.w....B.)%e"xSO....K...=g.....N%JCo.Z..O.............R.........g3..w..2sa..!@...?\|...l<..O..r....ra.^{...H7.7.%...W4. .......U.r...`.O...4...L'...p.T,.....=...~Uj..#v.Zw...;...LX...<.a0ha..AZb....G.4.=.......5..`..d8.... .._f.....?!S.K.g....9...O....Z. .m/......?.c..K.?..zwAu..6.!...l...0xh..FE.7.?..$.C..Z..5+K}...T.........c.......s.....4.i<..`.z.m\|..T\|..`T..sOS...TB.`+\..A.M.......J(......'...J.^HJ.....@XTc...\...p.AB.N.\..^}...j#.Y{..7..O..%.r....../..6.P'.!..8..D.u....8...M..nm[.~......O}.SF....O....N..#..j...3. 2...C..wI.6.1.G..../.F;6o...l........Wi.)...4D.Z5Q}.O.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\acom[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	30599
Entropy (8bit):	4.9585436782520524
Encrypted:	false
SSDEEP:	768:5Sy3ENlSZ9bY/MKOIoLmsLaCTWlIWJal0J4WWn1l8T7xqfVjD1XPIXe+PoRhxfHq:5Sy3Eaq
MD5:	EA3A44A333CC8AE4EE4D12792E0CB331
SHA1:	D8A291493BAC3ED8A09AF2238E7C3CF41991FB6B
SHA-256:	5289CF714D0E5984F5E7B9C3D456CC9AAD6AB5DCD20B6AEE40EB8AA2CDFE368B
SHA-512:	4F66D12B454C724DB721FA24D6B777E2F37826C636BDEAFD078A61E1C795BDEFA15829C60A2B3B6763C93949A9FA9E8CB15EE38E9AD184CDCAA40C6BA0A523FB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/services/feds.res_1.css/head/en/acom.css
Preview:	/! applauncher v0.48.0 built on Wed, 14 Apr 2021 14:46:31 GMT /.#feds-header .applauncher-element{display:none}@media screen and (min-width:600px){#feds-header .applauncher-element{display:flex}}#feds-header .applauncher-element .app-launcher-container{display:flex;align-items:center}#feds-header .applauncher-element .app-launcher-container .react-spectrum-provider{position:static}html[dir=rtl] #feds-header .applauncher-element{display:none}#feds-header .feds-appLauncher .app-launcher-overlay-container{top:0!important;left:0!important;right:0;width:auto}#feds-header .feds-appLauncher .app-launcher-popover{border-top-left-radius:0;border-top-right-radius:0;border-bottom-left-radius:4px;border-bottom-right-radius:4px;overflow:hidden}#feds-header .feds-appLauncher .spectrum-Popover-tip{display:none}#feds-header .feds-appLauncher.feds-focus-ring .app-launcher-icon{outline:none}@media screen and (min-width:1200px){#feds-header .feds-appLauncher.feds-focus-ring .app-launcher-icon{outline:2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 31000, version 0.0
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	7.987221332219995
Encrypted:	false
SSDEEP:	768:AqFh0Jzz1kWYZQL4lNCzPhlKCdN7GgGAvOYHqycQ:Ash6WZQclQzJ5xbvHqnQ
MD5:	1D52D5C945319FDEE3CD0590E054BC74
SHA1:	C1853BDCA57F120B1EB592B5343AB28E6916277D
SHA-256:	975437CED7CDDB113AC1DCC93E74A3BC78AE14C783FBD99E5E1C668E00B2997E
SHA-512:	7D376310AFA04877C312C86266A7A6FE960C080EA6EEF25D5E137E2B39505ADC2B1436BE36662FF82BFF93673853313E82DE3B907D72F716DEC079A552E991CC
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?subset_id=2&fvd=n7&v=3
Preview:	wOFFOTTO..y........0........................BASE...D...F...Fe!].CFF ...4..]q..p.q...DYNA..a..........#.3GDYN..b`...........GPOS..cD...@..$..#..OS/2.......Y...`].y.cmap..w....V......3gasp................head.......5...6..%ghhea....... ...$...Chmtx..u....%...H....maxp...,..........P.name............E..post..w........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................Y..............x.c`d```5.6.&...+.3.......P/....??...[.....L Q.\..P...x...n.@.....!.V,.@.cGV.FB$m..j.H..6N<i..`O#...@..X.$<......#g........x....^}.-.x.S..t1.\|......,=.b...............S.J\|...e..s.O......;.]j>z>D.\|.\|.W...1...R.b.....}muQ..ra...R.3)Fy......T..1...s..c.g...d8..O....'M......FW...-...X..+c...H....t..].\|=.e"..R........o.fm.......:T.^Q..z...c(.S..........a..w.KN{.l...M]..tu9...k.b.L.N...v...Y..R.[0....1...C*/..8.^...GM..r....jvfx..<.o..t.P.....=Kv-.kr..n.....5.%.9].>q......f:.3<C.e9.-5.:Yz4O....:e....+b.}.oS..1x.c`f.........).....B3.1.1..E.9..XX..X......P........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 30812, version 0.0
Category:	downloaded
Size (bytes):	30812
Entropy (8bit):	7.987683498720149
Encrypted:	false
SSDEEP:	768:bE4GGbSq0CiAIlwymd1yf04b80qrqH7b7V8zXe1X7QjQlWunvdoO6:A4/SqQ5wymryflbhqrqf7C6NrWunvdo3
MD5:	E87294AED5D2166A0DE291B708CADDE4
SHA1:	0BCF825481CE4F6B3DF5BB95991AC717E984D6A3
SHA-256:	9C9E42812C6EFF93931C0A2CF373E2F79FB0252CEEC914185226A5A190CB581D
SHA-512:	6503B0D239D3E2CB93C9BE65A222198432FD280DB3AE294916D35DE9D5B5A8E475D87A217F434F94E4BBE1FE60A9D4169908C795F5B503646C56CEA9515CD90E
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?subset_id=2&fvd=n3&v=3
Preview:	wOFFOTTO..x\................................BASE...D...F...Fe(].CFF ...<..\...o...C.DYNA..`............3GDYN..a............\|GPOS..bh..._..$.....OS/2.......Y...`[.t.cmap..w....V......3gasp................head.......4...6..%`hhea....... ...$...Lhmtx..t....%...H{e!.maxp...4..........P.name.............8I.post..v........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................`..............x.c`d```5...d........(.p>94.F.O...b.\|..ef`....0L..x..An.@....I..jo0.>...!..$H........`a{.=Ab.u.]...B..E..T..<...Y....3.{o....._.....k....x......c.Mj.......f~..B......9...s..A.V......g.Mj.{>F...\|..0.[.5>=.P..1X....}iuV..\|n..)b..R..TL...b.K].X.R...M..!..H...?....N...N...p..x..21...wS.J.T.m...;.Jv..Y....e..B.....kk....o.&.rn....z~u...%. .Bq\..X.`.M.b.....)p...Y-........r.L.`.5+..i>5.;.<..C3%'...U...X......D..{.!F.~...8=..c.~y.{w.s..{..U........._....~.j....*..)Sg.....R^:.u[v..m.....j.eJ.w.u.T.....Oy.s-..m.x..x.c`f.........................L,,LL,..L.@yF.(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\enter_password_screen1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 350 x 338, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	20666
Entropy (8bit):	7.944080833081233
Encrypted:	false
SSDEEP:	384:QUJVivqKAlpJc5Iz3TwW7szGZzXOD/vJ/RrHsU1UEdYq0CxfXqsxp:QNixP0M8W7sz2Xu5h6Emq0+XqIp
MD5:	627572CD6EA7121793060730D7E94AB0
SHA1:	BF9BB31971C4FA309EFF4409665E3AA92E0789F8
SHA-256:	0C74D311010D9532F74CD83F9FC99E5AB12B98FB39E879954E3B1D21653FD4DC
SHA-512:	ACA32848D2A2EC91671587A345A0C2D28931C7CC0267D9F05903703E3AA476C8A25D0FB1E0525AA3B8FEF0E84AC2FE8680145C3450926B16C9F275361F99DB98
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/enterprise/kb/enterprise-id-faq/jcr_content/main-pars/multi_column/col-50-50-c2/image_2108983220_cop/enter_password_screen1.png
Preview:	.PNG........IHDR...^...R.......a....gAMA......a.....pHYs..........+....P\IDATx^...`.e...'.#.{@.e.(.T....,Q.Y".! [.Q6..8p ...%{.2d.QJw..iv......5.....H.$.....7"c..!.HF..K.!D"...."1.^B..../!.H....B$F.K.!...%...Q..B..(x.!Db...."1.^B..../!.H....B$F.K.!...%...Q..B..(x.!Db...."1.^B..../!.H....B$F.K.!...%...Q..B..(x.!Db...."1.^B..../!.H....B$F.K.!...%...Q..B..(x.!Db...."1.^B..../!.HL.8.6!.?..j....P....hP.K....x!)....(.b?.Jq..HQp...v.3'\|..i..x)p.).1;../4}./^..$..B.K.n..F{..n.g.vX4k....Dj....?.f.v.~.`?..WfGV..y.w.......7...3.{.A....... .j.._F..V.#nd.xxz....>..,f..7..LV..d..X.=,....a..r9.;T......U..:.....9...s...?..7g.X.\|..4....[.d.R...\.. .\|.vB....[..\....'xe2..f...P.vM<W......_.:uP..P5!..........!Sor>....AfF.2....m.cFd......X.(..h..G.....,....'S^..2.s..`..(0.g!....._..6..}v:.u....V.....?.+G{./..Os&....H.5.~...f.rr..8Y.......L.HIE..z.....k~.R.......~....>O.S.Ck..S.f.!5=.w.m.`1.A....o&...g....C>.L........w...q...._.......f.....\-.=...Q....d...vZ-y.3.._X.t.\|.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	1.952456287520738
Encrypted:	false
SSDEEP:	24:EslvlQNp0eCeAuyAwNtmUc3lKFWoX6UwjobtSl554VqQBzttYtlbd6e2u:FYfCzuyAacQWoWjobtc4VqUztQlbIeB
MD5:	DC94F1054A50B313EE14BBD3D4BC1C0A
SHA1:	B871EFBBD59E202329352C18B775F7C5743AA8DE
SHA-256:	8E263FEF3E738AC1882B97A05CAAF21BBFFC0BDABDF4A7E8338453C18E1E90EC
SHA-512:	A66B30C2E23F0D43F06B7C6889892AF0975C79037FB145FD01E84D4FA04234CDF8B32ECEE8FE29FA5FD13DB682485E4EFC7B2F3E8B9D23BDC12586CE417AA080
Malicious:	false
Reputation:	low
IE Cache URL:	https://ims-na1.adobelogin.com/favicon.ico?cache_bust=b07996f11dcdf
Preview:	............ .h...&... .... .........(....... ..... ............................................................................................8...........................................................8...................................Q...........#......................................."...@...@.......................................x...............H...................M...............x...............................................................................X...............s...........v...............X.....................................................................................................................................................................5...5...............................................................................................................p...........................p.......................................................................................................H...................H..............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\glm4yoq[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	3787
Entropy (8bit):	5.201790403113059
Encrypted:	false
SSDEEP:	48:35Y2zQV8MJ9iYDKYDVYDWM1YDiYD3YDrMbSXYD2vYDUUYDBMoYDCYDPYD1Mp0YD/:pbzQ2STMrMWZBLMeMGMv
MD5:	01EF3B02AED1A9F4D0E76A397BEFBEB8
SHA1:	BBA45D1FC0AFA769505E8028BEC3591DAAB82585
SHA-256:	5339D70F184D3FCF7E43540370A534E98ADEDA9CE4DD7030AF6451D53EF61188
SHA-512:	A889F1676E7F1962FFB343114F4AAEA13E6915846F5F81D4FF676A0416CF5E954B5C1E8C164D38ADE1235E5CC1D5DD4F2CC268F775D5A65F5791F5DB543217AD
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/glm4yoq.css
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/00000000000000003b9b3f85. * - http://typekit.com/eulas/00000000000000003b9b3f86. * - http://typekit.com/eulas/00000000000000003b9b3f88. * - http://typekit.com/eulas/00000000000000003b9b3f83. * - http://typekit.com/eulas/00000000000000003b9b3f8c. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. /./{"last_published":"2020-01-31 18:04:56 UTC"}*/..@font-face {.font-family:"adobe-clean";.src:url("https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3") format("woff2"),url("https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\json[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	77
Entropy (8bit):	4.599206956358435
Encrypted:	false
SSDEEP:	3:AOHmkZafGC48F9qRwupfFtOkBn:gECwbZfO8
MD5:	EE99C4F738C744D3F182B0A6E2212D62
SHA1:	2E5015D6EFBAFA8BD0E33789369DADF6EE4602F5
SHA-256:	807351BBC627139B9B357793030F1DE81A56338567A55D652210A577B00E235E
SHA-512:	54272DF6B01D566E615AD27ABA2FB8A2C87772661B3B662A47131229C90B06204BD524AB6835F75144CDDDD23A3468C317088F18888FBB95BE62BA2D15C92525
Malicious:	false
Reputation:	low
IE Cache URL:	https://geo.adobe.com/json/?callback=srpGeoLookupCback
Preview:	srpGeoLookupCback({"country":"CH","state": "ZH","Accept-Language" : "en-US"})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo_48[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\p[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=ecr2zvs&ht=tk&h=adobeid-na1.services.adobe.com&f=7180.7182.7184&a=1164490&js=1.20.0&app=typekit&e=js&_=1619201964920
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacy.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	20223
Entropy (8bit):	5.242286055522869
Encrypted:	false
SSDEEP:	384:G3gDf4hD0kswkP/TUyPydyCASyI2yWyOZyVVIKCXEdTvX6AyEn:G3mfuD0kswkP/TL68pyRFVyKQEl6AyEn
MD5:	7997F297B2476E9156A93EE5433CBB5A
SHA1:	DEA0CD133C2DF4392CD198350F54387425A7EF4D
SHA-256:	86F628996CD60C851A9B4A6A83C2F110D4CEC5C51A08F173844A3192EDD7FAC0
SHA-512:	C30398B9E8CEB2C71AC3338C78AF97653059B856C7BA8253E9E7994363E0BEA593F7D5422728F404429F0D50DB30D2CAFF99596FCB898BDD54FBC5A5A2AE330D
Malicious:	false
Reputation:	low
IE Cache URL:	https://wwwimages2.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/privacy.min.js
Preview:	/! privacy - v1.0.11 - 11-04-2020, 7:17:44 AM..ADOBE CONFIDENTIAL.==================.Copyright 2020 Adobe Systems Incorporated.All Rights Reserved...NOTICE: All information contained herein is, and remains.the property of Adobe Systems Incorporated and its suppliers,.if any. The intellectual and technical concepts contained.herein are proprietary to Adobe Systems Incorporated and its.suppliers and are protected by trade secret or copyright law..Dissemination of this information or reproduction of this material.is strictly forbidden unless prior written permission is obtained.from Adobe Systems Incorporated../..!function(){var e,t,n,o,i,s;e=function(){var e={};return e.isObject=function(e){return null!==e&&"object"==typeof e},e.isEmptyObject=function(e){var t;if(this.isObject(e))for(t in e)if(e.hasOwnProperty(t))return!1;return!0},e.isFunction=function(e){return"function"==typeof e},e.isArray=function(e){return this.isObject(e)&&e.constructor===Array},e.formatString=function(e,t){if("

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sign_in_screen_1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 350 x 338, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	23214
Entropy (8bit):	7.955536016744292
Encrypted:	false
SSDEEP:	384:6rWngWf62mDAdjO3qEfD+A+NzF6AdsCiNEJDzqp/kOPHV1iGsikGsN:zgA0mjO3qEDTuzF6PCUEJHcfvSN
MD5:	1309DAFC9177B58A2699C077D1D39DBC
SHA1:	0009AFF00EB13B44574D087D62A9C9FABE6C51D9
SHA-256:	B663E3C92139156DABEADD505299680311FFC39E88369175251599EF3F287652
SHA-512:	58AEB1E72677B56B21E45C16CC1E13FC343C9D67142C03AB2C365F5C94B5F14595DB455459798E6663D5DF12A6E7AD2CAEC60B6F6789D09D75A434B49A55C145
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/enterprise/kb/enterprise-id-faq/jcr_content/main-pars/multi_column/col-50-50-c1/image_1547526190_cop/sign_in_screen_1.png
Preview:	.PNG........IHDR...^...R.......a....sRGB.........gAMA......a.....pHYs..........+....ZCIDATx^...`.e...g{..@.!!.......T@.`...g..yvQ.7T@.K.=....m.3..N6...z......=vgggfg....wf.".B.!!...K.!$D(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.d.....z...........+.u.A...!....g.6.6&..]....r...'.rn.z.v(..d....k...!.,.......k.\|......{q..............u4.}.a.m..F.qx....O.ui...R\|.......8..R.RL.r/.V..r.n.x)...>.$!.B$........x.?...Z..[d.s.L....Zy...l..Gp\|....o.Dx...7.IfC.XLgL......u....Z.. .\.dY.Z.,.=.........3& !6..Z?\v;..eXu..#/...;'._....m.>.......)..,^......G...@B.J..+`.7p....T..7>.*...+..).......^#=v..s.Qx<....s.T....&.w"...^...S...\|..6-..;tC.H.m]..U...R.3.3..(U.rq.x9..(.....z6.wqb..}.X...Lh.;....=V.....z...c.gJc....%.P..D......%..Wx..S.....)i.br....K...p...o.6bB\.8........Q..o...m.8l@....Fl..)fe...gg.....n%.f..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sign_in_screen_1[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 350 x 338, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	23214
Entropy (8bit):	7.955536016744292
Encrypted:	false
SSDEEP:	384:6rWngWf62mDAdjO3qEfD+A+NzF6AdsCiNEJDzqp/kOPHV1iGsikGsN:zgA0mjO3qEDTuzF6PCUEJHcfvSN
MD5:	1309DAFC9177B58A2699C077D1D39DBC
SHA1:	0009AFF00EB13B44574D087D62A9C9FABE6C51D9
SHA-256:	B663E3C92139156DABEADD505299680311FFC39E88369175251599EF3F287652
SHA-512:	58AEB1E72677B56B21E45C16CC1E13FC343C9D67142C03AB2C365F5C94B5F14595DB455459798E6663D5DF12A6E7AD2CAEC60B6F6789D09D75A434B49A55C145
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/enterprise/kb/enterprise-id-faq/jcr_content/main-pars/multi_column_1238126036/col-50-50-c1/image_1547526190_cop_849798467/sign_in_screen_1.png
Preview:	.PNG........IHDR...^...R.......a....sRGB.........gAMA......a.....pHYs..........+....ZCIDATx^...`.e...g{..@.!!.......T@.`...g..yvQ.7T@.K.=....m.3..N6...z......=vgggfg....wf.".B.!!...K.!$D(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.(x.!$.d.....z...........+.u.A...!....g.6.6&..]....r...'.rn.z.v(..d....k...!.,.......k.\|......{q..............u4.}.a.m..F.qx....O.ui...R\|.......8..R.RL.r/.V..r.n.x)...>.$!.B$........x.?...Z..[d.s.L....Zy...l..Gp\|....o.Dx...7.IfC.XLgL......u....Z.. .\.dY.Z.,.=.........3& !6..Z?\v;..eXu..#/...;'._....m.>.......)..,^......G...@B.J..+`.7p....T..7>.*...+..).......^#=v..s.Qx<....s.T....&.w"...^...S...\|..6-..;tC.H.m]..U...R.3.3..(U.rq.x9..(.....z6.wqb..}.X...Lh.;....=V.....z...c.gJc....%.P..D......%..Wx..S.....)i.br....K...p...o.6bB\.8........Q..o...m.8l@....Fl..)fe...gg.....n%.f..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sprite[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	6250
Entropy (8bit):	4.480216022927956
Encrypted:	false
SSDEEP:	192:rzvKU8tU1ykRTi+VGgmExRgPnmNEJ3fQ9Cu1sA:PqjqivyQ+iIII
MD5:	261C590233621335BA68980D1C542907
SHA1:	7F279596AE3E35E7737B7752E4BB87FDD55230D0
SHA-256:	D78D9DEA3B96AAD8EB0766FF8CF34237BDE6393E3133A4A522ED96E2A2401FF0
SHA-512:	F6E53DC277226B841D252ECDA12FB85DA57EF0AAB451E88C8E98E4B4FD8957E59BB7601980D3651938869D16660D8CAACFA52E750ACAFBF15CBA00C5E9C33B2C
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/img/sprite.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="207" height="165"><svg width="49.941" height="13"><path d="M21.56 8.668l-.538 1.66a.122.122 0 01-.123.09h-1.302c-.079 0-.101-.045-.09-.112l2.244-6.475a2.039 2.039 0 00.112-.684.075.075 0 01.068-.079h1.795c.056 0 .079.012.09.068l2.548 7.181c.022.056.01.101-.057.101H24.85a.113.113 0 01-.124-.078l-.572-1.672zm2.178-1.403c-.225-.74-.674-2.098-.887-2.895h-.011c-.18.752-.584 1.986-.875 2.895zm2.802.415a2.977 2.977 0 013.255-2.951c.09 0 .202.011.37.022v-2.21a.071.071 0 01.078-.079h1.414c.056 0 .068.023.068.068v6.63a6.323 6.323 0 00.045.819c0 .056-.011.079-.079.101a5.637 5.637 0 01-2.21.449 2.686 2.686 0 01-2.94-2.85zm3.625-1.593a1.162 1.162 0 00-.415-.056 1.497 1.497 0 00-1.605 1.57 1.404 1.404 0 001.493 1.594 1.582 1.582 0 00.527-.067zm7.986 1.514a2.77 2.77 0 11-5.532.034 2.746 2.746 0 012.794-2.906A2.671 2.671 0 0138.151 7.6zm-3.95.012c0 .987.46 1.616 1.212 1.616.651 0 1.145-.561 1.145-1.594 0-.875-.36

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\start_forgot_password[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	13796
Entropy (8bit):	4.591389508784285
Encrypted:	false
SSDEEP:	192:Qe34V2y977KyViS4X3xurAJxLofMLYQI7m1M/lFAlGqboQy0:Qe3UNHlCHxurAJ+fMLYfSa/Coq
MD5:	445601D110889088C695F4A401340B4F
SHA1:	756C34C5183855082402570469064FABB19D7B26
SHA-256:	4E7ACC1F6A0A7177A79DADE470906A6202DA2C5F06830597128905ECE452D4E8
SHA-512:	7FCA0AF969CA0669095DB832A2EF49668B5DCA820B66A0A3DE34B3A5FE3AE766D177EDE6CCA14B464F38C02594109F30E328AEEC9CE6922A90333E9475B39A61
Malicious:	false
Reputation:	low
Preview:	<!doctype html>. [if IE 8]> <html data-placeholder-focus="false" class="ie ie8 lt-ie9 has-dob-explanation en us spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. [if IE 9]> <html data-placeholder-focus="false" class="ie ie9 has-dob-explanation en us spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. [if gt IE 9]> ><html data-placeholder-focus="false" class="has-dob-explanation en us spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge"/>. <META name="ROBOTS" content="NOINDEX, NOFOLLOW">. <meta name="mswebdialog-newwindowurl" content="*"/>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <script>. window.marketingtech = {. adobe: {. launch: {. environment: 'production'. }. }. };.</script>.<script src="https://

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	12077
Entropy (8bit):	5.538904548057913
Encrypted:	false
SSDEEP:	192:pxznyioGrVm30ncqd6JzMgoHSgwZ2Nfc+SsUEuPJeGjQVMG1HeZgkeDYGOr:Hjy2F6JzFeSgwZ80+SfEuPJeG8VMGRed
MD5:	243F7FD9CAE05B6ACFDAC72DF1F4345D
SHA1:	D9EBB00C579D0F0AAC94593D27AAFAB8E5411084
SHA-256:	D7CBA1AA4A4B5FF86036DBF41817B6DEE997BC5A8D4DA2FC8DD76BAEB9B4B3E3
SHA-512:	3827F97054842861B9C6B4A25F7947E8DF05CBF626165999CED20A22BF352710960B5ADBBE227DA49DF5932D6E4B9CF25F6139F00113CD58D53C0D7CD01A6BF1
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/js/bg/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ Function('var V={},z={},QJ=function(m,E,Q,C,N){for(((m.F=false,C=[],(m.i=false,m.X=(m.G=function(a,T,p,e,w,U){return(U=(w=(e=function(){return e[p.K+(w[p.B]===T)-!U[p.B]]},p=this,function(){return e()}),p.f),w)[p.P]=function(M){e[p.N]=M},w[p.P](a),a=w},0),N=0,m).R=void 0,m.l=0,m).W=void 0,m.I=function(a,T,p){return p=function(){return a},T=function(){return p()},T[this.P]=function(e){a=e},T},m).c=25,m.a=[];128>N;N++)C[N]=String.fromCharCode(N);(P(m,(P(m,(P(m,((P(m,115,(P((P(m,68,(P(m,(P(m,57,(m.m=(P(m,153,(P(m,(N=(m.WM=(P(m,(P(m,61,(m.zY=(((P(m,98,(P(m,90,((P(m,(P(m,(P((P(m,(P(m,(P(m,167,(P(m,13,(P(m,(P(m,(P(m,1,(P(m,139,(P(m,126,(P(m,121,(P(m,(P(m,(P(m,(P(m,89,(P(m,(P(m,125,(P(m,(P(m,(P(m,45,(P(m,190,[(P(m,210,(P((P(m,(P(m,92,(m.H=[],m.$=[],0)),93),0),m),59,2048),function(a,T,p){f(a,1,5)\|\|(T=a.b(),p=a.b(),P(a,p,function(e){return eval(e)}(a.O(T))))})),160),0,0]),function(a,T,p,e,w,U,M){if((e=(p=A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1156
Entropy (8bit):	5.071921086424176
Encrypted:	false
SSDEEP:	24:15PA+E6K7eVgvf2I+LPPJ9ZLvaMLArqY4DPuDkpuH4R9pQFE7xJth:15wv7+iOI+zPJ9ZL11sYR8oh
MD5:	874AF66713F6E94795105EDDA06B8862
SHA1:	8170ECB4E7035259DC937A968276934DF7BA7A2A
SHA-256:	B0B3245C99A3E17E2472DE4AFDDFBFBBDE4D357B0D2A9B6581B76257968FF058
SHA-512:	3AAE5DDB65534B7198B2D0A4E2F4B9DFFD373ECD21C133A75CC9781DDED1DE5183AE0D677C005102510596A9147909ECE88D52C0A0B09E415625B28F6BB42F72
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC1a83c357d323419db9d2ba211efeeaae-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC1a83c357d323419db9d2ba211efeeaae-file.js`..var w=window,l=w.location,h=l.hostname,path=l.pathname,dataElementName="digitalData.organization.dnb";if("www.adobe-students.com"==h\|\|"www.substance3d.com"==h\|\|"labs.adobe.com"==h\|\|"magazine.substance3d.com"==h\|\|-1<h.indexOf("photoshop.com")\|\|"stockenterprise.adobe.com"==h\|\|"pages.adobe.com"==h\|\|"experience-makers-international.adobe.com"==h\|\|"trainingpartners.adobe.com"==h\|\|-1<h.indexOf(".adobeevents.com")\|\|"colour.adobe.com"==h\|\|"adobehiddentreasures.com"==h\|\|"www.adobeexperienceawards.com"==h\|\|-1<h.indexOf("acrobat.adobe.com")\|\|-1!==h.indexOf("esign.adobe.com")\|\|-1!==path.indexOf("/experience-cloud")\|\|-1!==path.indexOf("/events/")\|\|-1!==h.indexOf("magento.com")\|\|-1!==h.indexOf("marketo.com")\|\|"futureisyours.adobe.com"==h\|\|"api.spark.adobe.com"==h){var dnbScript=document.createElement("script");dnbScript.src="https://ade0164.d41.co/sync/",dn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\anchor_002[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	21078
Entropy (8bit):	6.072006426048475
Encrypted:	false
SSDEEP:	384:mQ93Ya8rWCjUel4FKPho6d6lXF+AIPjQH28d8/ttaGdfPj5NBNzNXkVdkVZ6faRE:m63YfrWCAel8KPhld69F+AIcH2D/t8om
MD5:	771BA31A3C874164CE28C0111000A280
SHA1:	A8A63766A358178CFA245EE70189602B59272EBC
SHA-256:	D4E3B1A8AD5230EEC49D545C0246EA4E7455720515A08158938129F10E12E72A
SHA-512:	9AFECC90553F7A1B250D385F29D71830BEF3C8F5961436D23051F6A25D16FF2568BE1E71F30E78F84452E85BADEB6E36930FD66635387AE697DFFA97ACE0AF53
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm
Preview:	<!DOCTYPE html>..<html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge">..<style type="text/css">../* cyrillic-ext /..@font-face {.. font-family: 'Roboto';.. font-style: normal;.. font-weight: 400;.. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu72xKOzY.woff2) format('woff2');.. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;..}../ cyrillic /..@font-face {.. font-family: 'Roboto';.. font-style: normal;.. font-weight: 400;.. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2');.. unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;..}../ greek-ext */..@font-face {.. font-family: 'Roboto';.. font-style: normal;.. font-weight: 400;.. src: local('Roboto Regular'), local('Roboto-Reg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\creativecloud_appicon_RGB[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	325213
Entropy (8bit):	6.002888297598332
Encrypted:	false
SSDEEP:	6144:odRTYu5mkbS3hAQTPfrN0PbZJc0us8cQddgaOUT6GeUmOV+//j:odhYu5s3bT+jZJc0ONeE+//j
MD5:	38F975D3AB4A57F1FE96E61C16134D13
SHA1:	0563B6DC1DB3430A08BE36C9F991B1E4F6D9F3EB
SHA-256:	1969F8BB64537C2E728072984C4F613521DB02CB76E1A2981CA62596316EF32F
SHA-512:	77177318FD9D4ABB466C4CB3D71253E21E5ADD8FCEEF72CAF7F71B30654C346E4E5B3FE27E613043177F1E0430703D24A8677D49779041A68E216E3E6E581B11
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/mnemonics/creativecloud_appicon_RGB.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 56.0016 54"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Asset 3</title><g id="Layer_2" data-name="Layer 2"><g id="Layer_1-2" data-name="Layer 1"><image width="768" height="749" transform="scale(0.07292 0.0721)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAwAAAALtCAYAAACfLANmAAAKQGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAEiJnVNnVFPZFt733vRCS4iAlNCbVAUCiJTQixTpohCSAKGEGBJQ7Iio4IgiIs2GDAo44OgIyFgRxcKg2PuADCLqODiKDZVZ0bVG37z13ps334+7vvOdvc89e3/7AND8g0XibFQFIEssk0b4ebFj4+LZxD5AgQwEsAPg8XMkIXN8IwEAAny47JwIPy/4F7y6DohifcXKP4zNhv8PqnyJVAaAhAHAdIEwhw+AFAJAZp5MotDHAICZnKHgKE7BpbFx8QCohoKnfubTPsV85h4KLsgSCwBQxZ0lgiyBgncDwNpcuVAAgAUDQFGuSJgHgF0FAKNMeZYIAHujyM0S8nIAcDSFLhPy0wBwtgBAk0ZGcAFwMwFItNSvePJXXCZcKFNUz82WLJKKUtNkbDO+OdvO2ZnD9hfmZQplMqswHj+DJxWwudlZEp54EcDnmj9BTdFbdoAP19HO2dHRyt7a7qtW/tfNvwmFt58jX4R/8gxh9X7RvuCLll0HwBkHwDZ+0ZKrANpXA2jc/qIZ7QRQLgRou/hVPSzFvKTJZBIXG5u8vDxrkZBvrWjon/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 30852, version 0.0
Category:	downloaded
Size (bytes):	30852
Entropy (8bit):	7.984807144630824
Encrypted:	false
SSDEEP:	384:yT7fLnH4B904aGBOfBA5ruEox7PvHxsFq36CoGkqzyAL6cRHbHOkhBnKW8x+OBE8:wz+93akYVEcP/ig6Nh+me7HLBnK1Pa8
MD5:	2383221A61DC528B8F8347EA9867283B
SHA1:	2189D387E9B87E57E1204E3A598382C9EF3F0B13
SHA-256:	1E2A41A4435E2BE7352D1DE918E1D6D3942ED7B0E3E98BB75B8E8AAEBC20FD03
SHA-512:	D528A9615F8AA54850269AAC9A8BADDCC7E70ADB54A0274414DE1EFDEB2F24A50EAF945435058BA311BA6C3B75E6BE02A139ABC7E7B32A1AAFBF9A4CA927B163
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?subset_id=2&fvd=n4&v=3
Preview:	wOFFOTTO..x........(........................BASE...D...F...Fe$].CFF ...0..\...os5.Y=DYNA..`............3GDYN..a.........s-.#GPOS..bt...u..$..~.sOS/2.......Y...`\Wv.cmap..w,...V......3gasp................head.......4...6..%uhhea....... ...$...Hhmtx..t....)...H.$.Imaxp...(..........P.name................post..w........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................\..............x.c`d```5.._&....+.3........p..?.?/K... ....$..H...x.RKn.0..9N...Qt.5.v..R 8.Wv..Y%...%..........0...]t.S...@G...M..!q.{3C.Q....<t.o.=.a...^a...>...>9....a.........J.....O.=..b.{.x{......p.......~8\|......$.....:..U.h.84F...e].ul.J.I...f..F.u......2.q1..,.#...xr5..m..N]......N..,D..].P..ii.e...Trx6.....6I(#...z..S]..9Tz.1rY.f....'..U.G..P..D..P".&^....8.,x].....7.....e..sl.F.Jc#.Y..s...Th............aL.....E...t..(;..U...;....,......^H...LJ..g.x.A^[....X.._.g6.kb..}G..%.n.e......}.X....]?g^;~C.^4..t...<...x.c`f\|.8.......).....B3.1.1*.E.Y..XX..X......P............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 79560, version 0.0
Category:	downloaded
Size (bytes):	79560
Entropy (8bit):	7.996155243630696
Encrypted:	true
SSDEEP:	1536:Yh3JVv6cc7AGPtiEkux971ZNHAI1QnopoLR114OWX5mf7etNtGNjurk:A3Ja1/RHB1Qocz14O0tK5R
MD5:	197454CF06BF818E744D55E33CE366D6
SHA1:	4C5B0534B68F945341517D86AB03B699F6037C04
SHA-256:	B442E22F463E04BC0A741FA42DC7DAD4F31FE7D86A1228DBC9F77110E5DF4631
SHA-512:	6697B04726F74CABCA3A61860013B6FF9308EA87908507B08D5BABB6DDFB7695FD9D5EE1B588DA12542F6956908B144FF9F2EACA7CDBF718E40444D4ED3DE013
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=i4&v=3
Preview:	wOFFOTTO..6.................................BASE...0...F...Fe$].CFF ... ......4)..`.DYNA...........\|....GDYN............. ..GPOS......2...c.v[XOS/2.......[...`\X..cmap..0X...p....."l.head...x...4...6.:%Fhhea.......$...$.$.Mhmtx..)........</V<2maxp.............OP.name...........~.'..post..0@....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................\......x.c`d```5.Z...%...+.3.......P..._.?7.!.E.&.f ...HW.gx.uRKn.0..9...m.U.]..@(Y..;..N...6.$.`}\.1.#....A.=I....I..8\|of..$..........p...z.X\|.O.lq........=..7.O...UN.....,v..YZ..['...W.W...\|........>v.,>E.Y>....b.c%..Z....").]YEZ...g.....]...U.g.._g*f:..$.~?..o&....L3t;.>./UU.e!Z..B.....IY.E_z."...V.z-.4.e(...h..t]}.m.eR.z....y.x....9.!.......B...x..jh....N...3...V.F.q.....fj.S\..{.\|..M..KAg.5.6AH../.bD.....A.t.UgF.n....KSAM..;..;...4......=.V-.kr..n.lN.-.......C3....j..h.....f.w.o.oN..Wx..b......!g.z.8........x.c`f..8.......)....o......`....fefba.dbQ``jg```d..G.'W O.7...l..._.~)00...1>b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[3] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 81808, version 0.0
Category:	downloaded
Size (bytes):	81808
Entropy (8bit):	7.996443238356763
Encrypted:	true
SSDEEP:	1536:4csTT32xE5n9+cW6Kn5Gtxu4r3oDRcG9ocjMC2aCHHGkw2kxHskZMmhi1xOEEk+I:JsPue9XfKYtxr3oD+G9oUM6wZMHsOMm+
MD5:	5EB5B41768501231860067DAA654D260
SHA1:	5BC705F510E7D9B6415277A23EC59B5BA5535708
SHA-256:	F57B486B8141D7ACADDC4B3ABE6E76E8EC7BA3B2D124C0999EC47D58C0EF74CE
SHA-512:	212FFB96F4A68AEB4F559D90196F804959499F83E494956F71114DB1CCF980ACD9461BB5890579345142199933E84788A7440380CF320E269F8F6D5254233B4C
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n4&v=3
Preview:	wOFFOTTO..?........D........................BASE...0...F...Fe$].CFF ... ...q..=.4TJ.DYNA..............GDYN...\..........P.GPOS...L..3G..g....OS/2.......Y...`\W..cmap..9,...c......r3head...x...4...6..%uhhea.......!...$....hmtx..2........<h.r.maxp.............OP.name...............post..9........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................\......x.c`d```5....r........(.p>94.F......\|..ef`....>...x.RKn.0..9N...Qt.5.v... .Wv..Y%...%....cH......g...g..:.X4M.."(.{ofH>..k\|.....l..W.Z...L.>.;.8.%'w..C..>..\|r..>>S.u_2..a.o....z....\|.>:.%....o...}g.p.Ig.(...b...-....7..U....b..b..S..nt.c.._.:.gz...u$.~4._O.#[..sWd.v2}"..u.U.hUws.H..(..w./...GE..Y.<K...h...1.K.7...dF.....7.z...0.W......8.Dc,Q!.&......W.J,X.......V.s..a....F._M..1.._Q..RZ....cr#..^w.....e...T..?S..[...J.v7.wY1...u...{!m7.3)Y.....y.....Z.qC.#g.lN...#;.....}.aW/.s..}...~.N.....7...#.C.;. .......x.c`f\|.8.......).....B3.1.1*.E.Y..XX..X......P............6............1-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[4] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 83244, version 0.0
Category:	downloaded
Size (bytes):	83244
Entropy (8bit):	7.995850450079848
Encrypted:	true
SSDEEP:	1536:vZrJAtq4y/9jbdwr39OV+SIT0s4ui8ixe/JtYwJ4mDuEP0zBKuH8bdt9:xaEllCZOAE/PxePtemDuEPWHMdn
MD5:	4DA3050A6F16D186BF3AEDEE083F4E64
SHA1:	898429AC4F32B0AC72301B60658DB8FBA06D13C7
SHA-256:	F8E005529C020829456CF0992CAE971A30B413CC081FB13038D8F4BB4746F38B
SHA-512:	D4D31AD5989B74A2063110B3F30254BE60B46CFEFA8AFA9ED525FAE2AF6ECB64C016BE77B635D894FA5AD43653A969530B722CE60D94ED0609944634E814984F
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n7&v=3
Preview:	wOFFOTTO..E,.......@........................BASE...0...F...Fe!].CFF ...$...t..ER..x.DYNA............n..GDYN...\...........#GPOS...H..2...gz.b..OS/2.......Y...`]...cmap..>....c......r3head...x...5...6..%ghhea.......!...$....hmtx..84...~...<..f`maxp.............OP.name............E@..post..>........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................Y......x.c`d```5.Z9-, ...+.3.......P/....??...[.....L Q.W..0...x.}..n.0...t..B.\q...s.D..UB.[.v...&..I.w...%.*....@....Ix..8....r.........+\|...9......:......w.f...C\|r\|..xp\|...0..?..w..^{..........s...C..7.Gx.{...Y.... ..\gJ...Qe#......N.......oW..3.zGc.?/TZMt..2....d:...8i=4^M...7.n..]..\.2...J...vb .y...t..Y.b..2..0..$^..=.}......}uW...<y.l.E.$.=..".HHc....s....K~......5...Z_.i.............S>.....,..&....c....}j.g.._1...j....V.2..c.k..=....hYQe.9+V-.k}.w7..d...%...f6>.sh....;.=<..a..-5.f2...\.pGu.}W.G....kJ.........x.c`f.........).....B3.1.1..E.9..XX..X......P...........6...........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[5] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 80424, version 0.0
Category:	downloaded
Size (bytes):	80424
Entropy (8bit):	7.994813985808204
Encrypted:	true
SSDEEP:	1536:/uaSqCkrtzYdCGGvwgCpmSzuK2cP77HPxnO7KQnvqRIa9:GECk5kdLGBSB2AH5IKQnvxk
MD5:	F544DC44E2796BA940C0AD8E429F046A
SHA1:	AC51462737D7A55F38514C54B38F3D1D13EB3F29
SHA-256:	A7F17C9602FEB42BCA6769DDDDDCEAB0DD3F07D408634B34EB195CDBCC06A2C7
SHA-512:	AB36ACD984EEB1C55611EF6EA09F8603DAFF0347C20574800E1AFCB248DF3D8E7B5C40D1633E2273CA3A7F7C56707CF5626697CEE8341DDDEF8E405758A6C323
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n3&v=3
Preview:	wOFFOTTO..:(................................BASE...0...F...Fe(].CFF ... ...c..88.k..DYNA.............GDYN...H........p...GPOS...8..3...g..W..OS/2.......W...`[..Hcmap..3....c......r3head...x...4...6..%`hhea.......!...$....hmtx..-<...s...<,.~.maxp.............OP.name.............8..post..3........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................`......x.c`d```5.:~...x~...../."..CCa....l,v..\f.&.(..C.dx.RMn.@.}&$U7.......-+.V. 5R$"...a... {.......r....^.G..y<mQ.....\|.g......Cs]q6..[....+\|p...0u.M...s.....f~u......_s.....{..-t.O..a.}q.M....Qz....h..w..>?._...-.X...2:..].(.]QFF/.....%..LW....oR....fz..Fe(.^8..'C+..K.`u:..g\|.e...h..s.K..pS.E..EOy...h....i..2..@....cv..9..61rQd].#U]....A.....!.Cq.FX.@.M<....q.... [....rKH.K9.fH..LeW.OM..)..o..L....j..O.".Bz\|..!...b..E.R.e\.e4.U..........B..i;.X.Pel.r.....$...l..-.j......v.l.......r.~..U[.).....u."V'F.....O.G......x.c`f.........................L,,LL,..L.@yF.(ptqr.R..Y...gc``...K..q>H...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\d[6] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 83596, version 0.0
Category:	downloaded
Size (bytes):	83596
Entropy (8bit):	7.9957064314475845
Encrypted:	true
SSDEEP:	1536:A42w8GkfEEj2CbPhwwSwpnSgjUCKYfSTxDlONsm9:Ar5zqCb57lACKiMhONsg
MD5:	A5566F9F87458954D8ED7DC153273E78
SHA1:	5FB8952CFF5FADBC0A3FB3DFCBC2673D8307A3C4
SHA-256:	9D91C86868C0BED0FD54BAAE8720937F765D98633A3FE3AE3AB8A04C7BCF9C2D
SHA-512:	DCBB0CB7FDD3E7E3E70B7B517C89CDE2E30529D69F377BA094A90E40F7E4C040F9D02E83974AF596D4F02BFEDBE4289D69D14621924ED70B4C362D72967A9A31
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n9&v=3
Preview:	wOFFOTTO..F........P........................BASE...0...F...Fe.].CFF ...$......H.CS..DYNA...............GDYN..............@,GPOS......2...g.....OS/2.......W...`^B..cmap..@(...c......r3head...x...4...6..%phhea.......!...$....hmtx..9........<..VFmaxp.............OP.name............a..npost..@........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................U......x.c`d```5.zz...x~...../."..C=`.....,.._....L Q.....x..1n.0...9N..F{..{hZ..;...@39...L.d....;w..#..=@.^.G)....F:X......'.$.......e..j..7.....0w.f...#\|v\|A.o.{......[...r..:..}q\|....q.....Qy.._@tJ.=....+5..U.k.\|.....H.j_V..+)&y...fkj........\G...Q.-..1..P..p<....Vb..V..\|:...AWuZ...._._*....$eq....U0.E...Z.i..P.#.^.o.._...i......5.T..+.Gq..&x....1$M.B......j..O.;.?a..Gk.. m].!.@.....v..............yJ......B....@.1ko..Y..............5O^.....B..i;...Rel.......I....;zf.k4kFs..>.sd]N...a....0..{.2z..4{...K5Y...w.q.<.......tx.c`f.`na`e``.b.```...q.F..@Qn.f&..&&....v.<#..8.8..)..,L...100.e....8.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ecr2zvs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	17272
Entropy (8bit):	5.5650961397748
Encrypted:	false
SSDEEP:	384:R12tpIgIPs51iRm2lIew42noFeFsP9btiCtpIaCR:Rvq1iRm2XwMqsbbt6J
MD5:	FF5E7D2A7992C87A4D4CB76C40D766B0
SHA1:	72B91FB347AB6D684000B325C4E6F21FE95EABB7
SHA-256:	9F7EDC893EB780CE16C4190C220C36EDF430ABD19CDE41B6C53A300952EE9E91
SHA-512:	0C0270BE72C86EB1E43269D0EE72C80746E58A794F3A81C4986F53931F96B940A2D56322A031220F4F75D54B0C545BF10ED373EB80BA1E15731F715BE8F95BA1
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/ecr2zvs.js
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/000000000000000000017701. * - http://typekit.com/eulas/000000000000000000017703. * - http://typekit.com/eulas/0000000000000000000176ff. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1164490","c":[".tk-adobe-clean","\"adobe-clean\",sans-serif"],"fi":[7180,7182,7184],"fc":[{"id":7180,"family":"adobe-clean","src":"https://use.typekit.net/af/cb695f/000000000000000000017701/27/{format}{?primer,subset_id,fvd,v}","descriptors":{"weight":"400","style":"normal","display":"auto","subset_id":2}},{"id":7182,"family":"adobe-clean","src":"https://use.typekit.net/af/eaf09c/000000000000000000017703/27/{format}{?prime

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\enterprise-id-faq[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	89095
Entropy (8bit):	4.589949419688469
Encrypted:	false
SSDEEP:	1536:pINSUKJtyLWV63y+1VfFYuzsX75xZsF8OxZsPvI:pSSUKJIy+1RFYuzsX3ZgZgA
MD5:	17DECDB9401DE1FD52D1E273BA2B53B6
SHA1:	62C97CA5B3FD13CC67E2992D7CECDF1AC1596978
SHA-256:	90434E16F7C0D9FAA1C74556FC09FA4E6B696FADC7AE85AD5E3DAD9131C17B2A
SHA-512:	9BE606119DBD6DC79801D37956FD848B9551C516F5D0C05113E985F5DAC2D062AFB28436FF870AFDF37CBD197A0DE795B3D8A20E8018A97C2D67410A5963D022
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/enterprise/kb/enterprise-id-faq.html
Preview:	<!DOCTYPE HTML>...........<html class="no-js" lang="en" dir="ltr">. .<head>.. . . . . . . . . . . .. . . .. . ....... . ............. . /* Initialize custom Beans for Learn-support model */ -->.<script src="https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js" nomodule></script>....... PUBLISH STAMP.<properties>..<property>...<name>ServedBy</name>...<value>LOC PUBLISHER</value>..</property>..<property>...<name>ServedAt</name>...<value>Thu Apr 22 10:42:49 UTC 2021</value>..</property>.</properties>.-->............... <title>Sign in to Adobe apps and website with your company or school email</title>-->.<title>Sign in to Adobe apps and website with your company or school email</title>.......<link rel="dns-prefetch" href="//assets.adobedtm.com"/>.<link rel="dns-prefetch" href="//sstats.adobe.com"/>.<link rel="dns-prefetch" href="//use.typekit.com"/>.<link rel="dns-prefetch" href="//use.typekit.net"/>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\icomoon[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), icomoon family
Category:	downloaded
Size (bytes):	4488
Entropy (8bit):	6.018216919420999
Encrypted:	false
SSDEEP:	96:qyDxGkaIP4fEXCbJLgUWRX8hovu1JiQfU/FlPV2DG:5/d4eC9MNRXgov4bfUdlPV2K
MD5:	450AEC871D955147B44876047BF51A14
SHA1:	777C0584C3BDE3BE03D787021E6E0054A3945A8D
SHA-256:	5E33E6E3EFB4CFDF2DBD06583A2E8774CB6ED5953D0CB637F5681E923C9B9B3F
SHA-512:	ED42C4D3152E665AD0E260C475BF0B90EB7A0D3196F2DE3D3760D4084591CC631D5B3B8319A017DD920D158818B4379571C1D46679439F20CDDD21DEE198144F
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/clientlibs/fonts/icons/icomoon.eot?appork
Preview:	..................................LP........................[.H.....................i.c.o.m.o.o.n.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.m.o.o.n................0OS/2...........`cmap.s.........dgasp............glyf............head......X...6hhea...........$hmtx9..........Dloca.d.........$maxp...H....... name.J.....<....post........... ...........................3...................................@.........@...@............... .................................H............. ............... ............................................................79..................79..................79...........G......."&'.&47.62...........#...(..e.....U. ...S .(.@.....U......U..... T........-..........."&'.&4762...62.......#...<...---y-..Z-y---.K.@"@...[-x-....[---y-.-...............!......#"..54>.32.....'....7.7'7'..P..kl..OP..kl..O...G..L..G.H..j..RR..ji..RP..k....L..H..H.L.............+.@...".................3267>.7..32>.54..#."..54>.32......#.UY.tC$ .D=-............,=E.3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\imslib.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	46020
Entropy (8bit):	5.247108485619506
Encrypted:	false
SSDEEP:	768:6y/BMM1ALvYYtNwaIQzhxmQuLWpXcFJw+YoSorR:hgjia012XcFJHYoSo1
MD5:	B439B689448BCAF4ED270F5AF5477C37
SHA1:	6E71ACE46CA64143CA6C7373D2C3DB960EB8F5C0
SHA-256:	4492E3E27970CDEF4E460DA2FA944B12C09AF19575447F91DFECD9D587818A0B
SHA-512:	9541DBAEBE8CC3DA98259BFD0AFB003BEFF471C91CACBA35E446B199D961C55DA1642485B6E00F73949AB65BA9C2EC5EBE7E48833FD61588B18C10C8FDD4D9FF
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/imslib/imslib.min.js
Preview:	/! imslib.js 1.13.0 18d23dc-b2b44fe /.Array.prototype.every\|\|(Array.prototype.every=function(e,t){"use strict";var n,i;if(null==this)throw new TypeError("this is null or not defined");var o=Object(this),r=o.length>>>0;if("function"!=typeof e)throw new TypeError;for(1<arguments.length&&(n=t),i=0;i<r;){if(i in o)if(!e.call(n,o[i],i,o))return!1;i++}return!0}),Array.prototype.forEach\|\|(Array.prototype.forEach=function(e,t){var n,i;if(null===this)throw new TypeError(" this is null or not defined");var o=Object(this),r=o.length>>>0;if("function"!=typeof e)throw new TypeError(e+" is not a function");for(1<arguments.length&&(n=t),i=0;i<r;){i in o&&e.call(n,o[i],i,o),i++}}),Array.prototype.includes\|\|(Array.prototype.includes=function(e,t){"use strict";if(null==this)throw new TypeError("Array.prototype.includes called on null or undefined");var n=Object(this),i=parseInt(n.length,10)\|\|0;if(0===i)return!1;var o,r,s=parseInt(t,10)\|\|0;for(0<=s?o=s:(o=i+s)<0&&(o=0);o<i;){if(e===(r=n[o])\|\|e!=e&&r!=r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	41558
Entropy (8bit):	4.858383418584702
Encrypted:	false
SSDEEP:	384:Qe3UNvlCHxurAJQfM0YEq3dmDtv0wR4YOyHFVUcwnz/S+hzqC9Ov:Qe3IvlCRHOfMcGmpv0wR6q74/SfC9Ov
MD5:	8B9887A418256428782F77238AEEFF36
SHA1:	401C9025F9FBD60AD6F6F5ECBDFCDD3482B4E4CF
SHA-256:	E8483EA4DB37A2927F965C2D17D12C70FC0B5351C73F24DDBCC4D3EEEA34A1DE
SHA-512:	B69EE433329885BE473F382918FA550971949A22573B732C955B712F934EF05EBC441CC46CBC64D786875B81DAF9B4963E4193CB2B4306251A3500C449FEDA15
Malicious:	false
Reputation:	low
Preview:	<!doctype html>. [if IE 8]> <html data-placeholder-focus="false" class="ie ie8 lt-ie9 has-dob-explanation en us spectrum--lightest" data-pagename="login" lang="en"> <![endif]-->. [if IE 9]> <html data-placeholder-focus="false" class="ie ie9 has-dob-explanation en us spectrum--lightest" data-pagename="login" lang="en"> <![endif]-->. [if gt IE 9]> ><html data-placeholder-focus="false" class="has-dob-explanation en us spectrum--lightest" data-pagename="login" lang="en"> <![endif]-->. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge"/>. <META name="ROBOTS" content="NOINDEX, NOFOLLOW">. <meta name="mswebdialog-newwindowurl" content="*"/>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <script>. window.marketingtech = {. adobe: {. launch: {. environment: 'production'. }. }. };.</script>.<script src="https://wwwimages2.adobe.com/etc/beagl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\main.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	13691
Entropy (8bit):	5.381448070810353
Encrypted:	false
SSDEEP:	384:OYICUsySZX0Ljd0kg41VOEMFWKjzI4omXFKJvm4Qrb7H9g:OrTUUjd0zBEMFWCI+xg
MD5:	2DFF659EF77A2D4E7D76BF2CFC77C59D
SHA1:	6852E5A30F3186122B4CE704DA88D6BABBC4A8A3
SHA-256:	4CF1ADE01D47C67B3312F6750D7BAAA76C1CB0D1384FF654B255DE1A859DE959
SHA-512:	E279C04EE7ACE51A60E9E020BD272122CAD995BD4FA8D4F5658C506F788D33CBBCDCB83A63D8A2513980690D0F30B4927A71766ADD5AEBF6DA680090D2D69DA6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/marketingtech/main.min.js
Preview:	!function(){"use strict";var e,t,n=document,a=Object.defineProperty,i="replace",o=function(e){return e=e[i](/%2523access_token%253D.?%2526/gim,"%2526")[i](/%23access_token%3D.?%26/gim,"%26")[i](/#access_token=.*?&/gim,"&")[i](/information=[^\&]+/,"")[i](/puser=[^\&]+/,"")[i](/fnuser=[^\&]+/,"")[i](/lnuser=[^\&]+/,"")};try{var r="referrer",c=n[r],s=o(c);s!==c&&a(n,r,{configurable:!0,value:s})}catch(e){}e=window,t=function(){function e(e,t){u.add(e,t),f\|\|(f=_(u.drain))}function t(e){var t,n=v(e);return null==e\|\|n!=p&&n!=h\|\|(t=e.then),v(t)==h&&t}function n(){for(var e=0;e<this.chain.length;e++)a(this,1===this.state?this.chain[e].success:this.chain[e].failure,this.chain[e]);this.chain.length=0}function a(e,n,a){var i,o;try{!1===n?a.reject(e.msg):(i=!0===n?e.msg:n.call(void 0,e.msg))===a.promise?a.reject(m("Promise-chain cycle")):(o=t(i))?o.call(i,a.resolve,a.reject):a.resolve(i)}catch(e){a.reject(e)}}function i(a){var r,s=this;if(!s.triggered){s.triggered=!0,s.def&&(s=s.def);try{(r=t(a))

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otBannerSdk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	349017
Entropy (8bit):	5.31760027140353
Encrypted:	false
SSDEEP:	3072:z9i74sroLe3xdPsKiaDj2HKzd5oYEJFsEv8D66:ql3xdPsKiaOHKzd5bEJFpv8O6
MD5:	09842127B6FE7CD7FED7BE501A5E0EE8
SHA1:	41A188777AC1C69C98DD0E11F6C30C2F21E02510
SHA-256:	6A13B93C05AF6EC6255B737032AA3F5D1F4823ED2D57D12C0735BD2C4ADC8EFC
SHA-512:	C4B869C46015D0D85AA5CA5202836D08F7B82DD063D836066407755D02B8E985538B294CCD473370B2969BE2A750AC90CAE49507DE1B6C7CF893B722B26F4F36
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Preview:	/** . * onetrust-banner-sdk. * v6.9.0. * by OneTrust LLC. * Copyright 2020 . */.!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var s=function(){return(s=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var s in t=arguments[o])Object.prototype.hasOwnProperty.call(t,s)&&(e[s]=t[s]);return e}).apply(this,arguments)};function a(r,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{s(a.next(e))}catch(e){t(e)}}function n(e){try{s(a.throw(e))}catch(e){t(e)}}function s(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}s((a=a.apply(r,i\|\|[])).next())})}function d(o,n){var s,r,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){retur

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otSDKStub[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	17376
Entropy (8bit):	5.343827110329912
Encrypted:	false
SSDEEP:	192:wQp/LPwSNkXylwshci9wfW0vMfPPVMmXUxcjz3ZYVO2zswGBF27iIvZo:jR7MiOsrjyMfPPGg3ZOowGv2uIvZo
MD5:	9967D00318D7874F3531B1C7FF3DD155
SHA1:	30947E4D753FEE6D3817CF08EDA4861ADAA76DED
SHA-256:	40F12E335914950B4F2058DBCBBEE727F3F7542399EC6B2E98256480EA91AA49
SHA-512:	DFA75FBADC89FB18F693F5FC1E930F00E76EB831FABFE3E13B8D090BD7B4B07508E20DC43E6F66E16E5D8DA0FFA796815083EB3813DEAF0CC49C923D5646230A
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Preview:	var OneTrustStub=function(e){"use strict";var t,o,n,a,i,r,s,l,c,p,u,d,m,h,g,f,b,A,y,C,v,I,S,w,T,L,R,B,D,_,G,E,P,U,k,O,F,V,x,N,H,M,j,K,z,q,J,W,Y,Q,X,Z,$,ee=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t\|\|{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\p[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=ecr2zvs&ht=tk&h=adobeid-na1.services.adobe.com&f=7180.7182.7184&a=1164490&js=1.20.0&app=typekit&e=js&_=1619201952028
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\spectrum_capsindicator[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2480
Entropy (8bit):	5.250730105662368
Encrypted:	false
SSDEEP:	48:lqWe71ALA7DOv6fOu2OiaUU3WciBFtV+DoHOfWzy+2CNosQJsszh14PdDWp8m2kh:wWe7kYBuVB/BbVNHdTFmsYd4PZf3koS
MD5:	61B00E92C411F2271A6E349CB022AB34
SHA1:	1F0F301CFD2FA706CE5CD68F8DCEC878D0B39C54
SHA-256:	38576CA6DD9CB727B19D59DC728DD4CC18B646CC6732ED07EA6FCC51D9A30ACA
SHA-512:	A3F36F31D00018D01836148938BB860ED87C8EC3E46D5C759F6F5FCA9CE79311062E8762F7B5D54D6EA0C802F0D303A68A104D72888A8F2B288A0CBF19FBD933
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/script/spectrum_capsindicator.js
Preview:	$.extend(!0,components,{capsindicator:{init:function(n){if(!components.utils.isMobileBrowser()){components.utils.wrap(n);var o=$('<div class="caps-indicator"><span class="caps-indicator-img"/></div>');$(n).on("focus keyup",function(){o.css({"background-color":$(n).css("background-color")})}),o.appendTo('.component-wrapper[for="'+components.element_name+'"]'),$(window).bind("capsOn",function(){components.utils.setCapslockState("on")}),$(window).bind("capsOff",function(){components.utils.setCapslockState("off")}),$(window).bind("capsUnknown",function(){components.utils.setCapslockState("unknown")}),$(window).capslockstate()}}},utils:{setCapslockState:function(n){$("body").removeClass("capslock-on capslock-off capslock-unknown"),$("body").addClass("capslock-"+n)}}}),/*. @preserve. . jQuery capslockstate plugin v1.2.1. * https://github.com/nosilleg/capslockstate-jquery-plugin/. . Copyright 2012 Jason Ellison. * Released under the MIT license. * https://github.com/nosilleg/capslock

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	12077
Entropy (8bit):	5.538904548057913
Encrypted:	false
SSDEEP:	192:pxznyioGrVm30ncqd6JzMgoHSgwZ2Nfc+SsUEuPJeGjQVMG1HeZgkeDYGOr:Hjy2F6JzFeSgwZ80+SfEuPJeG8VMGRed
MD5:	243F7FD9CAE05B6ACFDAC72DF1F4345D
SHA1:	D9EBB00C579D0F0AAC94593D27AAFAB8E5411084
SHA-256:	D7CBA1AA4A4B5FF86036DBF41817B6DEE997BC5A8D4DA2FC8DD76BAEB9B4B3E3
SHA-512:	3827F97054842861B9C6B4A25F7947E8DF05CBF626165999CED20A22BF352710960B5ADBBE227DA49DF5932D6E4B9CF25F6139F00113CD58D53C0D7CD01A6BF1
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ Function('var V={},z={},QJ=function(m,E,Q,C,N){for(((m.F=false,C=[],(m.i=false,m.X=(m.G=function(a,T,p,e,w,U){return(U=(w=(e=function(){return e[p.K+(w[p.B]===T)-!U[p.B]]},p=this,function(){return e()}),p.f),w)[p.P]=function(M){e[p.N]=M},w[p.P](a),a=w},0),N=0,m).R=void 0,m.l=0,m).W=void 0,m.I=function(a,T,p){return p=function(){return a},T=function(){return p()},T[this.P]=function(e){a=e},T},m).c=25,m.a=[];128>N;N++)C[N]=String.fromCharCode(N);(P(m,(P(m,(P(m,((P(m,115,(P((P(m,68,(P(m,(P(m,57,(m.m=(P(m,153,(P(m,(N=(m.WM=(P(m,(P(m,61,(m.zY=(((P(m,98,(P(m,90,((P(m,(P(m,(P((P(m,(P(m,(P(m,167,(P(m,13,(P(m,(P(m,(P(m,1,(P(m,139,(P(m,126,(P(m,121,(P(m,(P(m,(P(m,(P(m,89,(P(m,(P(m,125,(P(m,(P(m,(P(m,45,(P(m,190,[(P(m,210,(P((P(m,(P(m,92,(m.H=[],m.$=[],0)),93),0),m),59,2048),function(a,T,p){f(a,1,5)\|\|(T=a.b(),p=a.b(),P(a,p,function(e){return eval(e)}(a.O(T))))})),160),0,0]),function(a,T,p,e,w,U,M){if((e=(p=A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Artboard%2082[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 26 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	600
Entropy (8bit):	7.468594151731931
Encrypted:	false
SSDEEP:	12:6v/7qUYpRI0rPOUu3Bwk6wAGfb5c9fOi2sygSPOrDZswcZ6NM/4ISAKeFITxk:VUYhCUiGk6Yc9fOi2hgOk1s9oNO4Izqi
MD5:	B4774D65CF7C725DE14A4618EAED78DE
SHA1:	03D21039097018416FEF766A3E4D44BC50EFEDE3
SHA-256:	F8E1D4CB69EA4F92906E6C9115665EB65F39CA8FCE869A7ADF32A482084D88AB
SHA-512:	2A7CD547676C6DE9A634858F628B9583EC77E860F20A3082174BA68C60B3523E92B4BE307894E72CDD38A09DCB8B8AFE08909893EE793B459E5C8B35AFF5BE23
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/manage-account/kb/change_plan/v6_august_update/Artboard%2082.png
Preview:	.PNG........IHDR............./.>`....pHYs...M...M...N....IDATH....n.A..?....)pZ.b.HH.G..!..:..8.... ...-Q..<../.A..)..<...E......OZ....;77.'...!D............MUo...+...JY..E.\|..B"B...D6..\...($".....X....b.w.A....!..H\...1.......s..R..V..Z..J..........M.\U....O.4...z=....F.-..c8.:.....=.2..<.Y,...nc4..~.\6.O..X,.....s.l6.D.j....O...p..?....n.....,...gA.YWfp.)P.........F.....SN...D...w..,..2....N..M....l.#0+.:..o....Q..d.._rQ.w.b03.X...#{U......c.6.j.X&D......IU..e...D.).d.{eeMr..u;...*Ou.<.\|.\..r.%....\|..7.....-.....Q....x.r.r.. ....LfSf...VQ.".......;.,K....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Artboard%2083[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 26 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	473
Entropy (8bit):	7.357301903416323
Encrypted:	false
SSDEEP:	12:6v/7qNXCyv/jDtIsRW/x2tyxXimkhQt+751YF:VNXR7ZIg+SrIY1G
MD5:	9F3271F8EF6CA7E9C8A796090A01B9DA
SHA1:	83BD9EAD06C7E4794FEA937BF90793FA8618AF19
SHA-256:	0F53FAF75002A84D532A80D8FFDB698DD695E024594E531C14A6DF1DFC9BB869
SHA-512:	3CBA4EAA5730510C02BB0AD69CF0CC5A40147CC68DB02C6CB6202C7CB977A50079946B54DE93AD866DEF242015626AD0DC87E061B9A4E238B16B4D33632DF692
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/en/manage-account/kb/change_plan/v6_august_update/Artboard%2083.png
Preview:	.PNG........IHDR............./.>`....pHYs...M...M...N....IDATH....m.@...(w83.P..B.....J0.$..H.8R.. T......'.......OZ.......;.8..8....L...<.B#......R..4....#iP%,...+...8.-.1..I..i+..)I...ee.dy....24........M.L..D.9p....!..5H.....ff.U.C2....q.H QJ.....-`.n.<&.j..#H.h...NGK.r..h..`0@.E.A.....O_...D.{tC.... .K..o..Da3y.vn...H.Z'.w..d...J.......l.9u.$q..(J..g.&...(&..3k.-..c...$...7.>:\..,.2.T.X\ y#...fHI.V...DU.j..9u....5.N./%&]v.%.....{\.-........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RCe26b98274fee43abbdb260d3b3d8fefc-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	323
Entropy (8bit):	5.235922150671794
Encrypted:	false
SSDEEP:	6:jwkMKngJv0KgiSP8Alm0dYta+ApXMYGGX6SHMWkiezW3T5OtunadXZfJ/uEK1Wd:jvgeASPRnca+AcYGkcOeqD5OFdXv/ZJ
MD5:	0862D4438CAE5690A700D984A7B3DE6B
SHA1:	0DAB7F93EDC0AF3854D89E9A358E63A368F60484
SHA-256:	5BBE02F95705349A6DB1C1F516DC780167FCA09F5041F8335736617E5EF97323
SHA-512:	510DA1AFFBCD437BEDCC25C0426A59575D2785CA079E7E889B3D5D9FF0ECFD6D5AB716822DA198F285D58754847EB461276D1B4D38A6E01BBBCC2AE960770374
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RCe26b98274fee43abbdb260d3b3d8fefc-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RCe26b98274fee43abbdb260d3b3d8fefc-file.js`.._satellite._poll(function(){_satellite.track("trackMarketoForm")},[function(){if(document.querySelector(".marketoForm")\|\|window.MktoForms2)return!0}],{timeout:1e5,interval:100});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\alert[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	645
Entropy (8bit):	5.137321307339975
Encrypted:	false
SSDEEP:	12:tvi1ncDzh+xB+HFRc6idNLA7CajFZTV2IcTtPLK4oy7:tq1nyz6iC6inLA7vFGlKvs
MD5:	25BA1BBE127CB45F73571359F386674B
SHA1:	69BC1A500365249BBD6107EA4DBB4CFED4FF34E2
SHA-256:	8FE3D4AB43BDB206530C32CFADF568CF463EC707C468A999155AB90D3A0AF6E0
SHA-512:	749E8FDDE5BAD028615699426337CC6D6E82BB28F4D9FAE26E5FDF4E039AA6CC146372CFEFD464131D304E900B9D316A7AED2497F00A57B8D070C849592D95DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/shared/article-3/alert.svg
Preview:	<svg id="Light_Theme" data-name="Light Theme" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16"><defs><style>.cls-1{fill:#f53c3c;}</style></defs><title>red_Alert_spectrum</title><path id="_Compound_Path_" data-name="<Compound Path>" class="cls-1" d="M15.93,14.86,9,1.19s-.5-1-1-1-1,1-1,1L.1,15a.8.8,0,0,0,.83,1.17H15.1A.92.92,0,0,0,15.93,14.86ZM8,14.64a1.11,1.11,0,1,1,1.11-1.11A1.11,1.11,0,0,1,8,14.64ZM9,6.19a47.37,47.37,0,0,1-.33,4.75s0,.25-.15.25H7.49c-.08,0-.13-.19-.15-.25C7.3,10.56,7,7.69,7,6.19V4.81c0-.05.13-.14.23-.18A1.84,1.84,0,0,1,8,4.55a2.3,2.3,0,0,1,.78.09c.1,0,.25.14.25.18Z" transform="translate(-0.02 -0.19)"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\asurion_banner_final[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.2 (Macintosh), datetime=2020:12:11 13:13:35], baseline, precision 8, 295x166, frames 3
Category:	downloaded
Size (bytes):	60157
Entropy (8bit):	7.751315329545027
Encrypted:	false
SSDEEP:	1536:DB6oWCzRQEQXFJEvIQBjlhPc0HUeuAx7HkTv:DBhxNEXF6vIQhPc00ssv
MD5:	03561FAAB0C62B67E0D0E612316F20ED
SHA1:	B01CEE0C8DE113B32F288A53239008C076566829
SHA-256:	C34F4C263C5A3A00196026A09695EC3363096432F20332DB6DC224666A3E0606
SHA-512:	8982D4FBDB7356040640781316BD72CE8DC0D5FD47B06EC7AAAE80E998FCCF8A08A8C5E43B61AA0EEABA376C3BCAC0E520170D22C6061A24EC1B89D92FD65036
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/shared/article-3/asurion_banner_final.jpg
Preview:	......Exif..MM..............................b...........j.(...........1.....!...r.2...........i....................'.......'.Adobe Photoshop 21.2 (Macintosh).2020:12:11 13:13:35...........................'..........................................."............(.....................2...........e.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................Z...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I$.X.8e..pc. ..5......O..?N.+.a....FEU[.=.{X.?.o.o./..s.....1...?Lk....mu....f......?...B\....3<R..#O..H..f.SO0.....~.z.X...+&..q".M./...._....e4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\clientlibs.fp-7708b7df693dcc115174dea77ce354d6[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	28784
Entropy (8bit):	5.34349757499559
Encrypted:	false
SSDEEP:	768:uNMxg2hHDldFVYOxdKq/fN092If2VzR4GW:uNKhRhZfN08j4B
MD5:	7708B7DF693DCC115174DEA77CE354D6
SHA1:	0841936DF8F5FCE2AB7A3D612C1D2C1A6181A56C
SHA-256:	4271F20FF726E8AFBBE732F600A44E00F886BA510C9BD162C71FA2FBD8E1BAE2
SHA-512:	D6AEB7AE30592F498B90B08C80449BA889856B258976D699F10A848DDD62CD9B749ADAACB579D0F12E123EE5E2E42348CA265B3C690B0FE6E33EB0B05DCA1D26
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/helpx/clientBundles/helpxTools/clientlibs.fp-7708b7df693dcc115174dea77ce354d6.js
Preview:	!function(n){var a={};function o(e){if(a[e])return a[e].exports;var t=a[e]={i:e,l:!1,exports:{}};return n[e].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.m=n,o.c=a,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(t,e){if(1&e&&(t=o(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var a in t)o.d(n,a,function(e){return t[e]}.bind(null,a));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=315)}({21:function(e,t,n){"use strict";t.a={q:null,start_index:0,country:null,activeScopes:["

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\clientlibs.fp-819b817a5127ba950720662c9523d366[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	139592
Entropy (8bit):	5.408263342981809
Encrypted:	false
SSDEEP:	1536:XoHfbZCns8ns1HmMyhEOySE4QIKIaoiHE2ySyhEiEWxIyddsfP78lxRiC+onHlsn:Xi1SHlFH3usG
MD5:	819B817A5127BA950720662C9523D366
SHA1:	938E654A45722C681CA1B90C15E576BC042B7A7F
SHA-256:	5E9AC7EA20D51E3648F4EA0C084BAD2B2B477CC58696EF23149C8D7C3355CEE1
SHA-512:	3AABA06199738FD83734FCAB59AEB3E4EF799E403830365758E09FD0A1E1074B8957B08F3FD142FB92E90192BEE37AC7EDA7816C9666F2CFAED3212C84401A44
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/help/components/pages/article-3/clientlibs.fp-819b817a5127ba950720662c9523d366.css
Preview:	#AdobeSecondaryNav.Subnav-wrapper{position:relative !important}header{background-color:#fff !important}.linkfree #AdobePrimaryNav .Gnav{width:100%;height:40px}@media screen and (min-width:600px){.linkfree #AdobePrimaryNav .Gnav{height:60px}}.linkfree #AdobePrimaryNav .Gnav-logo{position:absolute;top:0;left:50%;height:40px;padding:0 20px;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-ms-flex-align:center;align-items:center;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;-webkit-transform:translateX(-50%);transform:translateX(-50%)}@media screen and (min-width:600px){.linkfree #AdobePrimaryNav .Gnav-logo{position:static;height:100%;-webkit-transform:none;transform:none}}.linkfree #AdobePrimaryNav .Gnav-logo-text{width:0;height:0;font-size:16px;font-weight:700;color:#2d2d2d;overflow:hidden}@media screen and (min-width:600px){.linkfree #AdobePrimaryNav .Gnav-logo-text{width:auto;height:auto;margin-left:10px;display:block}}.#AdobeSecondaryNav.Subna

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\clientlibs.fp-d664d410398f59fbe540a989d60f24d1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	370582
Entropy (8bit):	5.311956878438943
Encrypted:	false
SSDEEP:	3072:dGBZG91IkigS+UqB3b+eJCcrsgAZpjw2g4DYQfuvm4p/RCg0sCvFV5r9gcBoAM:dGOaqBTCcrsLw2qpAlsCt9gcFM
MD5:	D664D410398F59FBE540A989D60F24D1
SHA1:	1DD0ACDDD0591E2089DB43BF617E09BB7CBAE2E2
SHA-256:	C0CC8A6DF291566B206F76E2EF133D4F505F89C1236DFDA13EBB705B45C851C5
SHA-512:	7EB30AE001D7AF2D9D21BF5B0C02B2EF37445DCAD25E557361FC721B67E2CACC9EC38A5B37B963AB09DA4D83101394988278400552F72B3B21417676F3EE889E
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/help/components/pages/article-3/clientlibs.fp-d664d410398f59fbe540a989d60f24d1.js
Preview:	(function(global,factory){if(typeof module==="object"&&typeof module.exports==="object"){module.exports=global.document?factory(global,true):function(w){if(!w.document){throw new Error("jQuery requires a window with a document")}return factory(w)}}else{factory(global)}})(typeof window!=="undefined"?window:this,function(window,noGlobal){var deletedIds=[];var slice=deletedIds.slice;var concat=deletedIds.concat;var push=deletedIds.push;var indexOf=deletedIds.indexOf;var class2type={};var toString=class2type.toString;var hasOwn=class2type.hasOwnProperty;var support={};var version="1.11.2",jQuery=function(selector,context){return new jQuery.fn.init(selector,context)},rtrim=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,rmsPrefix=/^-ms-/,rdashAlpha=/-([\da-z])/gi,fcamelCase=function(all,letter){return letter.toUpperCase()};jQuery.fn=jQuery.prototype={jquery:version,constructor:jQuery,selector:"",length:0,toArray:function(){return slice.call(this)},get:function(num){return num!=null?num<0?this[num+this

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\feds[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	108032
Entropy (8bit):	5.224966379715799
Encrypted:	false
SSDEEP:	1536:jiszfzkZfJe8eHg1L2+x2iSceSIfk75YRpYh1XcxfzTzkOFrCl+zasafXojdjmVL:jiSkZfJbeHg5qY1
MD5:	E7E2DC35DB8916900BDE4A2A918F1FD1
SHA1:	472949867E9000471028081074719C86EB717BD6
SHA-256:	1D7CDB16ABC3C43BA11C2A69921F3386CA88A63406782772335ED5C8845DEAD6
SHA-512:	378EBBE3F4D6DCB4EC3EE8946B25786D948031083A23B985EF7D630A7673D90E0C4A670BA69BE23400F699CD16E58494FB2481D5B619444A6453252FD991C791
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/feds.js
Preview:	window.__fedsSegmentation = '100';./! feds v0.48.0 built on Wed, 14 Apr 2021 14:46:31 GMT /.!function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:r})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=167)}([,,,,function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};t.default=function(e){return"object"===(void 0===e?"undefined":r(e))&&!Array.isArray(e)&&null!==e}},function(e,t,n){"use strict";Object.defineProperty(t,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\head.fp-d733b186bf3847fbed52f6547bfea70b[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with NEL line terminators
Category:	downloaded
Size (bytes):	124291
Entropy (8bit):	5.310559379343546
Encrypted:	false
SSDEEP:	1536:A52bb2xH+TkacuoGOHpZzMQqgQ9TLHSNsEzwW4VKKRJxJfwPf:IxH+mXr092sBBs
MD5:	D733B186BF3847FBED52F6547BFEA70B
SHA1:	5C9B4F821852EC8C404BDC27C869745FDA724DB5
SHA-256:	A6778AFE5F72258A3B2E2306F65E5EC8232E02865F25D222801A83837F5DBB5A
SHA-512:	428BE6F94609F89D90B8201D1B8B29E860E5975E2437E6D3009C9203D9220501D451061D3ACA0F9FFC0A090C37379EDA4DFC9529FA0B455B0617D57C3043CCF9
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/dexter/clientlibs/base/head.fp-d733b186bf3847fbed52f6547bfea70b.js
Preview:	!function(e){var t=window.webpackJsonp;window.webpackJsonp=function(n,o,a){for(var s,u,c,l=0,d=[];l<n.length;l++)u=n[l],r[u]&&d.push(r[u][0]),r[u]=0;for(s in o)Object.prototype.hasOwnProperty.call(o,s)&&(e[s]=o[s]);for(t&&t(n,o,a);d.length;)d.shift()();if(a)for(l=0;l<a.length;l++)c=i(i.s=a[l]);return c};var n={},r={6:0};function i(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=e,i.c=n,i.d=function(e,t,n){i.o(e,t)\|\|Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:n})},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i.oe=function(e){throw console.error(e),e},i(i.s=507)}([,,function(e,t,n){var r=n(13),i=n(8),o=n(34),a=n(32),s=n(45),u=function(e,t,n){var c,l,d,f,h=e&u.F,g=e&u.G,p=e&u.S,v=e&u.P,m=e&u.B,b=g?r:p?r[t]\|\|(r[t]={}):(r[t]\|\|{}).prototype,y=g?i:i[t]\|\|(i[t]=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\headIE.fp-99254388ab2bb00e43cbc5fbabe0e392[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	71700
Entropy (8bit):	5.284223170866293
Encrypted:	false
SSDEEP:	768:aCvehoTOC5kb6IejSfsYA8ExMhzkLcnUivG34aLeTSnTK3o9Umve+R6ohkfC:aCmhoTONfsd8EOKLca4TSOdE
MD5:	99254388AB2BB00E43CBC5FBABE0E392
SHA1:	56160FA89005FD051A9AFB8188BADF4EC8CB4BF2
SHA-256:	D437868FCCE2D9A95500222A9B6E29EA436AC9C84AF21694D609B37B0EDA5C58
SHA-512:	376249B0C69ABDC81B6588C9D9944DDE722425B41FDEDB4E01FCB3A934A306823E064AE7BBC330ABC6C44D808BF50770843ACC2B1FA0B0B4903827CD383C5FDE
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/dexter/clientlibs/base/headIE.fp-99254388ab2bb00e43cbc5fbabe0e392.js
Preview:	// Nodelist ForEach polyfill from.// https://developer.mozilla.org/en-US/docs/Web/API/NodeList/forEach..window.NodeList&&!NodeList.prototype.forEach&&(NodeList.prototype.forEach=function(o,t){t=t\|\|window;for(var i=0;i<this.length;i++)o.call(t,this[i],i,this)});..!function(t){var n={};function r(e){if(n[e])return n[e].exports;var o=n[e]={i:e,l:!1,exports:{}};return t[e].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:e})},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="",r(r.s=542)}([,,function(t,n,r){var e=r(13),o=r(8),i=r(34),u=r(32),c=r(45),a=function(t,n,r){var s,f,l,h,p=t&a.F,v=t&a.G,d=t&a.S,y=t&a.P,g=t&a.B,m=v?e:d?e[n]\|\|(e[n]={}):(e[n]\|\|{}).prototype,b=v?o:o[n]\|\|(o[n]={}),x=b.prototype\|\|(b.prototype={});for(s in v&&(r=n),r)l=((f=!p&&m&&void 0!==m[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\learn-more-enterprise-id[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	257
Entropy (8bit):	5.11281789073239
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPjLDYOKjcW1+KqD:J0+ox0RJWWPaET
MD5:	59335B5E236F0C2C52B2521A52AD16E8
SHA1:	09DD59969EB00CFE5790535DF29AF62F49F1E34F
SHA-256:	023B95EF34FF08A8D2C9B022BEB47CF11EEC362E0939249C144E964C2D637CF2
SHA-512:	0BB6226E476B1A3A6576769B6E64EF06BF57AB310ACB0C3252D732158EE2B97E0E0DB32F88570BED8498F843A413B0BF75F749D0BAC82F8B4BA9428F4CD9093A
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://www.adobe.com/go/learn-more-enterprise-id">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\lightest[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	61067
Entropy (8bit):	5.171932802605618
Encrypted:	false
SSDEEP:	768:z+53i2gWnC67ezF+GQ+Tc0FWBqkyP5Mdmc+qaAYC:sQWnC67ezF+j+A0FWUP5MdmjqaAYC
MD5:	B0716322F1AC24589CD4529AC3530F52
SHA1:	DA9FC91807F819DC0D7785B89C18E612B2CF566C
SHA-256:	B69DF4590E6BE8FE8859957A3CDB83524A08435E371911AAAA981CB521E9F7C1
SHA-512:	62A8AC14ACB85D7DD7E287EA0D6A26CBF9F078667A639FD7D3851A6DAD62D75A4E6776F97BA9974C95F52EA9AC5E1DD1F561B24A38A1A33404FEB34B896E3BDD
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/css/lightest.css
Preview:	@charset "utf-8";.button.mod-apple:before,.button.mod-facebook:before,.button.mod-google:before,.capslock-on .caps-indicator-img,.checknote,.external-link:after,.icon-facebook,.idp-flow-logo-image,.password-revealer.off .password-revealer-img,.password-revealer.on .password-revealer-img,.password-rules-list-item[data-validation-status=true]:before,.password-rules-lock-image,.spriteCommon,button.mod-apple:before,button.mod-facebook:before,button.mod-google:before{background-image:url(../img/sprite.png);background-repeat:no-repeat;background-size:207px 165px}.svg .button.mod-apple:before,.svg .button.mod-facebook:before,.svg .button.mod-google:before,.svg .capslock-on .caps-indicator-img,.svg .checknote,.svg .external-link:after,.svg .icon-facebook,.svg .idp-flow-logo-image,.svg .password-revealer.off .password-revealer-img,.svg .password-revealer.on .password-revealer-img,.svg .password-rules-list-item[data-validation-status=true]:before,.svg .password-rules-lock-image,.svg .spriteCommo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\newwindow[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	9339
Entropy (8bit):	5.268226414653005
Encrypted:	false
SSDEEP:	192:Awr/LdCvlpqfq/yNNNNuXGf0GSx3Ek9LqUmj81SRjpE11YJyxYtaV0cT9sLn6ZM1:AwPdCvGS/yNr0LXTll1SR21YWO0JT9sv
MD5:	064B2EA8428109FF8DB05C76A79B8B86
SHA1:	950DEA1B1076D00391AE8170B8B95B07D0330C25
SHA-256:	49B42BD4FD9F62D4A44602246C0AC32F321D7FF87A443A4430C3705275104CDB
SHA-512:	FF68C68B5AA8B01DD6653BF1B543C9412AC9C1641BCD847D2E487C686AD783BA8819D4BD0891497DD27E09F87C61AEFA0DD916E27E3264F8D12D66072E5640D7
Malicious:	false
Reputation:	low
Preview:	<!doctype html>..<html>.<head>. <title>Adobe</title>.. .<script type="text/javascript">(window.NREUM\|\|(NREUM={})).loader_config={licenseKey:"e7fb1b89a0",applicationID:"609184523"};window.NREUM\|\|(NREUM={}),__nr_require=function(e,t,n){function r(n){if(!t[n]){var i=t[n]={exports:{}};e[n][0].call(i.exports,function(t){var i=e[n][1][t];return r(i\|\|t)},i,i.exports)}return t[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;i++)r(n[i]);return r}({1:[function(e,t,n){function r(){}function i(e,t,n){return function(){return o(e,[u.now()].concat(c(arguments)),t?null:this,n),t?void 0:this}}var o=e("handle"),a=e(7),c=e(8),f=e("ee").get("tracer"),u=e("loader"),s=NREUM;"undefined"==typeof window.newrelic&&(newrelic=s);var d=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],p="api-",l=p+"ixn-";a(d,function(e,t){s[t]=i(p+t,!0,"api")}),s.addPageAction=i(p+"addPageAction",!0),s.setCurrentRouteName=i(p+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\publish.fp-50d70d3185d51cd0d469b6255c3758aa[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	79026
Entropy (8bit):	5.227452418199139
Encrypted:	false
SSDEEP:	1536:+dbJuIIv29H36hEsl+SfTYDCpmiooYWeA+7i1a:+7x6Fl+SkDCpZopWcn
MD5:	50D70D3185D51CD0D469B6255C3758AA
SHA1:	7BBD1F6F8D6C3CCFEBDE7E23525103AECAE9BF73
SHA-256:	A90DA6A6B17270CE042A17E28A7FC2CBDDC68B9548A1A0A2642976CDD7911F32
SHA-512:	D923D2D3D67B65932A5B54F8A0C7878A71CC7D1C93F2D957E243C97531C04511382D321F6EF1C76252067FB6662D04374879427946873D330D1F05E8E3E4F0FF
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/dexter/clientlibs/base/publish.fp-50d70d3185d51cd0d469b6255c3758aa.js
Preview:	webpackJsonp([1],{104:function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var i=n(20),r=n(23),a=n(50),o=n(417),u=n(5),s=n(185),l=n(101);t.default={analytics:i,environment:r,observers:a,testingSuite:o,Debug:u.default,lang:s,string:l}},167:function(e,t,n){"use strict";t.a=function(e){if("object"!==(void 0===e?"undefined":r(e))\|\|Object(i.default)(e))return!0;if("object"===(void 0===e?"undefined":r(e))&&!Array.isArray(e))return Object.keys(e).length<=0;if("object"===(void 0===e?"undefined":r(e))&&Array.isArray(e))return e.length<=0;return!1};var i=n(52),r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e}},168:function(e,t,n){"use strict";t.a=function(e){return"[object Object]"===Object.prototype.toString.call(e)}},185:function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var i=n(419),r=n(10)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\publish.fp-5cbe96cafd2b9ea4eb7a690e2b527f60[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	338268
Entropy (8bit):	5.352721403776864
Encrypted:	false
SSDEEP:	3072:EyoCbqZ0ZeUZ3mg888IgUFO1rSSCCmaD6LrY44gsY9+Svp2nr33eLxtQtJw8JaUf:Eyo0eUZPvp2nr33eLxtQtJ1a8
MD5:	5CBE96CAFD2B9EA4EB7A690E2B527F60
SHA1:	6955E5B9D3F18EEDE9822C65B3CC9DB26853F9D8
SHA-256:	291EB2A5BECE63C3D559C6DD78277A654EABFD1E5BA9C31614A4234F8EC4F2D6
SHA-512:	11121FD98E27CA5D1FE4E1773B593E19A519DFD628233F6FE01895F245DF2984F8DFA8336620B01D8CD5573D58893D3E76476266E4456D4552131B17061B0BD0
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/dexter/clientlibs/base/publish.fp-5cbe96cafd2b9ea4eb7a690e2b527f60.css
Preview:	.dexter-icon { font-size: 0; }..dexter-icon::before { content: ''; display: inline-block; height: 20px; width: 20px; }..dexter-icon-info:before{background-image:url(../../../../content/dam/helpx/icons/info.svg)}../* The OOTB AEM 6.4 grid system.. . This has been modified slightly to support Dexter's. * custom breakpoints and remove fixed left / right padding.. /./. * ADOBE CONFIDENTIAL. . Copyright 2015 Adobe Systems Incorporated. * All Rights Reserved.. . NOTICE: All information contained herein is, and remains. * the property of Adobe Systems Incorporated and its suppliers,. * if any. The intellectual and technical concepts contained. * herein are proprietary to Adobe Systems Incorporated and its. * suppliers and may be covered by U.S. and Foreign Patents,. * patents in process, and are protected by trade secret or copyright law.. * Dissemination of this information or reproduction of this material. * is strictly forbidden unless prior written permission is obtained. * f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\recaptcha__en[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	269870
Entropy (8bit):	5.655873771142669
Encrypted:	false
SSDEEP:	3072:IGXoaXMXvQN9/KkDSQNDnzHmYoWel3ZBebAkkiLspt30mpS7pEi:IGYaXBrK+fiY4ZBebAkkiLspV0rWi
MD5:	47BEF241573ECCE87815D3A09CAD5FDB
SHA1:	2D80206D44EDDD32404235552E456D0F3DEB68A0
SHA-256:	6545C4D7E7C4FA643FB3DBC74CDB699D9289B83A4882BB8625206974A547C4F8
SHA-512:	11F4C697B2D28894CC2DABD697D4F45752B47DB0765EA65C453B3F1E01B612873B0CF5F3D7AE8017AF08C27F88643D5CE775D54F10529C2D4A00FD4169EF7F59
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/recaptcha__en.js
Preview:	(function(){function Ov(){return function(O){return O}}function LH(){return function(){}}function qr(O){return function(L){this[O]=L}}function y(O){return function(){return this[O]}}function iq(O){return function(){return O}}.var Nr=function(O,L,q){if(!(O instanceof Array)){for(q=(O=Wb(O),[]);!(L=O.next()).done;)q.push(L.value);O=q}return O},v,Wb=function(O,L){return(L="undefined"!=typeof Symbol&&Symbol.iterator&&O[Symbol.iterator])?L.call(O):{next:dg(O)}},dg=function(O,L){return L=0,function(){return L<O.length?{done:!1,value:O[L++]}:{done:!0}}},lq,R7="function"==typeof Object.create?Object.create:function(O,L){return new (L=LH(),L.prototype=O,L)};.if("function"==typeof Object.setPrototypeOf)lq=Object.setPrototypeOf;else{var yt;a:{var Mr={Cv:!0},$U={};try{yt=($U.__proto__=Mr,$U.Cv);break a}catch(O){}yt=!1}lq=yt?function(O,L){if((O.__proto__=L,O).__proto__!==L)throw new TypeError(O+" is not extensible");return O}:null}.var hq="undefined"!=typeof window&&window===this?this:"undefined"!=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\spectrum_body[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	158516
Entropy (8bit):	5.281711107849535
Encrypted:	false
SSDEEP:	1536:UJN1/0meiTeZWAK1x2tPh34wa7v9BSqAB69yFG5TjuwGo/uebNa7ezdz4Fc2Owd7:C/0NYxoarvpCs/2O1KV3ulTs3
MD5:	1781E81BA57C28FD7F82A566A0AB5BE9
SHA1:	C6815D663FF9E8A008AAAE2927C2C582B010D5A4
SHA-256:	B2F7C49963905410891DEB7B5A502ADA97B871BDF8B49CBD7AD216B85FB63B13
SHA-512:	10B01D585B7394E35515575CF06434C9E0F37BEDD54B12D0FA7ECB19762322093C9E3B47ACE8571EB1F1910944A49A55787C44F5362267122C8407F1E7470193
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/script/spectrum_body.js
Preview:	/!. @preserve. * jQuery JavaScript Library v1.9.1. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright 2005, 2012 jQuery Foundation, Inc. and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: 2013-2-4. */.function getEnhancedDropdownParent(e){var t=$(e).closest(".select-box");return t.size()>0?t:null}function KoreanPolicies(e){"use strict";function t(){return l.val()}function n(){return"KR"===t()}function i(){c.show()}function r(){c.hide()}function o(){n()?i():r()}function s(){var t=u.settings.errorPlacement;u.settings.errorPlacement=function(e,n){0===n.attr("name").indexOf("accept_privacy_")?e.prependTo(n.closest("fieldset")):t?t(e,n):e.insertAfter(n)};for(var n=c.find("input[required]"),i=0;i<n.length;i++)$(n[i]).rules("add",{required:!0,messages:{required:e.errorMessage}})}function a(){s(),o(),l.on("change",o)}var c=$(e.krPoliciesSelector),l=$(e.countrySelector),u=$.data(l.closest("form")[0]).validator;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\spectrum_head[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	11118
Entropy (8bit):	5.256830079955217
Encrypted:	false
SSDEEP:	192:w+pNIT/2TWXvjw9ocG0hImpvEaugeZLIaMNQnjrok1V0:eT/2TWXv0dfhIOvEaurIOnjckD0
MD5:	0572AAD8A527C7B1CCBE72FCC0F11B0C
SHA1:	A20344A0B81C15160621E13AFA6A5131C8B77922
SHA-256:	675713619205B2DEA877C15F02AED5220881FC575ED66DDDB1379EB21731BC7B
SHA-512:	C97CC361967E244F68C12775045A26A62DB83D70E2A5B7099C8E4537BE373A391EA5ED16B575AA82D15DF6160270A086CC3FFA88F86BDB57029374856CF24B48
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/script/spectrum_head.js
Preview:	Array.prototype.filter\|\|(Array.prototype.filter=function(e){"use strict";if(void 0===this\|\|null===this)throw new TypeError;var t=Object(this),n=t.length>>>0;if("function"!=typeof e)throw new TypeError;for(var a=[],r=arguments.length>=2?arguments[1]:void 0,o=0;o<n;o++)if(o in t){var i=t[o];e.call(r,i,o,t)&&a.push(i)}return a}),Array.prototype.forEach\|\|(Array.prototype.forEach=function(e){var t,n;if(null==this)throw new TypeError("this is null or not defined");var a=Object(this),r=a.length>>>0;if("function"!=typeof e)throw new TypeError(e+" is not a function");for(arguments.length>1&&(t=arguments[1]),n=0;n<r;){var o;n in a&&(o=a[n],e.call(t,o,n,a)),n++}}),Array.prototype.map\|\|(Array.prototype.map=function(e){var t,n,a;if(null==this)throw new TypeError("this is null or not defined");var r=Object(this),o=r.length>>>0;if("function"!=typeof e)throw new TypeError(e+" is not a function");for(arguments.length>1&&(t=arguments[1]),n=new Array(o),a=0;a<o;){var i,s;a in r&&(i=r[a],s=e.call(t,i,a,r)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\styles__ltr[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	140083
Entropy (8bit):	6.080659976383129
Encrypted:	false
SSDEEP:	3072:SUeJIKZIoe50VbAN+qwinYAvLC2SXR2U3Xwlzf9GFtI:PeiKZIoeKMN+qwYYAvLCG1N9GFtI
MD5:	EAC63216EC6A05D3550710AB7F8867A2
SHA1:	934526B0045DEE8ABFFE43B4AC4B50649B8BD9C6
SHA-256:	B50978560FF3F317202DDAC8DF03D960E65CA05AC48E5B5743A90424A5700FF3
SHA-512:	337686CC321FB13B6D66AE965550E0180443FEED147E507B442C25B69C99BD7AE756EBD56F7EB3EA6C44BE8D0C3E4F19795AAEF2A9F1C7FA8D9C0F740929A130
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.jfk-radiobutton{display:inline-block;outline:none;padding:5px 7px;position:relative}.jfk-radiobutton-radio{-webkit-border-radius:50%;-moz-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;background:url(//ssl.gstatic.com/ui/v1/radiobutton/unchecked.png) -3px -3px;background:rgba(255,255,255,0);border:1px solid rgba(198,198,198,1);height:15px;left:7px;margin:0;outline:none;position:absolute;text-align:left;top:6px;width:15px}.jfk-radiobutton:active .jfk-radiobutton-radio{background:rgba(235,235,235,1);border-color:rgba(182,182,182,1)}.jfk-radiobutton:hover .jfk-radiobutton-radio{-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,.1);box-shadow:inset 0 1px 1px rgba(0,0,0,.1);border-color:rgba(182,182,182,1)}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\theme.fp-acc288f5544f34a9432bb65a586f2587[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	301813
Entropy (8bit):	4.990347158273623
Encrypted:	false
SSDEEP:	768:OzW6xPcgy/aV236FroFrf+Lq7TndYVW4y14sTM2:ocgy/aVW6FroFr8KTS2
MD5:	ACC288F5544F34A9432BB65A586F2587
SHA1:	8A16ECE780271E6F93070B57820C08566DA73DAC
SHA-256:	98C1A8288594E94F18C77DA516255EE6501FD46D6987DA1C934678AF24476958
SHA-512:	66FFA9110F4DE721C169797BD95DE11C8EFD05D8BB3F30AD9CD41C4DF48FDF75F8723EB43D86A1AC3EED332403F98B04F28E72AC9B5419074D6273C60A39B1C5
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/etc.dexter.dexterlibs/dexter/clientlibs/base/theme.fp-acc288f5544f34a9432bb65a586f2587.css
Preview:	.spectrum-Icon{display:inline-block;color:inherit;fill:currentColor}.spectrum-Icon.is-animated{transition:color .15s ease-in-out,fill .15s ease-in-out}.spectrum-Icon--sizeXXS,.spectrum-Icon--sizeXXS img,.spectrum-Icon--sizeXXS svg{height:.5625rem;width:.5625rem}.spectrum-Icon--sizeXS,.spectrum-Icon--sizeXS img,.spectrum-Icon--sizeXS svg{height:.75rem;width:.75rem}.spectrum-Icon--sizeS,.spectrum-Icon--sizeS img,.spectrum-Icon--sizeS svg{height:1.125rem;width:1.125rem}.spectrum-Icon--sizeM,.spectrum-Icon--sizeM img,.spectrum-Icon--sizeM svg{height:1.5rem;width:1.5rem}.spectrum-Icon--sizeL,.spectrum-Icon--sizeL img,.spectrum-Icon--sizeL svg{height:2.25rem;width:2.25rem}.spectrum-Icon--sizeXL,.spectrum-Icon--sizeXL img,.spectrum-Icon--sizeXL svg{height:3rem;width:3rem}.spectrum-Icon--sizeXXL,.spectrum-Icon--sizeXXL img,.spectrum-Icon--sizeXXL svg{height:4.5rem;width:4.5rem}.spectrum-Icon,.spectrum-UIIcon{display:inline-block;color:inherit;fill:currentColor;pointer-events:none}.spectrum-Ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\18cb1a8608f7a71cbd8c572d73a95cb6[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 88 x 78, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18868
Entropy (8bit):	3.4011362220829513
Encrypted:	false
SSDEEP:	96:PZ/I09Da01l+gmkyTt6Hk8nTckEWRBxNXrNX4RReweKxMqcVprDz5SnQuDRZ:PS0tKg9E05Tcktz5eLewekW7udZ
MD5:	7FE7B178090D2A584E622705C299630B
SHA1:	56C280494905BE16277ACF03C416C6A9FD51ABA2
SHA-256:	D40D4D4E66D7FE1D9D6DC6D80C4DE1528518473FB262BEE7E1B1A9DC3F2504C7
SHA-512:	8BE0F54104E571FCA08862C195970302B65FD14532702CF8755E93D88D8840FE78EF503589865DC673B551B0DD6F1E7DCB7848D1670E5DA5E85D47234EFD6E83
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/18cb1a8608f7a71cbd8c572d73a95cb6.png
Preview:	.PNG........IHDR...X...N............pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3852
Entropy (8bit):	4.63636203914889
Encrypted:	false
SSDEEP:	96:OyIY40FtdRYzYValJ5GHZa6AyAYV1ej8jVjht4S:iwKzYslJF6vAYV1KMdoS
MD5:	175D27D7EB29846AF4286F09B657FB1B
SHA1:	00E648DBA69CF0C434FE0C74022D75DFABD8DB60
SHA-256:	DE1752B70D9AA03703E70ADC0E343968EBDA9661F3E06D196266DF38B3B72D60
SHA-512:	CA6453449401F922D0AE9D92DCABDC7B61DCB083E589B05F9EEA7B624CBC70E3798A43DB26D6A7C721F48C9A4CB2B163884C59750593060FB701C6975366AC12
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/consent/7a5eb705-95ed-4cc4-a11d-0cc5760e93db/7a5eb705-95ed-4cc4-a11d-0cc5760e93db.json
Preview:	{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"PRODUCTION","Version":"6.9.0","OptanonDataJSON":"7a5eb705-95ed-4cc4-a11d-0cc5760e93db","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"8fc5213e-cec6-4fca-a134-aec9029b0675","Name":"Adobe_EEU_Canada","Countries":["de","no","fi","be","pt","bg","dk","lt","lu","lv","hr","fr","hu","se","si","mc","sk","mf","sm","yt","gb","ie","ca","gf","ee","mq","mt","gp","is","gr","it","es","at","re","cy","cz","ax","pl","ro","li","nl"],"States":{},"LanguageSwitcherPlaceholder":{"no":"no","de":"de","ru":"ru","fi":"fi","pt":"pt","bg":"bg","lt":"lt","lv":"lv","fr":"fr","hu":"hu","zh-Hans":"zh-Hans","default":"en","zh-Hant":"zh-Hant","uk":"uk","sk":"sk","sl":"sl","sv":"sv","ko":"ko","zh-TW":"zh-TW","zh-HK":"zh-HK","pt-BR":"pt-BR","it":"it","es":"es","zh":"zh","et":"et","cs":"cs","ar":"ar","ja":"ja","pl":"pl","ro":"ro","he":"he","

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\7dc64abe[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	32840
Entropy (8bit):	4.791693822591199
Encrypted:	false
SSDEEP:	768:pPhOZkBmTC4/2YJVYGDiDof4fDWrrJ2tQ+8jQUqUo38g8dX/5E5:pPhOZeme4OYJVYGMof4bWrrJ2qQUqp8k
MD5:	6D666AD98D0DD9B290F2765ACC958BD4
SHA1:	094B8E290EC8FD19E793A3CC1461130B9FD1AD86
SHA-256:	6D6C61BBFBEDC5342727A05E2636345AB187B59DE6D9C8E5C709C4EBD7DEC10D
SHA-512:	B9AD8F1D4AE018AEFC6F2F2A60E3AC5E6A8D06A275D58EF04D1F40D5391976C793DA01DA86FB4168DBE8A170BD3C47FFDB18F9E31CF3C5C123CB67E5956CD94A
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/akam/11/7dc64abe
Preview:	(function(){var _=["\x43\x68\x61\x6c\x6b\x62\x6f\x61\x72\x64","\x68\x61\x72\x64\x77\x61\x72\x65\x43\x6f\x6e\x63\x75\x72\x72\x65\x6e\x63\x79","\x5d","\x43\x65\x6e\x74\x75\x72\x79\x20\x53\x63\x68\x6f\x6f\x6c\x62\x6f\x6f\x6b\x20\x4c","\x73\x74\x61\x74\x65","\x2f\x2a\x40\x63\x63\x5f\x6f\x6e\x21\x40\x2a\x2f\x66\x61\x6c\x73\x65","\x3d\x22","\x77\x65\x62\x64\x72\x69\x76\x65\x72","\x63\x6f\x6c\x6f\x72\x44\x65\x70\x74\x68","\x6f\x70\x65\x6e","\x50\x44\x46\x2e\x50\x64\x66\x43\x74\x72\x6c\x2e","\x73\x65\x73\x73\x69\x6f\x6e\x53\x74\x6f\x72\x61\x67\x65","\x73\x65\x74\x54\x69\x6d\x65\x6f\x75\x74","\x53\x65\x67\x6f\x65\x20\x50\x73\x65\x75\x64\x6f","\x70\x65\x72\x73\x69\x73\x74\x65\x6e\x74\x2d\x73\x74\x6f\x72\x61\x67\x65","\x69\x6e\x6e\x65\x72\x48\x54\x4d\x4c","\x41\x6c\x20\x4e\x69\x6c\x65","\x53\x68\x6f\x63\x6b\x77\x61\x76\x65\x20\x46\x6c\x61\x73\x68","\x4b\x68\x6d\x65\x72\x20\x55\x49","\x61\x6c\x6c","\x6f\x75\x74\x65\x72\x57\x69\x64\x74\x68","\x33\x2e\x30","\x47\x61\x64\x75\x67\x69","\x68\x61\x73\x4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AdobeMessagingClient[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	45084
Entropy (8bit):	5.102450836148445
Encrypted:	false
SSDEEP:	192:azgizgkzguP0TwR2kt81GayliQND9zkHYWl4H4yFbq8zz6/sd8dV0P7u:MR2kt81Gaui24U/FbSv
MD5:	ABB0858E88A4310B492055FCB710582A
SHA1:	86E4A3ACB2F573A19EF1BA961EA3BA3EC5580B38
SHA-256:	6DF01675FDA8E149B5B6451AC48ED8F251380D74FC15CEEEECC193457D1471BD
SHA-512:	335A57145311929E278902E8F4E60F642DF18CD8D6B3439DFEACD0A067BC4A90690E0BB70DF1111C51E1530D7656B0C175F709B47CCA12F33150AECF9F82F30C
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/AdobeMessagingClient.css
Preview:	.adbMsgClientWrapper #adbmsgContainer , .adbMsgClientWrapper #adbmsgContainer :before, .adbMsgClientWrapper #adbmsgContainer *:after {. box-sizing: border-box;.}..adbMsgClientWrapper #adbmsgContainer .outwardAnimate {. transition: opacity 300ms;. animation-name: outwardmove;. animation-duration: 300ms;. animation-timing-function: cubic-bezier(0, 0, 0.4, 1);. -webkit-transition: opacity 300ms;. -webkit-animation-name: outwardmove;. -webkit-animation-duration: 300ms;. -webkit-animation-timing-function: cubic-bezier(0, 0, 0.4, 1);. -moz-transition: opacity 300ms;. -moz-animation-name: outwardmove;. -moz-animation-duration: 300ms;. -moz-animation-timing-function: cubic-bezier(0, 0, 0.4, 1);.}.@keyframes outwardmove {. 0% {. transform: scale(0.83);. opacity: 0;. }. 100% {. transform: scale(1);. opacity: 1;. }.}.@-webkit-keyframes outwardmove {. 0% {. transform: scale(0.83);. opacity: 0;. }. 100% {. transform: scale(1);. opacity: 1;. }.}.@-moz-k

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Adobe_Corporate_Horizontal_Red_HEX[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	397
Entropy (8bit):	4.973746262232231
Encrypted:	false
SSDEEP:	6:tvKIiad4mc4sl3UtpMaguk0BNbO9Z1PHtDjt9INFW39mmJEVitksmHSXqY:tvG1KWanstDjXI4mwIUmyX7
MD5:	4BC0619E030E91ACFDA414626A41B770
SHA1:	BF0BEA50B7C0092B34EB8C06A3DDB52F37AA1860
SHA-256:	57AEBAB4A35ADC7CA5DFA15DC58A19B1457FB314881C3A4CC320CB79E8F006ED
SHA-512:	CF614C4A5C8269F4DCF01694BE15B847783DE0E6CADC914C879C46F6C4B014AF30FD4FA64F27144BA0CFB0F921E8D15BA592147AA0CE29440A18081AD9A69F24
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc/icons/Adobe_Corporate_Horizontal_Red_HEX.svg
Preview:	<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 133.46 118.11"><defs><style>.cls-1{fill:#fa0f00;}</style></defs><polygon class="cls-1" points="84.13 0 133.46 0 133.46 118.11 84.13 0"/><polygon class="cls-1" points="49.37 0 0 0 0 118.11 49.37 0"/><polygon class="cls-1" points="66.75 43.53 98.18 118.11 77.58 118.11 68.18 94.36 45.18 94.36 66.75 43.53"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RC32e8eb91f06d47d18918e9b9bcc17a00-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1568
Entropy (8bit):	5.25739656235824
Encrypted:	false
SSDEEP:	48:15GsregiQhdsitymtCZv4j+YuteKhXSXNjTjOofbOK5b/q:1IsrPld3tymtCpLYuteMXSXNjTjhT5q
MD5:	561CA14CCABDACAFD0A8E96007F734C3
SHA1:	E4E8C3985D7E0F4388594696B64B40C74F9E65FE
SHA-256:	47AB25EB79EBFB22A7F18206B1042F4826FC3240EFF734246C783A7F1AD83248
SHA-512:	E5DA895271236117300BAEF5658C494E01B43CE4E71D3B63691E40F62085603BCA93ED0DFACDF2793D816F09DD88340651D374FED98C6CE3137ADE2DF337DF5B
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC32e8eb91f06d47d18918e9b9bcc17a00-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/8b9c1aed11ee/RC32e8eb91f06d47d18918e9b9bcc17a00-file.js`..!function(){var e,t,n,o,u=window,s="adobePrivacy:Privacy",a="OptanonChoice",i=new Date,r={domain:_satellite._getDomain(),path:"/",samesite:"Lax",expires:(i.setFullYear(i.getFullYear()+1),i)};t=function(){o\|\|(o=!0,n=function(){var e,t,n,o,s,a,i,r={},d=u.OneTrust.GetDomainData().Groups;for(o=0,s=d.length;o<s;o++)if((e=d[o])&&(t=e.Hosts))for(a=0,i=t.length;a<i;a++)(n=t[a])&&(r[n.HostName]={groupId:e.CustomGroupId,hostId:n.HostId,displayName:n.displayName});_satellite.oneTrustList=r,_satellite.oneTrustIsHostEnabled=function(e){var t,n=window.OnetrustActiveGroups;return!(!(t=r[e])\|\|-1===n.indexOf(","+t.hostId+","))},_satellite.groupEnabled=function(e){var t=window.OnetrustActiveGroups;return!(!t\|\|-1===t.indexOf(e))},_satellite.track("initTrackConsent")},_satellite._poll(n,[function(){return u.OneTrust}],{timeout:1e4,interval:100}))},e=function(e){u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\acom[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	81064
Entropy (8bit):	5.2827245538757674
Encrypted:	false
SSDEEP:	1536:FACZ7oREbUgoM7QaNmrRLXLc4kfmmNtKehL+nhSWNJUjq:FLfNmrlc4kfmmZ2hFUW
MD5:	5DB62FF86FFF67CF5A851349AFAEB986
SHA1:	FCF5B4E2E940862D9F010768BD65E2BDCB40EF27
SHA-256:	8400F6F41A28FDC4C1994ABA29114D46FD75F3A949A7F16E15BDCD9D56BDF6F8
SHA-512:	045566B2E8427B6A4A4A32F419B48CC86E7B292A70B27E7BD36E34CCF789CF614091A61800C1674DBE9E1CBF0DD2834A9A5397DE8EA1B5839F418F0CBB6A68BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/services/feds.res_1.js/head/en/acom.js
Preview:	/! applauncher v0.48.0 built on Wed, 14 Apr 2021 14:46:31 GMT /.!function(e){var n={};function t(a){if(n[a])return n[a].exports;var o=n[a]={i:a,l:!1,exports:{}};return e[a].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=e,t.c=n,t.d=function(e,n,a){t.o(e,n)\|\|Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:a})},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},t.p="",t(t.s=199)}({199:function(e,n,t){t(200),e.exports=t(201)},200:function(e,n,t){"use strict";var a=window.feds.utilities,o=a.loadResource,r=a.getParamValuesFromCookie,c=a.isEmptyObject,i=a.isFunction,s=a.getPropertySafely,p=a.onImsReady,l=a.isUserLoggedIn,u=new(0,a.Debug)({control:"applauncher"}),h={},d={config:{scriptPath:void 0,stylePath:void 0,theme:void 0,locale:void 0,environment:void 0}},f={assetID:{css:"applauncherCSS",js:"applauncherJS"},analyticsContext:{consumer:{name:"fe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bluebird.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with escape sequences
Category:	downloaded
Size (bytes):	76607
Entropy (8bit):	5.230413548982788
Encrypted:	false
SSDEEP:	1536:YqCru+KdVtaAfwO9DvP0lgdJYgAloEFosc:l+otPf3vmgLYgAlojsc
MD5:	AD58638ECA677AB0314B116D3194F27A
SHA1:	66BF0499C3488B461ABD9C0ED62F8EC71A9594EA
SHA-256:	4A8DF52B71E0FC738DA41E818F6B0E5E9D8FC116B65B56D017A237245B4383FA
SHA-512:	8B1173C4C16AD10D69086F7B72C987764BA309FC1D159DFD01DB0812625E4C20F5266535518C57BAB687FDDA0A67A49B5BF370167B467CFC9CB83462065B5621
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js
Preview:	/* @preserve. * The MIT License (MIT). * . * Copyright (c) 2013-2015 Petka Antonov. * . * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. * . * The above copyright notice and this permission notice shall be included in. * all copies or substantial portions of the Software.. * . * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. * LIABILITY,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\chevron-right[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	185
Entropy (8bit):	4.944676650639445
Encrypted:	false
SSDEEP:	3:tIsqDmJS4RKb5zMcL3s+m3ErcHsuRj7mA9qVA+VA8cXFmAmYHZAAbBS0:tI9mc4slzN3tYEq9Rjj9PpZFmqZll7
MD5:	9F31E8F24180929033D406D592F03024
SHA1:	4466E586820FE905FADD609343D1C137F387FEFD
SHA-256:	6BD349675091047BB4BA78D6FF37C81FFB355E929A3C1970295837523CA2BD44
SHA-512:	ED130F912FBFC9E03C9B959181A68F9D4493198308F7988700F79E671480D7CFF71DA70DB5B91FFA1D7AB7C4FFC161C367493D559AA2DE3C0680B738EEB19CA6
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/img/icons/chevron-right.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="6" height="10"><path d="M1 9l4-4-4-4" fill="none" stroke="#1370e6" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	1.952456287520738
Encrypted:	false
SSDEEP:	24:EslvlQNp0eCeAuyAwNtmUc3lKFWoX6UwjobtSl554VqQBzttYtlbd6e2u:FYfCzuyAacQWoWjobtc4VqUztQlbIeB
MD5:	DC94F1054A50B313EE14BBD3D4BC1C0A
SHA1:	B871EFBBD59E202329352C18B775F7C5743AA8DE
SHA-256:	8E263FEF3E738AC1882B97A05CAAF21BBFFC0BDABDF4A7E8338453C18E1E90EC
SHA-512:	A66B30C2E23F0D43F06B7C6889892AF0975C79037FB145FD01E84D4FA04234CDF8B32ECEE8FE29FA5FD13DB682485E4EFC7B2F3E8B9D23BDC12586CE417AA080
Malicious:	false
Reputation:	low
IE Cache URL:	https://adobeid-na1.services.adobe.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................................................................8...........................................................8...................................Q...........#......................................."...@...@.......................................x...............H...................M...............x...............................................................................X...............s...........v...............X.....................................................................................................................................................................5...5...............................................................................................................p...........................p.......................................................................................................H...................H..............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[2].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Category:	downloaded
Size (bytes):	9662
Entropy (8bit):	3.3473554899064464
Encrypted:	false
SSDEEP:	96:9B1BwqZPc2gVLlOHq2UmYZdvlLTQZZfg/ErSkW:7fUz2UmY7lLkzw7
MD5:	24F56B9A323C92BF7A5428CBB6765EAB
SHA1:	1151BCC6656A2CD4C45376E14AFEA3CE622FA8E3
SHA-256:	F300557F0FC2A509179E6A5E71EE96EEAA28ADBA5F69869FB771AFD3CE9E551D
SHA-512:	EBF932572111F252DE61E5051E9E45BB70C55BEAF092BE1AB057BBE8E2D8A000716DF145F368417CDD58B2325C7249E8BA5ADCD16F456CABE3048F51B92828A4
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/favicon.ico
Preview:	......00.... ..%......(...0...`..... ............................................................................................................................................................................................................................................................................................................................................................................................................................i...{...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...z...y.......Y$..r$..q$..q$..q#..q...x...P...\|...z...z...z...z...z...z...z...z...z...y.....}..................................................................................................................$...$...$...#...#...........................................................)"..........................................................................................................-&.."...#...$...$...$...!...a[................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\feds[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19028
Entropy (8bit):	5.098294212641415
Encrypted:	false
SSDEEP:	384:/o8heJDYD+yQUAP/92Z6Rs/AQpol4+69503RYUSs8Ukz+OsUIKn:gpSkhKbolDPu
MD5:	DE0B60A6FA2AC49FDCD7B260EB528456
SHA1:	2EE1B2AEF6F161605186AE26072E2F89211BE8BE
SHA-256:	B182EAE52A1484881294E634F3D1049FEBE50043211D840627D40F2666D4ED02
SHA-512:	3BCAE573EA7795170DDAC2AC0B13B9854C3908CD32CED55ED7A928461C5522D2192B0A04D4749D119C4A59F4DCADFD221274CA0996E994A001F086572562B773
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/feds.css
Preview:	/! feds v0.48.0 built on Wed, 14 Apr 2021 14:46:31 GMT /.[class=aem-AuthorLayer] #feds-subnav{position:relative}.Subnav-wrapper li{margin:0}#AdobeSecondaryNav{max-width:100vw}#AdobeSecondaryNav.Subnav-wrapper{position:absolute;top:100%;right:0;left:0;min-height:60px;display:flex;justify-content:center;font-family:inherit;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;transition:height .3s ease;z-index:1;opacity:0;transform:translateZ(0);overflow:hidden}#AdobeSecondaryNav.Subnav-wrapper--active{opacity:1;overflow:visible}#AdobeSecondaryNav.Subnav-wrapper ,#AdobeSecondaryNav.Subnav-wrapper :after,#AdobeSecondaryNav.Subnav-wrapper :before{box-sizing:border-box}.feds-header--rebranding #AdobeSecondaryNav.Subnav-wrapper{font-family:inherit}#AdobeSecondaryNav.Subnav-wrapper .Subnav-background{position:absolute;top:0;right:0;bottom:0;left:0;width:100%;height:100%;background-color:#f8f8f8;content:"";transition:opacity .3s ease;pointer-events:none

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-2.2.3.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85659
Entropy (8bit):	5.366267621178451
Encrypted:	false
SSDEEP:	1536:MYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOi79xfWBZ+Bjda4w9W3qG9a986:n4J+OlfOM9xrCW6G9a98Hr2
MD5:	33CABFA15C1060AAA3D207C653AFB1EE
SHA1:	E3DBB65F2B541D842B50D37304B0102A2D5F2387
SHA-256:	6B6DE0D4DB7876D1183A3EDB47EBD3BBBF93F153F5DE1BA6645049348628109A
SHA-512:	48568D6F7C42D3C93F59FE8244CD49F8EFEFBF8616CAB3C149DCB4A3ED67A8ACDFFAE2EB2019DA7A8F1A62800039DDF59CC347C17F33C15C1331B6C226303C2A
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/js/jquery-2.2.3.min.js
Preview:	/! jQuery v2.2.3 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.3",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\json[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	92
Entropy (8bit):	5.001678603140223
Encrypted:	false
SSDEEP:	3:GvxKU3cQ6AFfGC48F9qRwupfFtOkBn:GvxPsQICwbZfO8
MD5:	434FC1A8F2AB6E31DCD8E473A7F9FDC7
SHA1:	A84EC768D1D6BC85F33346D542B8DC43DC89242E
SHA-256:	EB6D1E36B88FC2F4FBF4FC055D454B291834EFFFA818A69C3F6FA3C178F39340
SHA-512:	5DD463B36E09CD506A47803ACC31B8C601C93FBEABDA8E5A3E1891D69FDB2FFC2C5B819E3057DCC0F93ADFF11361C87B54358BF49DA9A67840A3F9F3BD7F27F6
Malicious:	false
Reputation:	low
IE Cache URL:	https://geo2.adobe.com/json/?callback=feds_location_161920195498948634
Preview:	feds_location_161920195498948634({"country":"CH","state": "ZH","Accept-Language" : "en-US"})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\launch-EN919758db9a654a17bac7d184b99c4820.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	562023
Entropy (8bit):	5.34357177674274
Encrypted:	false
SSDEEP:	6144:e3uJ5a426mxpYQkSawSlu1mpxRusktn3XOd3/nEeedyfCbMK7EowP1m8o:6ufurpY6zSlu1yusktn3XOdMqCbM7oT
MD5:	5BE28EB84769142C76FA755190A370A2
SHA1:	320F73219BB26A29D4EDA21A6CCE5F61AB04956B
SHA-256:	598C283777B5E5C3B17BE1B5EDBE57644D57B9D15CC5ADEB82B513FBAD4B1218
SHA-512:	BFC4D528DF987891903838C68BEF43E2508E543890086EFC7E7103F0E2277CBDA37CC025FBB6E4601B3F483FD36197F3F6A065749AB862E81C9CECEBDAA75C19
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.js`..window._satellite=window._satellite\|\|{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2021-04-23T17:40:42Z",environment:"production",turbineBuildDate:"2021-03-30T17:32:38Z",turbineVersion:"27.1.1"},dataElements:{"digitalData.search.filters":{defaultValue:"",modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return function(e){if(_satellite.getVar("adobe_aec_pages")&&digitalData._get("digitalData.filterInfo")&&digitalData._get("digitalData.filterInfo.filterName")){digitalData.search={},digitalData.search.filter=[],digitalData._set("digitalData.search.searchInfo.sort",digitalData.filterInfo.sortType);for(var t=digitalData.filterInfo.filterName.split("\|"),n=0;n<t.length;n++)for(var a=t[n].split(":"),i=a[0],r=a[1].split(","),o=0;o<r.length;o++){var s={filterInfo:{}};s.filterInfo.category=i,s.filterInfo.keyword=r[o],digitalData.search.fil

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\light[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	55691
Entropy (8bit):	5.173760676324024
Encrypted:	false
SSDEEP:	768:TS+5AUCNWnC676zFcGQ+TK0XWBqk4PrMSmNa2Jl:TgHWnC676zFcj+W0XW2PrMSmNa2Jl
MD5:	A117E4ADA3EAAEF84484427E2BD51293
SHA1:	46C05D700D8DF4A473256197A9A30FBCA4354B53
SHA-256:	E859DD198F9DB558DA0E08F8C964E286767E822C8EB9712CC93473E8BD45E177
SHA-512:	10E622858C9B945F4BE5021C9ED2B37EDBEB0EE5745C15C29EBC984DB694E65B610EDE5B8CEE401AA06A49FC0F699A142E0A4E70B0C7E11A1902452906DC4971
Malicious:	false
Reputation:	low
IE Cache URL:	http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/light.css
Preview:	@charset "utf-8";.button.mod-facebook:before,.button.mod-google:before,.capslock-on .caps-indicator-img,.checknote,.icon-facebook,.idp-flow-logo-image,.password-revealer.off .password-revealer-img,.password-revealer.on .password-revealer-img,.password-rules-list-item[data-validation-status=true]:before,.password-rules-lock-image,.spriteCommon,button.mod-facebook:before,button.mod-google:before{background-image:url(../img/sprite.png);background-repeat:no-repeat;background-size:144px 137px}.svg .button.mod-facebook:before,.svg .button.mod-google:before,.svg .capslock-on .caps-indicator-img,.svg .checknote,.svg .icon-facebook,.svg .idp-flow-logo-image,.svg .password-revealer.off .password-revealer-img,.svg .password-revealer.on .password-revealer-img,.svg .password-rules-list-item[data-validation-status=true]:before,.svg .password-rules-lock-image,.svg .spriteCommon,.svg button.mod-facebook:before,.svg button.mod-google:before{background-image:url(../img/sprite.svg)}.clearfix:after{clear:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=ecr2zvs&ht=tk&h=adobeid-na1.services.adobe.com&f=7180.7182.7184&a=1164490&js=1.20.0&app=typekit&e=js&_=1619201960698
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\polyfills[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	49684
Entropy (8bit):	5.256770123897952
Encrypted:	false
SSDEEP:	768:GTsX2mNwqHPDW8+ELw160BM/34YeVRfAjIXR6ohvgRKM7yXyGK:VX2uwMPpR/LeuiK
MD5:	6373A2FEE44849868484516655C8A302
SHA1:	14C2B51589BAAA8F3953BDD9C65032D2BBC5F5AB
SHA-256:	82D370E412A15AD4D7A72AE37D39A15BA88266FE00AFEF4B37910E5871F8E0D5
SHA-512:	3E77E02EAB71CD9BC0744E86EF6B316B0FF1806A03A28B6F986DF6705CA02AD6A595662694723941C8B0B55B34EE07691A1CAEA9CF26E416F3A663EF9D2CB391
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/polyfills.js
Preview:	/! polyfills v0.48.0 built on Wed, 14 Apr 2021 14:46:31 GMT /.!function(t){var n={};function r(e){if(n[e])return n[e].exports;var o=n[e]={i:e,l:!1,exports:{}};return t[e].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:e})},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="",r(r.s=99)}([function(t,n,r){var e=r(2),o=r(7),i=r(19),s=r(25),u=r(21),c=function(t,n,r){var a,f,h,l,p=t&c.F,v=t&c.G,y=t&c.S,d=t&c.P,m=t&c.B,b=v?e:y?e[n]\|\|(e[n]={}):(e[n]\|\|{}).prototype,g=v?o:o[n]\|\|(o[n]={}),_=g.prototype\|\|(g.prototype={});for(a in v&&(r=n),r)h=((f=!p&&b&&void 0!==b[a])?b:r)[a],l=m&&f?u(h,e):d&&"function"==typeof h?u(Function.call,h):h,b&&s(b,a,h,t&c.U),g[a]!=h&&i(g,a,l),d&&_[a]!=h&&(_[a]=h)};e.core=o,c.F=1,c.G=2,c.S=4,c.P=8,c.B=16,c.W=32,c.U=64,c.R=128,t.exports=c}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\radial-indeterminate[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	17706
Entropy (8bit):	4.889811006564705
Encrypted:	false
SSDEEP:	192:cx/FzYdqOp0N+LqJ2kReyRY4sYXC+Zwzbjs/MRRaS0HjnoVyjotZsbZjFQyHxyzb:Qu9+YpqQ
MD5:	829C0B614CF0F0D216C8251257EF365A
SHA1:	929BAFB6DBBE2C553B9BD0DA3026B15F26BC13D5
SHA-256:	B810147466A1BC849EF15C01E9D1A2C8C71F7B1344AAEF78112EFC62768528C8
SHA-512:	E704B03B789FE57277C7EA0CB5A66B9615080664DFA060EBB31B4334FF7137A1EE66A2405A5A3C6BDEB77AAFDFD42FE38656801FE991DC25201F3B870C25F189
Malicious:	false
Reputation:	low
IE Cache URL:	https://static.adobelogin.com/renga-idprovider/resources/13809f1d60499f0a7eb0890d79181378/spectrum/img/indicators/radial-indeterminate.svg
Preview:	<svg version="1.1" xmlns="http://www.w3.org/2000/svg" width="4080px" height="68px" viewBox="0 0 4080 68">.<path fill-opacity="0" stroke-width="4" stroke="#000000" stroke-opacity="0.1" d="M34,4c16.6,0,30,13.4,30,30S50.6,64,34,64S4,50.6,4,34S17.4,4,34,4z"/>.<path fill-opacity="0" stroke-width="4" stroke="#1473e6" d="M34,4L34,4c16.6,0,30,13.4,30,30"/>.<path fill-opacity="0" stroke-width="4" stroke="#000000" stroke-opacity="0.1" d="M102,4c16.6,0,30,13.4,30,30s-13.4,30-30,30S72,50.6,72,34S85.4,4,102,4z"/>.<path fill-opacity="0" stroke-width="4" stroke="#1473e6" d="M102.8,4C119,4.4,132,17.7,132,34c0,3.4-0.6,6.7-1.6,9.8"/>.<path fill-opacity="0" stroke-width="4" stroke="#000000" stroke-opacity="0.1" d="M170,4c16.6,0,30,13.4,30,30s-13.4,30-30,30s-30-13.4-30-30S153.4,4,170,4z"/>.<path fill-opacity="0" stroke-width="4" stroke="#1473e6" d="M171.6,4C187.4,4.9,200,18,200,34c0,6.8-2.3,13.1-6.1,18.2"/>.<path fill-opacity="0" stroke-width="4" stroke="#000000" stroke-opacity="0.1" d="M238,4c16.6,0,30,1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\start_forgot_password[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	13840
Entropy (8bit):	4.591760521154252
Encrypted:	false
SSDEEP:	192:Q3SLV2y977KyViS4X3xurAJxLofMpYTI7D1M/lFAlGqboQy0:Q3SxNHlCHxurAJ+fMpYcHa/Coq
MD5:	9D2A4619FF7F96E4450000F131B44A2F
SHA1:	B5EB0E3EF4002CA83D67D81A2C7B04D1FF7F7A2A
SHA-256:	492F9DFBC98E2A9BDF0638767471F3824F733862A76927462C3EE60AE717C9A9
SHA-512:	B1C699C9E81106DC2F0133F454AF619262782890EADB7B45873676CE3FAB03592F7A12CEF0425C8507FCFE0337D225123D6B6A4E41F7F38C6C75A39BC11536D8
Malicious:	false
Reputation:	low
Preview:	<!doctype html>. [if IE 8]> <html data-placeholder-focus="false" class="ie ie8 lt-ie9 has-dob-explanation en us enterprise spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. [if IE 9]> <html data-placeholder-focus="false" class="ie ie9 has-dob-explanation en us enterprise spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. [if gt IE 9]> ><html data-placeholder-focus="false" class="has-dob-explanation en us enterprise spectrum--lightest" data-pagename="forgot_password" lang="en"> <![endif]-->. <head>. <meta http-equiv="X-UA-Compatible" content="IE=edge"/>. <META name="ROBOTS" content="NOINDEX, NOFOLLOW">. <meta name="mswebdialog-newwindowurl" content="*"/>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <script>. window.marketingtech = {. adobe: {. launch: {. environment: 'production'. }. }. }

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\userguide_topic_button[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	5.546487559259932
Encrypted:	false
SSDEEP:	12:TMHdPBxNi/nzVJ/KYf3nWjhHFc1c/StW8HoMsaedIDBcK5QTMfHA2:2dpLATLf3yOe6t/oFKUMvx
MD5:	7C2EC10FF932EC6672F5CAD5F70B128F
SHA1:	53AC4D942A6CE4D35CA7533BC170FCFCCE6FBE8F
SHA-256:	E2DF71F0672FA5730D08279CA1C29E29CF4BD4E9FD7DFB6266AFBDA69DBB80E0
SHA-512:	A723F417813BBF5C11BE4A28841642F13AC39C282565D3ECEB1F855D886FC7E70FF9BFA2ED7E31B554009393AEFE718353DD85DF04BE1B336623FF81656ECD1D
Malicious:	false
Reputation:	low
IE Cache URL:	https://helpx.adobe.com/content/dam/help/icons/user-guide/userguide_topic_button.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 20.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. viewBox="0 0 33 32.9" style="enable-background:new 0 0 33 32.9;" xml:space="preserve">.<style type="text/css">...st0{fill:#1E76E3;stroke:#1E76E3;stroke-width:0.5;}...st1{fill:#FFFFFF;}.</style>.<g>..<g>...<path class="st0" d="M23.7,31.5H9.3c-4.3,0-7.8-3.5-7.8-7.8V9.4c0-4.3,3.5-7.8,7.8-7.8h14.3c4.3,0,7.8,3.5,7.8,7.8v14.3....C31.5,28,28,31.5,23.7,31.5z"/>..</g>.</g>.<path class="st1" d="M8.4,7.7v18h16v-18H8.4z M9.4,8.7h1v16h-1V8.7z M23.4,24.7h-12v-16h12V24.7z"/>.<path class="st1" d="M20.4,15.7h-7v-5h7V15.7z M14.4,14.7h5v-3h-5V14.7z"/>.</svg>.

C:\Users\user\AppData\Local\Temp\~DFA6B70237803D5966.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4732393690792476
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lobMF9lobMl9lWbMzZMYZcJcQwsBrYsBra:kBqoIp/1ZM
MD5:	5ED2AFDC41CACFE198870C08D87BB1EF
SHA1:	F24B1FBD356243A87F4E3CBC4FDBFD74213CB342
SHA-256:	CD1607E860070CE071E1CF3DE7E6B1FA17384F1ED5E2A656B6284F3BA14AC787
SHA-512:	CAB332DB35249A3A12334DFEF492DDFB57CC97A916C94A8EACB0D76D9232F2FE658B9B92F8CA072350489C468AEF53CCEA172617843B2F5FE3A0EC77BC047196
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFAC29DBD3E615EA7B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	168019
Entropy (8bit):	2.936562699093929
Encrypted:	false
SSDEEP:	768:npQBSY7aWhuMngSY7aWhuMnmpqgjiO5W0/DG2SpQBSY7aWhuMngSY7aWhuMnmpq+:8p1K
MD5:	5B814AFCB22404C7802AE18533D12495
SHA1:	C1C093D505DC48721121CA566F1F6EBB6755F4DC
SHA-256:	10522E2FBC297368C4AF7A8AE2ADA8B4A0A904A520DDBF6D00088EAB78CBC618
SHA-512:	752A82A8004F0AB4DA1635B859CA867E1E2D1628A642FE3643E030A88B6DF98E2E6352AC4EC24EF4D6C6DB9BFE37EC1EEDC1DD2BACD6190117990485B7772A8D
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC0189C0C642ADB06.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2021 20:18:49.859715939 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:49.860903978 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.025912046 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.025939941 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.026232004 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.026380062 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.028599977 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.195957899 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.544976950 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545017004 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545043945 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545063019 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545079947 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545104980 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545124054 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545139074 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.545296907 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.614029884 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.615586996 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.617196083 CEST	49726	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.617197990 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.782299042 CEST	80	49726	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.782463074 CEST	49726	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.783010006 CEST	49726	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.783102036 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.783951998 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.785415888 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.785556078 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.785990000 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.790873051 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790899992 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790915966 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790931940 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790946960 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790961027 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.790962934 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790978909 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.790982962 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.790997982 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791014910 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791019917 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791030884 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791053057 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791071892 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791178942 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791196108 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791212082 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791227102 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791234970 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791243076 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791259050 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791260004 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791280985 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791290998 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791300058 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791312933 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791332006 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791332960 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791347980 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791349888 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791363955 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791373014 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791393995 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791394949 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791419029 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791435957 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.791455030 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.791493893 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.794246912 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.794276953 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.794292927 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.794308901 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.794323921 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.794401884 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.794528008 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.945944071 CEST	80	49726	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.952290058 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.956911087 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.956947088 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.956959009 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.956975937 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.956998110 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957019091 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957041025 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957057953 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957075119 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957091093 CEST	80	49725	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.957127094 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.957155943 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.957159042 CEST	49725	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.958236933 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.958262920 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.958276033 CEST	80	49723	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.958322048 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.958350897 CEST	49723	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.958460093 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.958479881 CEST	80	49722	192.185.71.147	192.168.2.4
Apr 23, 2021 20:18:50.958532095 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.958563089 CEST	49722	80	192.168.2.4	192.185.71.147
Apr 23, 2021 20:18:50.958976030 CEST	80	49726	192.185.71.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2021 20:18:39.710004091 CEST	61516	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:39.761630058 CEST	53	61516	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:40.500880003 CEST	49182	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:40.549515009 CEST	53	49182	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:42.345813990 CEST	59920	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:42.394525051 CEST	53	59920	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:43.171175003 CEST	57458	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:43.221842051 CEST	53	57458	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:43.952714920 CEST	50579	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:44.004954100 CEST	53	50579	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:44.734350920 CEST	51703	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:44.795588970 CEST	53	51703	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:46.038150072 CEST	65248	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:46.095259905 CEST	53	65248	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:47.208559990 CEST	53723	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:47.257617950 CEST	53	53723	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:48.381232977 CEST	64646	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:48.432529926 CEST	53	64646	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:48.586344004 CEST	65298	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:48.643621922 CEST	53	65298	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:49.637765884 CEST	59123	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:49.691935062 CEST	53	59123	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:49.771573067 CEST	54531	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:49.828767061 CEST	53	54531	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:50.480093002 CEST	49714	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:50.528882027 CEST	53	49714	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:53.065957069 CEST	58028	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:53.123213053 CEST	53	58028	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:53.797681093 CEST	53097	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:53.846288919 CEST	53	53097	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:54.617572069 CEST	49257	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:54.676731110 CEST	53	49257	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:55.719832897 CEST	62389	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:55.770859003 CEST	53	62389	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:56.630095005 CEST	49910	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:56.681860924 CEST	53	49910	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:57.503568888 CEST	55854	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:57.563345909 CEST	53	55854	8.8.8.8	192.168.2.4
Apr 23, 2021 20:18:58.685544968 CEST	64549	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:18:58.734460115 CEST	53	64549	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:05.918142080 CEST	63153	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:05.975397110 CEST	53	63153	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:06.200067043 CEST	52991	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:06.260153055 CEST	53	52991	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:10.856400013 CEST	53700	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:10.916277885 CEST	53	53700	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:11.224682093 CEST	51726	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:11.240441084 CEST	56794	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:11.243443012 CEST	56534	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:11.289520979 CEST	53	51726	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:11.299671888 CEST	53	56794	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:11.314276934 CEST	53	56534	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:11.629271030 CEST	56627	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:11.691636086 CEST	53	56627	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:11.876832962 CEST	56621	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:11.937803984 CEST	53	56621	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:12.267791033 CEST	63116	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:12.326426029 CEST	53	63116	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:12.888262987 CEST	64078	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:12.902028084 CEST	64801	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:12.937444925 CEST	53	64078	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:12.960974932 CEST	53	64801	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:14.211680889 CEST	61721	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:14.283695936 CEST	53	61721	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:14.933037043 CEST	51255	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:14.995924950 CEST	53	51255	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:15.873449087 CEST	61522	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:15.934760094 CEST	53	61522	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:16.483001947 CEST	52337	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:16.542030096 CEST	53	52337	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:18.572819948 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:18.621393919 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:18.782561064 CEST	49612	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:18.841356039 CEST	53	49612	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:19.258280993 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:19.280692101 CEST	50601	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:19.309696913 CEST	53	49285	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:19.344111919 CEST	53	50601	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:19.572109938 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:19.620675087 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:19.650178909 CEST	60875	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:19.655622959 CEST	56448	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:19.711461067 CEST	53	60875	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:19.716216087 CEST	53	56448	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:20.224371910 CEST	59172	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:20.256004095 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:20.285752058 CEST	53	59172	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:20.310014963 CEST	53	49285	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:20.585427999 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:20.637530088 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:21.259829998 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:21.311439037 CEST	53	49285	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:23.084904909 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:23.133512974 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:23.275758028 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:23.328984022 CEST	53	49285	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:27.093285084 CEST	55046	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:27.141925097 CEST	53	55046	8.8.8.8	192.168.2.4
Apr 23, 2021 20:19:27.281599045 CEST	49285	53	192.168.2.4	8.8.8.8
Apr 23, 2021 20:19:27.333692074 CEST	53	49285	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 23, 2021 20:18:49.771573067 CEST	192.168.2.4	8.8.8.8	0xf184	Standard query (0)	cvlga-in-authet.ml	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:06.200067043 CEST	192.168.2.4	8.8.8.8	0x96d5	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:11.243443012 CEST	192.168.2.4	8.8.8.8	0xfb4b	Standard query (0)	static.adobelogin.com	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:11.629271030 CEST	192.168.2.4	8.8.8.8	0xb369	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:11.876832962 CEST	192.168.2.4	8.8.8.8	0x8452	Standard query (0)	use.typekit.net	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.267791033 CEST	192.168.2.4	8.8.8.8	0x18ec	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.902028084 CEST	192.168.2.4	8.8.8.8	0xee4b	Standard query (0)	p.typekit.net	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:14.933037043 CEST	192.168.2.4	8.8.8.8	0xceb5	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.483001947 CEST	192.168.2.4	8.8.8.8	0x25a9	Standard query (0)	adobe.tt.omtrdc.net	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.280692101 CEST	192.168.2.4	8.8.8.8	0x471e	Standard query (0)	ims-na1.adobelogin.com	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.650178909 CEST	192.168.2.4	8.8.8.8	0x66c2	Standard query (0)	cdn.cookielaw.org	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:20.224371910 CEST	192.168.2.4	8.8.8.8	0xd468	Standard query (0)	geolocation.onetrust.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 23, 2021 20:18:49.828767061 CEST	8.8.8.8	192.168.2.4	0xf184	No error (0)	cvlga-in-authet.ml		192.185.71.147	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:06.260153055 CEST	8.8.8.8	192.168.2.4	0x96d5	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		54.73.76.208	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		46.137.124.64	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		52.213.176.171	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		52.16.185.223	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		54.76.80.163	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:10.916277885 CEST	8.8.8.8	192.168.2.4	0x3b84	No error (0)	services.prod.ims.adobejanus.com		34.249.255.145	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:11.314276934 CEST	8.8.8.8	192.168.2.4	0xfb4b	No error (0)	static.adobelogin.com	adobelogin-static.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:11.314276934 CEST	8.8.8.8	192.168.2.4	0xfb4b	No error (0)	adobelogin-static.prod.ims.adobejanus.com	dd20fzx9mj46f.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:11.314276934 CEST	8.8.8.8	192.168.2.4	0xfb4b	No error (0)	dd20fzx9mj46f.cloudfront.net		13.224.91.69	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:11.691636086 CEST	8.8.8.8	192.168.2.4	0xb369	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:11.937803984 CEST	8.8.8.8	192.168.2.4	0x8452	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	gslb-2.demdex.net	edge-irl1.demdex.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	edge-irl1.demdex.net	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		18.202.205.86	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.30.135.179	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.50.19.208	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		54.195.203.160	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.250.160.147	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		54.154.123.210	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.243.47.58	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.326426029 CEST	8.8.8.8	192.168.2.4	0x18ec	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.254.147.143	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.937444925 CEST	8.8.8.8	192.168.2.4	0x6533	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		15.237.76.117	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.937444925 CEST	8.8.8.8	192.168.2.4	0x6533	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		15.237.136.106	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.937444925 CEST	8.8.8.8	192.168.2.4	0x6533	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		35.181.18.61	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:12.960974932 CEST	8.8.8.8	192.168.2.4	0xee4b	No error (0)	p.typekit.net	p.typekit.net-v3.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:14.995924950 CEST	8.8.8.8	192.168.2.4	0xceb5	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:14.995924950 CEST	8.8.8.8	192.168.2.4	0xceb5	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		52.212.164.82	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		34.251.77.56	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		34.252.156.174	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		52.51.251.137	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		52.18.150.20	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		18.203.205.32	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		52.213.168.74	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:16.542030096 CEST	8.8.8.8	192.168.2.4	0x25a9	No error (0)	adobe.tt.omtrdc.net		34.252.166.160	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	ims-na1.adobelogin.com	adobelogin.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin.prod.ims.adobejanus.com	adobelogin-origin.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		52.213.176.171	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		54.76.80.163	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		34.249.255.145	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		54.73.76.208	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		46.137.124.64	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.344111919 CEST	8.8.8.8	192.168.2.4	0x471e	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		52.16.185.223	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.711461067 CEST	8.8.8.8	192.168.2.4	0x66c2	No error (0)	cdn.cookielaw.org		104.16.148.64	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:19.711461067 CEST	8.8.8.8	192.168.2.4	0x66c2	No error (0)	cdn.cookielaw.org		104.16.149.64	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:20.285752058 CEST	8.8.8.8	192.168.2.4	0xd468	No error (0)	geolocation.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Apr 23, 2021 20:19:20.285752058 CEST	8.8.8.8	192.168.2.4	0xd468	No error (0)	geolocation.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

cvlga-in-authet.ml

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49722	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:18:50.028599977 CEST	127	OUT	GET /?login=do HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:50.544976950 CEST	136	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:50 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Vary: Accept-Encoding Content-Encoding: gzip Accept-Ranges: none Content-Length: 10109 Keep-Alive: timeout=5, max=75 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 72 ff 72 1c 37 92 e6 df 56 84 de 01 53 33 b4 e4 0b 55 37 c9 96 28 99 ea a6 82 16 c5 3d c6 7a 6c 9f 69 ad 66 76 62 a2 02 05 64 57 a5 89 02 60 00 d5 4d 6a 63 23 ee 69 ee c1 ee 49 2e 81 aa ea 5f 6a d2 d2 ec ec b5 e5 22 f2 d7 97 99 5f 7e d3 3f 5c fc f8 f6 97 bf fe f4 8e d5 a1 51 67 8f 1f 3d 7e 34 8d 2f 26 79 e0 b9 55 5c 40 6d 94 04 97 cf 8d 68 fd 2c 9b 73 e5 21 63 42 71 4f 56 d6 e7 f1 0a 34 6f 60 96 29 53 a1 ce 98 e2 ba 9a 65 a0 b3 b3 e9 1f f2 7c fa 87 bf 81 96 38 ff 7b 9e 9f 4d 6b e0 92 fa b0 fe 37 6d 20 70 6a 1e 6c 0e bf b5 b8 98 65 7f c9 df 9f e7 6f 4d 63 79 c0 52 c5 5e 46 07 d0 61 96 5d bd 9b 81 ac 20 fb a4 bc eb fd f3 8f df fd f8 cb f5 46 fe 0f 3f 5e fd 70 f1 ee 2f cf d8 0f 3f 5e fe f8 fd f7 3f 7e b8 af b2 f1 4b 28 25 72 9a 3e d7 b0 5c a2 96 66 d9 3a b5 81 f5 3f 3e ad dd 1c fa 6d 97 97 ff 72 67 37 27 0e 70 1b c6 91 cf d7 4c d4 dc 79 08 b3 f7 bf 5c e6 af 22 d8 57 5f 6d 0f e1 4c 69 82 df 28 d6 86 e6 80 db 98 bb 99 57 19 53 29 a0 dc 2f 48 8d 5b fd 7f 83 f6 1a ad 85 90 08 fb c7 ee b3 87 5f 2e 6a c8 23 cb ce a8 ad 6e b9 0f c6 c1 3f 54 29 62 e8 cb 2b ad c3 05 0f 0f 14 fe e4 78 d5 f0 7b 7a 7d f5 d5 57 53 2f 1c da c0 bc 13 b3 27 bf fa f1 af bf b5 e0 ee f2 e3 d1 f1 68 32 6a 50 8f 7e f5 4f ce a6 e3 2e eb 8c 31 2a 62 43 4d 20 81 f5 ba fa 95 2f 78 e7 8d b8 7f 7a 2a 8d 68 1b ea f7 cd c8 01 97 77 4f e7 ad 16 01 8d 7e fa 0d fb 8f 38 ea 82 3b 36 37 ae 61 33 f6 a7 a7 4f fe c8 3f f2 27 df bc 66 e3 71 9a 93 8b 90 82 43 a2 6f cb 06 43 9f 0a cb 36 a6 c6 dc de 5f b6 21 18 3d 24 73 05 ae cf 1d a5 f7 6d 8f dc 05 24 2e 22 36 f3 b5 59 f6 ae 06 bc e7 15 0c 00 ca 70 09 ae 47 e8 0c 42 78 fc 28 c6 09 26 4d dd 77 86 05 ad 18 fd d1 39 a2 ed 9e 74 81 27 cf d8 6a 61 e8 37 66 0c 46 d6 a5 8a 0b 98 f3 56 85 a7 dd 5c bd 93 c9 ce bb d9 80 ea c6 e3 84 cd 49 c5 5a 3e 7d 32 47 05 84 1e 89 c0 a6 ba d2 f6 c9 37 7f 3b fc fb 28 ba 3d 3d e2 9c 03 b5 17 9c a4 30 63 1a 96 ec b2 37 9f fe e9 69 a8 d1 7f d3 67 c6 a1 fe 34 e2 bf f2 db a7 fd 88 8c b5 4e 9d b2 27 16 c5 c8 d6 96 3a 0d 1b f3 b4 4d 0c 0f 99 f1 fa 94 fa d3 8f d7 bf 6c e4 f5 cc 90 0e 6b 23 59 05 61 6c 8d 0f 7d 0d 25 49 1a e3 97 ae b2 0e 8d ea 2a 1d 89 15 7c 27 28 16 dd e3 5f bd d1 e3 db 46 6d 17 9e 76 44 7b 70 c8 15 7e 84 a7 df a4 f2 95 dd 8d 10 33 93 4e fb df ba 32 72 f0 2c 45 b8 bf d3 82 9c 5c 79 78 36 6c c4 04 17 35 7c ea 25 49 d2 81 ba a9 77 62 40 57 ee b6 69 e8 76 68 b9 0b e9 60 79 6c fa 64 9d 67 9d 11 24 b3 8b 6e 94 1e 83 e6 e8 3f 5d 52 09 54 0a d7 74 e8 d3 b5 7e 56 f2 89 bf 24 d8 d1 9c 34 f9 63 1b f5 43 e5 5f 75 12 4d ce 2b dd fb fe f4 34 fb a3 d1 90 7d b3 93 1b fd 61 69 76 fc 3d 78 64 32 5d 6f 14 4f f0 f4 c9 f7 04 8c ba 1a 8d 46 4f 3a a5 8a 9a eb 0a 86 13 97 6d 08 a4 88 00 b7 c3 79 d9 7f ae 16 f6 ad 88 fb 6e ec 11 09 d9 b3 4b 6a 95 62 eb 0d 92 98 c8 60 a8 49 1a de 1a ed 21 5d 71 67 dd fb f6 da 43 43 8d 12 7a e7 5a 52 9d 9a 82 c3 aa 02 f7 f4 09 b5 82 d0 af 9a de 29 be 1e 78 8b 9c ad bc 7d 8c 74 c7 8d ed be da 25 07 9c 33 6e 83 1a d8 e2 85 e4 e6 8d 82 91 32 15 45 56 d4 76 8f ff ec ee 95 fe a4 cf 74 ec 85 43 1b ce e8 d9 bd 58 14 e4 2c 8b 53 8c 7f e5 0b de 79 33 4a 78 fc 68 68 c9 5a 1d 19 f9 ce c8 bb a7 d4 82 ba 2f b8 63 25 99 ef 14 34 9e cd 98 34 a2 6d 48 f5 Data Ascii: rr7VS3U7(=zlifvbdW`Mjc#iI._j"_~?\Qg=~4/&yU\@mh,s!cBqOV4o`)Se\|8{Mk7m pjleoMcyR^Fa] F?^p/?^?~K(%r>\f:?>mrg7'pLy\"W_mLi(WS)/H[_.j#n?T)b+x{z}WS/'h2jP~O.1bCM /xzhwO~8;67a3O?'fqCoC6_!=$sm$."6YpGBx(&Mw9t'ja7fFV\IZ>}2G7;(==0c7ig4N':Mlk#Yal}%I*\|'(_FmvD{p~3N2r,E\yx6l5\|%Iwb@Wivh`yldg$n?]RTt~V$4cC_uM+4}aiv=xd2]oOFO:mynKjb`I!]qgCCzZR)x}t%3n2EVvtCX,Sy3JxhhZ/c%44mH
Apr 23, 2021 20:18:50.614029884 CEST	145	OUT	GET /js/jquery-2.2.3.min.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:50.791178942 CEST	162	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:50 GMT Server: Apache Last-Modified: Thu, 30 Mar 2017 22:40:24 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/javascript Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 b2 6b 9b e3 b6 b5 25 fc 7d 7e 85 c4 f4 d0 40 0b 62 49 ed 24 33 a1 8c d2 d3 ae 6e c7 4e da dd 8e bb 13 9f 13 16 9d 07 04 36 2f 55 14 c8 22 a1 ba 58 64 7e fb 6c f0 a2 4b 55 b5 7d ce cc fb f6 45 04 b0 6f 6b af b5 ce 5e 4e 27 57 7f db 42 f5 30 b9 7d e5 bd f2 be 9c 34 13 22 e9 f8 f6 4d b1 d5 4a 98 ac d0 f8 7e 75 63 df bc a2 4a ce f2 4c 82 ae 61 f2 f2 ec 7f 4c e3 ad 96 36 83 08 16 d1 9d 53 44 57 20 8d c3 b9 79 28 a1 88 27 9b 42 6d 73 70 dd cf 04 3c b8 2f 8b ca d4 eb d3 2b 17 9e 2a e4 76 03 da ac 23 ec 3c 5d 50 ff 30 88 ee b2 98 4c 0f 29 d4 a4 55 71 37 d1 70 37 79 5b 55 45 45 9c 01 7f 05 37 db ac 82 7a 22 26 77 99 56 98 73 97 99 14 6f 63 a5 43 57 15 98 6d a5 27 38 85 b6 7e f7 4b 1c dc 1a e2 4c 83 72 a6 23 dc be 7e dd 7f 7c 93 66 35 3b dd fc 56 54 13 c9 83 90 a9 23 f0 0c b8 f4 6a 4b 17 8b f1 24 0b 2d 85 61 09 1e cb 6d 9d b2 14 0f d8 10 ee 3f c4 2c e3 bb 96 5d f1 cc 33 c5 47 53 65 3a 61 d7 78 49 45 fd e1 4e ff 50 15 25 54 e6 81 e5 36 69 c3 9d 4e 2b 87 69 7e 8a 61 d8 c5 12 a1 bd 58 63 ef cc 74 91 96 15 fc ec e7 e0 b2 be dc 7e f3 f6 9b 6f 2e ef 5f 2f c2 59 f3 e8 fe e2 2c 61 25 a6 cd 37 f5 fc 8c dd f0 b3 39 09 2e 95 98 ff 12 d2 b3 24 63 d5 f3 c3 22 04 fc f7 12 e1 5d 88 1a 08 6d 57 76 32 d7 5e 59 15 a6 b0 e4 f1 5d ef 1c 7f c3 70 ff da 54 5b 69 8a ca d7 ac 86 1c ba a3 e3 b0 1c 74 62 52 7f c1 4c f1 ba aa c4 c3 41 ed fd 20 f0 a4 c8 73 62 a9 c7 7d 12 30 27 8e 18 57 df e6 f9 94 8b f5 e2 5c ac 6d 66 20 66 f6 e3 f5 fd 43 bf 7f 0b fd d3 66 56 8c 8f 46 c8 eb 93 96 56 d1 08 37 d9 40 95 40 97 ea 1d 2d 40 28 13 07 f7 e0 ba 70 fb a1 b3 38 ef cc 11 d9 5c 03 f7 fd 75 bc b0 a8 65 20 64 fa 2c 74 cf 46 ba 39 d8 19 65 16 e5 73 69 5d bb 3d 60 82 f0 44 49 4e fd 18 31 b9 4f 17 fd a2 f8 64 6d 40 b1 6f 67 c7 67 f8 7d d4 18 3c 51 96 f9 c3 80 a7 4a 3a 3f d7 b6 41 9c 55 b5 f9 5c 03 b8 21 0b cc c9 c5 af a6 cc 97 98 03 37 cf d0 7d a4 16 93 7c 26 66 c4 4a 19 f9 8b 3d d7 8f 70 ca 73 be 70 dd e8 5c ae 83 4e 5c 19 86 7e 10 da f6 5a 7d 76 cb bd 58 4d f3 54 d7 de 0f 7e c2 ea a2 32 be f4 ec 87 d5 65 47 1b de ba 43 cb 50 ae 7b 83 33 b8 f5 fb 78 3e 9a 67 d7 11 cc f2 ae 18 b0 98 25 7c 4f 62 b0 08 9b 66 d7 b2 94 2f 59 76 78 1e d7 be e2 d3 e5 2a 46 24 4e 54 14 39 08 ed 70 6e 1e 4a 28 e2 49 e2 ba e4 8a 27 27 cd d2 a1 d9 6c 46 99 53 74 5b 1d 15 34 8d f6 b2 fa 9b 11 57 42 9b 86 24 7c d7 52 9c ce 79 86 fd 92 de b0 e9 7c 4e 57 d9 79 ba b2 8d b2 98 e8 6d 9e 4f 39 11 27 93 28 b5 b8 a2 49 86 c6 a2 92 27 41 14 32 c5 85 fd 24 53 ce 95 85 e7 ba f6 63 a7 fe 90 8b 4c f7 3c 13 65 07 03 b7 cf af ab 4a 3c e0 03 a5 6b 02 f8 0f d7 65 31 97 ae 7b 08 4a ba 96 56 45 7f ff 7e dc ab 8b e2 ca 76 3c 1f b9 27 57 48 32 36 f5 6f 8b 4c 4d 16 03 9a 2e 05 5f 47 f3 24 07 e1 c8 0e ee 4b a1 55 e1 3b 57 7f db 42 f5 e0 cc c8 66 f6 bd 30 a9 57 d9 e7 0d a1 d4 ab a0 cc 85 04 72 76 f9 e6 2c 61 8e 43 59 56 ff 08 42 3d f8 d3 05 83 aa 2a aa 13 0f 9b b4 2a ee 26 1a ee 26 6f 6d 0c 9f 70 5e 51 94 c7 46 6c d9 41 8f 93 e2 1e a2 33 3e a1 88 b8 9c d5 b1 6b 33 50 e3 77 bf 23 51 f8 fa 53 86 58 ef 9e 69 34 e9 15 14 ae 2b b0 93 f0 ee ba 44 db e8 3d ea 59 65 f2 a4 c6 da 35 ea 92 3d 53 7c 34 55 Data Ascii: 1faak%}~@bI$3nN6/U"Xd~lKU}Eok^N'WB0}4"MJ~ucJLaL6SDW y('Bmsp</+v#<]P0L)Uq7p7y[UEE7z"&wVsocCWm'8~KLr#~\|f5;VT#jK$-am?,]3GSe:axIENP%T6iN+i~aXct~o._/Y,a%79.$c"]mWv2^Y]pT[itbRLA sb}0'W\mf fCfVFV7@@-@(p8\ue d,tF9esi]=`DIN1Odm@ogg}<QJ:?AU\!7}\|&fJ=psp\N\~Z}vXMT~2eGCP{3x>g%\|Obf/YvxF$NT9pnJ(I''lFSt[4WB$\|Ry\|NWymO9'(I'A2$ScL<eJ<ke1{JVE~v<'WH26oLM._G$KU;WBf0Wrv,aCYVB=**&&omp^QFlA3>k3Pw#QSXi4+D=Ye5=S\|4U
Apr 23, 2021 20:18:51.368876934 CEST	250	OUT	GET /img/sprite.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:51.545752048 CEST	252	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Apr 2021 18:18:51 GMT Server: Apache Last-Modified: Tue, 23 Apr 2019 05:23:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 462 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41\|nIPy"4mU1d}{*<g\|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs\|C^N?!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49723	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:18:50.615586996 CEST	146	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/light.css HTTP/1.1 Accept: text/css, / Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:50.790873051 CEST	149	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:50 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 16010 Keep-Alive: timeout=5, max=75 Content-Type: text/css Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 b2 8b 72 db c6 b6 2d fa 2b d8 76 b9 4a da 56 53 e0 4b 92 81 72 2a f2 33 7e 25 b1 9d 95 2c c7 db b5 aa 81 9e 00 da 6c 74 23 dd 0d 3e c4 e2 ae f3 2d f7 d3 ee 97 dc d9 00 48 81 24 28 c9 49 d6 39 a7 f6 35 12 0a 98 8f 31 c7 1c 73 7c 1f 67 54 1b b0 de bd d2 26 e4 e2 5e d8 8b 4a 6b 95 ec e5 8a 91 84 c6 10 29 35 09 22 48 94 86 93 76 2e 55 2a 15 b0 c9 c4 b4 30 42 c5 13 a2 a4 57 7d 10 2e 19 8f a9 55 9a f0 3c c5 82 0c e2 89 54 16 6b 79 ac e4 06 1b 3f 59 41 12 a1 66 44 a8 54 61 31 4d b1 a6 a0 c6 cc 94 66 44 c3 14 a8 00 dd 53 49 e2 ed 87 6b f0 8e 6a 79 87 e2 52 80 21 82 1b 4b b8 85 fc 33 a3 96 92 29 15 1c 5f 38 52 34 96 da d2 3c b6 ba 84 2f 9b 45 77 bb dd ce 0d 67 53 68 c4 79 aa f2 5c c9 93 1b 64 3c a4 e2 32 a2 f1 24 d5 aa 94 ac 86 0c 4a 2d 8e 7a bd 53 a4 7d 5a 83 f7 0a 99 1e 87 ad 3a 0d 05 50 1b 48 d5 bc b5 73 86 5f 41 d0 1f 8d 8a b9 d7 1f 9e 17 f3 55 cf 4c 53 ef c6 03 ef 16 ec 5c b9 4a df 7a ea ba ea fa de d5 f7 ce d1 eb 58 d7 e5 ab cc b7 9d ff 50 cb 61 0f ec 74 fc 19 23 74 42 b4 dd e0 f2 5b 96 a8 42 b7 a9 ff 57 cc 81 fd c7 ab 5e 2c 80 ea 84 cf 03 9a 58 d0 cb ea 33 88 94 cd 42 3c 81 05 69 83 7b f7 42 c6 4d 21 e8 22 b0 34 12 b0 aa c6 65 9c 31 90 cb 75 46 2a 89 89 17 02 e6 1c 4b c8 53 ec a5 5c 22 e0 56 6b 58 fd 12 fc 56 a5 0d 70 2a b0 70 c6 99 cd 82 be ef 3f e8 ea af 57 e7 42 fc 00 3c cd ec 32 ab fe ec 96 7f 50 b3 ed 41 44 ab d9 76 be d6 08 c3 07 20 9e e2 aa a0 9f d6 3b ef 80 c5 20 44 38 05 6d d1 b7 82 e0 a5 53 19 e4 b8 bf d8 5e 59 94 b9 ec ea 2c 28 63 5c a6 44 40 82 63 07 c5 7c f5 7d 0e 8c 53 4f 49 b1 f0 4c ac 01 a4 47 25 f3 8e 72 3a 27 b5 1e a3 0b bf 98 1f 2f f7 e0 b7 b0 2e 10 6a 8f 01 ca aa d1 9a 71 c6 05 db 2e f7 f7 6a af 45 69 5d e1 73 2c d0 a7 ff f9 38 d5 9c fd eb cb 32 11 8a da c0 01 6c 16 d1 95 80 67 38 7d bb 36 c0 0f 4b 54 42 ec a2 80 a6 b1 aa dd e9 f4 6f ea 6b f8 6f a3 54 f6 da 6e 7a b8 c3 73 6b 55 c7 ad e7 12 f1 da 48 df e2 ef 0a b1 df 68 32 18 3f 58 47 86 4d 68 38 ec 0d f1 df 3a 3e 68 c2 63 7f 1d 59 17 9e 6f 7a 47 6d 85 ef 7c fe 03 2b d6 2a 8e 6e d1 ff 66 cd 6f 94 6f 54 19 ab ca c4 28 11 ea 76 7d 86 30 a7 3a e5 32 f0 3d 5a 5a b5 be ac 33 57 b5 55 05 b0 dc 11 f4 3a 43 aa d7 ed 3c 89 41 88 70 0a da f2 98 0a 42 05 4f 65 60 55 b1 df 57 f9 b5 66 44 a6 cb 9d 8e 9c 33 b6 33 ac 39 71 d7 b8 ad 7d fb e8 97 db 08 34 58 7f 92 42 d5 66 0a 1a 03 31 39 15 02 25 dd 62 70 e1 0c bb df f6 5d 4f ab 59 90 70 8d 77 8d 33 2e d8 b2 56 9f 20 3b 94 fc 7b 32 83 68 c2 2d 99 c0 22 d1 34 07 e3 d1 a5 ff 60 a9 70 10 b7 0b ac b0 6a f3 d1 5f ad be bf 63 5d 2f a1 0c 5e c9 e5 1a 9e 4a 9e 53 cb 95 0c a8 d7 37 e1 f6 e7 aa c7 91 ed 46 63 2e 05 97 40 22 a1 e2 49 9d 22 54 e3 16 b5 31 22 1a 4f 52 ad 4a c9 08 62 a4 10 94 5a 1c f5 7a a7 3c 4f 4f 5d ad 39 bd 2e ee 15 32 3d 0e 5b 1d 1a 0a a8 5c d8 bc 85 19 54 de 46 f1 1a 57 36 66 1f 60 60 c6 99 cd 82 47 4e 57 33 4d bd bf c6 04 11 8e 9b 65 20 a7 5c 10 a9 2c 4f f0 f2 4e 05 c2 78 ca ef 02 08 72 0a 42 15 40 04 92 85 3b af 37 18 5e ef b7 36 4b 58 28 c3 ab 13 68 10 c8 62 0a cd c2 c3 d1 f6 c6 7f 1f dd 3b 68 10 44 90 28 0d 2d ec e0 be ef 9f 8d 58 1c ae ad 14 29 cd 40 13 4d 19 2f 4d 30 f6 Data Ascii: r-+vJVSKr3~%,lt#>-H$(I951s\|gT&^Jk)5"Hv.U0BW}.U<Tky?YAfDTa1MfDSIkjyR!K3)_8R4</EwgShy\d<2$J-zS}Z:PHs_AULS\JzXPat#tB[BW^,X3B<i{BM!"4e1uFKS\"VkXVpp?WB<2PADv ; D8mS^Y,(c\D@c\|}SOILG%r:'/.jq.jEi]s,82lg8}6KTBokoTnzskUHh2?XGMh8:>hcYozGm\|+*nfooT(v}0:2=ZZ3WU:C<ApBOe`UWfD339q}4XBf19%bp]OYpw3.V ;{2h-"4`pj_c]/^JS7Fc.@"I"T1"ORJbZz<OO]9.2=[\TFW6f``GNW3Me \,ONxrB@;7^6KX(hb;hD(-X)@M/M0
Apr 23, 2021 20:18:51.387295008 CEST	251	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/recaptcha__en.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:51.566301107 CEST	253	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:51 GMT Server: Apache Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: application/javascript Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac b2 6d 7b da c6 16 35 fc dd bf 42 e8 ee ad ce 94 b1 02 4e e2 34 c8 63 2e c7 76 e2 34 42 4a 31 89 9a 10 4e 2f 21 0d 48 8e 2c 21 69 30 26 a0 ff fe ec d1 0b 08 4c 7a 7a 9e eb 4e 5d 34 b3 67 bf ac bd d6 42 93 79 e8 70 3f 0a 11 5e 55 47 c9 7c 80 5b c2 f8 3c 09 a5 cd bb b9 09 99 59 b6 49 d5 6f 0e a4 e2 55 2d 23 4e 6a a5 9b 14 1d af b8 e7 a7 43 73 44 f5 5a f2 f2 50 ee 26 52 56 d4 f2 fd f8 1f 0b 00 e9 d1 83 9d 48 46 42 b7 7b 10 9d c4 78 e5 4f 50 03 99 92 1f a6 dc 0e 1d 16 4d a4 8b 24 b1 97 18 68 88 12 14 53 64 52 6b 0c cd c9 70 84 b5 06 d2 a9 a9 86 ec 91 23 8c 55 37 0a 99 86 63 75 36 4f 3d a4 ab 0f 76 30 67 58 33 69 9c 6d c6 92 07 62 8d 77 66 56 98 a0 93 3c 0f 5d 36 f1 43 e6 ca 0d ca 97 33 31 fc 76 79 3f 8e 02 45 29 be aa cf 59 62 f3 28 51 14 73 b8 17 1a e1 ae ae 3a 76 10 00 b8 ce 4a 60 ea b8 53 38 67 19 71 a7 07 47 4a 3a 6d 91 a7 e4 e8 67 a6 1a b0 70 ca bd ee 4a ac d4 69 b4 49 be 4b c7 1c ea cd e6 28 eb 94 e1 56 06 bd 83 98 f4 5f 51 b9 6a 23 d3 0a b9 39 be 63 0e 57 9d 84 d9 9c 75 77 6e 9d 83 68 42 b6 90 80 05 e1 1c a2 ab b3 24 e2 91 68 45 45 4e a6 1d 81 30 3f 9f 92 32 fe b1 2a 30 27 38 88 e9 c1 07 8d 05 29 5b 09 e5 97 5c b3 3b f9 a9 97 d0 d5 e5 83 d8 86 fc f2 89 ae 32 8d 27 cb d5 92 53 f4 cb 27 f5 ef bf 73 18 7f ff 4d 7b 09 bc aa 97 0f 58 1b c3 0a df 25 3b 73 6c ee 78 c2 65 19 24 37 da 19 cc 5c f2 ee ee 66 80 19 99 b5 2e 3a 31 f1 f6 da a0 54 c7 dc 4b a2 45 be fb 00 20 5e 27 09 b8 cc 6c ca 92 9f 4a 61 c4 25 90 91 85 a9 3f 0e 98 8c b5 8d 8d 3a e1 3c 08 0a 0b 7b f1 41 df 2c fc d0 8d 16 8a 52 7c 29 f0 e5 f9 69 57 fc 74 0e a5 4f 83 68 6c 83 cd 44 df 06 2d 6e dd e2 d3 11 45 e4 61 4c 41 e9 eb 87 1d 23 91 98 58 c4 20 6e be 28 ac 3b 01 ec 31 45 16 35 d5 74 16 f8 1c c9 aa 8c 89 17 63 62 d0 96 66 9c 59 a5 af 8e db 9a d1 6c 62 97 5a 43 63 44 5c c9 0f a5 78 bd 46 f1 d0 1d 81 00 98 c4 54 1c 35 e4 52 64 c0 d1 82 bc 6d e9 88 58 23 a2 23 03 63 e2 36 a8 81 2b d0 ae a2 7c f9 84 04 a2 95 13 85 13 7f 3a 4f 6c a0 0d 84 25 8b c4 e7 d5 b9 70 b2 9b 61 f0 ee 97 4f ff 60 dc 82 23 30 cf 8c 25 dc 67 69 f7 50 7c d9 d9 e5 03 af cc 06 bd 48 12 7b b9 35 b0 a2 40 ac 2c ae 05 91 39 d4 47 34 56 73 40 18 c0 3c a1 36 a7 d5 dc d6 d0 fe 2b a4 6f af 98 1c d5 1e 55 58 3a e5 c9 dc e1 51 42 4d d0 0b 3f 8c 73 13 e6 9e 97 72 69 04 d1 3a 96 37 35 a0 7f 2c 80 fc 64 61 21 64 f1 34 65 dc 5c 84 d5 ce 57 2c 75 12 7f 06 83 90 58 19 14 38 48 0d 4c 17 4b 74 cc 61 3c a2 3a fc 60 cd 54 df d1 da 06 19 99 dc 50 74 fd 80 64 a8 b9 f7 53 26 93 a7 1c 54 11 c9 40 78 25 bc a8 5e 51 a1 78 b6 79 70 51 80 57 09 e3 f3 24 94 02 d8 31 e5 76 e8 08 25 e3 6e d0 09 d9 42 8a d1 a6 6d 1f af fa 90 0e f2 0b 6e 71 59 65 6a c5 01 89 7f 16 85 1f a3 c6 ec 1b 8a 74 ea c5 6a ca f8 c0 bf 67 d1 9c 93 fa f3 cd 56 b8 a0 44 38 d8 0e 14 91 24 5a 48 81 06 33 77 ea a2 5a 1d 01 5c 48 6c 05 2e cc 57 04 59 fa f9 91 94 2b 0f 47 e4 69 eb be fa 06 c1 2e e0 04 f1 86 d5 2b 75 36 4f 3d b1 1f a9 f7 26 3d a0 11 d4 d2 aa de c5 57 0d 58 38 e5 9e 86 c5 5b 50 0e 26 7d da da ce d4 fa 67 41 95 d6 6c 02 c8 1e 0d 86 fd 11 11 3f b9 0a 1a 4f 96 ab 1e 80 70 6c ee 78 c8 2b 09 b8 81 53 96 d5 d5 c2 3b bb 0f 76 Data Ascii: 1faam{5BN4c.v4BJ1N/!H,!i0&LzzN]4gByp?^UG\|[<YIoU-#NjCsDZP&RVHFB{xOPM$hSdRkp#U7cu6O=v0gX3imbwfV<]6C31vy?E)Yb(Qs:vJ`S8gqGJ:mgpJiIK(V_Qj#9cWuwnhB$hEEN0?2*0'8)[\;2'S'sM{X%;slxe$7\f.:1TKE ^'lJa%?:<{A,R\|)iWtOhlD-nEaLA#X n(;1E5tcbfYlbZCcD\xFT5RdmX##c6+\|:Ol%paO`#0%giP\|H{5@,9G4Vs@<6+oUX:QBM?sri:75,da!d4e\W,uX8HLKta<:`TPtdS&T@x%^QxypQW$1v%nBmnqYejtjgVD8$ZH3wZ\Hl.WY+Gi.+u6O=&=WX8[P&}gAl?Oplx+S;v

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49726	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:18:50.783010006 CEST	146	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/AdobeMessagingClient.css HTTP/1.1 Accept: text/css, / Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:50.958976030 CEST	207	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:50 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 8235 Keep-Alive: timeout=5, max=75 Content-Type: text/css Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 6b 73 db 38 96 fd ae 5f 81 9d 54 d7 3a 6e 41 22 f5 88 6d e6 cb a4 33 93 9a 54 4d ef 74 4d d2 d5 fb 15 24 20 09 63 10 60 03 a0 1e 71 e9 bf ef 05 48 4a 94 45 49 94 2c a7 7b 6d 11 12 2f ee e3 dc 73 4e 8f d0 f8 67 33 fd 28 38 93 f6 37 4d b2 8c 69 f4 06 82 29 04 95 b4 84 4b 08 dc 76 51 af 5d 62 14 b3 89 d2 ac 7d 3e 99 58 f8 7e ea 20 14 ab 25 36 fc 1b 97 d3 08 7e 6b ca 34 86 d0 fb ce ba d3 ae 57 4f e5 76 41 34 fd 20 79 4a 2c f3 3d ad 26 d2 70 cb 95 8c 90 ca 48 c2 ed 0a 0d 83 20 35 ef e1 92 f8 44 b8 c3 92 a4 0c 12 8a fa 54 cd d9 ee 35 cd 35 29 7a 34 d4 5a 9e 02 64 3c c9 65 52 e4 24 79 cc 13 1c b3 6f 9c e9 9b a0 8b dc a7 37 ea a2 f0 ad 2b c4 0b 16 3f 72 8b 8f 22 ab 92 4e 20 dc 4f 6b 40 ba 9f 74 2e e2 54 7d 3b 01 d7 65 9c c2 ba 9b d3 04 74 37 e3 2c 94 eb ce 5f 1f d9 6a a2 61 b2 a9 4f f6 26 08 7e f0 5f a5 1b c0 9e 69 84 4c 42 04 bb 09 7a f7 43 bf 23 aa 96 8a 50 e0 de d7 f0 84 c1 e1 c2 f0 79 55 58 54 01 8e 8a ef 3f 0d 1e 47 eb 9f 04 4c 8f d0 f8 67 33 fd 28 38 93 f6 37 4d b2 8c 69 f4 06 82 29 04 95 b4 84 4b 08 f4 ca 80 25 7e 02 e5 26 13 04 da 48 25 bd 95 92 5c 1b a5 23 94 29 2e 2d d3 75 93 c7 4a 53 a6 b1 26 94 e7 26 42 ef 82 6c b9 b1 d6 81 bb 43 61 92 3c 4e b5 ca 25 c5 89 12 6e dc 9b 4f 9f 3e 6d 0b 22 34 c8 96 c8 28 c1 29 7a 33 0e dc ff 2e 90 25 36 33 42 d5 02 48 f3 a9 23 78 f4 34 26 95 75 9d 7b c3 f1 db 1a bc 33 2a ce 4a ce 08 a5 5c 4e 4b f5 16 9c da d9 76 cf 19 e3 d3 99 dd be a7 44 4f b9 74 5d 49 6e 95 8b 58 b6 b4 98 08 3e 85 68 c2 2a c6 7d 94 b2 44 69 62 b9 92 5b 75 26 a0 23 36 fc 1b 03 86 ca 9e 15 81 c3 d1 e8 61 ec 93 e6 4c 5b 0e 66 a9 fa a6 9c 52 e1 6f c0 9f 02 5c b0 ed 57 13 82 a7 64 0a 37 b9 16 37 c4 18 66 4d 3f b1 a4 67 e6 d3 b7 cf 12 cb f1 a3 3d 29 35 cb 18 b1 ae 79 f9 f3 d9 7d a6 0c 77 eb e0 65 7d d7 a6 04 67 eb fb a2 bf 82 6d 26 c2 49 31 e7 86 c7 c5 1e 55 62 84 26 7c c9 a8 0b 7d c3 5c 52 06 9d 1f b6 7f 2e de bf 45 56 73 22 a7 82 a1 a9 66 4c 76 a1 46 1b db 45 31 83 b6 e8 b6 ff 2c 69 31 e3 96 75 91 92 c8 aa cc 5d af 3b 3d 42 e3 9f cd f4 a3 e0 80 fa 37 4d b2 8c 69 f4 06 82 29 04 41 11 02 9c 6a d4 2b 03 96 54 3f b1 55 4a 58 9e a1 27 98 41 b9 c9 04 59 6d b9 df 2e 41 62 b0 7a 6e 59 cd 4f 50 9a 01 c9 bd 71 c1 42 15 8d 95 b5 2a 6d b8 10 6c 02 cc 0f 77 83 ba 70 5f 19 ad 79 27 1c 3c f3 a3 7b 71 ce c0 95 63 c3 b2 7f ac 34 65 60 2f 28 40 00 92 53 f4 e6 ee 9d fb af 5b 6f 32 99 ec 2a 19 d5 b3 52 b2 c4 0b 4e ed cc 79 36 a8 da 16 7b dc 95 ef 29 97 55 ce 7d 19 2a c1 e3 0a 2b 5e b0 f8 91 5b 5c 20 c2 9a 50 9e 9b 08 95 36 c4 a9 fa 76 e0 aa 29 fa 72 4d a3 28 66 13 a5 99 d7 36 81 02 68 13 a1 bf fc e5 b0 b2 d5 ce f8 dd ce 82 c3 12 66 b5 fe 0e e8 32 08 29 fe 09 6a 57 c6 ae 04 48 e9 45 a9 85 2b 4d 0a fe c1 d6 44 9a 8c 68 40 77 9d ad c9 c4 42 46 eb a5 4f 2c 59 32 32 7e d5 a5 ff 9a 32 ca 09 ba a9 99 6c f4 0e 5c f6 d6 af 71 36 25 ae 68 b3 d8 a8 74 eb 76 99 2a b2 3e b7 f7 17 22 98 f9 45 65 bf 66 db ab bd 59 e8 bf 78 9a 29 6d 89 5b cd 0d 69 5e 2f 1c bb f5 88 a4 10 26 cb 4d 78 fc 70 9d ad c3 ef b8 75 78 62 eb da 7a e1 e8 3a eb 0d f6 d6 1b bc da 7a 83 e6 f5 ce 5d a0 37 51 49 6e b0 e6 72 1a f9 9f 7e 4a ac 34 65 1a 27 Data Ascii: Rks8_T:nA"m3TMtM$ c`qHJEI,{m/sNg3(87Mi)KvQ]b}>X~ %6~k4WOvA4 yJ,=&pH 5DT55)z4Zd<eR$yo7+?r"N Ok@t.T};et7,_jaO&~_iLBzC#PyUXT?GLg3(87Mi)K%~&H%\#).-uJS&&BlCa<N%nO>m"4()z3.%63BH#x4&u{3J\NKvDOt]InX>h}Dib[u&#6aL[fRo\Wd77fM?g=)5y}we}gm&I1Ub&\|}\R.EVs"fLvFE1,i1u];=B7Mi)Aj+T?UJX'AYm.AbznYOPqBmlwp_y'<{qc4e`/(@S[o2RNy6{)U}+^[\ P6v)rM(f6hf2)jWHE+MDh@wBFO,Y22~2l\q6%htv>"EefYx)m[i^/&Mxpuxbz:z]7QInr~J4e'
Apr 23, 2021 20:18:51.390062094 CEST	251	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/18uhqkpLX_hgNtv0GBe23umXvFqNTaL8jddrrrm0s-M.js HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:51.597021103 CEST	284	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:51 GMT Server: Apache Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 5567 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: application/javascript Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6b 77 da c8 b2 fd 2b 98 95 e1 76 1d 15 8a 24 1e 36 16 8d 57 46 51 32 f1 38 b2 35 c1 93 38 8a 72 97 0c 6d c3 04 81 46 08 33 1e d0 7f bf d5 2d f1 b2 9d f3 e9 26 cb a8 bb aa ba 6a d7 de fb f5 7f 2a 6f a6 d9 b8 3e 4f a2 58 af 7c 8e a6 59 25 9b 55 e6 d1 63 65 24 26 93 d9 59 c5 99 4d b3 68 90 55 d8 6d 34 17 ed 26 54 6e e2 8e f1 b5 f1 e7 68 10 fb d9 8d d5 59 0c df bf fb 6b e8 fe 3a bd b5 3a d3 db f7 d7 0b 8a 65 95 ff bc ae bc 5b 4c 07 d9 78 36 65 ff f3 10 a5 95 3f f9 2a c7 7f e5 8f 7f ce ef 36 a9 18 5d f4 d1 41 0f 56 77 b3 94 31 16 eb ef f8 5d 34 99 0b 74 78 10 22 dd c7 e5 3d d6 bf 70 ba be df 3d 8e b0 8f 09 0a 5c e2 35 ac 52 91 2d d2 29 bb e6 6c c9 99 d8 15 6d 32 15 11 24 fa ef 1a 5b d2 e7 d7 90 73 de 87 fa d1 b5 ba 84 39 26 3c 1b 8d e7 f8 c2 2b 06 39 60 a2 df 01 2e 81 aa af c2 5d eb 8f b0 92 4d bd 90 7f cc 71 a9 92 2c 02 8c f8 32 47 03 d0 e3 06 c6 a0 ff c1 1f 66 e3 61 85 ce fa a4 88 7c de 45 3e 3c d9 66 3b 37 79 61 83 28 c7 fe 0b e1 84 20 62 3f 90 0b 1c c0 13 b0 8a b8 a0 54 2e 87 0e b8 d5 a2 81 11 b1 6a 9b d6 49 cf b3 3d 4d 03 27 20 f4 9f b2 74 3c bd d7 ef d2 59 ec 8c a2 d4 99 0d 05 f3 c0 66 57 24 cf de 8f fa 35 cd 96 bc aa 73 fb 64 2f dd 3a 96 62 c5 bc a8 6a 35 ca 94 27 35 fb fc 91 ef 0a db a6 2c fc f7 86 b3 a2 4b a7 ec d2 31 ca 11 9b 9f 27 f3 cd f6 71 79 68 e0 d3 d4 26 d1 29 0f 56 7b 73 30 9f d6 aa 9f 93 ce fe 6b ab f5 34 df 2c 23 26 81 0a d4 c9 32 8d 43 4c 1d 4b ae f1 9b 34 69 ac bf 92 1f 03 00 3b 0d 90 d2 c7 80 ad 0e 5a 46 f3 04 f0 a9 c0 77 74 30 b1 05 eb 35 eb f3 48 bf 65 64 af f2 7b 45 a9 04 f7 05 dc b8 f0 21 9a d0 35 67 91 7e c9 fa 40 ff 72 1a 66 b6 69 94 81 46 f8 74 08 0a 5c e2 35 92 3f c7 77 8c 09 ce 12 fe 86 6d a7 45 f4 b4 5a a5 af fe 0a 02 cb e8 84 70 37 4b d9 92 cb de 74 05 bc 26 9b 7e e4 4b 7d 22 a6 f7 d9 c8 4e ea 75 1b ae 39 bb d6 de 90 bd e1 97 8f 28 34 ee 04 cb e0 3a 0c 6d 31 99 8b 8a 7c 5f 94 a9 8c 1a 13 da 57 0a 8c 28 a0 76 5a 8a 98 e3 ce 4b 58 61 25 6b 09 42 81 75 87 54 fe ca cf 25 2b 8e 87 e7 44 41 4e 00 fb 80 13 45 9d ec 45 f3 f0 1f d6 94 05 66 b3 79 38 ee 09 fb 0b da 47 91 de d7 ff a4 bf b7 7a 94 24 93 47 d6 d7 1d ba 5d 28 96 f7 9e c3 ea 77 f9 b8 dc c7 02 b4 4e a8 bd 65 b6 9f ce e8 f3 1d 4a 1c a9 18 35 32 5b 1d 45 41 10 c2 73 0e 60 f5 cc 0c 62 2b 97 d2 3c 28 76 0d 55 ef 82 d4 c2 97 d6 33 87 29 32 f7 69 84 a2 b1 94 5d 2b 1d 94 83 f2 eb 27 c5 d2 f1 f3 35 2d 59 71 fc dc bd 3f ef 5d e0 db eb ff 7c 47 72 a3 7c 77 ae 27 b3 84 b8 59 49 df 94 eb da 46 37 91 16 82 cd da fd 40 c8 5d 5f d1 c7 a6 0f 4d 0c 5a 9d 50 7e 4c cb 2c 32 f2 50 b8 98 32 92 64 65 46 89 b0 63 51 fc a6 34 b0 e2 6a 25 7f 2c e3 e4 45 ea 7f e2 3a f5 b9 02 2a 14 58 ac b5 5e 17 5b 16 7a 5a 2f 7b b9 e8 b6 94 0d 7f 2e 6a c1 d2 a1 b5 a1 70 b3 fa 0a d2 e7 88 f3 7e ad 46 e8 26 0a c2 92 8c 2b 35 20 6f 46 c3 a1 fb 20 a6 d9 c5 78 9e 89 a9 20 16 29 ff a1 f0 b2 d9 69 61 a0 c0 84 0a 67 2c a1 1a 07 02 47 fa 88 35 d5 0e c7 9d 9f 48 fc 02 f6 0d 66 42 10 5f 95 1a 5b 2f 70 f0 82 49 0a 2a 37 cb d3 6e ac 68 36 9e 56 4a 42 35 43 b6 23 b2 63 ec 74 5e 68 29 5e c0 53 58 ef 6a 4f 9f 5e 2f 79 c9 79 52 15 e9 35 d2 e4 50 ea 37 c4 06 60 10 12 d9 60 2f c9 81 4b 4d 03 a1 27 8b Data Ascii: Rkw+v$6WFQ2858rmF3-&jo>OX\|Y%Uce$&YMhUm4&TnhYk::e[Lx6e?6]AVw1]4tx"=p=\5R-)lm2$[s9&<+9`.]Mq,2Gfa\|E><f;7ya( b?T.jI=M' t<YfW$5sd/:bj5'5,K1'qyh&)V{s0k4,#&2CLK4i;ZFwt05Hed{E!5g~@rfiFt\5?wmEZp7Kt&~K}"Nu9(4:m1\|_W(vZKXa%kBuT%+DANEEfy8Gz$G](wNeJ52[EAs`b+<(vU3)2i]+'5-Yq?]\|Gr\|w'YIF7@]_MZP~L,2P2deFcQ4j%,E:X^[zZ/{.jp~F&+5 oF x )iag,G5HfB_[/pI7nh6VJB5C#ct^h)^SXjO^/yyR5P7``/KM'

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49725	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:18:50.785990000 CEST	147	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/18cb1a8608f7a71cbd8c572d73a95cb6.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:50.956911087 CEST	187	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:50 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: bytes Content-Length: 18868 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 4e 08 06 00 00 00 a4 1a d1 b2 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b 08 80 14 00 40 7a 8e 42 a6 00 40 46 01 80 9d 98 26 53 00 a0 04 00 60 cb 63 62 e3 00 50 2d 00 60 27 7f e6 d3 00 80 9d f8 99 7b 01 00 5b 94 21 15 01 a0 91 00 20 13 65 88 44 00 68 3b 00 ac cf 56 8a 45 00 58 30 00 14 66 4b c4 39 00 d8 2d 00 30 49 57 66 48 00 b0 b7 00 c0 ce 10 0b b2 00 08 0c 00 30 51 88 85 29 00 04 7b 00 60 c8 23 23 78 00 84 99 00 14 46 f2 57 3c f1 2b ae 10 e7 2a 00 00 78 99 b2 3c b9 24 39 45 81 5b 08 2d 71 07 57 57 2e 1e 28 ce 49 17 2b 14 36 61 02 61 9a 40 2e c2 79 99 19 32 81 34 0f e0 f3 cc 00 00 a0 91 15 11 e0 83 f3 fd 78 ce 0e ae ce ce 36 8e b6 0e 5f 2d ea bf 06 ff 22 62 62 e3 fe e5 cf ab 70 40 00 00 e1 74 7e d1 fe 2c 2f b3 1a 80 3b 06 80 6d fe a2 25 ee 04 68 5e 0b a0 75 f7 8b 66 b2 0f 40 b5 00 a0 e9 da 57 f3 70 f8 7e 3c 3c 45 a1 90 b9 d9 d9 e5 e4 e4 d8 4a c4 42 5b 61 ca 57 7d fe 67 c2 5f c0 57 fd 6c f9 7e 3c fc f7 f5 e0 be e2 24 81 32 5d 81 47 04 f8 e0 c2 cc f4 4c a5 1c cf 92 09 84 62 dc e6 8f 47 fc b7 0b ff fc 1d d3 22 c4 49 62 b9 58 2a 14 e3 51 12 71 8e 44 9a 8c f3 32 a5 22 89 42 92 29 c5 25 d2 ff 64 e2 df 2c fb 03 3e df 35 00 b0 6a 3e 01 7b 91 2d a8 5d 63 03 f6 4b 27 10 58 74 c0 e2 f7 00 00 f2 bb 6f c1 d4 28 08 03 80 68 83 e1 cf 77 ff ef 3f fd 47 a0 25 00 80 66 49 92 71 00 00 5e 44 24 2e 54 ca b3 3f c7 08 00 00 44 a0 81 2a b0 41 1b f4 c1 18 2c c0 06 1c c1 05 dc c1 0b fc 60 36 84 42 24 c4 c2 42 10 42 0a 64 80 1c 72 60 29 ac 82 42 28 86 cd b0 1d 2a 60 2f d4 40 1d 34 c0 51 68 86 93 70 0e 2e c2 55 b8 0e 3d 70 0f fa 61 08 9e c1 28 bc 81 09 04 41 c8 08 13 61 21 da 88 01 62 8a 58 23 8e 08 17 99 85 f8 21 c1 48 04 12 8b 24 20 c9 88 14 51 22 4b 91 35 48 31 52 8a 54 20 55 48 1d f2 3d 72 02 39 87 5c 46 ba 91 3b c8 00 32 82 fc 86 bc 47 31 94 81 b2 51 3d d4 0c b5 43 b9 a8 37 1a 84 46 a2 0b d0 64 74 31 9a 8f 16 a0 9b d0 72 b4 1a 3d 8c 36 a1 e7 d0 ab 68 0f da 8f 3e 43 c7 30 c0 e8 18 07 33 c4 6c 30 2e c6 c3 42 b1 38 2c 09 93 63 cb b1 22 ac 0c ab c6 1a b0 56 ac 03 bb 89 f5 63 cf b1 77 04 12 81 45 c0 09 36 04 77 42 20 61 1e 41 48 58 4c 58 4e d8 48 a8 20 1c 24 34 11 da 09 37 09 03 84 51 c2 27 22 93 a8 4b b4 26 ba 11 f9 c4 18 62 32 31 87 58 48 2c 23 d6 12 8f 13 2f 10 7b 88 43 c4 37 24 12 89 43 32 27 b9 90 02 49 b1 a4 54 d2 12 d2 46 d2 6e 52 23 e9 2c a9 9b 34 48 1a 23 93 c9 da 64 6b b2 07 39 94 2c 20 2b c8 85 e4 9d e4 c3 e4 33 e4 1b e4 21 f2 5b 0a 9d 62 40 71 a4 f8 53 e2 28 52 ca 6a 4a 19 e5 10 e5 34 e5 06 65 98 32 41 55 a3 9a 52 dd a8 a1 54 11 35 8f 5a 42 ad a1 b6 52 af 51 87 a8 13 34 75 9a 39 cd 83 Data Ascii: PNGIHDRXNpHYs.#.#x?vOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH0Q){`##xFW<+x<$9E[-qWW.(I+6aa@.y24x6_-"bbp@t~,/;m%h^uf@Wp~<<EJB[aW}g_Wl~<$2]GLbG"IbXQqD2"B)%d,>5j>{-]cK'Xto(hw?G%fIq^D$.T?DA,`6B$BBdr`)B(*`/@4Qhp.U=pa(Aa!bX#!H$ Q"K5H1RT UH=r9\F;2G1Q=C7Fdt1r=6h>C03l0.B8,c"VcwE6wB aAHXLXNH $47Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +3![b@qS(RjJ4e2AURT5ZBRQ4u9
Apr 23, 2021 20:18:51.155267000 CEST	238	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:51.331815958 CEST	239	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:51 GMT Server: Apache Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 10734 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 92 6d 93 a3 38 b6 e7 df 4f c4 7c 87 da 7a 33 f7 a1 b3 4b 02 e3 4a cf ed ee d8 c4 20 48 6c e4 44 e8 01 74 ef 46 07 20 2a 31 08 4c da a4 8d d9 d8 ef be e4 c3 54 f7 6c cf de 3b d3 11 fb a6 d6 19 c9 e1 1c 89 a3 a3 df ff ff c3 7f 73 76 6b 9a 3e b8 1f aa a1 d5 3f fd f1 0f 3f bc c4 0f 6a 7f fc f1 a3 1e 8e 1f 3f e8 ac 7b fc f1 63 d9 7d fc e9 87 aa cc d4 4f 3f b4 e5 90 cd 9b 87 fe a6 7c 7a de 9f 7f fc b8 3e 74 43 d9 0d 37 f4 da 97 1f 3f 14 6f d9 8f 1f 87 72 1c 3e bd 34 fb b7 0f 45 95 1d 4f e5 f0 23 a3 e8 e6 f6 e3 cb 21 bf 69 92 dc b0 bb 9b f5 a1 ed b3 61 9f eb 5f f7 b9 77 7f 2c d5 63 f9 fa d9 69 b8 ea f2 c3 30 1f f4 de bf 38 9d 5e 16 3e fd cb 87 e2 7a dc 6b bd 2f 6e e6 f2 87 7f f9 f4 c7 3f fc f7 2f 73 87 9b 2f 59 51 7e f8 9f 7f fc c3 87 0f ef 69 bb d7 d7 3f 7f f8 13 39 e4 87 e1 f0 a7 7f fb ba f2 da fa cf 1f ba c3 b1 cd f4 2f e5 4b b9 7f ac 86 3f 7f 58 00 f0 5a 3c 1d 8b 3f 7f d0 87 22 d3 ff f4 de e3 03 29 1f 9f 75 76 fc d3 3f 7f f7 d7 0b 37 bf 5a 78 3e ea 7f fa f4 e9 a5 e3 e9 fb c7 d3 30 5f b2 f8 be 38 b4 9f 4e 9f 8e af 7b 3f 9d e1 ed a7 0d da b5 eb ee c9 7d 5e 19 e8 08 c3 e7 cf c6 b8 d9 4d e9 f7 97 c3 97 2f c6 3f cf f3 cc a3 0d ff f4 a7 d7 f4 4f ff fc 3a ce 73 b7 2f 0e aa bc 39 ce 2a cd d3 b3 7f 05 8b 25 b8 01 96 81 be 9b 13 b8 be 05 37 f3 e3 f6 25 31 80 bd 78 8d 8e 0b 6e 0c 07 bd ee b8 5b 2e c0 cd dd 72 f5 9a 20 d7 70 6f e6 07 9a 5b ff af bf 82 fa 8d 00 b5 da df 03 14 cc 40 17 d6 2b 21 b0 58 bd 24 2b f8 96 d8 2f 89 fd 9a 18 10 2e bf 62 7b 3c 96 65 f3 2d 19 f1 77 70 83 68 e6 06 11 42 7f 4d e5 1b 21 b2 10 bf c3 49 e6 e7 d9 2f e6 af 88 9c f7 e5 d0 65 6d 79 2a bf 11 2c 9f 7f 0f 16 08 8c 9b f9 61 7e f7 9a c0 99 11 84 f0 25 81 ee dd 6c 21 17 ad 5e 12 03 dc d9 5f c1 e9 79 9c ee a6 1c 87 6f 85 9b f7 bb b8 cd a8 8c 05 7a e5 66 58 ab 37 64 e0 15 19 7a 43 66 80 77 74 e0 e6 85 df 7b e2 cc c9 fa 6d 07 84 af d8 8d f5 72 de b1 fe fc 5a bc fb 6c 80 9b bb cf bf f2 e9 2b ee 6f 04 f5 a2 1d 37 ff 18 67 f0 c2 19 bc 21 05 d0 84 6f d1 7a 31 ad f5 66 5a c3 b6 67 25 ec f5 5b b2 5e be 45 e7 ee 3d ae df b8 83 17 11 96 ef ca 7c 5e bc 8b f1 b6 08 0d e3 2d ae e0 7b 7c d3 65 5e 78 8f d6 4b 44 ef ca 22 84 9c af ea 14 d7 e3 5e eb 7d 71 53 8e c3 ff 03 91 ac ff bb 48 61 a9 f6 cf ed 6f 35 fa a5 fe f7 4a a4 7f 25 51 eb b2 d5 97 35 29 16 ee e9 ee 1f 53 6a 31 bb 18 58 c6 2b 22 b8 be 05 37 f3 e3 f6 8d b3 fd c6 db 71 67 11 9c 37 88 77 cb c5 ec f3 e5 ea 8d a8 6b b8 37 f3 03 fd 06 eb 37 83 f4 ce fe 3d 48 67 d7 82 85 f5 ca 08 2c 56 2f c9 9b 45 c1 c2 7e 49 ec 77 bf c2 e5 57 70 8f c7 b2 6c be 2d 33 fe 0e 72 10 cd e4 20 42 e8 af b9 7c 33 4c ec f1 77 b8 c9 fc 3c 7b c6 fc 15 93 f3 be 1c ba ac 2d 4f e5 37 03 66 fd 7b c0 40 60 dc cc 0f f3 bb d7 04 ce 94 20 84 2f 09 74 ef 66 1b b9 68 f5 92 18 e0 ce fe 8a 4e cf 23 75 37 e5 38 7c 3b e4 aa df 45 6e 86 65 2c d0 2b 39 c3 5a bd 41 03 af d0 d0 1b 34 03 bc c3 03 37 2f 04 df 13 67 4e d6 6f 3b 20 7c 05 6f ac 97 f3 8e f5 e7 d7 e2 dd 67 03 dc dc 7d fe 95 57 5f 81 7f 33 b0 6d bb 58 fc 63 a4 c1 0b 69 f0 06 15 40 13 be 45 eb c5 b8 d6 9b 71 0d db 9e b5 b0 d7 6f c9 7a f9 16 9d bb f7 b8 7e 23 0f 5e 64 58 be 6b f3 79 f1 2e c7 db 22 34 8c b7 b8 82 ef f1 4d 99 79 e1 3d 5a 2f 11 bd 6b 8b Data Ascii: m8O\|z3KJ HlDtF 1LTl;svk>??j?{c}O?\|z>tC7?or>4EO#!ia_w,ci08^>zk/n?/s/YQ~i?9/K?XZ<?")uv?7Zx>0_8N{?}^M/?O:s/9%7%1xn[.r po[@+!X$+/.b{<e-wphBM!I/emy*,a~%l!^_yozfX7dzCfwt{mrZl+o7g!oz1fZg%[^E=\|^-{\|e^xKD"^}qSHao5J%Q5)Sj1X+"7qg7wk77=Hg,V/E~IwWpl-3r B\|3Lw<{-O7f{@` /tfhN#u78\|;Ene,+9ZA47/gNo; \|og}W_3mXci@Eqoz~#^dXky."4My=Z/k
Apr 23, 2021 20:18:51.385750055 CEST	250	OUT	GET /Sign%20in%20-%20Adobe%20ID_files/bframe_data_002/styles__ltr.css HTTP/1.1 Accept: text/css, / Referer: http://cvlga-in-authet.ml/Sign%20in%20-%20Adobe%20ID_files/anchor_002.htm Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:51.599421978 CEST	290	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:18:51 GMT Server: Apache Last-Modified: Fri, 28 Jun 2019 12:16:40 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Encoding: gzip Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/css Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 b2 d7 b2 f4 66 92 1d fa 2a 8c 50 28 34 23 f4 df f0 ee e7 15 4c 01 a8 82 f7 28 dc 9c 80 f7 de a3 43 ef ae da 24 9b c3 19 92 a3 6e cd d1 ae fa 6a 03 99 f9 65 ae 5c 6b fd b5 18 86 e2 5b d5 b7 55 9f 7d 8b db 21 69 fe 36 0e 4b b5 56 43 ff 7d ce da 68 ad f6 ec c7 b4 5a c6 36 ba be 7f eb 86 fb d7 da e1 fc 35 fe db eb ff eb 7f fe 50 ae 5d fb c3 5f 7f df f8 df 97 ff af ff f9 3d af e6 65 fd 96 94 55 9b 02 ff e0 a5 bf d6 79 f3 6d 8e d2 6a 88 b7 75 1d fa bf fd 11 86 1f 87 6d fd 7a fb de 0f 7d f6 e3 18 a5 69 d5 17 df f1 f1 fc 81 1c cf 1f 7f b7 df ef 9a fe fc fc b7 6f 47 16 37 d5 fa 59 75 4e b3 f9 a7 e0 b6 7c c7 a1 ff fe e3 4f 44 fc 3e fc 07 85 bf b6 38 bf 2d d5 fd 05 e3 97 a2 2f fe 7e 69 f3 47 a9 3f 89 46 49 53 cc c3 d6 a7 df b7 b9 fd 17 10 5c 96 f6 af c5 b2 7e d6 48 fe 9a 0c 1d b8 55 e0 0e 83 bf 59 05 dc fa a4 cc 92 26 4b ff 3a f6 c5 bf fe f0 0d fd b0 f0 f5 f3 db 5e 73 11 47 ff 82 e0 f8 5f fe 7e a0 7f fd 65 97 ef f0 a7 7c 19 da 2a fd e1 a7 22 98 a6 fe f2 eb f9 d7 1f cb ac 2a ca f5 3b fc a1 f6 c7 36 cb d7 ef 5f fc 76 d1 5c 54 fd 77 e8 3f a8 f0 77 d6 a3 f8 d3 6f 5b b3 1f d7 ec 5c bf 45 6d 55 f4 df bf ee fe b8 0e e3 77 e2 73 ff a8 d2 b5 fc a9 e7 ef 84 f9 1e 25 5f 82 fd f0 27 82 fd 6e 25 f4 b3 ce 2f 07 fe fb 4a df 92 a1 1d e6 9f 0b 60 0a f9 cb af e7 5f 7f 3f ae 1c f6 6c fe b3 69 ff 4e db 32 4a 87 e3 63 c2 25 5b 7f 80 7e f8 62 ed eb fc 34 04 fa cb d7 e7 af 1f 00 ff a6 f7 3f 54 fe cf 54 fe b3 9b e5 43 b2 2d 7f ca e3 ef da 91 e4 5f 60 0c fb 78 03 fb a3 6e df 7e b1 d8 3f a0 cb 3f 6a db ff 2b d3 fe 0e d8 3f b9 f6 3f 0f 73 eb 7f 01 fa ff fd d4 f9 bf 0c f8 ef 4c fe 3f 07 fe ff 06 f6 9f 00 fc fe 3d ca d7 6c fe db b7 23 8b 9b 6a fd f6 8b bf be 72 db f2 1d 87 fe fb 8f df ba e1 fe 83 f0 1f 44 fe 03 30 9a f8 cb cf 5f f8 5f 7f a9 fe 8e 7c 96 58 86 b6 4a 7f f8 6f 04 f4 f5 f9 24 ce 6f 4b 75 57 7d f1 fd 97 8e 9f c8 8f c9 d0 af 59 bf 7e ff 1f ff e3 c7 b4 5a c6 36 ba be c7 ed 90 34 3f 96 59 55 94 eb 77 f2 c3 43 9b e5 eb f7 2f 42 c6 61 a9 d6 ea 23 c4 9c b5 1f 5a f7 ec c7 75 18 7f ca 1c 55 ba 96 5f c5 bf 63 e5 f7 6c b4 51 9c b5 7f fb f7 d3 92 6d 5e 86 f9 7b 9a e5 d1 d6 ae 3f 76 d1 5c 54 9f ca af c1 08 f2 07 5d bf 7d ae 47 71 fb a7 64 ff 97 6c fc 6b f3 7f ce 10 7f 17 2a 19 da cf 2a 3f 17 60 f0 5f fe 7e e0 3f 70 cc af 83 fe 39 2b fd 17 bc fe 7f b9 db ff 6f d0 bf 7f 8f f2 35 9b ff f6 1f c7 c1 14 f6 97 5f cf 7f 32 ee cf ec f4 2b e9 bf ed f4 9f f4 f9 1e 25 5f 06 fe 13 94 7f f9 f3 7b e5 b0 67 f3 9f e9 f2 ed c8 e2 a6 5a bf c5 c3 f9 6d 29 a3 74 38 be f7 43 9f fd f8 ad 1b ee df 05 7f f7 fe 9f 28 00 ff 23 ee 9a b3 24 1a d7 a4 8c 7e d6 e0 d3 ff 6f 3f 5f fa b9 7f 3e f4 eb b7 a5 ba b3 ef f0 47 ef 32 ab 8a 72 fd 8e 50 9f e7 2e 9a 8b aa ff 8e 7d 1e 8f 2a 5d cb 9f a3 5f 8b e6 ed 07 dd 5e 2d d5 67 f7 1f 87 6d 6d ab 3e fb 0e fd f8 c9 7c 9c 16 b5 df a2 b6 2a fa ef 6b 76 7e ed fc 21 a2 fb 23 14 df 7e 46 f1 1b 76 7e da e4 8b b2 6d f9 8e 7c 46 fd c2 cf 7f 0c ff 41 e4 57 8e 7e 21 e2 bf e5 79 fe 4b dd 57 c1 0f cb d0 56 e9 0f ff 2d 81 bf 3e 7f b2 f2 d7 9e e3 b0 54 6b 35 f4 df a3 f8 73 65 5b b3 bf 6f fe 95 bc bf 55 7d 9a 9d df e1 ff 64 1b a6 af ba e8 ab c3 6f ac fc ed 13 2a b2 ef db dc fe Data Ascii: 1faafP(4#L(C$nje\k[U}!i6KVC}hZ65P]_=eUymjumz}ioG7YuN\|OD>8-/~iG?FIS\~HUY&K:^sG_~e\|";6_v\Tw?wo[\EmUws%_'n%/J`_?liN2Jc%[~b4?TTC-_`xn~??j+??sL?=l#jrD0__\|XJo$oKuW}Y~Z64?YUwC/Ba#ZuU_clQm^{?v\T]}Gqdlk?`_~?p9+o5_2+%_{gZm)t8C(#$~o?_>G2rP.}]_^-gmm>\|kv~!#~Fv~m\|FAW~!yKWV->Tk5se[oU}do
Apr 23, 2021 20:18:53.457175970 CEST	495	OUT	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:18:53.629333019 CEST	498	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Apr 2021 18:18:53 GMT Server: Apache Last-Modified: Tue, 23 Apr 2019 05:23:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 462 Keep-Alive: timeout=5, max=72 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41\|nIPy"4mU1d}{*<g\|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs\|C^N?!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49735	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:19:05.813524008 CEST	573	OUT	GET /img/icons/chevron-right.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:19:05.988682985 CEST	576	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Apr 2021 18:19:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Tue, 23 Apr 2019 05:23:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 462 Keep-Alive: timeout=5, max=75 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41\|nIPy"4mU1d}{*<g\|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs\|C^N?!
Apr 23, 2021 20:19:09.257550955 CEST	588	OUT	GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:19:09.705193043 CEST	588	IN	HTTP/1.1 200 OK Date: Fri, 23 Apr 2021 18:19:09 GMT Server: Apache Accept-Ranges: none Content-Length: 0 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Apr 23, 2021 20:19:09.865350008 CEST	589	OUT	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:19:10.040646076 CEST	590	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Apr 2021 18:19:09 GMT Server: Apache Last-Modified: Tue, 23 Apr 2019 05:23:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 462 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41\|nIPy"4mU1d}{*<g\|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs\|C^N?!

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49736	192.185.71.147	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 23, 2021 20:19:05.814224958 CEST	573	OUT	GET /img/indicators/radial-indeterminate.png HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: http://cvlga-in-authet.ml/?login=do Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: cvlga-in-authet.ml Connection: Keep-Alive
Apr 23, 2021 20:19:05.988493919 CEST	575	IN	HTTP/1.1 404 Not Found Date: Fri, 23 Apr 2021 18:19:05 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Tue, 23 Apr 2019 05:23:37 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 462 Keep-Alive: timeout=5, max=75 Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 5d 92 4d 8f d3 30 10 86 ef fd 15 43 38 00 52 dd 8f a5 0b 28 1f 15 17 e0 82 d0 6a 57 70 9f c4 d3 c4 c2 f1 04 7b da a6 ac f6 bf 6f 9c b4 cb b2 f2 c1 f2 78 de 77 9e 19 3b 7f a5 b9 92 53 47 d0 48 6b b7 b3 3c 6e 60 d1 d5 45 42 2e 89 01 42 bd 9d 01 e4 2d 09 42 d5 a0 0f 24 45 b2 97 9d fa 94 fc bb 68 44 3a 45 7f f6 e6 50 24 bd da a3 aa b8 ed 50 4c 69 29 81 8a 9d 90 1b 54 86 0a d2 35 4d 3a 31 62 69 bb 59 6d e0 8b f7 ec f3 e5 14 78 b2 74 d8 52 91 1c 0c 1d 3b f6 f2 cc e5 68 b4 34 85 a6 83 a9 48 8d 87 39 18 67 c4 a0 55 a1 42 4b c5 3a 79 69 e3 b9 64 09 cf 4c 1c 1b a7 a9 9f 83 e3 1d 5b cb c7 49 12 e4 34 31 00 7c 6e 49 1b 84 50 79 22 07 e8 34 bc 6d b1 9f 0a a6 d7 ab 55 d7 bf 83 fb 31 13 a0 64 7d 82 7b d8 0d ee 2a 98 bf 94 c2 e2 03 b5 19 3c c0 98 f0 10 ad 97 67 ef 7c 39 cd 74 96 8f aa 31 5a 24 42 bd 28 b4 a6 76 29 54 03 21 f9 6c 20 8a ba 66 7d c9 19 ed 77 d8 1a 7b 4a e1 1b b1 af 0d ce 21 90 37 bb 6c e8 cc b2 4f e1 f5 06 e3 ca a0 c5 e1 da 29 e1 2e 85 4d 64 b1 c6 91 6a c8 d4 8d a4 b0 5e 5c 67 c9 d4 e7 1d 7b 7f 9a 83 34 26 40 87 35 81 66 0a ee 8d 00 f5 26 c8 22 2f fd f6 c6 12 06 1a 5e 9f aa df 43 22 c1 cf db ef c0 1e 6a 86 12 87 10 8e c2 c5 d8 65 b3 8e b6 23 f8 d5 05 1c e0 3f f4 5f e4 35 ba 88 8e 2e a8 17 fc 1f 75 5c d9 a4 38 9e 71 df af 56 17 dc a7 0f b3 80 9b 48 fb 83 05 be f2 de e9 73 f9 ab b1 7c be 8c c3 8d 43 5e 4e 3f fb 11 21 b9 04 0e ea 02 00 00 Data Ascii: ]M0C8R(jWp{oxw;SGHk<n`EB.B-B$EhD:EP$PLi)T5M:1biYmxtR;h4H9gUBK:yidL[I41\|nIPy"4mU1d}{*<g\|9t1Z$B(v)T!l f}w{J!7lO).Mdj^\g{4&@5f&"/^C"je#?_5.u\8qVHs\|C^N?!

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 23, 2021 20:19:11.047893047 CEST	54.73.76.208	443	192.168.2.4	49740	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:11.050019979 CEST	54.73.76.208	443	192.168.2.4	49739	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:11.480204105 CEST	13.224.91.69	443	192.168.2.4	49747	CN=static.adobelogin.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Wed Sep 22 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:11.480875969 CEST	13.224.91.69	443	192.168.2.4	49746	CN=static.adobelogin.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Wed Sep 22 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:11.482192039 CEST	13.224.91.69	443	192.168.2.4	49745	CN=static.adobelogin.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Wed Sep 22 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:12.460540056 CEST	18.202.205.86	443	192.168.2.4	49752	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:12.464797974 CEST	18.202.205.86	443	192.168.2.4	49753	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:13.044550896 CEST	15.237.76.117	443	192.168.2.4	49754	CN=sstats.adobe.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon May 18 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 25 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
Apr 23, 2021 20:19:13.044550896 CEST	15.237.76.117	443	192.168.2.4	49754	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		3faf2df7ab96c36419c31725cb1fa7d6
Apr 23, 2021 20:19:13.044933081 CEST	15.237.76.117	443	192.168.2.4	49755	CN=sstats.adobe.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon May 18 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 25 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
Apr 23, 2021 20:19:13.044933081 CEST	15.237.76.117	443	192.168.2.4	49755	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		3faf2df7ab96c36419c31725cb1fa7d6
Apr 23, 2021 20:19:15.115797043 CEST	104.16.19.94	443	192.168.2.4	49763	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:15.115797043 CEST	104.16.19.94	443	192.168.2.4	49763	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:15.116168022 CEST	104.16.19.94	443	192.168.2.4	49762	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:15.116168022 CEST	104.16.19.94	443	192.168.2.4	49762	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:16.706211090 CEST	52.212.164.82	443	192.168.2.4	49767	CN=*.tt.omtrdc.net, O=Adobe Inc., L=SAN JOSE, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 02 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed Nov 10 00:59:59 CET 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:16.706211090 CEST	52.212.164.82	443	192.168.2.4	49767	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:16.711350918 CEST	52.212.164.82	443	192.168.2.4	49766	CN=*.tt.omtrdc.net, O=Adobe Inc., L=SAN JOSE, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 02 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed Nov 10 00:59:59 CET 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:16.711350918 CEST	52.212.164.82	443	192.168.2.4	49766	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:19.473854065 CEST	52.213.176.171	443	192.168.2.4	49770	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:19.478758097 CEST	52.213.176.171	443	192.168.2.4	49771	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Apr 23, 2021 20:19:19.798918962 CEST	104.16.148.64	443	192.168.2.4	49773	CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 01 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 01 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:19.798918962 CEST	104.16.148.64	443	192.168.2.4	49773	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:19.800203085 CEST	104.16.148.64	443	192.168.2.4	49772	CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 01 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 01 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:19.800203085 CEST	104.16.148.64	443	192.168.2.4	49772	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:20.392615080 CEST	104.20.184.68	443	192.168.2.4	49777	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:20.392615080 CEST	104.20.184.68	443	192.168.2.4	49777	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:20.395354033 CEST	104.20.184.68	443	192.168.2.4	49776	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 23, 2021 20:19:20.395354033 CEST	104.20.184.68	443	192.168.2.4	49776	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 1644 Parent PID: 800

General

Start time:	20:18:47
Start date:	23/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff70f460000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 6020 Parent PID: 1644

General

Start time:	20:18:47
Start date:	23/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1644 CREDAT:17410 /prefetch:2
Imagebase:	0x1040000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://cvlga-in-authet.ml/?login=do

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 1644 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 6020 Parent PID: 1644

General

Disassembly