Play interactive tour

Edit tour

Analysis Report https://spark.adobe.com/page/80rUPX5WG8FDD

Overview

General Information

Sample URL:	https://spark.adobe.com/page/80rUPX5WG8FDD
Analysis ID:	412742
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish29

HTML title does not match URL

Classification

Startup

System is w10x64

iexplore.exe (PID: 5920 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5976 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm	JoeSecurity_HtmlPhish_29	Yara detected HtmlPhish_29	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm	JoeSecurity_HtmlPhish_29	Yara detected HtmlPhish_29	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1v2abZdh3xB5f[1].htm	JoeSecurity_HtmlPhish_29	Yara detected HtmlPhish_29	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://spark.adobe.com/page/1v2abZdh3xB5f/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/?page-mode=static	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish29

Show sources

Source: Yara match	File source: 066656.2.links.csv, type: HTML
Source: Yara match	File source: 066656.3.links.csv, type: HTML
Source: Yara match	File source: 066656.pages.csv, type: HTML
Source: Yara match	File source: 066656.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1v2abZdh3xB5f[1].htm, type: DROPPED

Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: Title: PROPOSAL INVITATION does not match URL
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: Title: PROPOSAL INVITATION does not match URL
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: Title: PROPOSAL INVITATION does not match URL
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: Title: PROPOSAL INVITATION does not match URL

Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="author".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="author".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="author".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="author".. found

Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="copyright".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="copyright".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="copyright".. found
Source: https://spark.adobe.com/page/80rUPX5WG8FDD/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 13.225.74.123:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.123:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.1.54:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.1.54:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.187.69:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.187.69:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.154.123.210:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.154.123.210:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.112:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.112:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.51.251.137:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.17.54.18:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.17.54.18:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.81.92.132:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.81.92.132:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.133.35.94:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.133.35.94:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.29.135.233:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.29.135.233:443 -> 192.168.2.3:49750 version: TLS 1.2

Source: unsupported[1].htm.2.dr	String found in binary or memory: <a href="https://www.facebook.com/AdobeSpark" target="_blank" data-analytics-context="footer" data-type="facebook" equals www.facebook.com (Facebook)
Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.facebook.')) { equals www.facebook.com (Facebook)
Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.linkedin.com')) { equals www.linkedin.com (Linkedin)
Source: scripts[1].js.2.dr	String found in binary or memory: if ($a.href.startsWith('https://www.youtube.com')) { equals www.youtube.com (Youtube)
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: <a id="gnav_1274" href="http://www.facebook.com/adobe" class="feds-navLink" target="_blank" data-feds-action="none" data-feds-element="link" daa-ll="Facebook-1"> equals www.facebook.com (Facebook)
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: <a id="gnav_1284" href="https://www.linkedin.com/company/adobe" class="feds-navLink" target="_blank" data-feds-action="none" data-feds-element="link" daa-ll="LinkedIn-3"> equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: page.adobespark-assets.com

Source: m-unsupported-1ee43d2a[1].js.2.dr	String found in binary or memory: http://feross.org
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: http://github.com/janl/mustache.js
Source: publish.combined.fp-4e17ca9de7c6a880fa904bdb1191f422[1].js.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chrome[1].js.2.dr	String found in binary or memory: http://mathiasbynens.be/demo/url-regex
Source: m-unsupported-1ee43d2a[1].js.2.dr	String found in binary or memory: http://medialize.github.io/URI.js/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000000000ffd9
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132df
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132e1
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000132e3
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d3
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d4
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d6
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d7
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d8
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000158d9
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000000001705b
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: rbi5aua[2].js.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017709
Source: pps7abe[2].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9aee45
Source: pps7abe[2].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9aee47
Source: onz5gap[1].js0.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3068
Source: onz5gap[1].js0.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f83
Source: pps7abe[2].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f84
Source: onz5gap[1].js0.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f85
Source: pps7abe[2].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f86
Source: onz5gap[1].js0.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f88
Source: onz5gap[1].js0.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f8a
Source: pps7abe[2].css.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f8c
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: scripts[1].js.2.dr, marvelcommon-51100480[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chrome[1].js.2.dr	String found in binary or memory: http://www.iport.it)
Source: m-unsupported-1ee43d2a[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	String found in binary or memory: https://ade0164.d41.co/sync/
Source: {8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://adobe.demdex.net/dest5.html?d_nsid=0
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://adobesearch.adobe.io/autocomplete/completions
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://adobespark.uservoice.com
Source: en-US_bundle-6a358124[1].js.2.dr	String found in binary or memory: https://adobespark.zendesk.com/hc/en-us/articles/218956027
Source: en-US_bundle-6a358124[1].js.2.dr	String found in binary or memory: https://adobespark.zendesk.com/hc/en-us/articles/219243657
Source: en-US_bundle-6a358124[1].js.2.dr	String found in binary or memory: https://adobespark.zendesk.com/hc/en-us/articles/219243657-Can-students-use-Adobe-Spark-
Source: login[2].htm.2.dr, unsupported[1].htm.2.dr	String found in binary or memory: https://adobespark.zendesk.com/hc/en-us/categories/202688167-Adobe-Spark
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://adobespark.zendesk.com/hc/en-us/requests/new
Source: resume[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/8n80l2HauZ
Source: logo[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/g8sk4xb8AV
Source: express[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/jsoIbkwCVeb
Source: express[1].htm.2.dr	String found in binary or memory: https://adobesparkpost.app.link/nfQW2NoCVeb
Source: 1v2abZdh3xB5f[1].htm.2.dr	String found in binary or memory: https://allamericansupplies.com/wmsl/index.php
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://apps.apple.com/sg/app/adobe-creative-cloud/id852473028
Source: express[1].htm.2.dr	String found in binary or memory: https://apps.apple.com/us/app/adobe-spark-post-create-stunning/id1051937863
Source: login[2].htm.2.dr	String found in binary or memory: https://assets.adobedtm.com
Source: RC036830be72f242959c7b9ca66cef0c85-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC036830be72f242959c7b9ca66cef0c8
Source: RC1a4f9c4f0d8a4bba917d5412b0c552b7-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1a4f9c4f0d8a4bba917d5412b0c552b
Source: RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1a83c357d323419db9d2ba211efeeaa
Source: RC1bc70f0c17a44296971da4381a721bda-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1bc70f0c17a44296971da4381a721bd
Source: RC48990c37b3504a02838f190f73e12664-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC48990c37b3504a02838f190f73e1266
Source: RC508044d39da1421eb31de2476af8ac1e-source.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC508044d39da1421eb31de2476af8ac1
Source: RC5e5d1b9fe0a942c38190dc2199529941-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC5e5d1b9fe0a942c38190dc219952994
Source: RC60ae8fab30be42269b5f052e4064e263-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC60ae8fab30be42269b5f052e4064e26
Source: RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC6f46e43fa6d44dbeb45cc5801ffded0
Source: RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC89c6d3bd15f043db95a5a0a4b5cc9da
Source: RCbbd93c1920fd422b84787f67ddbfbe55-file.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RCbbd93c1920fd422b84787f67ddbfbe5
Source: launch-EN919758db9a654a17bac7d184b99c4820.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.js
Source: scripts[1].js.2.dr	String found in binary or memory: https://blog.adobespark.com/
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://cc-collab.adobe.io/profile
Source: login[2].htm.2.dr	String found in binary or memory: https://cdn.cookielaw.org
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: RC1bc70f0c17a44296971da4381a721bda-file.min[1].js.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: en[1].js.2.dr	String found in binary or memory: https://developer.akamai.com/tools/boomerang#mpulse-session-information
Source: headIE.fp-f9e44dbeef5252f4d02c4ed9c4b6a618[1].js.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/NodeList/forEach
Source: publish.combined.fp-4e17ca9de7c6a880fa904bdb1191f422[1].js.2.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: m-unsupported-1ee43d2a[1].js.2.dr	String found in binary or memory: https://feross.org
Source: m-unsupported-1ee43d2a[1].js.2.dr	String found in binary or memory: https://feross.org/opensource
Source: 7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: head.fp-00a38324dab316803fdc74cba4ad7ab9[1].js.2.dr	String found in binary or memory: https://github.com/focus-trap/focus-trap/blob/master/LICENSE
Source: head.fp-00a38324dab316803fdc74cba4ad7ab9[1].js.2.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chrome[1].js.2.dr	String found in binary or memory: https://github.com/janl/mustache.js/issues/186
Source: chrome[1].js.2.dr	String found in binary or memory: https://github.com/janl/mustache.js/issues/189
Source: chrome[1].js.2.dr	String found in binary or memory: https://github.com/janl/mustache.js/issues/244
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: https://github.com/kriskowal/q/blob/v1/LICENSE
Source: chrome[1].js.2.dr	String found in binary or memory: https://issues.apache.org/jira/browse/COUCHDB-577
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: https://lodash.com/
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: https://lodash.com/license
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: marvelcommon-51100480[1].js.2.dr	String found in binary or memory: https://openjsf.org/
Source: en-US_bundle-6a358124[1].js.2.dr	String found in binary or memory: https://opsparc.gsfc.nasa.gov/?sdid=MC95SNMJ&mv=social
Source: onz5gap[1].js0.2.dr, rbi5aua[2].js.2.dr, vtg4qoo[1].js.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: RCbbd93c1920fd422b84787f67ddbfbe55-file.min[1].js.2.dr	String found in binary or memory: https://p13n-stage.adobe.io/psdk/v2/content
Source: RCbbd93c1920fd422b84787f67ddbfbe55-file.min[1].js.2.dr	String found in binary or memory: https://p13n.adobe.io/psdk/v2/content
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js
Source: 80rUPX5WG8FDD[1].htm.2.dr, imagestore.dat.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/noscript.gz.css
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/runtime-prod.gz.js
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/themes/crisp-fonts.gz.js
Source: 80rUPX5WG8FDD[1].htm.2.dr	String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.adobe.cc
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://prod.adobeccstatic.com/appl/latest/AppLauncher.css
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://prod.adobeccstatic.com/appl/latest/AppLauncher.js
Source: publish.combined.fp-4e17ca9de7c6a880fa904bdb1191f422[1].js.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: {8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://servedby.flashtalking.com/container/13539;99030;10307;iframe/?ftXRef=&ftXValue=&ftXType=&ftX
Source: {8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://spark.adobe.co
Source: {8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://spark.adobe.coRoot
Source: login[2].htm.2.dr	String found in binary or memory: https://static.adobelogin.com/imslib/imslib.min.js
Source: privacy[1].htm0.2.dr	String found in binary or memory: https://static.adobelogin.com/imslib/imslib.min.js
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://support.apple.com/downloads/safari
Source: scripts[1].js.2.dr	String found in binary or memory: https://twitter.com
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://twitter.com/Adobe
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://twitter.com/AdobeSpark
Source: onz5gap[1].js0.2.dr	String found in binary or memory: https://use.typekit.net/af/180c9d/00000000000000003b9b3f8a/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/1da05b/0000000000000000000132df/27/
Source: onz5gap[1].js0.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/3d913c/000000000000000000017709/26/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/6c57c4/0000000000000000000158d6/26/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/74fc30/0000000000000000000158d4/26/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/
Source: onz5gap[1].js0.2.dr	String found in binary or memory: https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/
Source: onz5gap[1].js0.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/9951d2/0000000000000000000158d7/26/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/9d1933/00000000000000000001705b/26/
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: onz5gap[1].js0.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: scripts[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/c8f445/00000000000000003b9aee47/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/c8f445/00000000000000003b9aee47/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/c8f445/00000000000000003b9aee47/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/d5d9b2/00000000000000000000ffd9/26/
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/d8f71f/0000000000000000000132e1/27/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/e030d3/0000000000000000000158d3/26/
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/e09494/00000000000000003b9aee45/27/a?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/e09494/00000000000000003b9aee45/27/d?primer=388f68b35a7cbf1ee3543172445c2
Source: pps7abe[2].css.2.dr	String found in binary or memory: https://use.typekit.net/af/e09494/00000000000000003b9aee45/27/l?primer=388f68b35a7cbf1ee3543172445c2
Source: vtg4qoo[1].js.2.dr	String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/edcf1e/0000000000000000000158d9/26/
Source: rbi5aua[2].js.2.dr	String found in binary or memory: https://use.typekit.net/af/fe9c8e/0000000000000000000158d8/26/
Source: privacy[1].htm0.2.dr	String found in binary or memory: https://use.typekit.net/pps7abe.css
Source: login[2].htm.2.dr	String found in binary or memory: https://use.typekit.net/vtg4qoo.css
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://use.typekit.net/vtg4qoo.js
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://www.adobe.io/
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://www.adobeexchange.com/
Source: RC1a4f9c4f0d8a4bba917d5412b0c552b7-file.min[1].js.2.dr	String found in binary or memory: https://www.everestjs.net/static/le/last-event-tag-latest.min.js
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.facebook.
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/browser/desktop/index.html
Source: chrome[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.instagram.com
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://www.instagram.com/AdobeSpark
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://www.instagram.com/adobe/
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.linkedin.com
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://www.linkedin.com/company/adobe
Source: unsupported[1].htm.2.dr	String found in binary or memory: https://www.mozilla.org/firefox
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.pinterest.
Source: www.adobe.com[1].htm.2.dr	String found in binary or memory: https://www.workfront.com/
Source: scripts[1].js.2.dr	String found in binary or memory: https://www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 13.225.74.123:443 -> 192.168.2.3:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.123:443 -> 192.168.2.3:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.81:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.1.54:443 -> 192.168.2.3:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.1.54:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.187.69:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.187.69:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.154.123.210:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.154.123.210:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.112:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.74.112:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.51.251.137:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.213.176.171:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.17.54.18:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.17.54.18:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.81.92.132:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.81.92.132:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.133.35.94:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.133.35.94:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.29.135.233:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.29.135.233:443 -> 192.168.2.3:49750 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/257@18/17

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF188628549054AA7E.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: Contact_72px_lt-gray[1].svg.2.dr	Binary or memory string: NEIBESjjzwKWaQEmuhbGgACFWDKdB5OZZSX+agjjkcZegD1y0h+ELA7oCf9h2TzH5Lk87RNpJWUz
Source: LawEnforcement_72px_lt-gray[1].svg.2.dr	Binary or memory string: 4RfwbOThACGyTEZ5moRPrV2QweL6BvvMQAZIZXEdT2O5NEPgUsRJGSwFUuYlgyhgfSp3NY2hgKUv
Source: Policies_72px_lt-gray[1].svg.2.dr	Binary or memory string: 4tB1EVplopO2rztHQjrQqeMUbUqdlUYbWkVkAS0rzSFGk5qfcFFaK8X2oKw7N1FayNdH7BQ+Tst9

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	File and Directory Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://spark.adobe.com/page/80rUPX5WG8FDD	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://spark.adobe.com/page/80rUPX5WG8FDD/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://spark.adobe.com/page/1v2abZdh3xB5f/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://spark.adobe.com/page/80rUPX5WG8FDD/?page-mode=static	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://page.adobespark-assets.com/runtime/1.22/themes/crisp-fonts.gz.js	0%	Virustotal		Browse
https://page.adobespark-assets.com/runtime/1.22/themes/crisp-fonts.gz.js	0%	Avira URL Cloud	safe
https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js	0%	Virustotal		Browse
https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js	0%	Avira URL Cloud	safe
https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js	0%	Virustotal		Browse
https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js	0%	Avira URL Cloud	safe
https://blog.adobespark.com/	0%	Virustotal		Browse
https://blog.adobespark.com/	0%	Avira URL Cloud	safe
https://openjsf.org/	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
https://ade0164.d41.co/sync/	0%	URL Reputation	safe
https://ade0164.d41.co/sync/	0%	URL Reputation	safe
https://ade0164.d41.co/sync/	0%	URL Reputation	safe
https://ade0164.d41.co/sync/	0%	URL Reputation	safe
https://www.pinterest.	0%	URL Reputation	safe
https://www.pinterest.	0%	URL Reputation	safe
https://www.pinterest.	0%	URL Reputation	safe
https://www.pinterest.	0%	URL Reputation	safe
https://static.adobelogin.com/imslib/imslib.min.js	0%	Avira URL Cloud	safe
https://www.facebook.	0%	Avira URL Cloud	safe
https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css	0%	Avira URL Cloud	safe
https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico	0%	Avira URL Cloud	safe
http://www.iport.it)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dd20fzx9mj46f.cloudfront.net	13.224.187.69	true	false	high
pixel-origin.mathtag.com	185.29.135.233	true	false	high
adobelogin-origin.prod.ims.adobejanus.com	99.81.92.132	true	false	unknown
services.prod.ims.adobejanus.com	52.213.176.171	true	false	unknown
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	54.154.123.210	true	false	high
spark.adobeprojectm.com	13.225.74.123	true	false	unknown
s3.amazonaws.com	52.217.1.54	true	false	high
adobe.com.ssl.d1.sc.omtrdc.net	15.237.76.117	true	false	unknown
api.demandbase.com	13.225.74.112	true	false	high
demdex.net.ssl.sc.omtrdc.net	35.181.18.61	true	false	unknown
adobe.tt.omtrdc.net	52.51.251.137	true	false	unknown
page.adobespark-assets.com	13.224.193.81	true	false	unknown
cdn.cookielaw.org	104.16.148.64	true	false	high
geolocation.onetrust.com	104.20.184.68	true	false	high
aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com	18.133.35.94	true	false	high
use.typekit.net	unknown	unknown	false	high
ims-na1.adobelogin.com	unknown	unknown	false	high
assets.adobedtm.com	unknown	unknown	false	high
cm.everesttech.net	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high
adobedc.demdex.net	unknown	unknown	false	high
sync.mathtag.com	unknown	unknown	false	high
dpm.demdex.net	unknown	unknown	false	high
aa.agkn.com	unknown	unknown	false	high
static.adobelogin.com	unknown	unknown	false	high
adobe.demdex.net	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://typekit.com/eulas/00000000000000003b9aee45	pps7abe[2].css.2.dr	false		high
https://adobespark.zendesk.com/hc/en-us/categories/202688167-Adobe-Spark	login[2].htm.2.dr, unsupported[1].htm.2.dr	false		high
https://www.linkedin.com	scripts[1].js.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9aee47	pps7abe[2].css.2.dr	false		high
http://typekit.com/eulas/00000000000000000000ffd9	rbi5aua[2].js.2.dr	false		high
https://use.typekit.net/vtg4qoo.js	unsupported[1].htm.2.dr	false		high
https://page.adobespark-assets.com/runtime/1.22/themes/crisp-fonts.gz.js	80rUPX5WG8FDD[1].htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.instagram.com/adobe/	www.adobe.com[1].htm.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/	onz5gap[1].js0.2.dr	false		high
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js	80rUPX5WG8FDD[1].htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js	80rUPX5WG8FDD[1].htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://assets.adobedtm.com	login[2].htm.2.dr	false		high
https://www.youtube.com	scripts[1].js.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://static.adobelogin.com/imslib/imslib.min.js	privacy[1].htm0.2.dr	false		high
https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://adobesparkpost.app.link/8n80l2HauZ	resume[1].htm.2.dr	false		high
https://github.com/janl/mustache.js/issues/186	chrome[1].js.2.dr	false		high
http://typekit.com/eulas/00000000000000000001705b	rbi5aua[2].js.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://www.instagram.com	scripts[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC036830be72f242959c7b9ca66cef0c8	RC036830be72f242959c7b9ca66cef0c85-file.min[1].js.2.dr	false		high
https://github.com/janl/mustache.js/issues/189	chrome[1].js.2.dr	false		high
https://twitter.com	scripts[1].js.2.dr	false		high
https://use.typekit.net/af/c8f445/00000000000000003b9aee47/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC48990c37b3504a02838f190f73e1266	RC48990c37b3504a02838f190f73e12664-file.min[1].js.2.dr	false		high
https://connect.facebook.net/en_US/fbevents.js	RC1bc70f0c17a44296971da4381a721bda-file.min[1].js.2.dr	false		high
https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/	vtg4qoo[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC6f46e43fa6d44dbeb45cc5801ffded0	RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1bc70f0c17a44296971da4381a721bd	RC1bc70f0c17a44296971da4381a721bda-file.min[1].js.2.dr	false		high
https://blog.adobespark.com/	scripts[1].js.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://use.typekit.net/af/e09494/00000000000000003b9aee45/27/l?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://openjsf.org/	marvelcommon-51100480[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://adobe.demdex.net/dest5.html?d_nsid=0	{8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://use.typekit.net/af/3d913c/000000000000000000017709/26/	rbi5aua[2].js.2.dr	false		high
https://ade0164.d41.co/sync/	RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://adobespark.uservoice.com	unsupported[1].htm.2.dr	false		high
https://www.pinterest.	scripts[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://developer.akamai.com/tools/boomerang#mpulse-session-information	en[1].js.2.dr	false		high
https://static.adobelogin.com/imslib/imslib.min.js	login[2].htm.2.dr	false	Avira URL Cloud: safe	low
https://use.typekit.net/af/c8f445/00000000000000003b9aee47/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://www.facebook.	scripts[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/af/e09494/00000000000000003b9aee45/27/a?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://use.typekit.net/af/edcf1e/0000000000000000000158d9/26/	rbi5aua[2].js.2.dr	false		high
https://www.workfront.com/	www.adobe.com[1].htm.2.dr	false		high
https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://github.com/focus-trap/focus-trap/blob/master/LICENSE	head.fp-00a38324dab316803fdc74cba4ad7ab9[1].js.2.dr	false		high
https://use.typekit.net/af/d8f71f/0000000000000000000132e1/27/	vtg4qoo[1].js.2.dr	false		high
https://servedby.flashtalking.com/container/13539;99030;10307;iframe/?ftXRef=&ftXValue=&ftXType=&ftX	{8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://github.com/kriskowal/q/blob/v1/LICENSE	marvelcommon-51100480[1].js.2.dr	false		high
http://underscorejs.org/LICENSE	marvelcommon-51100480[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC89c6d3bd15f043db95a5a0a4b5cc9da	RC89c6d3bd15f043db95a5a0a4b5cc9da0-file.min[1].js.2.dr	false		high
https://adobespark.zendesk.com/hc/en-us/articles/219243657	en-US_bundle-6a358124[1].js.2.dr	false		high
https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css	80rUPX5WG8FDD[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://use.typekit.net/vtg4qoo.css	login[2].htm.2.dr	false		high
https://adobesparkpost.app.link/nfQW2NoCVeb	express[1].htm.2.dr	false		high
https://use.typekit.net/af/9951d2/0000000000000000000158d7/26/	rbi5aua[2].js.2.dr	false		high
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	www.adobe.com[1].htm.2.dr	false		high
https://adobespark.zendesk.com/hc/en-us/articles/218956027	en-US_bundle-6a358124[1].js.2.dr	false		high
https://npms.io/search?q=ponyfill.	marvelcommon-51100480[1].js.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8	scripts[1].js.2.dr	false		high
https://adobespark.zendesk.com/hc/en-us/requests/new	unsupported[1].htm.2.dr	false		high
https://use.typekit.net/af/9d1933/00000000000000000001705b/26/	rbi5aua[2].js.2.dr	false		high
https://www.linkedin.com/company/adobe	www.adobe.com[1].htm.2.dr	false		high
http://typekit.com/eulas/0000000000000000000132e1	vtg4qoo[1].js.2.dr	false		high
https://cdn.cookielaw.org	login[2].htm.2.dr	false		high
https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
https://twitter.com/Adobe	www.adobe.com[1].htm.2.dr	false		high
https://www.instagram.com/AdobeSpark	unsupported[1].htm.2.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
https://opsparc.gsfc.nasa.gov/?sdid=MC95SNMJ&mv=social	en-US_bundle-6a358124[1].js.2.dr	false		high
https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8	scripts[1].js.2.dr	false		high
https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC5e5d1b9fe0a942c38190dc219952994	RC5e5d1b9fe0a942c38190dc2199529941-file.min[1].js.2.dr	false		high
https://use.typekit.net/af/cb695f/000000000000000000017701/27/	vtg4qoo[1].js.2.dr	false		high
https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico	80rUPX5WG8FDD[1].htm.2.dr, imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
http://typekit.com/eulas/000000000000000000017706	vtg4qoo[1].js.2.dr	false		high
http://www.iport.it)	chrome[1].js.2.dr	false	Avira URL Cloud: safe	low
http://www.opensource.org/licenses/mit-license.html	marvelcommon-51100480[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
https://use.typekit.net/af/180c9d/00000000000000003b9b3f8a/27/	onz5gap[1].js0.2.dr	false		high
https://github.com/focus-trap/tabbable/blob/master/LICENSE	head.fp-00a38324dab316803fdc74cba4ad7ab9[1].js.2.dr	false		high
http://typekit.com/eulas/000000000000000000017709	rbi5aua[2].js.2.dr	false		high
https://issues.apache.org/jira/browse/COUCHDB-577	chrome[1].js.2.dr	false		high
http://www.opensource.org/licenses/mit-license	m-unsupported-1ee43d2a[1].js.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f8a	onz5gap[1].js0.2.dr	false		high
http://typekit.com/eulas/00000000000000003b9b3f8c	pps7abe[2].css.2.dr	false		high
https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/l?primer=388f68b35a7cbf1ee3543172445c2	pps7abe[2].css.2.dr	false		high
http://typekit.com/eulas/0000000000000000000176ff	vtg4qoo[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/iabData.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
http://typekit.com/eulas/000000000000000000017701	vtg4qoo[1].js.2.dr	false		high
https://adobesparkpost.app.link/jsoIbkwCVeb	express[1].htm.2.dr	false		high
http://typekit.com/eulas/000000000000000000017703	vtg4qoo[1].js.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/iab2Data.json	7a5eb705-95ed-4cc4-a11d-0cc5760e93db[1].js.2.dr	false		high
https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8	scripts[1].js.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
52.217.1.54	s3.amazonaws.com	United States	16509	AMAZON-02US	false
13.225.74.123	spark.adobeprojectm.com	United States	16509	AMAZON-02US	false
52.51.251.137	adobe.tt.omtrdc.net	United States	16509	AMAZON-02US	false
104.16.148.64	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
104.20.184.68	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
13.224.187.69	dd20fzx9mj46f.cloudfront.net	United States	16509	AMAZON-02US	false
13.225.74.112	api.demandbase.com	United States	16509	AMAZON-02US	false
52.17.54.18	unknown	United States	16509	AMAZON-02US	false
18.133.35.94	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
185.29.135.233	pixel-origin.mathtag.com	United Kingdom	30419	MEDIAMATH-INCUS	false
99.81.92.132	adobelogin-origin.prod.ims.adobejanus.com	United States	16509	AMAZON-02US	false
35.181.18.61	demdex.net.ssl.sc.omtrdc.net	United States	16509	AMAZON-02US	false
13.224.193.81	page.adobespark-assets.com	United States	16509	AMAZON-02US	false
54.154.123.210	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
52.213.176.171	services.prod.ims.adobejanus.com	United States	16509	AMAZON-02US	false
15.237.76.117	adobe.com.ssl.d1.sc.omtrdc.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	412742
Start date:	12.05.2021
Start time:	22:30:25
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 28s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://spark.adobe.com/page/80rUPX5WG8FDD
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/257@18/17
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://spark.adobe.com/page/80rUPX5WG8FDD/?page-mode=static Browsing link: https://spark.adobe.com/page/80rUPX5WG8FDD/images/3bf5db0f-38e3-4b83-bfff-a9bc5b2463b0.jpg?asset_id=b97736df-5ecf-44a1-8b43-aadb6b7955ca&img_etag=%22ed70e0c9c411651f7bd645550c6cfc11%22&size=1024 Browsing link: https://spark.adobe.com/page/1v2abZdh3xB5f/ Browsing link: https://spark.adobe.com/page/80rUPX5WG8FDD Browsing link: https://spark.adobe.com/about?r=reader_page_logo Browsing link: https://spark.adobe.com/make/logo-maker?r=reader_page_learnmore Browsing link: https://spark.adobe.com/login?r=reader_page_bumper_createyourown Browsing link: http://www.adobe.com/legal/terms.html Browsing link: http://www.adobe.com/go/privacy Browsing link: https://spark.adobe.com/login?r=reader_page_topbar_createyourown Browsing link: https://spark.adobe.com/templates/resumes/
Warnings:	Show All Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.193.48, 88.221.62.148, 23.32.238.210, 23.32.238.192, 23.37.33.211, 95.101.22.203, 95.101.22.195, 23.57.80.111, 152.199.19.161, 23.57.80.54, 23.57.81.34, 99.81.11.244, 34.253.145.149, 34.255.166.243, 54.194.191.134, 54.171.42.33, 34.250.153.194, 13.224.193.82, 13.224.193.34, 13.224.193.115, 13.224.193.52 TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded domains from analysis (whitelisted): e6653.dscf.akamaiedge.net, e4578.dscg.akamaiedge.net, cn-assets.adobedtm.com.edgekey.net, spark.adobe.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, use-stls.adobe.com.edgesuite.net, ssl-delivery.adobe.com.edgekey.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, client.messaging.adobe.com, sstats.adobe.com, p.typekit.net-v3.edgekey.net, fs.microsoft.com, stls.adobe.com-cn.edgesuite.net.globalredir.akadns.net, ie9comview.vo.msecnd.net, cm.everesttech.net.akadns.net, e1723.g.akamaiedge.net, stls.adobe.com-cn.edgesuite.net, skypedataprdcolcus15.cloudapp.net, adobeid-na1.services.adobe.com, e7808.dscg.akamaiedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, a1815.dscr.akamai.net, geo2.adobe.com, a1988.dscg1.akamai.net, www.adobe.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\94DACTSI\spark.adobe[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	135
Entropy (8bit):	4.719230687994535
Encrypted:	false
SSDEEP:	3:D90aK1ryRtFwsnObemKmlULF0VqHlJR3qK1OqSfJRKb:JFK1rUFjgemKm6GVqHlJR3qKsKb
MD5:	A5BB9B0A64DF7D7D3671E20C6BD1FF75
SHA1:	BEBF24049914F81DDF3FACCB32C59C4D6F749861
SHA-256:	07C0471C316F1185F7646AC5273586D7CD87C6E8B88CCB9DFC499C9C5F9C5C87
SHA-512:	5DBF1E5C675F9FFABA054A4E7B611C110789DBB5B35EAA680549417586C6D6A10EB10D7EBBF09B2061FFA3DC6F58FDEBBD999625944C5867A0FCD505EBF2BAED
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1626329168" htime="30885817" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\ACXXFXEW\www.adobe[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1008
Entropy (8bit):	4.823816268823295
Encrypted:	false
SSDEEP:	24:W0U1mKm6DqM6U1mKm6DqMF6qij6U1mKm6DqMF6qij6U1mKm6DqMF6qijfDc6U1mg:0sKrXsKr0XsKr0XsKr0QXsKr0A
MD5:	EDFCC487A0CB6974F53E4937842C414F
SHA1:	FF67D7C6EEC1E93401668DCD69AAE44593717A7B
SHA-256:	76EBE57A027F544CE0EE8872F202CD6CA96846F1FB533E13B1509A5B06E8ACD4
SHA-512:	29425EE6C08291F67253ABEB5BB5D41B0A6B6473AF22F6A31AE82ED2E11F268C6E319C360501AD5CF2604311D2DFF14CB098658727620454540B82276632D648
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1646469168" htime="30885817" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1646469168" htime="30885817" /><item name="mar_aud" value="Bot" ltime="1674499168" htime="30885817" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1646469168" htime="30885817" /><item name="mar_aud" value="Bot" ltime="1674499168" htime="30885817" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1646469168" htime="30885817" /><item name="mar_aud" value="Bot" ltime="1674499168" htime="30885817" /><item name="isStoragePolyfillNeeded" value="true" ltime="1746959168" htime="30885817" /></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="1646469168" htime="30885817" /><item name="mar_aud" value="Bot" ltime="1674499168" htime="30885817" /

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B8C6A49-B3AC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	39000
Entropy (8bit):	1.9220701364132147
Encrypted:	false
SSDEEP:	96:r8Z/Z72zWyztyufyMlMykySyXfybsry8afygbryGg:r8Z/Z72zWYtxf1lMdrMfisr5af9brtg
MD5:	C2CC5746BA5C5C1BC1144D47BB08A291
SHA1:	88E79B77BF4921BA64A8313416CFB489FC08155A
SHA-256:	042D20E27E5E33A08361C1B27D3F3AECB8643053CCCA56E0711392C89AE32CB8
SHA-512:	9C1C35DA3FFE256E01FF7C068851CFCC3D0340B519F417977AC7B5EE2EED448DF568763BA81AE721FF57F6D8E4F7D3068954AC64AD23D71AD771A30F5E7F2F12
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B8C6A4B-B3AC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	198234
Entropy (8bit):	2.646944779856432
Encrypted:	false
SSDEEP:	768:xVNU3CUTtX+hGXipmDTwo3uw/+up9FJrQGCmIaI2BGLnNXs:GLQup9FRT2HBs
MD5:	9C0566F351875F066F42313657448CEC
SHA1:	A8202A5DDE5371FD2540AE7783613CCF689A4F10
SHA-256:	D408663FA507244BAC6BD53AFFF2F9DDF61A5F7A433ABE84009A85BF9408ADD8
SHA-512:	9A6E6015A51E36CD1DCCE8092022E098CF38A4FEC0DF937A48D04B60BD7B96F1712872857E893CA387B428503360A8B639D6F3D8CD35444F68190C374BBBD68C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91C04842-B3AC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5844733097923778
Encrypted:	false
SSDEEP:	48:IwNGcpr8GwpaoG4pQoGrapbSjGQpKpG7HpR+TGIpX2HGApm:rTZ0Q462BSdAIT6F2g
MD5:	47A337B418345CE5460C32BB4E06E709
SHA1:	9C8727CB79D69B282A9233F072CA366CD7E8F49F
SHA-256:	B178CEA7E71BC3259DD17A440B12E9D49EBBA41F3A19A713E4DA5E6F93102972
SHA-512:	E16D8508F3ED17DFCFC3035F53D793AD8635BD0DF0683A400EFD8DE13A83A87BEB1A5A0E80A18D8058A9468750EB4C683C64E57C7203165D8F4647C6995AF936
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	28454
Entropy (8bit):	2.0666948954484714
Encrypted:	false
SSDEEP:	48:R6fVgizzxxEKzOQBbcpS5WT//zVxrc7gzdbklTMl1sy6TMenl7ulGt/3GmjAAOXk:MdJ70sI2NmU3G08j70sI2NmU3GH
MD5:	025A3FAC3A485D3CC319C89AF3557A99
SHA1:	2EF6FAD634FBCDB5B050FE88BC0559566BA00B90
SHA-256:	C6431D42E7C6FC13F9A9C8E0BDE46062E29304A93B293F46D62EB87C885469EA
SHA-512:	7C3CF7EF3BB6F0A9753D476B1427DE5B471059B449EAD2ED26FDDB2BBB58CAC4061729DC191FC1F6F4E02FF1B6C626893D7E23F7DCB4E6B36E804CF980E4B6BF
Malicious:	false
Reputation:	low
Preview:	B.h.t.t.p.s.:././.p.a.g.e...a.d.o.b.e.s.p.a.r.k.-.a.s.s.e.t.s...c.o.m./.r.u.n.t.i.m.e./.1...2.2./.i.m.a.g.e.s./.f.a.v.i.c.o.n...i.c.o........... .... .........(... ...@..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................70..7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...70..............................7`..7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7`......................70..7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...7...70..................7...7...7...7...7...7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4021861a-a54c-4c1a-b4d7-1b137506ea6d[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 910x607, frames 3
Category:	downloaded
Size (bytes):	72565
Entropy (8bit):	7.869142787250768
Encrypted:	false
SSDEEP:	1536:VI25bd7kjDizQ3a0GQlb5wvV+c7l/091K/yHj5bexGsX:Vv5pGicyQBivj7pqHIGsX
MD5:	4EBA4667D3D96B45A97FE0BE0F59D707
SHA1:	0E4240B741C45B1780A0C00EE699314A993E678D
SHA-256:	2A91CE5938967B5D7AAE6796477B6BAA5359A9CA9C17026CD79529CDBAB9B827
SHA-512:	DC433ED62850D22859AB9FE49CFC903E6CD709C0B545CEFC9FB26F8A0BFAA12BE22B38BC5C80123E97ED80DDDC9690E5F848B2401BF3C09E518C5CDF0EECDF0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/page/80rUPX5WG8FDD/images/4021861a-a54c-4c1a-b4d7-1b137506ea6d.jpg?asset_id=64b30a47-5aaa-487f-a267-2f56399799f0&img_etag=%2272fcb864af72b30998275e81f73e04fe%22&size=2560
Preview:	......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c005 79.164590, 2020/12/09-11:57:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"> <xmpMM:DerivedFrom rdf:parseType="Resource"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	52901
Entropy (8bit):	5.225312764278971
Encrypted:	false
SSDEEP:	768:Hn8+27e5FyW7F1FnWO8JARtEeqakKnhNb:HnT224W7zhWO8JCnhF
MD5:	190856C7F6E29A9B72B9E018E0F4E9EF
SHA1:	FB3805F57BC6BA1135A8841C2C5CC0F1E30087D5
SHA-256:	BED5FFB4B16AC986F92CB69A29D32140B5F54D7B696F69EE7BD3732B97EFEBF5
SHA-512:	DE7E7AE7298128FF198AF7633CB29B86A05A9DD9E51318E215616830620ACB9C72A0C26F594733C3037360F5F5BD59834BCA45116F3794F7607040A2C89934EC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm, Author: Joe Security Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\80rUPX5WG8FDD[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://spark.adobe.com/page/80rUPX5WG8FDD/
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <title>PROPOSAL INVITATION</title>. <meta content="yes" name="apple-touch-fullscreen" />. <meta content="yes" name="apple-mobile-web-app-capable" />. <meta content="black-translucent" name="apple-mobile-web-app-status-bar-style" />. <meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport" />.. <meta name="robots" content="noindex">.. <meta property="og:title" content="PROPOSAL INVITATION">. <meta property="og:type" content="website">. <meta property="og:image" content="https://spark.adobe.com/page/80rUPX5WG8FDD/embed.jpg?buster=1620843984009">. <meta property="og:image:width" content="1024">. <meta property="og:image:height" content="512">. <meta property="og:site_name" content="Adobe Spark">. <meta property="og:description" content="A story told with Adobe Spark">.. <meta name="twitter:card" content="summary_large_image">. <meta name="twitter:title" conten

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Contact_72px_lt-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	28341
Entropy (8bit):	6.120769466888277
Encrypted:	false
SSDEEP:	768:37iSZiRcO9jD+7ZBNq+2owtRXhhMEnWLbljThoIJ5q:cRzGZBk+2owPleZX5q
MD5:	901C088DD283B59F4A43F74D798EDC60
SHA1:	959EA9066F892F103A3DDA229D67619150F7DD7B
SHA-256:	C45E2555412C2D5EC5E521ED5851B3D3665F90DD1DC645D6D59DEEFD71BC2ECB
SHA-512:	DAE5CFA3F362280B2D903FC35C6290AB28CCF5E5E5EA6C081B2EFFDBC20AA34301085DFAB35A0EFF5B6ECC7ED6C049668D95274DDF8A06314D60FD612A004555
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/Contact_72px_lt-gray.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 19.2.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [..<!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/">..<!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/">..<!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/">..<!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/">..<!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/">..<!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/">..<!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/">..<!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/">.]>.<svg version="1.1" id="adobeNews_x5F_72_x5F_lt-ou" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="72px" height="72px".. viewBox="-359 271 72 72" style="enab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Cookies_72px_lt-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	29593
Entropy (8bit):	6.132885465655844
Encrypted:	false
SSDEEP:	768:37Mv1nW4/4c6v1Nn8Zh8xMYS8k2eBP2y0Ejn1:Av1n1Q/48xK2mjx
MD5:	DC2C21E75D20CE5B00C78499D3B2DEAD
SHA1:	4D507BBB930FA9BDCE35371538B3C6A74549C503
SHA-256:	2076A1B099924D72F8B2D636645C5598444CEF873335E9D400CC7C8285CC96A1
SHA-512:	E4644CDCB754C783185642E029E7FE6617134C9E2DBB2F95B8ED4E6B3DF5828A47BF7E0CD3A709EF07379C27522F1AFD666FF8333846F9942A4572E0355D9B5E
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/Cookies_72px_lt-gray.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 19.2.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [..<!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/">..<!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/">..<!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/">..<!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/">..<!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/">..<!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/">..<!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/">..<!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/">.]>.<svg version="1.1" id="adobeNews_x5F_72_x5F_lt-ou" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="72px" height="72px".. viewBox="-359 271 72 72" style="enab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/ErrorPageTemplate.css
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RC036830be72f242959c7b9ca66cef0c85-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	323
Entropy (8bit):	5.278322841738521
Encrypted:	false
SSDEEP:	6:jwkMKngJv0KgiSP8Al8VQoHDXRMvKyupXMYGGX6SHMWkiezW3T5OtunadXZfJ/u0:jvgeASPRM9ny6cYGkcOeqD5OFdXv/ZJ
MD5:	5A428FB34157B1F392C7DE7626377B24
SHA1:	F2091A253E0FB2C427BDFC8D4A722010D8B3C66D
SHA-256:	2D0998621ABC5C7B0FDBABEE2ABBD59DD09ADA2FAFFEADA530538BEF1D54439A
SHA-512:	EE84B738B8019EAC1D943A8CEB41A8C170CFF466F99FC40E1E3D1B7394D6404708A6F09BAE994F5C0E22DA10238C636AE426FC61F585C60371D732C1787980F3
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC036830be72f242959c7b9ca66cef0c85-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC036830be72f242959c7b9ca66cef0c85-file.js`.._satellite._poll(function(){_satellite.track("trackMarketoForm")},[function(){if(document.querySelector(".marketoForm")\|\|window.MktoForms2)return!0}],{timeout:1e5,interval:100});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RC1bc70f0c17a44296971da4381a721bda-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	582
Entropy (8bit):	5.273615169448107
Encrypted:	false
SSDEEP:	12:jvgeASPRM9cBpUNe5fAYoVR+0KvOxRWx0Avw:15M9cBpGe5fA3RqORWx06w
MD5:	DFBA19DF282AF9ACA6655FF407032D5C
SHA1:	E00EECB6D6CD1AF8E3EAB27B87C1D4DD79A1E314
SHA-256:	46E768AD06BE874A59B2EB2994278EB2A59264653B3B7D4FF07D236577873B5C
SHA-512:	56B2920D1889632CEABCF2E5781DDFF9D8970BDCE471C4B6EE76238DB3AA884AAB4EE5DB05DC71A898F7BC3A6EAFBA83D005A8FF07A1F93AFDE4543183DB2B25
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1bc70f0c17a44296971da4381a721bda-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1bc70f0c17a44296971da4381a721bda-file.js`.._satellite._loadFBScript=function(){var e,t,n,a,c,o,s;e=window,t=document,n="script",a="https://connect.facebook.net/en_US/fbevents.js",e.fbq\|\|(c=e.fbq=function(){c.callMethod?c.callMethod.apply(c,arguments):c.queue.push(arguments)},e._fbq\|\|(e._fbq=c),(c.push=c).loaded=!0,c.version="2.0",c.queue=[],(o=t.createElement(n)).async=!0,o.src=a,(s=t.getElementsByTagName(n)[0]).parentNode.insertBefore(o,s))},_satellite.track("trackConsent");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RC508044d39da1421eb31de2476af8ac1e-source.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	830
Entropy (8bit):	5.123674015488603
Encrypted:	false
SSDEEP:	24:15M8cGct/Bw5M8c8Jj2lBfJKnKD8cQcj+D+NplHln:15M8clt/Bw5M8c852lBfi63Kqzpt
MD5:	CFC9CBC8873A4FFBCE6E8836EA141782
SHA1:	31C72FBAC64D01506A989B2C32235869CC71DAB7
SHA-256:	4E8C46DFA28474DF2FEE669F1F09D6C354111378075F1204F442BDFA9357B193
SHA-512:	DFC531325301B00080F6F3EFE66F0F311C53CF738BCE0898F93C818D241546E8536AC9D1FB6846C92B28FDF9DCD4DEA28B6CD303A711924E7D8D9763A7ABAEE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC508044d39da1421eb31de2476af8ac1e-source.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC508044d39da1421eb31de2476af8ac1e-source.js`.._satellite.__registerScript('https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC508044d39da1421eb31de2476af8ac1e-source.min.js', "_satellite.getVar(\"digitalData.organization.demandbase\").then(function(e){_satellite.setVar(\"aep_demandbase\",e),_satellite.getVar(\"digitalData.primaryUser.primaryProfile.profileInfo\").then(function(){_satellite._promises&&_satellite._promises[\"digitalData.primaryEvent.eventInfo.interaction.impression\"]?_satellite._promises[\"digitalData.primaryEvent.eventInfo.interaction.impression\"].then(function(e){digitalData._set(\"digitalData.aep.impression\",e),_satellite.track(\"pageview\")}):_satellite.track(\"pageview\")})});");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2503
Entropy (8bit):	5.255227719143
Encrypted:	false
SSDEEP:	48:15Mvn9KNNFeHD7Bbg8m9wPjwPbeffSQLYno4BXo5iTJWN+BJ6Nu4CuMgG+/T1zcD:1OvneNFeHDNbg76s6nSjXSiTJWMBJ6kn
MD5:	6ADCE7DE352492C057C2F0C88E7D3D98
SHA1:	0DD081C4D0D9EF30CD58EC4C3C40B7315AA231D7
SHA-256:	079FE9E5AD96322BF54FCB661F8CA26BFDCC2A7F1C2EBEF8AFEA75E05A0E85DF
SHA-512:	15FBF6140113F79BF007BB8AAAF135CC6D3BE5356890BFBB22ECC6E01749F82AD68268B9253C36103A47BC4F33FBAB28B36B485F9B639A8DDA52EA0FCF4CBEF6
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC6f46e43fa6d44dbeb45cc5801ffded0e-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC6f46e43fa6d44dbeb45cc5801ffded0e-file.js`..function searchAsYouType(){function g(e){for(var t=1,a=document.body.previousElementSibling?"previousElementSibling":"previousSibling";e==e[a];)++t;return t}function c(e,t,a){for(var n=a.toLowerCase(),r=0;e&&e.parentNode;){if(e=e.parentNode,r++,"tagName"===t&&e.tagName.toLowerCase()==n)return e;if("id"===t){if(e.id.toLowerCase()==n)return e}else if("className"===t){if(5<=r)return null;if(e.className.toLowerCase()==n)return e}}return null}document.getElementsByClassName("Gnav-menu-content").length&&document.getElementsByClassName("Gnav-menu-content")[0].addEventListener("click",function(e){var t;if(e.target&&("A"==e.target.nodeName\|\|"SPAN"==e.target.nodeName\|\|"IMG"==e.target.nodeName)){var a=e.target.className.split(" ");if(a)for(var n=0;n<a.length;n++){if(-1!==a[n].indexOf("SAYT-")&&-1===a[n].indexOf("SAYT-advancedSearch"))if(c(e.target,"id","

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\SPRK_color_hover_v3@2x[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1004
Entropy (8bit):	5.187217692853858
Encrypted:	false
SSDEEP:	12:tvG1XftzSHn4vj0SeX47LiiLAiUw/U+VH3NLzaDobULhqq9BS9C6gEKYoaWZKq2e:tu1XftHvxeIAvFiXtTbUJkUEhCP
MD5:	E9D94F821371E183B8B58F618B2FC161
SHA1:	792948E6A17CF091CCDC329A09EE22BF1A1A9CF5
SHA-256:	AC03A140536DC39782AFA5C742E10515D20C24DB3152DCB04471252C856B7FF4
SHA-512:	A9EC755233EAB39EE91630F379412BB469BADE01784095A13F7FC3E62C860E0BD0618A43554D909049B4716C0CF0F6A582E69DF3962384ACEDDBEF911013EEE4
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/images/SPRK_color_hover_v3@2x.svg
Preview:	<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 56 54" width="56" height="54"><defs><style>.cls-1{fill:#370000;}.cls-2{fill:#fa0f00;}</style></defs><g id="Layer_2" data-name="Layer 2"><g id="Surfaces"><g id="Spark_Surface" data-name="Spark Surface"><path id="Outline_no_shadow" data-name="Outline no shadow" class="cls-1" d="M9.9,0H46.1A9.8588,9.8588,0,0,1,56,9.9V44.1A9.8588,9.8588,0,0,1,46.1,54H9.9A9.8588,9.8588,0,0,1,0,44.1V9.9A9.8588,9.8588,0,0,1,9.9,0Z"/></g></g><g id="Outlined_Mnemonics_Logos" data-name="Outlined Mnemonics Logos"><g id="Sp"><path class="cls-1" d="M0,0"/></g></g></g><path class="cls-2" d="M43.6,26.3l-15-15a1.1989,1.1989,0,0,0-1.4,0l-15.1,15a1.1989,1.1989,0,0,0,0,1.4l1.8,1.8a1.143,1.143,0,0,0,.7.3h.7V38a1.0714,1.0714,0,0,0,1,1h7.2a1.0714,1.0714,0,0,0,1-1V28.9a1.0714,1.0714,0,0,1,1-1h5.3a1.0714,1.0714,0,0,1,1,1V38a1.0714,1.0714,0,0,0,1,1H40a1.0714,1.0714,0,0,0,1-1V29.7h.7c.3,0,.4-.1.7-.3l1.8-1.8C44.1,27.2,44.1,26.6,43.6,26.3Z"/></s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adobe-logo-gray[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 140 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2151
Entropy (8bit):	7.859633225944545
Encrypted:	false
SSDEEP:	48:FPEsgO6wykn4cbmeXfVzSzJwbU9dZKASJ/soJ0ANfknj28W:FPEsF6wfjvdOgUDZKzXyc6j28W
MD5:	9AE66EC6AE11F8E9D108E160D2CC138C
SHA1:	2A2D777BB0F63FF0AC298BE41FE2F046D91572CB
SHA-256:	6428A477DD15F959CB1B563A0009EDAA1EF0716852763792D0C66BCF1F4AF4AE
SHA-512:	ACB85C2A7530F2581D1BC52AF334A5A46452B8EAD3F1BD46C06BB5B9FF686C19B6D24BF25D1074777505D95611321A40D0E48D81FB3BA89926AB158A4BBE63C8
Malicious:	false
Reputation:	low
IE Cache URL:	https://s3.amazonaws.com/adobe-luca-prod-ue1-assets/experiments/base/images/adobe-logo-gray.png
Preview:	.PNG........IHDR....... .............IDATx...oTE..?[X..,wP....`.j./.11..51^6..O>...............e..."HA... ..h...X.~3..s.=.J.7.t....=...;..k.l\|....^.N{.}.X.b.../S..G....D..R...?..lN9.8..HC.:.U....)......S....=a./.%)..1..].O.......U.......D..q1....).^l....~.5....r....")a...S.SG...).f.{u.....d.Q%L.....v'Pk.}V...N..ql..iL.....f....X...h....U....<6...r.9X..l..79....h.K...O`..6.X9fO.<.Gs0_.de......I....n..2.....o.D...f.[.Mt.]....2....3...`.j{...N.,.hS.;U_5..$..{..Wm......R}....>L.R...Q........v....3....k.._..d.g.Y.z$@...E].L......e.:`!.b.).m......X....k..p..gT.......J5.,.....K....sI......w{......F.f%...>....S.".,u.....x<.L.9.p.,5.^[.....Y.zEa.B...uo2p/..."v.xD.... ..:.....ga\|'..X.\|.....I8..fq.F..c]....W!.....>&.Ob....[....].....3...y..1.V..ZEd...O...b!..}.b95."..vd.t#jp..:u..8.F.X.C.,W......C.J.p...#.S......I.\..A..4v9.p..,../#.c....Xz1f....u......xj!...p. Y.N!..[.;.I..v...0P...P...w..<.6.0..e..Z....2...D.*.....i2y...[.i\..ir....O..u........zq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adobe-spark[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 299 x 59, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5713
Entropy (8bit):	7.942941105430185
Encrypted:	false
SSDEEP:	96:swygmCeFV57fd/hMb1uJRyaYyg+1Qao2SqFf93sdo89IxzUwp:fCFV571hMxuJUaYZxa9SqFfhsdr9I1UQ
MD5:	95FC22E047BCEB4BFA6AEE7064399BBC
SHA1:	11A708485B7942104D06F2FFD0F1B6713F25F941
SHA-256:	C91BD804CF36B68D89EAE5FAC4CD8F985563D322273462AF92607AB9927002F1
SHA-512:	2C26049C9A7CDCD17F75DCFB70502D28E397E27F296F5267C6478B2D4F4D263D7584AD772ED3E1C12C7FC42110260B0DCF41694DE881260B92D3E615D9BED8E2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...+...;.....#.......sRGB........8eXIfMM.*.......i...........................+...........;.....D.....IDATx.._.$.].....q...H,.v,L...E!.P..R.@7'....}. ..R....3..........1.hg.P..CBA...EB..P..'6!.>..uO....gfwgv.._..W..V...k......s..../8...<..,.].....w.y.......9.7KaX4""..X....I..s....p.N..\....?8..+gy48"...!0.pT...W`.dNr5...8.WV..huD "..8rV,..,......".......U.MD.\|!.8._p.......:...Y...s.{.....:E.....,.}....=..J..Gn..s/....u...U......8.og...z..u...q...#....@."..k.a..VR.._K.........Y...i.\|.e.~.4.eF."..#.=..._.jh`.].[#E.".+..E...W..Lffu....."E."......~l....:g.....7".L.$G...hKD ".......B%."....C..EY.$n.1.!.....p.t\|...>...K._..G.F!.8..0..P7_.0zE(..g...t...;a.p........rV...?..'.u..9.?...?.o.F.)".....E`fg..._..{..T\|n~..$zV../9.I..[..>Q.VZ.....l.I..6}.aX.G[.I..\...TC&.fD`&gu........tRu`.Y!...Od...@....Jo.U..\..u._..."-....[..+,F....2.Q9....t."g..H....._f;.m.gVZ.Y...o..{/.'u.......gY.V.W.....i.J.:.2;..n..H.@-g..u9....}.^~....-.."

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\arrow-right[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 18 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	442
Entropy (8bit):	7.029622930176089
Encrypted:	false
SSDEEP:	6:6v/lhPzQynDi3URTCMkLPJsbjShtfGQHVxFX0o/A5VFnWMFd4+0hS+qz58OCox5Z:6v/7MM9CXJsbcf1xFXoWkOhSVNB7Z
MD5:	28A18EE67AF8D721211ED08164E72CB9
SHA1:	C643A55A18EF870B88FA1CAFED098A12F001384F
SHA-256:	78260D8829368E46D58D02B613EC0C0E19AEE5C159AA4BA255D032D283C30187
SHA-512:	FF21CE7DEE9E5B298BEFD0B67869A4E582097712B0A8D23E10050DFC60BD4B7BD26B0EA077865AA0D6FF57E204A74187874572B243584220C7B23FB0CC127F52
Malicious:	false
Reputation:	low
IE Cache URL:	https://page.adobespark-assets.com/runtime/1.22/images/arrow-right.png
Preview:	.PNG........IHDR.............<.~.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.9/11/13.9I.....IDAT8...!o.@.....d?.....#L...BW..\..\.YP....@T.\..>..{;...e.....I....q.dDrGr..#....w".].2k\|.. ..)......F..@.us!.=..........H..L.s).7..".]...Ug.u.W..;..,HD.EQ..2....!..1....<.X....9M.w.".</d..x.pk.......$.Uqw..&....VEdW8A..[...{4.UU.h ..._. ...^)u....b.Z....8..W..."..).&\....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\browser-icon-edge[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 124 x 124, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3016
Entropy (8bit):	7.891883408525801
Encrypted:	false
SSDEEP:	48:cCzs80SVhdoz+n+UHXol0c61Ga6ovj4mrikoPmzz3I4NrT6xvO:cT80CAK+UHY9gGa6or4sZ3I4Nr2BO
MD5:	096DBF8523D015FB4295051DF53A52C1
SHA1:	7BB34828A6AB6CB2E6E418ADFBEACF189D07AE3E
SHA-256:	0E95127D87D4498950215D4AD1BAA56BDE661E9DC7BCE84F8249594FBCECC727
SHA-512:	DF694A7FE2BE219DE857DCBC1D9F708960D74B1BFE45AF5F2EC15974C22C15EC2D48DAA6BBA6234BF54185103A00E8EDE486C9320F6A9A8631EE9A7E93D7F501
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/images/landing/browser-icon-edge.png
Preview:	.PNG........IHDR...\|...\|............IDATx.....E...@.B.D...-.....K.d.P.Q.....E.* ...U......`!.`!.....D...... ..$.R&..aK..9/y..wf.......z.......}...D"..f..W.....Z..`1...^...AzKpm.....l.l.l.l......W...g....G....0.E..t!..\|w..f...........p...a.....1j.wT..}.k..0.....g.......]..f.....\[..4p...g...5p-p.F=...[I...v[`p.0.7.....7b..M..f...D`.ph..3....\.Q.y.h.......>.C3.7...p5F-......N...........).5..._pm....6.l....31jq.wW.......Y...<...Q.U}.....$.:`K.6..0.3....z..=...E..i.'0.NV...)..S=[..sh.?C?.j.OW.~.\|.E.X.<..n..D....:.M..=[d .'>..n.,%.V.t~.[...-2...W.Q..b.p..b....E..V.&c./....0...4w..y.HV......S.Ol......bw...h........t.d.=R.uE......}.k.F..\|s.Uf..c.N.<a...\.......R..\N.O.i....l..x.\..2.%...E.8..p..&.ID.;.r.p..~....1m.^..^...{......y#L.]....Y.D......ex.D...D.t...3..Gz..Y....o..<;.Y..%.U'..M..5...t&....]...."q.^..Q..<.O..}...g..W.d...(r.N_....{..d.'q....{.+X...[...X.;.ZF./.aE.Z....".%..,\o.n"t.3;..B<.u&@...p...6t2.:.D..I...uNc.x....@G#.(.=^..k..$.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\browser-icon-firefox[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	23048
Entropy (8bit):	7.9780311101032595
Encrypted:	false
SSDEEP:	384:we/3EjkOuVoC1api2CeizbIn15L2/A0hF7S8Q24cMTbJ6KtgDeu47SFpdnRYsJJ5:t0QaCEpxHOMnPyz3FMTbJKu7STdnRRJn
MD5:	CB5D8684D59755A275761D3FD5A3DE21
SHA1:	F69AB8011CD09A7A77536F8C227CE05981DB7791
SHA-256:	180764AE8307B091F22104F366FAE7830DF994763C613977F4F3EE70D194A695
SHA-512:	44B86DE85BD786152AF0600528E9EA1BFB5494FDD9A01D9D795A892B765DDEABFD45AB7AF18A8D1250E70795863F1168256025FEDD7EFE29C9F1AFB3DCF726D6
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/images/landing/browser-icon-firefox.png
Preview:	.PNG........IHDR...~...~......#......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:5F7D65790FF011E69AFE8E50F5F6CE89" xmpMM:DocumentID="xmp.did:5F7D657A0FF011E69AFE8E50F5F6CE89"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5F7D65770FF011E69AFE8E50F5F6CE89" stRef:documentID="xmp.did:5F7D65780FF011E69AFE8E50F5F6CE89"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>wF.r..VvIDATx....%Uy/....\|.>...f.U...C08F$OM...I.3&.$..#.\5&...5.$.5...8.( .43..<..3.y.....VU.....n.H..?...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\browser-icon-safari[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 124 x 124, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	25115
Entropy (8bit):	7.984846894248758
Encrypted:	false
SSDEEP:	384:7jYMKpmdNqN0obP7YnB6pZj1MyPpC9/Hhw691Q/+3ryGjtx54ZNNlRiwnY1X:7MxqPoIMMyRcBw692jGjtKnlMwUX
MD5:	23B02AAF3435635E1E6C324D759B56CA
SHA1:	7DA557E711F8ADD60FE6493789ADCB97B6922A2B
SHA-256:	22B7C23F2DED34B2B0AF1B6D908A533130ABAB7EB32711052D0CAAB35D50BEBB
SHA-512:	7FF438AEEBB35FCC2F62C68E3EDD6C9914BF608BDDFC62B4AD20E91AF937A2395F882BF0CF85CFF2730B6BF4B145110E60FFF7F1F7AFE6FCDBE4A0C8885AC80F
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/images/landing/browser-icon-safari.png
Preview:	.PNG........IHDR...\|...\|............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:87E1179C0FF011E69AFE8E50F5F6CE89" xmpMM:DocumentID="xmp.did:87E1179D0FF011E69AFE8E50F5F6CE89"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5F7D657F0FF011E69AFE8E50F5F6CE89" stRef:documentID="xmp.did:5F7D65800FF011E69AFE8E50F5F6CE89"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.q+...^.IDATx..}...U...g...onz.i........*.......bC,X...../J.Ai..H.B.!..z{9........3..s.O.....)w.93..k.o...p].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\d[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 30832, version 0.0
Category:	downloaded
Size (bytes):	30832
Entropy (8bit):	7.985448564079255
Encrypted:	false
SSDEEP:	384:ULnH4B904aGBOfBA5ruEox7PvHxsFq36CoGkqzyAL6cRHbHOkhBnKW8x+OBEiB:Uz+93akYVEcP/ig6Nh+me7HLBnK1Pa8
MD5:	A24BAB0217A940502655CB39824C4CA4
SHA1:	031E50C9EF47A17C4077EDB15693225AFC16044E
SHA-256:	1CFA3682C2D68F282C013C471044AE4AF711E990D13B0A4A9E1EF257BABFA238
SHA-512:	4BA826B52A7E3E91C26FAF1C5D5DE5AB5A2E57C0DC393653FBA676433873022918CEB6B3016657D93622BEF2AC41C7CE3929DC710AE44BE42A4F5C92CA1F4EE7
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Preview:	wOFFOTTO..xp................................BASE...0...F...Fe$].CFF ......\...os5.Y=DYNA..`............3GDYN..a\|........s-.#GPOS..b`...u..$..~.sOS/2.......Y...`\Wv.cmap..w....V......3head...x...4...6..%uhhea....... ...$...Hhmtx..t....)...H.$.Imaxp..............P.name...............post..w........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................\......x.c`d```5...3%...+.3........p..?.?/K... ....$..:...x.RKn.0..9N...Qt.5.v... .Wv..Y%...%....cH......g...g..:.X4M.."(.{ofH>..k\|.....l..W.Z...L.>.;.8.%'w..C..>..\|r..>>S.u_2..a.o....z....\|.>:.%....o...}g.p.Ig.(...b...-....7..U....b..b..S..nt.c.._.:.gz...u$.~4._O.#[..sWd.v2}"..u.U.hUws.H..(..w./...GE..Y.<K...h...1.K.7...dF.....7.z...0.W......8.Dc,Q!.&......W.J,X.......V.s..a....F._M..1.._Q..RZ....cr#..^w.....e...T..?S..[...J.v7.wY1...u...{!m7.3)Y.....y.....Z.qC.#g.lN...#;.....}.aW/.s..}...~.N.....7...#.C.;. .......x.c`f\|.8.......).....B3.1.1*.E.Y..XX..X......P..............6............1-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\d[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 30780, version 0.0
Category:	downloaded
Size (bytes):	30780
Entropy (8bit):	7.988535310328335
Encrypted:	false
SSDEEP:	768:B4GGbSq0CiAIlwymd1yf04b80qrqH7b7V8zXe1X7QjQlWunvdoO6:B4/SqQ5wymryflbhqrqf7C6NrWunvdo3
MD5:	41291B5CC7AE5A302D0FF767D801DC05
SHA1:	A6B8FA2252C9563DE7FABC7A6F068E5D7C42383E
SHA-256:	641E63A696D3E572B940226372365DDE29D2D581D614B5FCF66323ED46A5CBDD
SHA-512:	3F6F193E7B3F5E0743427577E129D5F21E9A0598F5444A930B53573A87A562861807ACAD2CD4065BBB8FFF7C70821DC500BDBBE431662EC9C04064E975AD5B28
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n3&v=3
Preview:	wOFFOTTO..x<................................BASE...0...F...Fe(].CFF ......\...o...C.DYNA..`............3GDYN..ah...........\|GPOS..bH..._..$.....OS/2.......W...`[.tJcmap..v....V......3head...x...4...6..%`hhea....... ...$...Lhmtx..t....%...H{e!.maxp..............P.name.............8..post..v........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................`......x.c`d```5..?..N<..W.f..@.....0....6.;.c@.3..H......x.RMn.@.}&$U7.......-+.V. 5R$"...a... {.......r....^.G..y<mQ.....\|.g......Cs]q6..[....+\|p...0u.M...s.....f~u......_s.....{..-t.O..a.}q.M....Qz....h..w..>?._...-.X...2:..].(.]QFF/.....%..LW....oR....fz..Fe(.^8..'C+..K.`u:..g\|.e...h..s.K..pS.E..EOy...h....i..2..@....cv..9..61rQd].#U]....A.....!.Cq.FX.@.M<....q.... [....rKH.K9.fH..LeW.OM..)..o..L....j..O.".Bz\|..!...b..E.R.e\.e4.U..........B..i;.X.Pel.r.....$...l..-.j......v.l.......r.~..U[.).....u."V'F.....O.G......x.c`f.........................L,,LL,..L.@yF.(ptqr.R.....gc``...K..q>H...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\d[3] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 30980, version 0.0
Category:	downloaded
Size (bytes):	30980
Entropy (8bit):	7.987621377492639
Encrypted:	false
SSDEEP:	768:Nh0Jzz1kWYZQL4lNCzPhlKCdN7GgGAvOYHqycQ:Nh6WZQclQzJ5xbvHqnQ
MD5:	01BD649595C405E61BD162E40BFF7260
SHA1:	B03670659950A40A47F9658B71F69FF14F8DA4C2
SHA-256:	2FF95F05AA71F6FE45D80A3FC8585BDE66210ECBC83A1AC494BD679A5CAE28DE
SHA-512:	9C4A5AA9CCD44CDB780515532E79BD26C2F250DAFF67FAC3CDC2B9D7067AB664F1D1301183A928BCD950123652F44781B31EEF5A22B7AC939B261D242E92F4C0
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Preview:	wOFFOTTO..y.................................BASE...0...F...Fe!].CFF ... ..]q..p.q...DYNA..a..........#.3GDYN..bL...........GPOS..c0...@..$..#..OS/2.......Y...`].y.cmap..w....V......3head...x...5...6..%ghhea....... ...$...Chmtx..up...%...H....maxp..............P.name............E@..post..w........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................Y......x.c`d```5.:...]<..W.f..@....^0....~.).......@...).=...x.}..n.0...t..B.\q...s.D..UB.[.v...&..I.w...%.*....@....Ix..8....r.........+\|...9......:......w.f...C\|r\|..xp\|...0..?..w..^{..........s...C..7.Gx.{...Y.... ..\gJ...Qe#......N.......oW..3.zGc.?/TZMt..2....d:...8i=4^M...7.n..]..\.2...J...vb .y...t..Y.b..2..0..$^..=.}......}uW...<y.l.E.$.=..".HHc....s....K~......5...Z_.i.............S>.....,..&....c....}j.g.._1...j....V.2..c.k..=....hYQe.9+V-.k}.w7..d...%...f6>.sh....;.=<..a..-5.f2...\.pGu.}W.G....kJ.........x.c`f.........).....B3.1.1..E.9..XX..X......P.............6...........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\d[4] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 31340, version 0.0
Category:	downloaded
Size (bytes):	31340
Entropy (8bit):	7.9870881023883635
Encrypted:	false
SSDEEP:	768:8pXzzHNr6GY0k1BBwz8d1Ip1WbAy/iGGOYKzte6fcq:4XJ6LBa8dmib7/NGOYc5n
MD5:	588A4A92645A9E137308924C68778A29
SHA1:	99F03745B7B06DB4201A3B00C6D9BEDEA3F97E9A
SHA-256:	B3220E43420A21615A932915870167A21F7A34E64EBEF3323209E6A9553C1B11
SHA-512:	FCF13CD9528CB0CFE2AF66AEAD2D0029EB6B6514907DF318815C8F08F06E6F4D12299FDBB98B50E5DEA2A01144B43FAB062F880006E2BFF074BA3D2B4DBE7FCB
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/180c9d/00000000000000003b9b3f8a/27/d?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n8&v=3
Preview:	wOFFOTTO..zl.......4........................BASE...0...F...Fe.].CFF ...0..^...rzyB..DYNA..b............3GDYN..c............^GPOS..d....G..$.....OS/2.......W...`].z.cmap..y....V......3head...x...4...6..%}hhea....... ...$...Ahmtx..v....!...H...emaxp...(..........P.name............a..(post..y........ ...2..............ideoromn..DFLT..cyrl..grek..latn...................W......x.c`d```5.z....o....P..\|rh0....e5.} ....$..g...x...j.@....'..L..~6.R.x,!b.+;."..`C..=...1.....u...,....!...h4MC14...f.Gw.d......u.Y...\....\|u\|.cL.7..s\|.......g..<1.k....9....9n..}w\|./...Mj~9>D.8v\|.O.o.[..?...TW.fy..dW....2...&/".gR..D.W..).X...r..':......0Ofc..M.".~'.......Y......h.....U....z"\|.../s3...H%O.~..un.2Y..e.Sj.s..l..m......i..5.+..+.{q0.Fx.....%.0C...<..%.9.]...........f.6/...c.....v.y..n...934]2.....C......n...C...4B..qA......^'{..+....nl.%O.[......o.vNqgI....xZA]...S....].....5....=....T.5\|.ghs.....kz..U5...{%Y.g.\|j.3`u]D..J-..x.c`fbeV``e``.b.```...q.F..@QnNf&..&&....v.<#..8.8..)..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	1.952456287520738
Encrypted:	false
SSDEEP:	24:EslvlQNp0eCeAuyAwNtmUc3lKFWoX6UwjobtSl554VqQBzttYtlbd6e2u:FYfCzuyAacQWoWjobtc4VqUztQlbIeB
MD5:	DC94F1054A50B313EE14BBD3D4BC1C0A
SHA1:	B871EFBBD59E202329352C18B775F7C5743AA8DE
SHA-256:	8E263FEF3E738AC1882B97A05CAAF21BBFFC0BDABDF4A7E8338453C18E1E90EC
SHA-512:	A66B30C2E23F0D43F06B7C6889892AF0975C79037FB145FD01E84D4FA04234CDF8B32ECEE8FE29FA5FD13DB682485E4EFC7B2F3E8B9D23BDC12586CE417AA080
Malicious:	false
Reputation:	low
IE Cache URL:	https://ims-na1.adobelogin.com/favicon.ico?cache_bust=74511746e1c9ac
Preview:	............ .h...&... .... .........(....... ..... ............................................................................................8...........................................................8...................................Q...........#......................................."...@...@.......................................x...............H...................M...............x...............................................................................X...............s...........v...............X.....................................................................................................................................................................5...5...............................................................................................................p...........................p.......................................................................................................H...................H..............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feds[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19028
Entropy (8bit):	5.097989623681208
Encrypted:	false
SSDEEP:	384:J08heJDYD+yQUAP/92Z6Rs/AQpol4+69503RYUSs8Ukz+OsUIKn:GpSkhKbolDPu
MD5:	99ECB54FB6A6DBD6653F70898951851E
SHA1:	A1F286ABDB35080A60DC4824A24B4E7963AC1EEF
SHA-256:	F727B62A08FCEC8F20CF51B322ED7A005950499041128A02AF0EC1FC89B5CDD2
SHA-512:	0D70A24FFE03A6B7006CE249916E74DABE188BA555ABECFAFD8847FBD5146B614D022B385FC1888EB11CD55F759CD59FD6FD4B09C552D912FB8740F95D8031F4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/feds.css
Preview:	/! feds v0.49.0 built on Mon, 26 Apr 2021 07:16:01 GMT /.[class=aem-AuthorLayer] #feds-subnav{position:relative}.Subnav-wrapper li{margin:0}#AdobeSecondaryNav{max-width:100vw}#AdobeSecondaryNav.Subnav-wrapper{position:absolute;top:100%;right:0;left:0;min-height:60px;display:flex;justify-content:center;font-family:inherit;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;transition:height .3s ease;z-index:1;opacity:0;transform:translateZ(0);overflow:hidden}#AdobeSecondaryNav.Subnav-wrapper--active{opacity:1;overflow:visible}#AdobeSecondaryNav.Subnav-wrapper ,#AdobeSecondaryNav.Subnav-wrapper :after,#AdobeSecondaryNav.Subnav-wrapper :before{box-sizing:border-box}.feds-header--rebranding #AdobeSecondaryNav.Subnav-wrapper{font-family:inherit}#AdobeSecondaryNav.Subnav-wrapper .Subnav-background{position:absolute;top:0;right:0;bottom:0;left:0;width:100%;height:100%;background-color:#f8f8f8;content:"";transition:opacity .3s ease;pointer-events:none

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\head.fp-00a38324dab316803fdc74cba4ad7ab9[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	141116
Entropy (8bit):	5.30072949013579
Encrypted:	false
SSDEEP:	1536:oh2bb1H+uuod92HpEMQqgQzDLTSYmv9Ktq2GXevsAUwx/VKbDlWJfwPf:RH+HY0zcuvsAFJs
MD5:	00A38324DAB316803FDC74CBA4AD7AB9
SHA1:	75321253B2C91E253BF2C775B589B2C096AAC1D3
SHA-256:	0CCDD4428614FDCEF969060F2ECC4EC6FF99FEFB968A49B4C987FD4506D33C81
SHA-512:	A927CF78845EFD12E39B058286E1C2ECC503B152C910F334F592A0266E0D340B5066AC6A21EB478DA39F08B647651F0DF1841E7F3D00AE44719C0FC596DDA81E
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.hawks.dexterlibs/dexter/clientlibs/base/head.fp-00a38324dab316803fdc74cba4ad7ab9.js
Preview:	!function(e){var t=window.webpackJsonp;window.webpackJsonp=function(n,o,a){for(var s,u,c,l=0,d=[];l<n.length;l++)u=n[l],r[u]&&d.push(r[u][0]),r[u]=0;for(s in o)Object.prototype.hasOwnProperty.call(o,s)&&(e[s]=o[s]);for(t&&t(n,o,a);d.length;)d.shift()();if(a)for(l=0;l<a.length;l++)c=i(i.s=a[l]);return c};var n={},r={6:0};function i(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=e,i.c=n,i.d=function(e,t,n){i.o(e,t)\|\|Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:n})},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i.oe=function(e){throw console.error(e),e},i(i.s=584)}([,,function(e,t,n){var r=n(13),i=n(9),o=n(38),a=n(36),s=n(58),u=function(e,t,n){var c,l,d,f,h=e&u.F,p=e&u.G,v=e&u.S,g=e&u.P,m=e&u.B,b=p?r:v?r[t]\|\|(r[t]={}):(r[t]\|\|{}).prototype,y=p?i:i[t]\|\|(i[t]=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\headIE.fp-f9e44dbeef5252f4d02c4ed9c4b6a618[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	71836
Entropy (8bit):	5.2834062351912525
Encrypted:	false
SSDEEP:	768:akRyhGekI/d65mve+R6ohN3KjAXCxnRGO7AevGBVGcgTSnTK3o9ufC:akRyhGek7E3KEXChwOsKTSOg
MD5:	F9E44DBEEF5252F4D02C4ED9C4B6A618
SHA1:	6EFF709B896F31AE0F73C4F493DC081D51771F20
SHA-256:	673875DD89E08974EAA386C2D7DF3F510C9D012E0DF65138347DD739F154EB1B
SHA-512:	9558927F687C05A1AF27F8E42A5592CF820A06AE6F26EC8A3F3E4BB9689FE4964A7DA6CEB23ADF99871167150E5CA3B191DC1CA6301BCF8085909EBB9E986317
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc.hawks.dexterlibs/dexter/clientlibs/base/headIE.fp-f9e44dbeef5252f4d02c4ed9c4b6a618.js
Preview:	// Nodelist ForEach polyfill from.// https://developer.mozilla.org/en-US/docs/Web/API/NodeList/forEach..window.NodeList&&!NodeList.prototype.forEach&&(NodeList.prototype.forEach=function(o,t){t=t\|\|window;for(var i=0;i<this.length;i++)o.call(t,this[i],i,this)});..!function(t){var n={};function r(e){if(n[e])return n[e].exports;var o=n[e]={i:e,l:!1,exports:{}};return t[e].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:e})},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="",r(r.s=619)}([,,function(t,n,r){var e=r(13),o=r(9),i=r(38),u=r(36),c=r(58),a=function(t,n,r){var s,f,l,h,p=t&a.F,v=t&a.G,d=t&a.S,y=t&a.P,g=t&a.B,m=v?e:d?e[n]\|\|(e[n]={}):(e[n]\|\|{}).prototype,b=v?o:o[n]\|\|(o[n]={}),x=b.prototype\|\|(b.prototype={});for(s in v&&(r=n),r)l=((f=!p&&m&&void 0!==m[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ibs_dpid=21&dpuuid=164870203784001169788[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	42
Entropy (8bit):	2.9881439641616536
Encrypted:	false
SSDEEP:	3:CUXPQE/xlEy:1QEoy
MD5:	D89746888DA2D9510B64A9F031EAECD5
SHA1:	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256:	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512:	D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........D.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ibs_dpid=269&dpuuid=86d4609c-3b3c-4600-a50c-016c00f7e6db&ddsuuid=13919353196951824420779459478395011060[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	42
Entropy (8bit):	2.9881439641616536
Encrypted:	false
SSDEEP:	3:CUXPQE/xlEy:1QEoy
MD5:	D89746888DA2D9510B64A9F031EAECD5
SHA1:	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256:	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512:	D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........D.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/info_48.png
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\json[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	92
Entropy (8bit):	4.971734173768882
Encrypted:	false
SSDEEP:	3:GvxKXtlRpRTGUfGC48F9qRwupfFtOkBn:Gvx0lRpBSCwbZfO8
MD5:	196253AC72D70660D015E5653455A2E8
SHA1:	830EC6D6D60EB190D61E6E587EE8020758C66E51
SHA-256:	48A40F98CCBC30B43A824D1F924C183285CCD2417C26C327CACAF00514E8EE9A
SHA-512:	20EC12236317A759D78F5CE20FAF01B9AB926755013862F0B699CC9D9C79AF7A6EA62D820BFF7536673DA01932AA2DFCF33E7AD97E66786F743148953B50188D
Malicious:	false
Reputation:	low
IE Cache URL:	https://geo2.adobe.com/json/?callback=feds_location_162088396041418614
Preview:	feds_location_162088396041418614({"country":"CH","state": "ZH","Accept-Language" : "en-US"})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\location[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	182
Entropy (8bit):	4.685293041881485
Encrypted:	false
SSDEEP:	3:LUfGC48HlHJ2R4OE9HQnpK9fQ8I5CMnRMRU8x4RiiP22/90+apWyRHfHO:nCf4R5ElWpKWjvRMmhLP2saVO
MD5:	C4F67A4EFC37372559CD375AA74454A3
SHA1:	2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56
SHA-256:	C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE
SHA-512:	1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2481
Malicious:	false
Reputation:	low
Preview:	jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","continent":"EU"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	37766
Entropy (8bit):	5.3931887135609635
Encrypted:	false
SSDEEP:	768:2l1lHt/JNVFGJIeNI9ReC0bG5woJhEZnvjgDMiB+2ahy2DkLSpcF4:cFe0erbGYZnvjkM2ahy2D8p4
MD5:	7FDCED816D39E63B82160899EDBF8C95
SHA1:	2ECC7C2FBECD0C703ED33CEC39B053D5D7924B63
SHA-256:	E1F4C750EACD9F9816CB55855683BDD857FCC03C320D1484B9CF0E7618D054CC
SHA-512:	D038BCD52CDC2E2EF823EECDEED604136D14B1CF0277DBE41F3D2EA90E143F5E8B57FBC2B047818301218BF30A3F2F46DFE1AC7F0DADADEACBCE4224EB4725CF
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en-US">.<head>. <script nomodule>document.location.href = '/unsupported';</script>. <title>Make Images, Videos and Web Stories for Free in Minutes \| Adobe Spark</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <meta name="viewport" content="width=device-width,shrink-to-fit=no,user-scalable=no,initial-scale = 1.0,maximum-scale = 1.0">.<script type="text/javascript">.;window.NREUM\|\|(NREUM={});NREUM.init={privacy:{cookies_enabled:true}};.window.NREUM\|\|(NREUM={}),__nr_require=function(t,e,n){function r(n){if(!e[n]){var i=e[n]={exports:{}};t[n][0].call(i.exports,function(e){var i=t[n][1][e];return r(i\|\|e)},i,i.exports)}return e[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;i++)r(n[i]);return r}({1:[function(t,e,n){function r(t){try{c.console&&console.log(t)}catch(e){}}var i,o=t("ee"),a=t(22),c={};try{i=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	13691
Entropy (8bit):	5.381448070810353
Encrypted:	false
SSDEEP:	384:OYICUsySZX0Ljd0kg41VOEMFWKjzI4omXFKJvm4Qrb7H9g:OrTUUjd0zBEMFWCI+xg
MD5:	2DFF659EF77A2D4E7D76BF2CFC77C59D
SHA1:	6852E5A30F3186122B4CE704DA88D6BABBC4A8A3
SHA-256:	4CF1ADE01D47C67B3312F6750D7BAAA76C1CB0D1384FF654B255DE1A859DE959
SHA-512:	E279C04EE7ACE51A60E9E020BD272122CAD995BD4FA8D4F5658C506F788D33CBBCDCB83A63D8A2513980690D0F30B4927A71766ADD5AEBF6DA680090D2D69DA6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/marketingtech/main.min.js
Preview:	!function(){"use strict";var e,t,n=document,a=Object.defineProperty,i="replace",o=function(e){return e=e[i](/%2523access_token%253D.?%2526/gim,"%2526")[i](/%23access_token%3D.?%26/gim,"%26")[i](/#access_token=.*?&/gim,"&")[i](/information=[^\&]+/,"")[i](/puser=[^\&]+/,"")[i](/fnuser=[^\&]+/,"")[i](/lnuser=[^\&]+/,"")};try{var r="referrer",c=n[r],s=o(c);s!==c&&a(n,r,{configurable:!0,value:s})}catch(e){}e=window,t=function(){function e(e,t){u.add(e,t),f\|\|(f=_(u.drain))}function t(e){var t,n=v(e);return null==e\|\|n!=p&&n!=h\|\|(t=e.then),v(t)==h&&t}function n(){for(var e=0;e<this.chain.length;e++)a(this,1===this.state?this.chain[e].success:this.chain[e].failure,this.chain[e]);this.chain.length=0}function a(e,n,a){var i,o;try{!1===n?a.reject(e.msg):(i=!0===n?e.msg:n.call(void 0,e.msg))===a.promise?a.reject(m("Promise-chain cycle")):(o=t(i))?o.call(i,a.resolve,a.reject):a.resolve(i)}catch(e){a.reject(e)}}function i(a){var r,s=this;if(!s.triggered){s.triggered=!0,s.def&&(s=s.def);try{(r=t(a))

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1022d55369c9618986ad93c5a25072f4185e4b63a[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	155
Entropy (8bit):	6.443740211670026
Encrypted:	false
SSDEEP:	3:ez1ZHV/Llh9yEwrHrR5t14PKkYLiGxUepnKUlgT7C2e7fjbtpUu:sZ99N45t14PxYWgUexKUlgSNJp5
MD5:	D8DE4BDEAED67B602D36F1FF1FF5E154
SHA1:	29593407AE39E68CC5F6D584BF455FABB530E263
SHA-256:	7B471FC856FC0AAB4739AE63F6517FDC921C0A2DEA14D5886D2D29FD20F686A5
SHA-512:	9BC830A854249F36937E171857CCCC68661F283326BC28211A27B53CEC189204593565CEF9774D039AC656C1DD4825B1F35C4D6862F0C73939DAE2ACDCC53B02
Malicious:	false
Reputation:	low
Preview:	RIFF.2..WEBPVP8 x2......*..k.>u4.H$..!'4\....bn.!...o....}..O..z.....?.}..?.K\{.+...........................'......t=i?.~.{......[.w.../.....?.^...=...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_102523b575492841801eee551ccfbc5fca141ecdf[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	60708
Entropy (8bit):	7.993831080055168
Encrypted:	true
SSDEEP:	1536:sABl8qvxg0xxSXnGrqGvQ6d9VE43+0wNZoBZUOH2ycjGHZ9kZ1oee:s67vxlxsGD46hkHsBeOHu6HZOI
MD5:	A17877D2777D2142C82A8A1AAD6B2CAA
SHA1:	C58C2C4F8D8503400DD67CF9716CA430EF783726
SHA-256:	0C45D619AC3D62ABD857D1D09381A714F29D2134883D04402304AA5E210BFC67
SHA-512:	B2B7E72A5B35B591A64A4D3F1D8E44C313D413E0ED22BE9EED5489C95E04492E004F61873312A8A6EECAB8B5C538865ED06584E1CFCDCA0E1839087671B0CA35
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/media_102523b575492841801eee551ccfbc5fca141ecdf.png?width=2000&format=webply&optimize=medium
Preview:	RIFF....WEBPVP8X........a..;..ALPH.`....Gn$I.z).V$..pU...#.?..a.....D>.....~........O..~...S>._.K.S1/Q........f...P...J.X..I:Q.z..$.V.....8r.F.d.....{.{DL...=.&..3.DS...ie.`...........V?..V.h..j.....@C?..p.].n..$lg.R+...$\...$A.$....<.T...YDfF...EL.-....irC.p....&.{...m.h.>..II.q&..]...b]..w_....u..d..I.El.DR.\vf.....IV.h.O..s.{A..~c....$I..2....{.{.75f...U.!...TDH$..WD..d..t..@...A^..$.$Id....F.....xd.)..E"...6....Va.N.......#............R.. ...$.$..~.."..3..Q....3[.T.._5.C.6m.B.Dc...s.s....".b....h..~.sc>{.>."I=.:..U."...@f........,L.b.\.W........).....ps.}.#D.n.<...d......frd........4.j.Zw...{;.p.DP...H6..}.P...+.5X<v..:.."....g[j.... .:/.&.'<.?yx.Ew..&}y..9g....S..=....s..*.[x..Z ?/..W8.........g...d{....m....C..5...=.D/.l..;`{Yf..ko.@........RZ....._.?.......m...E...D......&...=P..<...4.hJ.\..#..1f..NF...7..>..A.7G.E......p7>..m.....ma.sy..m..DF...3..@../..^.<.....4...L.<zJ./.!.bkX+8....J..#}...j...o...\|..r.../W.i..O.P.. H.D9G.{

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1086fd2a59b94c30b4908a573dc0dee6577320e1f[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	11614
Entropy (8bit):	7.983943945978168
Encrypted:	false
SSDEEP:	192:t37dC+0sGUkKpVBKBQaErAKWSKU1QaGjd902Mp7cGODCigi4dJqtQGapT8RBk2tf:trEesKpb7MKWS/QaGj0dYbadEQzT8w2d
MD5:	C03791504EEAD41C916479068F7180CB
SHA1:	FA860BC1BB755161338EEE6AB9F0274657C8FE6D
SHA-256:	67577C133F767FDEEB8C6E5ACDCA36FCC1D3FBB7BC53D21E9CCD937ED06D6B28
SHA-512:	E27CA1829D5E78EA5A3ACFCA238C4348587E344ACA7BD36CA0D9067A4CE99B85685C9844AB3114344BC7223C76C9218498BEB27284C5F97B5588E5892D62D56D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1086fd2a59b94c30b4908a573dc0dee6577320e1f.png?width=2000&format=webply&optimize=medium
Preview:	RIFFV-..WEBPVP8 J-..P......k.>u6.H$."!%r.....in.q....7.>...m........4........^.z.._..R.....W.../.~......%.O.............n...-.....m.s...........u...'..._.k.......7..._...~.......O.?....g.M............h>......{..._........9.........?..........o.........p..J"...z.&~..#.j.Y.;...B... .`.00l.iZ.!..9.......?`.dL.Q.:P..%i....a.......e.L..%,x.9&......_\|d./..`.l.&Pl".\|.........L....A.....;.(....#.^Q..g..z..[.!...V.u.zL...;.-..r.t.4..p.H...fDe...].(.o01].,e.x..5-.U.=).v.uC].%...CN\.:..`.[X...<..}._q.....>i...1.R..}8.....;.gI.7g$.B.Q32R..+.l#.B..p..X....,.....F..%c]..6.....pH.yf..'.C.G......g..-aNR.,o....I.U...~.\...A..{u....C...qC)...]..zg.S......!.:..?...MU.(A.98F.I.tw........H...$e...\.bD(...n.....zszl.9m.{.,.1...&.....I...'.^..kD.z)..To...0..8H.b....5.z....Vy..NS.`,.a..W......-.gj..\M..~gv..qG.8..Y...b..`=....y_.Wdi)d.....>#..#..C....>..h.X.Z.......@:?9..7....\u=.1.h.z.....B4.n....>..~.._....;.u......v.0.u........(Z+....9.$.3..Tn.7D:&..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_127d8ddf746b3d9b821b50287212a23ace9adf57c[1].jpeg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	15190
Entropy (8bit):	7.900823858341308
Encrypted:	false
SSDEEP:	384:A3GBFJZuP4Cd0ph1XIjBsG3osiVH2cSxm1B/k:N5uwq6sLxxm1Bc
MD5:	ABE63D471829BCB3AB3658DEF6906867
SHA1:	231AFECD20FB809B6C9774FEA8D0CFA90C4E74B3
SHA-256:	0AFF67DCBCCDAC84D25F477D210AC8150C25192216983C10112D4B25E2A85C6A
SHA-512:	48A58E6D71ABFAE3AAF921C1C39C90C613660A6B4EDE2F601F302254430DD8F4253D6F7323D9065450F36A68BA1CD81DCE8575FB5B3ED3FC1BB73F8AA2B6AA90
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/create/media_127d8ddf746b3d9b821b50287212a23ace9adf57c.jpeg?width=2000&format=webply&optimize=medium
Preview:	RIFFN;..WEBPVP8 B;.......*....>u:.J$.#!......gn._....-.%..;`..M~....o./..O.o.^@.!.ox?......G.?........O.................O....~......k........?.......{^...6...K...'.?.?.}t.....i.....o.Oi/........a............u....O...7..}~........w.....'....,..............<.;q@.._..........E..i.....W...g....\|I~.................U.'.K......%..?..e...C.......?.>....'.?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B.R....n.)%/..?f.B

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_12cf6ece47212fe7f4436d270c236898bfdff65ca[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	16664
Entropy (8bit):	7.988139641157608
Encrypted:	false
SSDEEP:	384:6Ho4Bj2kyzY478jPRK6BiD1ZlnsoOSfLBD/Vg7/4gL2Tx:6IOjRKEiDzlnrtLBxg7D2Tx
MD5:	23CC967D125B34649328DF04BF2B0FED
SHA1:	4846F963DF3F78F5126C0D7B6045BC0218FB8E8E
SHA-256:	E27E9B6650E9478355CE12F205F0A089F1585E275A99F9CE47868112F2D6191D
SHA-512:	8FBA931073D002FABFDB6520D0A49FE9E5DEEFBAE3AD3BD801155F8D90830AE6B7E158DB506E6B84877D7337F8406EE00D8550F17C1E8416A9A6CB89E0642048
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_12cf6ece47212fe7f4436d270c236898bfdff65ca.png?width=2000&format=webply&optimize=medium
Preview:	RIFF.A..WEBPVP8 .A.........k.>u2.G...!)u.....M....>>.....G...o2.S#..<',.z.G.......}..u.E.%.......w.o..=G..............._.................#.{.7..O.....^..........#.O.?.~C=.....o............O........'.......2.]..=.:g.o....}g.O.#.....}....'................O)/......{.........3..?....../.._..]....~........{....."y..OV".Q.h....v..7u.}.0...$..B\C8.K.h1..$.VP].p..a.x~.)0@..].n4....\....4./ j..=d.R....l... .T.a.e7....8d..Y....7C...%]..`.3<.u.......C.-Ny\|.kY.].N6......W.d?X.oM..o.9...Px%.CeP....%$...A.Pj[....7..#<k.\.a...,5N:1...a.F.C(......i......J..........Cu.-....#5.Qd....Dj...V:..j5k.r1y.Ox..K[ .0.v....<..<j.....}[:......]....`3Nx..].....Gz%..Lf...'.;.ys..%..[l.q......P....6..Uo..U.....WJ..n .d.P.?..{.0..Z..pW"r.L._..D...'..C..Z...Pp\|wB.....a.wA.....(P?...3.$...+..mv.=h.3..\.....U......00..j.......[;.(.Bd5.[.E..3A........TI..2p..ET.O..L.f..(.H..$h..).YL....U.......c..+..L.....9....p....X(.qz.?.##..u.G.\...o..w..<l8.*{.x....M8P..#.$R.:.l1".m:?2...Vx

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1305c910c0a67cde46c623497f55543f11073ad37[1].jpeg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	8360
Entropy (8bit):	7.526038660340304
Encrypted:	false
SSDEEP:	192:iTo39Suu0GeweXkwDVC+rcAjAkkHqSbYBKWoy/9D:iwGi15V5jWSok9D
MD5:	396D3A51520B2A4909BDADFD389DEB05
SHA1:	C7E82C11A8A5657353A1AC24747D2947AB2548C9
SHA-256:	FDAE6BEFD121ED601DC35AC46B10CD9DEAE9A1B774FED0499863F3A802D48F2C
SHA-512:	D18801C9D405CDDCD5AB8C36A364C69007A70346B7F60D698123DDEC777374AD440CDF6F7A078358663C79C03B4F6888F348250A4CA566E4B610787BCB3BC0BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/create/media_1305c910c0a67cde46c623497f55543f11073ad37.jpeg?width=2000&format=webply&optimize=medium
Preview:	RIFF. ..WEBPVP8 . ...F...*....>u:.J$."!... ...in.wa....r.......~.{.(.m.{.o..d...u...../...O...?...}s............'..?.........."...........8.......+........P...g.d...../......>.Y....?...._y\|..(.....{.;.....8........>y.g.....G...t......<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x....<x......7...<x....<x....<x....<x..b.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_13c3fd217f966dd5d96a90ef8f11a8cf44f63ac97[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	15508
Entropy (8bit):	7.987829198986237
Encrypted:	false
SSDEEP:	384:szdutUliGU/PpXBOkAcZInE0Gl35LhBEo5jnz5w:szduxGaNllI5GlZEMw
MD5:	945BDFD0A258F85C77410E0702E821ED
SHA1:	B2CF90C3F3733AF03CDA97255A526C932E0CF8EA
SHA-256:	63BD50DB6AAE3FAF4F4C4776E715A60AFA91C6B07598F363D137B0BB80AF4ED1
SHA-512:	A50BB53EF96E0B4A84B2936D8AC01B0D0A47711E15EAB6DD9C66BA7A8F1927A21DA17070F73E79CBE97740A8F844F97454C2B6EBECC9C8F210FBE3D8735E5F1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_13c3fd217f966dd5d96a90ef8f11a8cf44f63ac97.png?width=2000&format=webply&optimize=medium
Preview:	RIFF.<..WEBPVP8 .<.........k.>u2.G...!..h...in.K.4..X.....h..?(.y=U....s.......g{.....o.'.........W.... .S.....~._..;.'...g.......i...z.z..?....,}(...'.....?....^...+.......?........_.g..................s./.?..5...U....././..._....w................C.X..=.............,.D.w...@.}.z...~...Z..1....(...S..J..^....f&6?:.........M[.7...........l..!.=....&.....x......=p\.\......mV$&...:.2.$.....q...=...fn\..q%i..0a.. tH..........9U.3q.p..dT........^.e/'...`.....T}..[S...N.v...I...P.2..j.......?Y.;R>.f..[.H...5...~.h,[L\|.m...]...w0..53.f..c.:..o..~...s...%.......(..j,.L1.X!...{O$..g..s.4...$..G..m.......kZQ<...m....vc".......#6...]!...u!.F%.%-.5G.V.[......d.>..]52..A.WZ.Q..l.i.=g..k...'pk`...D.c..o.>..p.K.].;e....l._i}.Zo..}.....f....L.0.........q...C..[.^.].,m1.?.v.=x..<.Kr2......"...6z..=.a.Ti.ykhJ.Y..P..b.'.....l..H.......DJ.%.i.}.`..b.u... ..4)........@nfm.,e.. ...Z.>..+...`..:\} q.9.".9.q#..+&...osk.G.....H.......7(T.{..k...B!..>S..].t.3..1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1414f90572f278eae7d49cf2222e9b7d0063180cd[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	163720
Entropy (8bit):	7.996030509972782
Encrypted:	true
SSDEEP:	3072:O2cX7qLlCqRjSEndmznnYp5b4Ccrh1rtC8h3bPd+CXCW89G9FjIQhYLXiA:aX7qcwO+5p54CSg8hLV+CXCW80jhYLi
MD5:	EDAA2A9ED6F0E23E3B71CB7701C2E78B
SHA1:	D65DA2381BAD1A8B47C4AFB1066EE4927975FAF9
SHA-256:	C8C04B70DB7DD948D0A9B50E0FB4F14B496DC49A9BBDC3530C4B7163A15FC819
SHA-512:	DB36BF783F20F12EEB75496E31B12E9790A516569A9426FB9E236AF844C6B6049E99C550D37E29A82B55219A8A25AFD1FD1EFC6D18316945F99D1035BA200295
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/media_1414f90572f278eae7d49cf2222e9b7d0063180cd.png?width=2000&format=webply&optimize=medium
Preview:	RIFF....WEBPVP8X..............ALPH.S....X...mj...&\|......<.".?.#R........5.....\|.#..R..J...J.M..I "..].........4...."..}.:..PD'1Q.Py..O.7^.t..0.............$e\..$.:P.M,.j.t..Z.T.ng=(..p.R.G0.`.Lf..#....m.HR.]..........R..Tq^.&'g..4=c.N.,...i.U.....YMP..M..Q.$9n$!..o.4..$.P@.!v#&..d[m.'Dy..r.]....y..M.d....&/f^..._.....9.>..TM...-.A..l.ms...%.s.:....b.....d..~3..1..ql.}...=W.o..m{.[3kf.Aw.R?~".Y......DD.,.v.FA........h..84u`..A.+..4..a......./..q...rp..+.`..Xd.....G.a....sv0yV.\Q.r..B.....'.<)l~..\...O..... ........4..........{..^.]0~s..a.LN%.....7N..h..........u.!...x.F?..jZ.fE...q.......V..J..g-sz8).."@.?...;=..Sr....8..wN.{...X...G.....Y...N!'.>cy.......k-s6>.x..x<..VV..W\..pP....!.(..8.a>\.Q.../...A(Y......q.......]..!...n..B...%.B3....f.'u.AS.....m..k.t...o.........\...R].sj5\.'.[b.....V..y......Y....c.+..9..`....E...Y...D- kX....0=.......9..U.U. ....m...N...z...F;.I.j...C1/.#.7e...K.>J.i..%...0Y...v...[.N....P@....M......5l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1483169d9ed54a159cea2c7282c24b5a771f38d79[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	2242
Entropy (8bit):	7.920444820691394
Encrypted:	false
SSDEEP:	48:Zl4pbhSryHSyO7bm4lD4ie08M/QFNziIGDrFcdfCLBYR6nv9ma5646FBrCXM+Yd:ZdOHSfA08M/QFoqQBBN5NOrCcfd
MD5:	AB3914AB8CC9118860B2A2A38D774267
SHA1:	21198A04EBF7F9654D1D616B5B39510BF0F76450
SHA-256:	A463BDB1DDD7E2EC5B27A8B6FB032D3CC952F470ABFC252B42A4E472D6052BCD
SHA-512:	053E303501B11C4B0EBFED0AF0114FDA9CEABCB0DCCDD6D8045D612CB9AC6A5F364A23FD8BBEAD2033F53ED18901161B7CE0605E4B54A4CA4316BFB37018158A
Malicious:	false
Reputation:	low
Preview:	RIFF.(..WEBPVP8 ~(..p......k.>u:.I$."$$2.....gn..RL.0..3....s..u.17.....5zG........=3....=H<.e..d.L.......o...v...tQ...z.{s.....>....o....^..u.....7.?..xO......#...w..jF..1.z..V....:.=/.b.B.....N>..fJ.i...I.........CV.y.i5M.}_ 2..#!r.;..1<...PZr$.e0..z..{.@.....MAt.....w..\.^....L.vk....IW@>V..B..C.qv..+.vD3.......A.....D..r.O.R?.H.e8.G.O..Q 31.y.3H....{....$6..B..k.n^....q../.&....l.Z..i...^U......{]zB...;....(.....M./....v+......R.Z...n'.1-...:l.V...q0}...U.d...gD.<.d0.......B.....}.\|m.........!..f....e,....}.}..5.....6.~.fL.-.AO...h...O.".1c......;4....m..!r.p.XvI.m..q.#..S...C.TYo-@.Q..v..Q.{......?>P....V......:....M....L..R.\......p.U.Y:...x..6.u.~n3.v......4......$(..;N..n.....6..-..+Jf..B../.#..C.....+cz.....z.".(S..G.[.0oS..o....dg......~p...F[.p..e.,\..].e..8q@rK..].P?..o....`.~.R{.w.j..(....U]..&..Vs........[[.s..z.p.q.m.~..wb.bkT...5........g....j4......H..EeG+ .G4.....v].E.].)!.HCw.....p....7......K.....]..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1634648ec8e96f938b7af9d04f6b33dd47639079d[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	13372
Entropy (8bit):	7.984703496501977
Encrypted:	false
SSDEEP:	192:0WVz7LnL/Ni3zkmU0iFEVOztyQdGMpXtu1zfC+rI24IYk96JZBtUjWlI:tVzvZi3wMmEVGdGY9DEb4IMTU5
MD5:	0BFC76C835AC811DC2DA141D6B5A29A2
SHA1:	CFDD383500A5A16B55D0277CA018D787ECB0C3E6
SHA-256:	88FA63967AB0D4E7C9EDB61E5BAE0251F0B54CAA9BEDFAD1012358D3D705A577
SHA-512:	56EC87F78A92CACFB745DD6471F9441059BD6A0250EDE511B6E5409732E214E2F0F81A791A52FA505CBFAA9E9C0A2F9EAF9E0157B47635200B277A584A0A6444
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1634648ec8e96f938b7af9d04f6b33dd47639079d.png?width=2000&format=webply&optimize=medium
Preview:	RIFF44..WEBPVP8 (4.........k.>u4.G.."!%.L`...cn.p.@..\....}.~.%%....d........O......A...z......w.....g....L.R.............-=.?..qt.._...;....e./..A{o...s.O.._.7......y.C./._."}..............j.......}.:W.....=..M.7.......~..C..._\..}....$.....C./...?s.../....._...?.~Y...Q...O.?..?.............mo...?r.....L....b..t..#.?M...Ub..s.A.....b2....W.z.8K>8...&. .4....w#.1...~.f\|/jI`d~Tv.=+<.[s..A.DMW..`i..C.7.H..%.Y.&.....S..X...........Ls=/...q..W..D....,l.6..W...Z.m.....F..9.....i8...(pT..X..l[.c.K..L0.ZWRc....`........P.^..}.D...W....>....k0.....%h..["l.r.JZ....)..{...;.......3...-.d...!.L4.\|C...c.........kF.+.....@<r_G..&.W...J8.3.PM..,...o.m.Qu.....=..<.]..}}..H.H......).'...lV..P.......'z.z...%.A'_.j1.....P..7k!...p.F.R..eh<......F.E....,..f_.=..'pv..&....~..&.[."7.cO..g$h...t.......fr(NE..Z...O.L.2.T.....j.K.).0.L.g.#...q.q.\|.X..(k..=.l....'.......4...5..D..&\|.'z.c.W....!.....I.S..2..V..<....2...3.R..\|...H.h.".4R...BmAm....[._.Tt....$z...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1707de0129dfc8f4ddadb55149ab2dfd705e786b2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	9086
Entropy (8bit):	7.979107058438218
Encrypted:	false
SSDEEP:	192:ro5qJbhyval4dyRHzCucw8FtcwsKVZKfXXSLmkOaWtjr5DB1Hm:rYqJ1yvq4dyRHzCfw8DgsmkOaI5DrG
MD5:	81485C1DC373C58B7D6B7E09DEB1B1E1
SHA1:	72B68330FE262ED781B97B26746BB41C96F28179
SHA-256:	F9FC8250106A68777FF81B1EE71BF189AB67E68CB192275998D728CF79BB1C09
SHA-512:	3D0F19A7A83B8D66465519B9C68C2DD83C9F5502C44B99D691BEB702BCBB85BE771826867085F37B18BC1A22FBD79EE50EF36293B4111E0573DF2F3B99E82275
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1707de0129dfc8f4ddadb55149ab2dfd705e786b2.png?width=2000&format=webply&optimize=medium
Preview:	RIFFv#..WEBPVP8 j#.........k.>u6.H....$......gn.q...s...=..>n......U....+.w......3...o.\..=.......?......2..?...}5._..A}....?N.M.O2.@<......o.>.....Ng.._Q?..O. .9.....(?n..,.y.p...K..z(.........W....v....#$.>5o."s..)?iY.L.[.......;.c{....\..R:..>..wf.U..g........M..6......-.8{I.}9....=ws 1.C..nf.AS...gw..t?.....V.iW...jF...........".}.;.Y.X..x0.....N..}..I....h.3.4..=....2-1.V.r..r..`.....%<p.".....w.R_.79.v.'....W"2....D....jY.v.\|.au..x(.bI.22....=...;.t}......0.,..t+...{.K..M..)r....1bR.T.....8(;...........\|\..Z.....K...k:...+hJSl..{.S.2a../.~n..i+...$..AY.JfU..--..Js..G.....j.......z.5...Izs.t..8JP....Q?.A.%?6...$..d.....M..Y^......F......./Q:..m..<..'.....c.......A..&...."P.W."!x.70.m...3f.)............n6..d.......O...2.j....E....7.l.f......!...nDSf..9..$.7.2&.d8....z........pa..,.U`2.....1...p..(.oB.O.a.S...LX'.@...v..6.!.1kjnrO:....<^....'.ru.E..s8......k...#3......C&..S.....cT....TN.kv".8....-.*,z..I..../...A.'...}(....n..(...7W.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1968c8f3dd906c601b557aba0c66fbd643d723203[1].jpeg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	17150
Entropy (8bit):	7.93284549179349
Encrypted:	false
SSDEEP:	384:51VbjiuxiUz/LEVJjcOuz3Dt1HVCPlmgns+pBXq2tuIH:5/XiuAUzQVJYrATvlxo
MD5:	7A99B7376FE309D54DC66185237972B9
SHA1:	CB177E7D6C4D6A119BC26B63F96D8E53F4609C34
SHA-256:	A32F2694077C7D096973976BE64772B7FAE9DD6A4CB4EE4A9CC92A26142E118B
SHA-512:	A00B50A1B7B55779514076B3690BE9B823A1A802CFBE9AD297B44002DF2445CBAB78FD68DF3BDDAF194288DCE0B600C62E80010016B6D6797ADD35C32AD5D96B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/create/media_1968c8f3dd906c601b557aba0c66fbd643d723203.jpeg?width=2000&format=webply&optimize=medium
Preview:	RIFF.B..WEBPVP8 .B..p....*....>u:.J$....qh....in.N.?+B5,<....y...`..+..t.................W.......}..`....yx{H.\|...w.i..?.?.=.............................y....Q..............a.M.......o....S.....W...w.{..2.......W.?.....~S.....?......?.....{...........P.v/3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3.._;.%..0...a3d...~...6..#K..O.!y.C...T...}..ng.u~.\d2.8K2C...7..3...`.v/3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>..3...s>...]...G.p.@-.._..k.....G...lB+..Q...id..(.?..3.6b...}..ng...}..ng...}..nJy..gs..0..;.j.\|.... .}...X.+......s..E.8i.qm../3...s>..3...s>..3....uj.M-5...l....).d$HJ&...q...P...na.lT..L....s>..3...s>..3...s>....-.8.6l..j, .....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1a3a5d0b4d3b4cdafd28d6e4e2582aa89694802d1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	4558
Entropy (8bit):	7.958882710309189
Encrypted:	false
SSDEEP:	96:TlffEfmVIHeCGEiM71+w0aiQMH+8o7sBW1mJuF3xZN0ICzBjm11p9N4F:lfYmVcutM7Qw0zx+8oYspJN0IC01b4F
MD5:	052165C682929705609F7693A800066F
SHA1:	A29DA6BBCA865268645015C4669E6003197578AD
SHA-256:	DDCFB48F42BE1B0425CEF45361A5FD64F967484CD7925078A109B8522CA27644
SHA-512:	C1156D247C7AC6C512E92A91C0E322AAB2FF1F28A0AE6D93943678111CAF2E462AD45E93575439B36B2B749ABE5D30B41BAAB618E70A72ACB93B2840DA71D036
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/media_1a3a5d0b4d3b4cdafd28d6e4e2582aa89694802d1.png?width=2000&format=webply&optimize=medium
Preview:	RIFF....WEBPVP8 ....0a.......>.>.I%.".(Rm`...in.K....g]_...R..........O...M.....r?K......N............k.....?.x.j..`......~..m....>.?......j.z........m.MS.v..6.&3c."..O8=BS..RA.....Po\|.u.X.<.WAF;\..A.T.....7.o.L.....s..c....,...4....P....t....QK.6..9..>...'.......5.b..."_..&\W...R@..?+....O_U.1,...Z....`.\|lA.[..B....c..a..Z..."R.6.......L....D.l..`.n.a.7..W[^O....2...u...L?Q..Nx.V.@...8X'.........@.N.L..... t.y.....~..;...DZ0V.........['.....;..QS..[w.)..<.m.)............E.z.O...>.V..."L......}..r@Y.9...a..o.x...'.!.6T....-ro.....)~...h...,b5..+;......F.........]...D.}.........6Wqj:.t..pe...8....zfB..z.U..9znLu..[..r4..e..D....a.......M..9.WY\|tG..s.,<.~Y#...e..iM..k...3..K@.`;.0xf..#...QB...G....-K..&.AZ...b.W.C.n%..sB.sj}Zu....6.&..;^X...Xv......V..&..;P.......Z....B.......0......K..................T.g..u}.....\5<.uz8.Y5...+.Jo........LD._.e....E)zp.[..r...x,F..I...._...{;.........{...?..7...V\|C=x.*8...{`..r.k....g.9..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1add7401488fed12c28150125da85e141e2081d96[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	7262
Entropy (8bit):	7.972800657105986
Encrypted:	false
SSDEEP:	96:gZZJ9S+eUWHuU0Rqk9q4+zzMFIxKWOGjj2v7n+AaCVP4CrbrmzY4fO5NALOTHxYY:gZZJxWZ0RDq4+zzRxk2jcj5axeaEazQ
MD5:	13AB0F1839F68C406E8F6F9CF3C359B0
SHA1:	0931E45F5C57946B5948A750E4F50229E3C3DF70
SHA-256:	8FDAA9139DFC94373125757FF37216A14866FDE9F86AC4C4491CE5F50240E663
SHA-512:	E412AD3AFC5EDE4EEBAB8FE0A2C9AAD0F57EFB190EDE428D289E5ED2A02393C2506C8C94654DD9FA265DEE5D60E472886E0FFCFD6F080F24E279BCD220F67A24
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1add7401488fed12c28150125da85e141e2081d96.png?width=2000&format=webply&optimize=medium
Preview:	RIFFV...WEBPVP8 J...pr...*..k.>u4.I$..!#P.x...in.r..>r........g.o...~y.9......?{;d..K>q..._.<..{...?........O..C.q'...}w..x..?............~.?..Q.g.g...O..y...g....O.?....+.........W.......?..m.........7.o..r...8.X.9c....8.X.9b..........:...B..2.T...U#U..<.^..)_.I.K~q.RR..'h..........h.#.6\|.f .]IQ_..lpRFL...N._........8.X.9X...=..e......j.......y...d.%.b....._..G..C..v6R.q..}...`...........G.=6<.."..`.H.&..CX..0.Bw1....#......\|..?..L$..p.8.Kv..l.KN...x..v..]..nK..........,.{u....=.[...e[..^.........._......J..Y...v\@v...=R..e..PhJ-.u.....V.+i..k.....Yb#.....{b.u@...^X1.....C.'...[.y.p......e"..Y........@......\%0.+ 2...f....{..YY...`7.......o+P.j.E\|w.`.$...~.......t....... ..b..1.S......x.z.....T."....G......%...L..y[[....M(.Bl.._..af:j.8a.>.<_...C.N....&...,t.6.8Yc&.UF#.6....^.(..p,e.!...@..d....8....s.8..N32../............9@9Sq.b.{7...).r<.Za..?.?.u..q.\|.o..O..x..[w.....q...Y.T........"z.V..[Z`...p..#...Fy.7.....n......qE.<.cPh...P.[@..7.%.3b..\..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1b789978976aaa068321eb8d193edca9c6d7df091[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	dropped
Size (bytes):	2844
Entropy (8bit):	7.923336880227515
Encrypted:	false
SSDEEP:	48:MWPHmcNAdt+aIlx6GJEjmJY+U0UT/9qBpZIPxIOnobGBC3nAU9VKv7gyLz8G1iCN:MWucKzYHmjD+vUj9qBKCclBC3AU9VKv/
MD5:	16DACB9E9D71C1891E6888B4F11873C1
SHA1:	0A959BE87E42F20DA06A2553C4CB8221B3F4C653
SHA-256:	591403C61C33389820A8EF641520F1C1D24668F745588574B187517E70222BFE
SHA-512:	C9413BE7F0549723ABEC6BACEEC1EA72853614B3A7AAA07980DBFD6228C1EEB7FBBEC264A2D3AD0582192DB67DDC4F34CB72FE57430C522F9ECBB043A5EB91D2
Malicious:	false
Reputation:	low
Preview:	RIFF....WEBPVP8 ....0o.....k.>u8.I$."!#4J(...gn.r...B&4;.......?......}.<..n...k.i..ugz7.....\|@z..^.....l.....'.O.~................/d.....;...3..._.....).....w.......}w.w.o...........G....O...0=.}Y...W.O.....op..?...\|1........`.etH/..h.],..x.z.z..n.B.... .RSs...xY..i.v$...k..\|ye.E{.)I.Y...w.s..P.(...6o.60...U.V._b?P.S...O]2bZ!.m~. 0.....6....F.Pf.Y'..v..XV8..>.A.\|.^....k.c.jt.Y..5f&DZT.?.i{........)do....N..Qh.Jw.[...k.....EQ..:Hm#..N...(...Z.+.t1_...B.,%.......xg&JsU..-....7X.7..6....X ._..5.k<......T..,d...)C...jf+...Z.[q..I4).q}.....M)..tK#.V[.:7P.Arfw...b%.~#.iZ7.[.S..,...UA_/...'.XW......]V.c...-.=.dcb..Iy..!....O.=F;.....l7Y..`B...{[/..Z...........w..{z..m&.....]^.}).:.J3...D.(.:V+...3....y....a...H....C.Mo.^....&G..<f...Fe....S.B....B..yX.0...>.....p.;Wb8p.!......`...?..G..~RF.SK.%.).e......6..H.R.o.N.>...nRe!O[\|..#n.,`..Oc...P.n..DnV.!O.P{......,6.........d.W..E...Cf.x...B....`k y...........j-....j-.~~......_...]...oMo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1d9fdd5a9f0a44850f1d4382b18c262e10e037bb8[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	8596
Entropy (8bit):	7.97469152074191
Encrypted:	false
SSDEEP:	192:tINgmnhdNKQTKRCAgIv1Wrf/ybCnTFeKc3Y05XiwAiQWccxZN:UgmpKzRhgIv1WrnygTQKc3Y08wHQlc7N
MD5:	D88D227EB4294347E04D4795538EEE7B
SHA1:	4086720333814A7EDDBB2E9BB44806E043EF61C7
SHA-256:	8124F3C0082F65A439C5C2E0D3C668F2A18C4C776CCEEBC3B614676975B6B3F4
SHA-512:	AC62136BC0B92F1644D7043935151998D92E3B242D5F49F98E9A03E24550178A16383327CC5642778C39DE6A1D1276DF16C8F377C93B623F2834DE5DC9B3D0D0
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1d9fdd5a9f0a44850f1d4382b18c262e10e037bb8.png?width=2000&format=webply&optimize=medium
Preview:	RIFF.!..WEBPVP8 .!.........k.>u8.H..""$t:...cn.k..E.^l...._...U...a........{.....z......w........Y..........u.;...?..._..d.._...?]?.{Q.....o.........K......W.O....G......>a....^d}....;...o.....~..........=.z.....+(.AL..C...z...aq....`.........QISf..e.p...Z.......].d.......y.F....8....k.'..TU........D....l&I..4..[O....}.5.M.-...3`.1)...%...n0.P\N.I'...+_.5<7!..[.Sn-.Lt.DQ35.A...........O.N_....=.+[..?.....~mYA&....r..../.(...q....;....H....X0.YC...G-..@CS.^....0..=?i.\...E4..i@...G4.`.6...t^..WU...FYB.N.....7....R~...G}{..T...T.<....K.X.o.../.......<V........5...KB..GJ?.I..E.O.h...i...$..0.H%U).]l....S...V?$`"..o?.G.E...p......+.cS&.jufM.p.kq.E...s..E..{....N"....^....<0..._..~@1...j..4..Q...7...]vp.K..)E...no...Wo.5.....{.X6...5w.......i....-tQ...y>VQ.$.F4.Hp..0..{t.^.....{n;.VONh.W7.8.EO.o...&...,..8....~...T.WJ-..E.Vak..AZ.5FP>wB.j.\b.((..8...ja.g7Kh-.r.X........o.^....npa0.$.x..V.!......\|..S..Da....8..=...?az..R.sc&.j....`m..6.R(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\media_1e440d4fb87a5de1b4b6ff51b1ae37a2f63c40817[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	6918
Entropy (8bit):	7.965893688722397
Encrypted:	false
SSDEEP:	192:e3kbQR0EMN6e1kZc9USUPzFQ9rR5OIMElmLoJvD:SSQfMN62SU1UEjOIMEU4vD
MD5:	D7DC11770DECBFB1E45B3EC05827E4C3
SHA1:	26D620C35237CB9FC1A8673DB04CEC7A233FECC5
SHA-256:	2099419132AE52EA9AC501D2AFA724D23040657132D71B41859DE5F159A333D3
SHA-512:	B6048EE14D79432043EB4A42DD354F5C597E7C7DC9A8186BEC6F896356DB83EDDC59C346A519DCF6BA9675F8B01AA95AC5C1379AD9FCE3072E77871F7283B079
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/discover/templates/media_1e440d4fb87a5de1b4b6ff51b1ae37a2f63c40817.png?width=2000&format=webply&optimize=medium
Preview:	RIFF....WEBPVP8 ....0t.....k.>u8.I$."!#.Jh...in.q1.....l...&...U..n...G....3..._._...........=.?(.........;x.........}+......L.................?..o.v.....?.....K.....W..._..$?....h.s._./......x.......q....F;..i.._....W8.{.g?..b+..uup.....b.....c....$..w......./....eD.7..$.x`yA..i....K.-.3.t..D..k..(.3~...;..;Br.S.......>....&#F.EW0(.h.K1sN..5.....!~@.....4....2].y..:..`.....^.D.......4.0...K.0..N84..w....Nh.5..d.qL..r...o{...*...#F#Y.Fi.DY.@o..........u.-QYq..n...}.q......t.J.'Z8l...?`Q........D..^..I....(V.u.-V...\|..jvH.+i....._...V...bm.....~..Y.57........Q.........<..7....$... ..3..Q.+.}n..k.R.3..]..p.TzN.!..y6.g...d......L.......Y.+..Z'ElrA:4F..l}.\..>........j.a.u...#7............(+.5d.#..$...;K....3.rq.....K.2.U.f.%e@3.......0......Pa..k.$..-...$.qF3.m..b3=.8...x...$....t[x/r...G.b..0.]..L.w.... .{09.k..'.........X >3..Tb...G............"....#.d..$...+"2c...7W7..[.b+..us~...... .uu..WL6.........A.....H8.\.........T.......k...<B...\|.N.~p\|W.2......t.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\onz5gap[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	36468
Entropy (8bit):	5.586204667535263
Encrypted:	false
SSDEEP:	768:8V6q1iRm2XwMqsbbt62V6q1iRm2XwMqsbbt6J:8Vr8nXbbw2Vr8nXbbwJ
MD5:	546BD6F5BC4B14318DDD1EB561F90FA3
SHA1:	D90C0793A61A21E4DD66CF337B35B32BE41B5254
SHA-256:	DF1D360439C0E09BB95392AB29B2377470CB761CAC5337D1420B8A7539D7EA18
SHA-512:	26BEF5311550F0DB1DF92FB2DC718D58185125B6EA29348BAFF771A7FE18D99BADC40086CD3F25F6B9B8C05AE96F714D87EDE1F8D7A124FB6427BC89B5C1511D
Malicious:	false
Reputation:	low
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/00000000000000003b9b3f85. * - http://typekit.com/eulas/00000000000000003b9b3f88. * - http://typekit.com/eulas/00000000000000003b9b3f83. * - http://typekit.com/eulas/00000000000000003b9b3f8a. * proxima-nova:. * - http://typekit.com/eulas/00000000000000003b9b3068. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1655249","c":[".tk-proxima-nova","\"proxima-nova\",sans-serif",".tk-adobe-clean","\"adobe-clean\",sans-serif"],"fi":[139,7180,7182,7184,7185],"fc":[{"id":139,"family":"proxima-nova","src":"https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/{format}{?primer,subset_id,fvd,v}","descript

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\onz5gap[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	18234
Entropy (8bit):	5.586204667535263
Encrypted:	false
SSDEEP:	384:x2V02tpIgIPs51iRm2lIew42noFeFsP9btiCtpIaCR:8V6q1iRm2XwMqsbbt6J
MD5:	DAF93A792133E2F3BB29B04E819231C5
SHA1:	5597BCE352A8B04E573CCECA126EB4912C626A9E
SHA-256:	1B586E639CBD3E2276EB3A1DE829E913806653FE43D5C19A7ACA128A43DC69F1
SHA-512:	9B409DDCCD60E505C008B88D55052723F2A25B62ABA596A1BB9FEAC1230DD037DB551F7A5928A6ACC5E158219B441E7B9428159885D6638497B2B5F9B2D42F9B
Malicious:	false
Reputation:	low
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/00000000000000003b9b3f85. * - http://typekit.com/eulas/00000000000000003b9b3f88. * - http://typekit.com/eulas/00000000000000003b9b3f83. * - http://typekit.com/eulas/00000000000000003b9b3f8a. * proxima-nova:. * - http://typekit.com/eulas/00000000000000003b9b3068. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1655249","c":[".tk-proxima-nova","\"proxima-nova\",sans-serif",".tk-adobe-clean","\"adobe-clean\",sans-serif"],"fi":[139,7180,7182,7184,7185],"fc":[{"id":139,"family":"proxima-nova","src":"https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/{format}{?primer,subset_id,fvd,v}","descript

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otBannerSdk[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	349017
Entropy (8bit):	5.31760027140353
Encrypted:	false
SSDEEP:	3072:z9i74sroLe3xdPsKiaDj2HKzd5oYEJFsEv8D66:ql3xdPsKiaOHKzd5bEJFpv8O6
MD5:	09842127B6FE7CD7FED7BE501A5E0EE8
SHA1:	41A188777AC1C69C98DD0E11F6C30C2F21E02510
SHA-256:	6A13B93C05AF6EC6255B737032AA3F5D1F4823ED2D57D12C0735BD2C4ADC8EFC
SHA-512:	C4B869C46015D0D85AA5CA5202836D08F7B82DD063D836066407755D02B8E985538B294CCD473370B2969BE2A750AC90CAE49507DE1B6C7CF893B722B26F4F36
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Preview:	/** . * onetrust-banner-sdk. * v6.9.0. * by OneTrust LLC. * Copyright 2020 . */.!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}\|\|function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var s=function(){return(s=Object.assign\|\|function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var s in t=arguments[o])Object.prototype.hasOwnProperty.call(t,s)&&(e[s]=t[s]);return e}).apply(this,arguments)};function a(r,i,l,a){return new(l=l\|\|Promise)(function(e,t){function o(e){try{s(a.next(e))}catch(e){t(e)}}function n(e){try{s(a.throw(e))}catch(e){t(e)}}function s(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}s((a=a.apply(r,i\|\|[])).next())})}function d(o,n){var s,r,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){retur

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\p[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=rbi5aua&ht=tk&h=spark.adobe.com&f=171.172.173.174.175.176.5474.5475.146&a=1655249&js=1.20.0&app=typekit&e=js&_=1620883947652
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\p[2].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=rbi5aua&ht=tk&h=spark.adobe.com&f=171.172.173.174.175.176.5474.5475.146&a=1655249&js=1.20.0&app=typekit&e=js&_=1620883949463
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\p[3].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	2.9302005337813077
Encrypted:	false
SSDEEP:	3:CUHaaatrllH5:aB
MD5:	81144D75B3E69E9AA2FA3E9D83A64D03
SHA1:	F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
SHA-256:	9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
SHA-512:	2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
Malicious:	false
Reputation:	low
IE Cache URL:	https://p.typekit.net/p.gif?s=1&k=vtg4qoo&ht=tk&h=spark.adobe.com&f=7180.7182.7184.22474.10294.10296.10302&a=1655249&js=1.20.0&app=typekit&e=js&_=1620883976302
Preview:	GIF89a.............,..............;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\poweredBy_ot_logo[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2998
Entropy (8bit):	4.189711652602748
Encrypted:	false
SSDEEP:	48:B82lNUshFh5tRJHnZgG78YqA9vUrpvMpfapJa4PE1vMtwD3wAjFH8mS6GphIw7pt:flNUsh75tRJHVhB9sWpypJbE10uD31Bg
MD5:	2E9B9AC8BE368C1EFCC51965C74BE43B
SHA1:	DDE87F63ECBAEB97C5708CED6FFD0E7DE5A806C0
SHA-256:	49B9B4996D1FF0A8E3DE643A0C623255BF631F298F2799B949C29DE93926EE7A
SHA-512:	FFC56944E751D82233F3ED504EB42A44544CB4E58969E8AC3ABD76D96C0607282FEE0E52F13AED8902B05330E0C82E74BA8592FF2BDCBF0188BE8898EFB2C741
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
Preview:	<svg width="136" height="16" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path d="M79.039 7.346c0 1.784-.449 3.186-1.346 4.206-.897 1.021-2.152 1.532-3.767 1.532-1.641 0-2.905-.505-3.791-1.513-.887-1.008-1.335-2.422-1.346-4.24 0-1.815.449-3.221 1.346-4.22.897-1 2.165-1.498 3.805-1.496 1.6 0 2.85.507 3.748 1.523.899 1.015 1.35 2.418 1.351 4.208zm-8.88 0c0 1.51.32 2.654.963 3.434.642.78 1.577 1.17 2.804 1.168 1.234 0 2.166-.388 2.796-1.165.63-.777.945-1.923.947-3.437 0-1.498-.314-2.634-.942-3.41-.627-.774-1.557-1.163-2.787-1.164-1.235 0-2.173.39-2.815 1.17-.642.78-.964 1.915-.964 3.404h-.002zm16.891 5.587V7.535c0-.68-.155-1.188-.466-1.523-.31-.336-.795-.504-1.455-.504-.874 0-1.514.236-1.922.708-.407.472-.61 1.251-.61 2.339v4.378h-1.265V4.575h1.028l.204 1.143h.062a2.583 2.583 0 011.076-.955 3.541 3.541 0 011.564-.339c1.006 0 1.763.242 2.271.727.508.484.762 1.26.762 2.327v5.455H87.05zm7.392.151c-1.234 0-2.208-.376-2.922-1.128-.714-.752-1.073-1.796-1.077-3.132 0-1.346.332-2.415.996-3.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pps7abe[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	5912
Entropy (8bit):	5.2044956005117
Encrypted:	false
SSDEEP:	96:pbzQ2hl0RMFRioMWznrvMmMoZS6MaJ6QMbxkbMy9cRMxRqkM8c:pjl0RMFRioMWznrvMmMoZS6MaJ6QMbx9
MD5:	6FEB771900764877F9ED7FCCCC9428B5
SHA1:	31693DA6584BC9FAB601AFC35550AEEE6A8210C1
SHA-256:	3AC4CEB0885F766CF6E170BA7191315EA1C54287BF0947095E85D1B090A1BC35
SHA-512:	890E633998C812A19B63947F922815E14632328A9522AEBF5AFDA87D947684130C643EA48BF21124564F4DC17936DDC0F9F3907BA61594D197A797E5160B145E
Malicious:	false
Reputation:	low
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/00000000000000003b9b3f85. * - http://typekit.com/eulas/00000000000000003b9b3f86. * - http://typekit.com/eulas/00000000000000003b9b3f88. * - http://typekit.com/eulas/00000000000000003b9b3f83. * - http://typekit.com/eulas/00000000000000003b9b3f8c. * - http://typekit.com/eulas/00000000000000003b9b3f84. * adobe-clean-serif:. * - http://typekit.com/eulas/00000000000000003b9aee45. * - http://typekit.com/eulas/00000000000000003b9aee47. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. /./{"last_published":"2020-01-31 14:53:09 UTC"}*/..@font-face {.font-family:"adobe-clean";.src:url("https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=388f68b35a7cbf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pps7abe[2].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	5912
Entropy (8bit):	5.2044956005117
Encrypted:	false
SSDEEP:	96:pbzQ2hl0RMFRioMWznrvMmMoZS6MaJ6QMbxkbMy9cRMxRqkM8c:pjl0RMFRioMWznrvMmMoZS6MaJ6QMbx9
MD5:	6FEB771900764877F9ED7FCCCC9428B5
SHA1:	31693DA6584BC9FAB601AFC35550AEEE6A8210C1
SHA-256:	3AC4CEB0885F766CF6E170BA7191315EA1C54287BF0947095E85D1B090A1BC35
SHA-512:	890E633998C812A19B63947F922815E14632328A9522AEBF5AFDA87D947684130C643EA48BF21124564F4DC17936DDC0F9F3907BA61594D197A797E5160B145E
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/pps7abe.css
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/00000000000000003b9b3f85. * - http://typekit.com/eulas/00000000000000003b9b3f86. * - http://typekit.com/eulas/00000000000000003b9b3f88. * - http://typekit.com/eulas/00000000000000003b9b3f83. * - http://typekit.com/eulas/00000000000000003b9b3f8c. * - http://typekit.com/eulas/00000000000000003b9b3f84. * adobe-clean-serif:. * - http://typekit.com/eulas/00000000000000003b9aee45. * - http://typekit.com/eulas/00000000000000003b9aee47. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. /./{"last_published":"2020-01-31 14:53:09 UTC"}*/..@font-face {.font-family:"adobe-clean";.src:url("https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=388f68b35a7cbf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\privacy.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	20223
Entropy (8bit):	5.242286055522869
Encrypted:	false
SSDEEP:	384:G3gDf4hD0kswkP/TUyPydyCASyI2yWyOZyVVIKCXEdTvX6AyEn:G3mfuD0kswkP/TL68pyRFVyKQEl6AyEn
MD5:	7997F297B2476E9156A93EE5433CBB5A
SHA1:	DEA0CD133C2DF4392CD198350F54387425A7EF4D
SHA-256:	86F628996CD60C851A9B4A6A83C2F110D4CEC5C51A08F173844A3192EDD7FAC0
SHA-512:	C30398B9E8CEB2C71AC3338C78AF97653059B856C7BA8253E9E7994363E0BEA593F7D5422728F404429F0D50DB30D2CAFF99596FCB898BDD54FBC5A5A2AE330D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/privacy.min.js
Preview:	/! privacy - v1.0.11 - 11-04-2020, 7:17:44 AM..ADOBE CONFIDENTIAL.==================.Copyright 2020 Adobe Systems Incorporated.All Rights Reserved...NOTICE: All information contained herein is, and remains.the property of Adobe Systems Incorporated and its suppliers,.if any. The intellectual and technical concepts contained.herein are proprietary to Adobe Systems Incorporated and its.suppliers and are protected by trade secret or copyright law..Dissemination of this information or reproduction of this material.is strictly forbidden unless prior written permission is obtained.from Adobe Systems Incorporated../..!function(){var e,t,n,o,i,s;e=function(){var e={};return e.isObject=function(e){return null!==e&&"object"==typeof e},e.isEmptyObject=function(e){var t;if(this.isObject(e))for(t in e)if(e.hasOwnProperty(t))return!1;return!0},e.isFunction=function(e){return"function"==typeof e},e.isArray=function(e){return this.isObject(e)&&e.constructor===Array},e.formatString=function(e,t){if("

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rbi5aua[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	38228
Entropy (8bit):	5.570400661578598
Encrypted:	false
SSDEEP:	768:NQMq1iRm2XwMqsbbt67QMq1iRm2XwMqsbbt6J:K58nXbbwE58nXbbwJ
MD5:	79CF0EB3B870A6E0DD568655551B62E5
SHA1:	2E6FBE79055E66E53A5622E670D9C4635B55734B
SHA-256:	2EE77523E13321664C58FAAE7A37EE0CB0ABC12B223A0E3943E922EADEC18BFB
SHA-512:	D5CFB67B415DCE1DF6DEBF61963160CA0DAEEE520C7D6FD4F8AFB0EA2885F35334A02EDA14C934E1B3E9646F2BD60DD0011E603E9BD95F7B00CD9387DD6CD28B
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/rbi5aua.js
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . proxima-nova:. * - http://typekit.com/eulas/0000000000000000000158d3. * - http://typekit.com/eulas/0000000000000000000158d4. * - http://typekit.com/eulas/000000000000000000017709. * - http://typekit.com/eulas/0000000000000000000158d6. * - http://typekit.com/eulas/0000000000000000000158d7. * - http://typekit.com/eulas/0000000000000000000158d8. * - http://typekit.com/eulas/0000000000000000000158d9. * - http://typekit.com/eulas/00000000000000000001705b. * proxima-nova-condensed:. * - http://typekit.com/eulas/00000000000000000000ffd9. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1655249","c":[".tk-proxima-nova","\"proxima-nova\",sans-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rbi5aua[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	19114
Entropy (8bit):	5.570400661578598
Encrypted:	false
SSDEEP:	384:KefQe2tpIgIPs51iRm2lIew42noFeFsP9btiCtpIaCR:NQMq1iRm2XwMqsbbt6J
MD5:	D464D0A61D4E34F4C431CA31D0F7E6E8
SHA1:	73716727BFD77BA586E907A9FFC33FFC39CA73BF
SHA-256:	29B51B31FAF8A954EC0209189E1A6491AFE94CBE50D1E16679FBA7561AD2BC5C
SHA-512:	9B6FB7EBF94F0B42242A335B72B0C6A43DA7071B6AE9715FF70F96D54A4CA157D16A6F11B7D4C3573053E96DE06DD30791AB655BD55EEB5F3FB68989C3CB8B6D
Malicious:	false
Reputation:	low
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . proxima-nova:. * - http://typekit.com/eulas/0000000000000000000158d3. * - http://typekit.com/eulas/0000000000000000000158d4. * - http://typekit.com/eulas/000000000000000000017709. * - http://typekit.com/eulas/0000000000000000000158d6. * - http://typekit.com/eulas/0000000000000000000158d7. * - http://typekit.com/eulas/0000000000000000000158d8. * - http://typekit.com/eulas/0000000000000000000158d9. * - http://typekit.com/eulas/00000000000000000001705b. * proxima-nova-condensed:. * - http://typekit.com/eulas/00000000000000000000ffd9. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1655249","c":[".tk-proxima-nova","\"proxima-nova\",sans-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\scripts[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text
Category:	dropped
Size (bytes):	36506
Entropy (8bit):	5.029205555305148
Encrypted:	false
SSDEEP:	384:U1qVZSpe137a6wbqWcqS5G399ah4qAUaww3boPOGGuh3f3ntOX4jQt41gvUxUPC4:UMZPjwfu/P0GLB1a4j/b/g
MD5:	E5F73B6BBF9D9D595A96BD6B2796C166
SHA1:	DFCB2DC87755FDD7C3DB7CA23EFC5697A57735FB
SHA-256:	6775C076C387B1E65CE0419958CF2A79B6886FB2B42BA82BDA261D4886725945
SHA-512:	79450647E86DFDE4BF8B723CC133AA7A48DE901BD9A1927DCB2B26383D544789D42F39860106462B8319EA33262D1BF0A3A6034CDD4E85B04B279ABFF99FA7F8
Malicious:	false
Reputation:	low
Preview:	/. Copyright 2021 Adobe. All rights reserved.. * This file is licensed to you under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License. You may obtain a copy. * of the License at http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software distributed under. * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS. * OF ANY KIND, either express or implied. See the License for the specific language. * governing permissions and limitations under the License.. /./ global window, navigator, document, fetch, performance, PerformanceObserver,. FontFace, sessionStorage, Image /./ eslint-disable no-console */..export function toClassName(name) {. return name && typeof name === 'string'. ? name.toLowerCase().replace(/[^0-9a-z]/gi, '-'). : '';.}..export function createTag(name, attrs) {. const el = document.createElement(n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\spark_app_white@2x[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1518
Entropy (8bit):	5.00107238377263
Encrypted:	false
SSDEEP:	24:2dfkATLf3+sZ1enVMeN2zQH9nMZ2x0gWXNdIjNN4iWbJ7oIa6d06+:cfkAvfOsZ1302zUj+Td1b+Iaim
MD5:	A29E0C074D7C5E3F6A54CE20C5FEA0AF
SHA1:	8563F7581C1939067B4AA354E78341BC46BD9E1D
SHA-256:	511C77BD64C8D67BE5FC38F107B5005F32F38386A8142CE13753EDABEDD50B86
SHA-512:	50DAC8A1C88FF4369B3199091AC273A4EC482C9C944A4A93DAAF5885C30B30A96469826BE11AAAA890F5393E08FD9CA809AF9E92A836DAC40CB722C13D1E0AE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://page.adobespark-assets.com/runtime/1.22/images/spark_app_white@2x.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 21.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px".. width="66px" height="64px" viewBox="0 0 66 64" style="enable-background:new 0 0 66 64;" xml:space="preserve">.<style type="text/css">...st0{fill:none;}...st1{fill:#FFFFFF;}.</style>.<path class="st0" d="M14,62C7.4,62,2,56.6,2,50V14C2,7.4,7.4,2,14,2h38c6.6,0,12,5.4,12,12v36c0,6.6-5.4,12-12,12H14z"/>.<path class="st1" d="M52,4c5.5,0,10,4.5,10,10v36c0,5.5-4.5,10-10,10H14C8.5,60,4,55.5,4,50V14C4,8.5,8.5,4,14,4H52 M52,0H14..C6.3,0,0,6.3,0,14v36c0,7.7,6.3,14,14,14h38c7.7,0,14-6.3,14-14V14C66,6.3,59.7,0,52,0L52,0z"/>.<path class="st1" d="M15.1,42.3C14.9,42.2,15,42,15,41.8v-4.2c0-0.1,0-0.3,0.2-0.1c2,1.4,4.1,2,6.4,2c3.2,0,4.5-1.7,4.5-3.6..c0-1.7-0.9-3-3.9-4.8l-1.6-0.8c-4.5-2.5-5.9-5.1-5.9-8.5c0-4.5,3.1-8.1,9-8.1c2.6,0,4.8,0.4,5.9,1c0.2,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\styles[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12401
Entropy (8bit):	4.662952324891605
Encrypted:	false
SSDEEP:	192:wh2WV+m6jCZDitH75vH1V/FAF/1Sr+aGF5OJE9h0TA9ZXn:R5171PFAF95bFQ9cXn
MD5:	C0F349AF62FA2D1E725464B22D31CDCC
SHA1:	645A7814C3FBE9578EBFDEFF1327720E6AA322EF
SHA-256:	32BB5493F1B51E6AE09315DB807602AAE9031356D170780D32D272098424FA74
SHA-512:	B2D2DBCABABAB7233DDB89D029F3DE350D040872B119C447740C1DB862FF5B3DE2BBAFA5D369CB93C88A8CD0CCC440D53CA5EDB31AFB86BF78868989E2622CE0
Malicious:	false
Reputation:	low
Preview:	body {. font-family: 'adobe-clean', 'Adobe Clean', sans-serif;. background-color: #FFF;. color: #232323;. margin: 0;. padding: 0;. display: none;.}..body.appear {. display: block;.}../* gnav placeholder */..header {. box-sizing: border-box;. border-bottom: 1px solid #EAEAEA;. height: 153px;. background-image: url(/express/icons/adobe-spark.png);. background-repeat: no-repeat;. background-size: auto 42px;. background-position: bottom 24px center;. position: relative;. background-color: white;.}..#feds-header {. opacity: 0;.}..#feds-header.appear {. opacity: 1;.}..#header-placeholder {. height: 64px;. position: absolute;. top: 0;. left: 0;. width: 100%;. z-index: 10;. -webkit-font-smoothing: antialiased;. border-bottom: 1px solid #EAEAEA;. transition: opacity 0.1s;. background-color: white;.}..#header-placeholder.disappear {. display: none;.}..#header-placeholder .desktop {. display: none;.}..#header-placeholder .mobile {.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vtg4qoo[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	18975
Entropy (8bit):	5.588875152231931
Encrypted:	false
SSDEEP:	384:bTz4QhLGD8h2tpIgIPs51iRm2lIew42noFeFsP9btiCtpIaCR:vz4QhLA8zq1iRm2XwMqsbbt6J
MD5:	46700293FD68A3707BEAF54E63C4D9A8
SHA1:	5F1130A35AC5C767DF52A13CC14D412B0A1CC0E9
SHA-256:	413B5751660E454D49C8430CBD09054C97E7B0560660B14892FF6048E4CDDE46
SHA-512:	FE06C4159C0968AA5DCB63DEEF234973D8B9F66C54DFCC350FA840072D5DE40F691C05844A5DA4A682F0D2ED2E5FCB90318DCAE981C7A532D2BD9A1FE5887889
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/vtg4qoo.js
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . adobe-clean:. * - http://typekit.com/eulas/000000000000000000017701. * - http://typekit.com/eulas/000000000000000000017703. * - http://typekit.com/eulas/0000000000000000000176ff. * - http://typekit.com/eulas/000000000000000000017706. * brandon-grotesque:. * - http://typekit.com/eulas/0000000000000000000132df. * - http://typekit.com/eulas/0000000000000000000132e3. * - http://typekit.com/eulas/0000000000000000000132e1. . . 2009-2021 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"1655249","c":[".tk-adobe-clean","\"adobe-clean\",sans-serif",".tk-brandon-grotesque","\"brandon-grotesque\",sans-serif"],"fi":[7180,7182,7184,22474,10294,10296,10302],"fc":[{"i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www.adobe.com[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	159428
Entropy (8bit):	4.6347308193607555
Encrypted:	false
SSDEEP:	3072:SnCqrtwZMDtsM9/HO5rDeX0DMCoe4ARa1RP+inpbO0GaAktGWG6s7yZzvqel9Ixn:pP
MD5:	1E81F8AA8F5BC531EEAEB30422387980
SHA1:	ED670A6E3BF4D5812767EB5EF4E48F89BDDF84B4
SHA-256:	BC2CCFBF95B82F864984386AE62612CF8C17AF284B16C2FBF817B2A97CE051A9
SHA-512:	2301C39431BC8DDB79E69A82D76FE116EA0EBEBEDC926E7F28AFAE6E67E6567128CBE61BD7CDD4A1325C9245BB22F7A4E701F82D37551D19E17BB2BD236041AB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/services/feds.res_1.html/en/acom/corporate-mega-menu/legal-localnav/www.adobe.com.html
Preview:	..... . . .. ... ... ... ... ...<div class="gnavTopnav">.<span class="feds-curtainWrapper">. <span class="feds-curtain"></span>.</span>.<header id="feds-topnav" class="feds-navBar-wrapper" daa-lh="gnav\|acom" daa-im="true">. <nav class="feds-navBar">. ..... . . .<script type="application/json" class="feds-component-data" data-component-name="privacy" data-component-category="services">. {. "privacyFilesCDN": "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js". }.</script>... . . .<script type="application/json" class="feds-component-data" data-component-name="jarvis" data-component-category="services">. {. "environment": "prod",. "locale": "en_US",. "scriptPath": "https://client.messaging.adobe.com/latest/AdobeMessagingClient.js",. "stylePath": "https://client.messaging.adobe.com/latest/AdobeMessagingClient.css". }.</script>... . . ... ... ... ... ....<div id="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www.adobe.com[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	159428
Entropy (8bit):	4.6347308193607555
Encrypted:	false
SSDEEP:	3072:SnCqrtwZMDtsM9/HO5rDeX0DMCoe4ARa1RP+inpbO0GaAktGWG6s7yZzvqel9Ixn:pP
MD5:	1E81F8AA8F5BC531EEAEB30422387980
SHA1:	ED670A6E3BF4D5812767EB5EF4E48F89BDDF84B4
SHA-256:	BC2CCFBF95B82F864984386AE62612CF8C17AF284B16C2FBF817B2A97CE051A9
SHA-512:	2301C39431BC8DDB79E69A82D76FE116EA0EBEBEDC926E7F28AFAE6E67E6567128CBE61BD7CDD4A1325C9245BB22F7A4E701F82D37551D19E17BB2BD236041AB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/services/feds.res_1.html/en/acom/corporate-mega-menu/privacy-localnav/www.adobe.com.html
Preview:	..... . . .. ... ... ... ... ...<div class="gnavTopnav">.<span class="feds-curtainWrapper">. <span class="feds-curtain"></span>.</span>.<header id="feds-topnav" class="feds-navBar-wrapper" daa-lh="gnav\|acom" daa-im="true">. <nav class="feds-navBar">. ..... . . .<script type="application/json" class="feds-component-data" data-component-name="privacy" data-component-category="services">. {. "privacyFilesCDN": "https://cdn.cookielaw.org/scripttemplates/otSDKStub.js". }.</script>... . . .<script type="application/json" class="feds-component-data" data-component-name="jarvis" data-component-category="services">. {. "environment": "prod",. "locale": "en_US",. "scriptPath": "https://client.messaging.adobe.com/latest/AdobeMessagingClient.js",. "stylePath": "https://client.messaging.adobe.com/latest/AdobeMessagingClient.css". }.</script>... . . ... ... ... ... ....<div id="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1v2abZdh3xB5f[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	52904
Entropy (8bit):	5.223787648881464
Encrypted:	false
SSDEEP:	768:3n8+27e5FyW7F1FnWO8JARtEeqakKn2cYcl6b:3nT224W7zhWO8JCnf5le
MD5:	81F297E60EE3ACBBF29ABEBA40911A21
SHA1:	B61257DC08D32A5CDDDECEFCE645CAEBF8A11693
SHA-256:	8F02D869AA3E75ADF1E773D09D95C55EEA874C81116281ECA0C38D12D0E0CDA2
SHA-512:	E4A429D46C0260FB4621B8502181B97E1C2C724E45BF90E28CC10E39BACB0E5266917E4E7857F8C560F58EF06C5BB9040117A52198BDC6B9872194F9D21E4150
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1v2abZdh3xB5f[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://spark.adobe.com/page/1v2abZdh3xB5f/
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <title>PROPOSAL INVITATION</title>. <meta content="yes" name="apple-touch-fullscreen" />. <meta content="yes" name="apple-mobile-web-app-capable" />. <meta content="black-translucent" name="apple-mobile-web-app-status-bar-style" />. <meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport" />.. <meta name="robots" content="noindex">.. <meta property="og:title" content="PROPOSAL INVITATION">. <meta property="og:type" content="website">. <meta property="og:image" content="https://spark.adobe.com/page/1v2abZdh3xB5f/embed.jpg?buster=1620832072333">. <meta property="og:image:width" content="1024">. <meta property="og:image:height" content="512">. <meta property="og:site_name" content="Adobe Spark">. <meta property="og:description" content="A story told with Adobe Spark">.. <meta name="twitter:card" content="summary_large_image">. <meta name="twitter:title" conten

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\80rUPX5WG8FDD[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	52901
Entropy (8bit):	5.225312764278971
Encrypted:	false
SSDEEP:	768:Hn8+27e5FyW7F1FnWO8JARtEeqakKnhNb:HnT224W7zhWO8JCnhF
MD5:	190856C7F6E29A9B72B9E018E0F4E9EF
SHA1:	FB3805F57BC6BA1135A8841C2C5CC0F1E30087D5
SHA-256:	BED5FFB4B16AC986F92CB69A29D32140B5F54D7B696F69EE7BD3732B97EFEBF5
SHA-512:	DE7E7AE7298128FF198AF7633CB29B86A05A9DD9E51318E215616830620ACB9C72A0C26F594733C3037360F5F5BD59834BCA45116F3794F7607040A2C89934EC
Malicious:	false
Reputation:	low
IE Cache URL:	https://spark.adobe.com/page/80rUPX5WG8FDD/?page-mode=static
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="utf-8">. <title>PROPOSAL INVITATION</title>. <meta content="yes" name="apple-touch-fullscreen" />. <meta content="yes" name="apple-mobile-web-app-capable" />. <meta content="black-translucent" name="apple-mobile-web-app-status-bar-style" />. <meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport" />.. <meta name="robots" content="noindex">.. <meta property="og:title" content="PROPOSAL INVITATION">. <meta property="og:type" content="website">. <meta property="og:image" content="https://spark.adobe.com/page/80rUPX5WG8FDD/embed.jpg?buster=1620843984009">. <meta property="og:image:width" content="1024">. <meta property="og:image:height" content="512">. <meta property="og:site_name" content="Adobe Spark">. <meta property="og:description" content="A story told with Adobe Spark">.. <meta name="twitter:card" content="summary_large_image">. <meta name="twitter:title" conten

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Privacy-Header-2-1440x340.jpg.img[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1440x430, frames 3
Category:	downloaded
Size (bytes):	87554
Entropy (8bit):	7.97194369897045
Encrypted:	false
SSDEEP:	1536:jTiiUlWRB717xEVxvzDwgBFxks8cVzjNeyjFLdAZBc2:jT6AB/41is8cNRbjtdI1
MD5:	36815147C5BD0A82CF08ADF18C4CE9DB
SHA1:	F5FE3F3312117D43AF628780AD94F7409F51BC51
SHA-256:	FA058BE1A59315346088172661F221BB988B929F4FE9CA7C2C98F49970D0109D
SHA-512:	2DD8E040B9046322F4259ABC673BB1CD980E440FE0D1EE5BFD6FD6FFC14D36F810BB0222E1413ECF65A49C335F894923C365F0E7E6C0BB6DC69A4A3DBF05E406
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/Privacy-Header-2-1440x340.jpg.img.jpg
Preview:	......Exif..II*.................Ducky.......F......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:8005f268-2f6e-41f7-b266-aa21258a942f" xmpMM:DocumentID="xmp.did:1DF2B77A0FFC11E6838996FD381AB7D0" xmpMM:InstanceID="xmp.iid:1DF2B7790FFC11E6838996FD381AB7D0" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3a3c0c1d-b343-4643-ac1e-d229304d8b58" stRef:documentID="adobe:docid:photoshop:c44cf741-5865-1179-9b5f-a5ee13961278"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Privacy-Image-1-1440x340.jpg.img[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 445x300, frames 3
Category:	downloaded
Size (bytes):	39763
Entropy (8bit):	7.739200940948953
Encrypted:	false
SSDEEP:	768:5BYydlHQ1aBlM4zpnkAwb/+CQTku32yXKA+jYsarj4:5B5HS4VkARNwuvK7kd4
MD5:	357C45BE36FA0CE8E2CD561773C30BDA
SHA1:	1E8A908D9D14AAB718B48CF4CDD59267021ED235
SHA-256:	FCB9BA715B4E111C01919EE7CF40128753FDBCE86DE4C68773AD951A15F5D78A
SHA-512:	773B20DF99A75E7FD0B676D93B80ABFE76B2A7DE62AE460E84439E97F9B774A21AB22E531F5342F2CAF2A32B958922F3CE9E2075FCC0DACB8E5D9E1E837A92AC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/Privacy-Image-1-1440x340.jpg.img.jpg
Preview:	......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c128 79.159141, 2016/03/22-01:13:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:dfc28c09-91b3-4a6f-b4b7-71c30de60aff" stRef:documentID="adobe:docid:photoshop:88fe6a1c-4e88-1179-af16-f6a1d25c9bdd" stRef:originalDocumentID="xmp.did:7a7371c8-54c7-431d-9b1f-f4993a9b061f"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Privacy-Image-2-1440x340.jpg.img[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 445x300, frames 3
Category:	downloaded
Size (bytes):	28243
Entropy (8bit):	7.617174108691038
Encrypted:	false
SSDEEP:	768:JBYyi06jKtH4Vb7G77cv5eg9ZNjueEEF3y:JBm0wUYVm77m96j0y
MD5:	5AC5CC8B77615A24CB4A981921EB751D
SHA1:	AEB7E76ABEE2DB25192833AC34A50D2C2A9C75B7
SHA-256:	459A34EDCD31C4D24A58F9D8C5E36F092D5AA3A62B70F8012A2DB7C2B5FDD5B0
SHA-512:	2833A7C0B4E7B957FDC2410BC8101D7E534E2C7FDEB42398B908419F21B1582F4E8F63590587331F485472AFAE82F30423B37263C5699E3D65009388717D7FD5
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/Privacy-Image-2-1440x340.jpg.img.jpg
Preview:	......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c128 79.159141, 2016/03/22-01:13:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:715ed33e-e62b-4e66-bb93-54d394e3b830" stRef:documentID="adobe:docid:photoshop:9561acbc-4e88-1179-af16-f6a1d25c9bdd" stRef:originalDocumentID="xmp.did:abae1003-6656-4926-aeda-82e235185e72"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\PrivacyChoices_72px_lt-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	28419
Entropy (8bit):	6.117998475478093
Encrypted:	false
SSDEEP:	768:37S2WvPzXeJfwU2ihjrx8Ks+a/4TLpCknorFPBHCJ93BvxHtc6:0HzONH2ihRLM/4H8korVBiH3jZ
MD5:	775D2556523FF33568DCF0EE25C3249B
SHA1:	8575AF9EDFEB7E1A2D1B7A36DA34F13594CFD7F1
SHA-256:	241B307DFAB1F3CA3C626DF06C32F5472777A4316013981A121B951911B311FE
SHA-512:	5ED60101D06A32FDA1D8A979FFC701641577DD694987ABAE741B7B154AFDAAFBDE1A294EDB66AC14B1B8C3D82BB184B5BEE9E1F92000FF8669F8D99626645E34
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/content/dam/cc1/en/privacy/images/PrivacyChoices_72px_lt-gray.svg
Preview:	<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 19.2.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [..<!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/">..<!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/">..<!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/">..<!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/">..<!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/">..<!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/">..<!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/">..<!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/">.]>.<svg version="1.1" id="adobeNews_x5F_72_x5F_lt-ou" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="72px" height="72px".. viewBox="-359 271 72 72" style="enab

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RC1a83c357d323419db9d2ba211efeeaae-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1156
Entropy (8bit):	5.085318061903744
Encrypted:	false
SSDEEP:	24:15MzgA+E6K7eVgvf2I+LPPJ9ZLvaMLArqY4DPuDkpuH4R9pQFE7xJth:15MzLv7+iOI+zPJ9ZL11sYR8oh
MD5:	5EBC8AD621DAF90CB626853E4DB46C25
SHA1:	EB3CE39D4D1972CC5E33671F53D3EC43675E7DF2
SHA-256:	10C3D4D24300686F432EC8A3D6A7FEBBA5034C97AD2E3F7D00B11DD5A58CFAF5
SHA-512:	B6D51B480A872592B6017F401A24B50C767C5DF0959A9F758FC664D7337636D64A602EC1EA4FD3E3289E891F2F84E79668A3169C7545E9D71D66D565C81E4F41
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1a83c357d323419db9d2ba211efeeaae-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RC1a83c357d323419db9d2ba211efeeaae-file.js`..var w=window,l=w.location,h=l.hostname,path=l.pathname,dataElementName="digitalData.organization.dnb";if("www.adobe-students.com"==h\|\|"www.substance3d.com"==h\|\|"labs.adobe.com"==h\|\|"magazine.substance3d.com"==h\|\|-1<h.indexOf("photoshop.com")\|\|"stockenterprise.adobe.com"==h\|\|"pages.adobe.com"==h\|\|"experience-makers-international.adobe.com"==h\|\|"trainingpartners.adobe.com"==h\|\|-1<h.indexOf(".adobeevents.com")\|\|"colour.adobe.com"==h\|\|"adobehiddentreasures.com"==h\|\|"www.adobeexperienceawards.com"==h\|\|-1<h.indexOf("acrobat.adobe.com")\|\|-1!==h.indexOf("esign.adobe.com")\|\|-1!==path.indexOf("/experience-cloud")\|\|-1!==path.indexOf("/events/")\|\|-1!==h.indexOf("magento.com")\|\|-1!==h.indexOf("marketo.com")\|\|"futureisyours.adobe.com"==h\|\|"api.spark.adobe.com"==h){var dnbScript=document.createElement("script");dnbScript.src="https://ade0164.d41.co/sync/",dn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RCbbd93c1920fd422b84787f67ddbfbe55-file.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3910
Entropy (8bit):	5.231423561951471
Encrypted:	false
SSDEEP:	96:1OdML5FV9vzTEJCyKsDg1do/N2QaMS+16SuLTRt5Vn5:kwV97WvJk1d8gQaX+kbLTRt5Vn5
MD5:	4C7A4F47E44C4C778B4491DDB3E14883
SHA1:	0FDDC70A8239B930E31F2CB84C3EA19B0AF4880B
SHA-256:	6D36CE7EAD8763A8020BBFD1898C09C3A7627178003613CA6C134645BB1A2BC5
SHA-512:	BAAD2C5997C6E44F3DFEAB9D8080F0D3B39F2DE6E836AD0633FCAE095A85DF700C27DC679C6383A791460C89FA6ADF88AE5DB51ABEC1A5E3E8A6BB2DF815D86A
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RCbbd93c1920fd422b84787f67ddbfbe55-file.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/d4d114c60e50/f3fbfbe0e7ca/e1d9f552a353/RCbbd93c1920fd422b84787f67ddbfbe55-file.js`..window._sophiaLoadedPromise=new Promise(function(e){var w=window.adobeIMS,I=I\|\|function(i){function n(){return window.console&&window.console.log&&window.console.error}var o="[Sophia]",t=function(){},a="head",s={ActionId:"",CampaignId:"",ContainerId:"",ControlGroupId:"",TreatmentId:"",VariationId:"",CardId:"",SurfaceId:""},c=function(n,o,e){var t=performance.now(),a=new XMLHttpRequest;a.onreadystatechange=function(){if(a.readyState==XMLHttpRequest.DONE){var e=performance.now();m.log("Total time taken for fetching response for: ",n,e-t," milliseconds."),o(a)}},a.open("GET",n,!0),e&&e.forEach(function(e){a.setRequestHeader(e.key,e.val)}),m.log("Sending request: ",n),a.send()},r=function(e){var n=document.implementation.createHTMLDocument();return n.body.innerHTML=e,n},d=function(e){m.log("Got response: "+e);var n=document.querySelectorAll(I.conf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\adobe-spark[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 299 x 59, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	11426
Entropy (8bit):	7.942941105430185
Encrypted:	false
SSDEEP:	192:fCFV571hMxuJUaYZxa9SqFfhsdr9I1UwZCFV571hMxuJUaYZxa9SqFfhsdr9I1UQ:6FVXhMxuGL+0r9eQFVXhMxuGL+0r9eN
MD5:	4D49443B7788B921CD6F6E9DF0593AC4
SHA1:	A9F2B484D4756AC8D3CFF8697ECB1F3B9BB21956
SHA-256:	A11DC9E367948B9E6688006843CB4B6979618B35EAAF29F5286CB41ABE315796
SHA-512:	D0C41B2A40C8037AD8045FCEBBC2AD83457644719C9A7DEF37319EF8060B77CDC085786650B780F8F702EAC26B2320896C3A94CE704022E15957A6F61341AC12
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/icons/adobe-spark.png
Preview:	.PNG........IHDR...+...;.....#.......sRGB........8eXIfMM.*.......i...........................+...........;.....D.....IDATx.._.$.].....q...H,.v,L...E!.P..R.@7'....}. ..R....3..........1.hg.P..CBA...EB..P..'6!.>..uO....gfwgv.._..W..V...k......s..../8...<..,.].....w.y.......9.7KaX4""..X....I..s....p.N..\....?8..+gy48"...!0.pT...W`.dNr5...8.WV..huD "..8rV,..,......".......U.MD.\|!.8._p.......:...Y...s.{.....:E.....,.}....=..J..Gn..s/....u...U......8.og...z..u...q...#....@."..k.a..VR.._K.........Y...i.\|.e.~.4.eF."..#.=..._.jh`.].[#E.".+..E...W..Lffu....."E."......~l....:g.....7".L.$G...hKD ".......B%."....C..EY.$n.1.!.....p.t\|...>...K._..G.F!.8..0..P7_.0zE(..g...t...;a.p........rV...?..'.u..9.?...?.o.F.)".....E`fg..._..{..T\|n~..$zV../9.I..[..>Q.VZ.....l.I..6}.aX.G[.I..\...TC&.fD`&gu........tRu`.Y!...Od...@....Jo.U..\..u._..."-....[..+,F....2.Q9....t."g..H....._f;.m.gVZ.Y...o..{/.'u.......gY.V.W.....i.J.:.2;..n..H.@-g..u9....}.^~....-.."

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\chrome[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	192215
Entropy (8bit):	5.180324040916147
Encrypted:	false
SSDEEP:	3072:M0k0Ywhc7llWGQsRbiK7mPP67llWGQsRbiK7mPPz20VMqjwhF0MtkzWG82:M0k0Ywhc7lxQWbiK7mPP67lxQWbiK7mh
MD5:	DFDD3AA8B6F029403DC5DBB97F696EC6
SHA1:	05FF3F6C5F0B65C3C091E3B4D3CF69139CB46CAF
SHA-256:	AB889D6962A84FF0A8812667F14F1073E30D63E8023C96671E1A1BB17CDEF50B
SHA-512:	6100BA9798866FEB3D5C1A738E309EC99EB8B76139E581DA6AC3DA4F8E4D3EC4DB0A8835DB3513DF064EF65169F74EB40169432170955BE05DB8D4D64B8459F3
Malicious:	false
Reputation:	low
IE Cache URL:	https://s3.amazonaws.com/adobe-luca-prod-ue1-assets/experiments/chrome/chrome.js
Preview:	(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n\|\|r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){.var templates = require( '../../dist/chrome/templates' );.var Mustache = require( 'mustache' );..var topBar = function( trackingId, buttonText, linkToWelcome ) {. $( document.body ).on( 'luca-publication-viewer-ready', function(){.. var initialShowTime = 3000;. var backtrackDistance = 100;. var showClassName = 'show';. var aboveTheFoldClassName = 'above-the-fold';.. var $injectHTML = null;. var animator = $( '.article' ).data( 'animator' );. var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\crisp-fonts.gz[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	139
Entropy (8bit):	4.811599389940217
Encrypted:	false
SSDEEP:	3:yLRmcpZBLvG/tLAJ2qW7RmMjuRmcszgcukrQLJkgfw0zRjf:yL/pZtvG1M2JRmMju/0gcu/LugfwmRr
MD5:	361FE227C22294543FE0FD29B8D28C0A
SHA1:	1D32C0DC6F27CA2A6C67E5C79DFC08DD39511B03
SHA-256:	17D7DDB7C7C94BA00A4F60835AC14512B6574E5D6B81E99542D44BDA414AACD0
SHA-512:	85C7DA240B8283EF24F91AFCB472AF9E9E2E91A5B6F4E7370E774A50F1BAA0F6DF47E7173854B6593FB4EC8673BF682B7122C3877902AE414F0FDD0334C937B0
Malicious:	false
Reputation:	low
IE Cache URL:	https://page.adobespark-assets.com/runtime/1.22/themes/crisp-fonts.gz.js
Preview:	document.write('<script src="//use.typekit.net/rbi5aua.js"><\/script>'),document.write("<script>try{Typekit.load();}catch(e){}<\/script>");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d1P8WL9W0 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 58140, version 0.0
Category:	downloaded
Size (bytes):	58140
Entropy (8bit):	7.993838405349219
Encrypted:	true
SSDEEP:	1536:+dG3UnOA8RFJKrWMC4ArrtNJQCjfKxLojn:+dGk2NKrWMC42psCjSpo
MD5:	5BDBAC45C303FAE0D497E3EA06A27A7F
SHA1:	1816C0EF35D230FA3A177E9F719BA03DEEA73B25
SHA-256:	32CC0B7A4C262A62A171D801F5B0EB36E8FD320B0D10D81189F6FB4F43894621
SHA-512:	0BF6B8340105B326B32F491CF784CA487DC28DB0D8B7430CC5CA00CE89F4EB752BB078606ACF104F1F93866CC1C84E94F5A2704D604E59452BE724D21E788CDD
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=n7&v=3
Preview:	wOFFOTTO..........Q.........................BASE...D...F...Fe!].CFF ...8.......\|Cz.vDYNA.............T..GDYN....... ...Q?cE.GPOS......!a..Oz.].`GSUB...d.......N`^.iOS/2.......Y...`].y.cmap...8.......(..U.head.......5...6..%ghhea.......!...$...Bhmtx...........DD.@Cmaxp...0..........P.name............E@..post...$....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................Y......x.c`d```5....fF<..W.f..@....^0....~.).......@..y......x.}..n.0...t..B.\q...s.D..UB.[.v...&..I.w...%.*....@....Ix..8....r.........+\|...9......:......w.f...C\|r\|..xp\|...0..?..w..^{..........s...C..7.Gx.{...Y.... ..\gJ...Qe#......N.......oW..3.zGc.?/TZMt..2....d:...8i=4^M...7.n..]..\.2...J...vb .y...t..Y.b..2..0..$^..=.}......}uW...<y.l.E.$.=..".HHc....s....K~......5...Z_.i.............S>.....,..&....c....}j.g.._1...j....V.2..c.k..=....hYQe.9+V-.k}.w7..d...%...f6>.sh....;.=<..a..-5.f2...\.pGu.}W.G....kJ.........x.c`f.........).....B3.1.1..E.9..XX..X......P.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dSJOPIM43 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 46708, version 0.0
Category:	downloaded
Size (bytes):	46708
Entropy (8bit):	7.9926123068799795
Encrypted:	true
SSDEEP:	768:Ljq+IGHkF+BPu/95GrYWlwFegdvV4HKLXGcbdLapCdmt5FXbJ40/VnLpvLw4T2Fe:PQse4Ps95oYWluvnXFbdLaBFXrtvLw4Z
MD5:	56C4BECEB8718DBA19272C320458617D
SHA1:	5251C59F6956B0EA50D9B4A21992B869772A0AE2
SHA-256:	E89CE18105C28942D113F667B17D952129C0B66D3101DF0D38C18A42DDED47A5
SHA-512:	B3FCA99F08D59640AD8769D7E84DA332B9A5513CFD6685B2D8E8EF0677975D74B5B84DE87D0A35DECE9F6C7D49BE295A0734B83896FADA2A5160E28131895863
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=i4&v=3
Preview:	wOFFOTTO...t.......T........................BASE...D...F...Fe$].CFF ...4...u.....&..DYNA...........\|..IlGDYN...\|.........e..GPOS...p... ..0.....GSUB..............t.OS/2.......[...`\Xv.cmap...........(..TIhead.......4...6.:%Fhhea.......$...$.$.ihmtx...x........VH @maxp...,.........kP.name...........~.'..post...\|....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................\......x.c`d```5.:>K.z<..W.f..@.....0....n.C..L..@..._4..x.uRKn.0..9...m.U.]..@(Y..;..N...6.$.`}\.1.#....A.=I....I..8\|of..$..........p...z.X\|.O.lq........=..7.O...UN.....,v..YZ..['...W.W...\|........>v.,>E.Y>....b.c%..Z....").]YEZ...g.....]...U.g.._g*f:..$.~?..o&....L3t;.>./UU.e!Z..B.....IY.E_z."...V.z-.4.e(...h..t]}.m.eR.z....y.x....9.!.......B...x..jh....N...3...V.F.q.....fj.S\..{.\|..M..KAg.5.6AH../.bD.....A.t.UgF.n....KSAM..;..;...4......=.V-.kr..n.lN.-.......C3....j..h.....f.w.o.oN..Wx..b......!g.z.8........x.c`f..8.......)....o......`....fefba.dbQ``jg```d..G.'W O..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[10] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 58352, version 0.0
Category:	downloaded
Size (bytes):	58352
Entropy (8bit):	7.992884507564213
Encrypted:	true
SSDEEP:	1536:U2Ph1fS3ZeHACznHaKNlKjE39zfZB4kKAkr:Hvf2OzH/NjlSAs
MD5:	3C48D869909CC053C2EFA6800B492ADD
SHA1:	882C7495CC54A32EF795B89E9E84D1B69C3F87C5
SHA-256:	CFD20EA88B7F7A1B3E18890AAFF228FD6F134095AF8F6DB1F66E4DD551B59306
SHA-512:	0E2ABD3D074418386C6290B0AA5EA09BB8BDC486C715EC426CE1F0D6B48C3EC2EC85EDA7BAAF31375B3481FDCE1DE7886AC0325AA7877F48516D0877F7C061A1
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/ad2a79/00000000000000003b9b3f8c/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=n9&v=3
Preview:	wOFFOTTO..........T.........................BASE...D...F...Fe.].CFF ...8..........DYNA.............N..GDYN....... ...Q<@..GPOS......!+..N`b)ihGSUB...$.......N`^.iOS/2.......W...`^B{.cmap...........(..U.head.......4...6..%phhea.......!...$...Uhmtx.......'...Dv;8.maxp...0..........P.name............a..npost........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................U......x.c`d```5.....+...+.3.......P..._.?7.#..@.3..H..cy..x..1n.0...9N..F{..{hZ..;...@39...L.d....;w..#..=@.^.G)....F:X......'.$.......e..j..7.....0w.f...#\|v\|A.o.{......[...r..:..}q\|....q.....Qy.._@tJ.=....+5..U.k.\|.....H.j_V..+)&y...fkj........\G...Q.-..1..P..p<....Vb..V..\|:...AWuZ...._._*....$eq....U0.E...Z.i..P.#.^.o.._...i......5.T..+.Gq..&x....1$M.B......j..O.;.?a..Gk.. m].!.@.....v..............yJ......B....@.1ko..Y..............5O^.....B..i;...Rel.......I....;zf.k4kFs..>.sd]N...a....0..{.2z..4{...K5Y...w.q.<.......tx.c`f.`na`e``.b.```...q.F..@Qn.f&..&&....v.<#..8.8.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 22492, version 0.0
Category:	downloaded
Size (bytes):	22492
Entropy (8bit):	7.974382432382698
Encrypted:	false
SSDEEP:	384:yDLC8fp6SXkpD0a74PboHnd4VZK1Jnn3J0YjWkPpSjYmRja+eUZ5EJSyT7MYLQ:iW8h6rD0ak8nyZ2ysrpeYmRcdfE
MD5:	A2CAF0BD8F7084A90E2053AD61157C78
SHA1:	9E35E2810DCCB3C791CEB2818B16EFA9328C307E
SHA-256:	6537EEA8561F3D0903E4CAABB123C0AF961A09218290C678285B7C27ED335E54
SHA-512:	1FAE0E3EC674A092FAD4813182C77144F698AEA5715BD94540CF4AB8CF865165CD1BC57A56E56254B3F8C0E9F10227FCFCE33FA2020D616CB0D7ADA1CBBB89DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/fe9c8e/0000000000000000000158d8/26/d?subset_id=2&fvd=i4&v=3
Preview:	wOFF......W........P........................DYNA..............t.FFTM............]...GDEF.......8...B...<GDYN.............j..GPOS.......-...J.E..OS/2...X...Y...`~.zEcmap..WD........+..wcvt .......\...\...Xfpgm... .......e#./.gasp................glyf......E1..s.C..head.......4...6.W;.hhea....... ...$.Y.4hmtx..S0...E...lg.5.loca..Ux...........maxp....... ... ....name................post..W0....... ...(prep...............:.........o1.......'......x........6...`.n.\|.....x.....u.............q.......k.>.W.......~.^.N.s...H.7.9.;.c.J.L.F...P..x.]Q.N[A.......c..hS.fB...$.W...vc9B.\.b\..P Q..k.h().A..R>.O@bfM.(....s..r..]Z.y..R......v...t}...v.@..^.n...`3.rG....-.!.i'P....6...>.d..AK3MO....B`...0....../X....C.i..s..Ks....k..vp&"?..hj..@._:.z>.b.r.0...S.d".f2].T-3.up...;X.Js....U.......-.2KC...1B.$.BN9w.?)P>..1....a..q.50.....fS.{.0~.G..o..>..6F..X.`...QU...s/.....3.%`y.._'..;6..em.C.....2....U.......tJ......p.X...R.v....`H.F..h-;....d/.*..........x.c`d```b8./

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 24436, version 0.0
Category:	downloaded
Size (bytes):	24436
Entropy (8bit):	7.978037120154255
Encrypted:	false
SSDEEP:	384:b2q7Hwg9s0WrCWQYOL4VhwnhHa63bzKnWhF52DHilk+9y5yS6P8N:KqrsYL4vwh663fKW/50iZ9IyZPs
MD5:	6D26AE32705F04BD2CCC4DC335F15809
SHA1:	6F67C23951FB9426FA426436CCC1CE1E6FDDF220
SHA-256:	6E52D4DF448460F8B6C6C8DC776745BE4C85A9D18981772A89C9876B4E19FB37
SHA-512:	687973BC1D027B36AC99E2B7AA9928B35148E7AA742B13FCF2A20B0947B7ED27EA470E770856711C584221E88F3FBEA5AA3A93A58DC59DB7794320E9B11F019A
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/9d1933/00000000000000000001705b/26/d?subset_id=2&fvd=i3&v=3
Preview:	wOFF......_t................................BASE.......F...Fe!].DYNA...............bGDYN.......#...Q.4.xGPOS...........dG...OS/2...X...\...`.}..cmap..]........8..}.cvt .......R....6...fpgm...0.......p...Ygasp................glyf......BX..w....Mhead.......6...6....hhea......."...$....hmtx..WX...+...z....loca..Y...._.....4..maxp....... ... .B..name............yJ..post..[........Q..$uprep............R.>...............ideoromn..DFLT..cyrl..grek..latn...................Y......x.c` .X..>.>.l.......=.g...............0.FU.........I...,o......4.=H..1...BX8a..x.Viw.F..yI..,%.-ja..i.F&l...A.c ]......;...._.d.s.7~Z../$...p...w.....e.Z...../...&..<..M.Q\|(;{!e....Q......DD"P...D...Y.d\|.QF..WM.-=..[.A.U.~.:.;..f3th=.%U.U.H.=R.e..+I+....W.P.N"i....H..g..h5..(.l..(R$..A.y....................V.K..../y.w9?)..[.-9...#;8;]....V.7.d;.U.....[6;.......L/4#X*_!..O(..HV..S....l.D.z....O..8bJ\3F.twtB.u....=.....w.......Q.'.DJ..M.6..XI.Jj.+&Ny..._.v..3.8....C.VNTr<..i&S.vR.hJ.(%......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[3] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 33188, version 0.0
Category:	downloaded
Size (bytes):	33188
Entropy (8bit):	7.983177376379406
Encrypted:	false
SSDEEP:	768:wGSOatUd5GncZIdLNrOAumby3gbvrHaebJVNXQ8V:wBJm0cZsBOXyrbba8V
MD5:	DCA4F55F778D14EC5C839B53B11329ED
SHA1:	A467C967D419B74EFC0FE8142B4399E3B3BBB083
SHA-256:	AF901B92645CD64D10F4AC5059A9C94F6AABED7295425C03694B8C0FC5126655
SHA-512:	D5A116A469C8C40AC2630BBAB5B8A7ECFB34C9C704396A403BAE29F5579484E70D3E735872F84DC7ADFB4CC7BA8407A91EB4F5B99D78B2073E2B5B2FFB3A6D5E
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/d5d9b2/00000000000000000000ffd9/26/d?subset_id=2&fvd=i3&v=3
Preview:	wOFF..............%<........................DYNA................GDYN...\|.......I..J.GPOS.......j....C.W.LTSH.......p....APzOS/2.......X...`o.nAVDMX.......\|....i.qMcmap...........x;.=.cvt ...$...8...8.#..fpgm...\.......s.Y.7glyf...t..\O......q.hdmx..n........(.J.head...`...6...6....hhea...H.......$.s..hmtx..y\|......xj ..loca..{....a...\|.d,.maxp...h... ... ...~name.............\|.post..~........PV...prep...t...\|.....Tx.x...C`...D..]m.m.m.m.i...6I.4.m..y.,..,...d....Hn$'..%.)dJR.T..?zS.4.iIc.IGZ..t2...... 3.Qf&..Bf.IV..ld...f?...2.9.;..).K.%..G..F~......o_)D.Y.......E..QX...,AQ.LI..R...)a.(CIY.R....#.)#+PVVt.D9.@e..T.U.h.F%Y...UdM..;jQM...C.{K]j.z...eoh@m.:..uec..k.P_6..lFC{Es...4.-ib/i......d[.....B....@+{NGZ.N...ik..B;.....dw...t.=.${......]e_..c..]....@O9.^..A........2..r...p.......d... 9...........f..g...8..r.#-...S.-.2...X9.qr..-..L...(g3I....d9.)r>S-..L.....1...r...Rf.e..,g.\.<.R.a...j..5,...H.c.\.......F..M,..YaQla...Ur;..6;X#w.V.b..b7...6.l.H..I.g.<.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[4] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 24744, version 0.0
Category:	downloaded
Size (bytes):	24744
Entropy (8bit):	7.978627515034273
Encrypted:	false
SSDEEP:	384:EVkksCq/KOwmOt8IEOsyhgjzfwTJsPj6V9teCsx/Abr2k88CDW001VEKHUM7Ozip:qktXUt8he8UheCsx/AhKW0CUUV
MD5:	A14F6E1E3181DC10FDB66D2A7FB54CA7
SHA1:	605808488DD7FEC481400AA948F80E66189D25B5
SHA-256:	A4B8520DF89E973A968FCD3CF78F742E073EA9645D03ACCF360EB4AB5E6E1001
SHA-512:	E741918EF1EC6A3C0B87D996245945AEA9DB8C7D798352756F409A5E519BBF89EBF8F6AFA1E1A71D5C24C4E1C364F7C2EF38622C0897F852C6E9C7E6C27BBE29
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/1da05b/0000000000000000000132df/27/d?primer=7a5a436c948772f5260024dfadc8f7cd849e1448f8bf41ba74a247e8e46f3aee&fvd=n4&v=3
Preview:	wOFF......`........l........................DYNA...$.........D..GDYN............L.i.GPOS..........G..9..OS/2.......[...`\|.M.VDMX............l.tPcmap.._.........!k`Tcvt ...H...........tfpgm...`.......s.Y.7gasp...d............glyf..&...4...e..V .head...l...4...6..M.hhea...........$....hmtx..Z........(.G$nloca..\...........Jmaxp....... ... ...nname.............!.,post..^t...l.....moprep...T...2...2....x...S.X..D.s.X...Vc....jl5....m.m{:...3.....#..C.P..WB..!..K8}...'.>...6".l$"....b....F4}$.m4b...ic...$....866q..8.q.o.@o.OB..DzCB..D$..I..$!.MJr.;).d...I... .MI....zAj..4..s...#.MO&=#..mF..)..j3..f!.....6.9....c.... .....6..ln..!y(`.RP..G!....Et.....(f.S\.(B.[...K1J...RFw(AY[.r.M)...T.e..[...-Ge.<Ul...T..Q.V...BM].*.l5j...ckP.......m-....ih......S.&.>Mu..4..in..B.iLK.V.).u.f...i...mI{..:..t......mK...:C{...t.i:..v...L/....mW..n..I......N.....mo..8.0..a.......l...(..a.2..b..0..v.ct......g.3^....;..:.(&..L.c.....T;.i..8B.x.....>&2.Nb...l.e.s.T.j..oCX`..P...";...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[5] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 25284, version 0.0
Category:	downloaded
Size (bytes):	25284
Entropy (8bit):	7.98201537948979
Encrypted:	false
SSDEEP:	384:XVkwjUeZrzDGdbpwvwrcsOGkps3SNPnvNFbwW8yTqXCrfenp/W0BEpFc2N8F2cp:lkaOdbSo4zAYfV3jfE5Bfh2cp
MD5:	3A472B1A078B7B653C744CC55FAA5219
SHA1:	E9949514223E35D4A1E0515A312EC3664DEFDF33
SHA-256:	8812CEB05FB855A78850BB1907BC621FC487CD6D54760AC8D821D760D3BBB9E3
SHA-512:	DA09A18AED6A3C44F5009410D03623A8200ABF224AF33DDBFE34D3736AF96C6847D7A9A1CF0D94839C9ABB9546E1C7F5BCF6C305132B97BEFBD84A535F1399A7
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/8f4e31/0000000000000000000132e3/27/d?primer=7a5a436c948772f5260024dfadc8f7cd849e1448f8bf41ba74a247e8e46f3aee&fvd=n7&v=3
Preview:	wOFF......b................................DYNA...X.........$..GDYN............h;.GPOS..........I.m2EBOS/2.......[...`}7P.VDMX............l.tPcmap..a.........!.`pcvt ...H... ... ...Kfpgm...h.......s.Y.7gasp...l............glyf..'D..5o..d.lN..head...t...4...6.RI.hhea...........$....hmtx..\....!...8....loca..^..........k..maxp...8... ... ...cname............~p.[post..`x........F..Jprep...d...U...z...%x...S.X..D.s.X...Vc....jl5....m.m{:...3.....#..C.P..WB..!..K8}...'.>...6".l$"....b....F4}$.m4b...ic...$....866q..8.q.o.@o.OB..DzCB..D$..I..$!.MJr.;).d...I... .MI....zAj..4..s...#.MO&=#..mF..)..j3..f!.....6.9....c.... .....6..ln..!y(`.RP..G!....Et.....(f.S\.(B.[...K1J...RFw(AY[.r.M)...T.e..[...-Ge.<Ul...T..Q.V...BM].*.l5j...ckP.......m-....ih......S.&.>Mu..4..in..B.iLK.V.).u.f...i...mI{..:..t......mK...:C{...t.i:..v...L/....mW..n..I......N.....mo..8.0..a.......l...(..a.2..b..0..v.ct......g.3^....;..:.(&..L.c.....T;.i..8B.x.....>&2.Nb...l.e.s.T.j..oCX`..P...";...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[6] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 23416, version 0.0
Category:	downloaded
Size (bytes):	23416
Entropy (8bit):	7.983586847834522
Encrypted:	false
SSDEEP:	384:F30DDcDU1FW+RedG9b7Tm16n2XMc3nS3YUQIfiRgeQvYAb0HsRUgBnQc:JOA+Redq61GYU7f/eQvnUgBQc
MD5:	334521D5C314F6265FCA189A2114006F
SHA1:	F35719EE30117ADF919939AD46A98C9D3C6EEE45
SHA-256:	B4D011E6CF7EBE571E4D0C9868CD972592987E13D5BE3DDBB69C67638323A237
SHA-512:	3F6163488D3814E3CEFF964DBA451B45DE22236EED0372A82BC713950CBD0FCC41D4553414095646842B2839F12EF7A95AC943329AC0293FCC9850ECEF6C67CB
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/d8f71f/0000000000000000000132e1/27/d?primer=7a5a436c948772f5260024dfadc8f7cd849e1448f8bf41ba74a247e8e46f3aee&fvd=n5&v=3
Preview:	wOFFOTTO..[x................................CFF ......6V..A.....DYNA..:.........AOr.GDYN..:..........E(.GPOS..;x......G ....OS/2...$...[...`}.N.cmap..Z4...C....M.?gasp...0............head...8...2...6...khhea...........$....hmtx..X.........\|k .maxp..............P.name...l.........<.bpost..Z ....... ...2........x.c`d``.b....x~...../."..]......ka.g..r...@..k.....x...j.@.........U.e..4rV...p6..h..u.EdI......Q....D.}.>@w=....E[]....;sg.......{.=.8a.s.!>x>...=....=..._<.q...GH.`...'...@...........o.....\|.w....Q8.<.<ln.zk.....XM..T....X..Ju[..H....P..*#V.F...........F.%.uo..S.'L....U_.Q..9.u.i....W....8v.Z.r.-.u,M1.......$.A..[..Xb...3,x1..h.%iN...f(...lCg...i.-.q...C..i...........b.+M.WT..g4...;m.l...T.evv..ew').._!}.......2..m..}..v...:....M.....]....:V\....-Y.S$.`...7.....x.c`b\|.......i.S...C..f..`...(...........A?.A!...<.\.......1...........0.$.8.i..R``..1....x.c`d``..W.$.....d.g..............P.....x.{.X.W.....3.1.C`.1..I.5.........AQA.....e..4.(....Q@l.F.1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[7] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 58640, version 0.0
Category:	downloaded
Size (bytes):	58640
Entropy (8bit):	7.993859236860105
Encrypted:	true
SSDEEP:	768:G23+QzXz1F2u0rMcQSwJzZaudOh9lL9cvXjy+KNKzRM+17SabAK9zauA+uhRnmTM:GOzD2/rM7mWO3GjhKNKK+E6auAtMgJp
MD5:	AB2058631920729DAEA04A14330239E6
SHA1:	75A3B6A23B5827E1846CBE040E40EBD6BA494272
SHA-256:	2E5A6085B998F5B4EA3EE7B2FF61C59F7A7D66F22166F49029EB42A45793A220
SHA-512:	880389F4AF9597A1B761529A5DFFC4C613F2FDAB143E7DA00BB36C0377AFD2FFF74917DDB6CD52CDED2980A19B11EDD732EC7BF381F36CB30975EFE1D2AF9C43
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=n4&v=3
Preview:	wOFFOTTO..........S.........................BASE...D...F...Fe$].CFF ...4...N.......DYNA................GDYN...\|... ...QJ0..GPOS......!...On.W;.GSUB...4.......N`^.iOS/2.......Y...`\Wv.cmap...,.......(..U.head.......4...6..%uhhea.......!...$...Ghmtx.......6...D.gD.maxp...,..........P.name...............post........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................\......x.c`d```5.:8Gem<..W.f..@.....0....^....@.3..H..d..kx.RKn.0..9N...Qt.5.v... .Wv..Y%...%....cH......g...g..:.X4M.."(.{ofH>..k\|.....l..W.Z...L.>.;.8.%'w..C..>..\|r..>>S.u_2..a.o....z....\|.>:.%....o...}g.p.Ig.(...b...-....7..U....b..b..S..nt.c.._.:.gz...u$.~4._O.#[..sWd.v2}"..u.U.hUws.H..(..w./...GE..Y.<K...h...1.K.7...dF.....7.z...0.W......8.Dc,Q!.&......W.J,X.......V.s..a....F._M..1.._Q..RZ....cr#..^w.....e...T..?S..[...J.v7.wY1...u...{!m7.3)Y.....y.....Z.qC.#g.lN...#;.....}.aW/.s..}...~.N.....7...#.C.;. .......x.c`f\|.8.......).....B3.1.1*.E.Y..XX..X......P............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[8] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 46088, version 0.0
Category:	downloaded
Size (bytes):	46088
Entropy (8bit):	7.991344892853239
Encrypted:	true
SSDEEP:	768:cbb1bWj8ZMc7qG0jmQcHDJINQubS5HF9GctB7jiDbtUPL6n9MRXVFtf8u:qb108ngj4tImubIpHWHyWn9MZVfL
MD5:	F6772D5F038A33A09B062FA7D7FD1E73
SHA1:	19295E0771CD244E3C71F7D2D209B9A7309A8DE0
SHA-256:	AF6B2610431D075E5266E7D97EF7B53314F04EC64A56CD8872AD5FFB85DBA88D
SHA-512:	64179523C0D4EFAA89AA10670CB89D91D7B97C9685E5919E7E1D014602634AD98FCA376A8433A9C31B13F0E3AF944EC330A858486F58DA726EA953117FA3575C
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/a0c22f/00000000000000003b9b3f84/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=i3&v=3
Preview:	wOFFOTTO....................................BASE...D...F...Fe(].CFF ...@.......{].R.DYNA...H.......\|.6IlGDYN............v.A.GPOS..........0P.3.(GSUB..............t.OS/2.......[...`[.twcmap...(.......(..TIhead.......4...6..%<hhea.......$...$...^hmtx............:.".maxp...8.........kP.name................post........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................`......x.c`d```5.J.S,........(.p>9..F.......\|.........2...x.R.n.@...i%$T.O...];v.&.)i..T..z..Mc.?..F....x.>.wn..O.....Z!.j...73..g.x..p.>'.-v...8.[.....,....}............7..........K'...S..{x.\|..C.w..Q....x.j......D..=1\....].U^.I1/.MY.Z-..f...7+]...U.e..e..E...8K....`x>......,.......ZUuZ...^.D }...J=/...J_...<^.R/e.&..d.....VZoN=O.6j.j9/sO.fq....0.'.w.;...9zDC,P".".a...8.0...3[ac..- ....."..V..f..r..y....E....n..3..VDE.. ..s.06.......-..(.]....4..u...C...gdE.6.(x/A^....Cfs....p..67I.>2.o\......Sx.._cC..M..~..-.b..'...Y....d=....[..x.c`f..............7.f.b.c0b...r333..p2.(00.300

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\d[9] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, CFF, length 58264, version 0.0
Category:	downloaded
Size (bytes):	58264
Entropy (8bit):	7.992987316761491
Encrypted:	true
SSDEEP:	1536:ysFA+QggYXkhr/65gGFsrge1aT8IHKksD1cUiS9XjIY:L6L1YXkJ/6KW6gQaT8IHK3fioUY
MD5:	E81C892E355CD99A8D3119D358ADA72E
SHA1:	F1267F500B7DDF4924CF599E8B53F4B389BBA362
SHA-256:	714DEFCA2714E79B9293FCC2468945C0AAFDB11D2718BC623A5C974B2A56A5B6
SHA-512:	DB31A35952B0BCF7A7668C66A68223D0E80FB73012F1CBE7D293A9AB03F8FE8F03C80827DAAB3509A0A856DF3CEA3F1990CD6621600501EA2778675AC2E757C0
Malicious:	false
Reputation:	low
IE Cache URL:	https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=388f68b35a7cbf1ee3543172445c23e26935269fadd3b392a13ac7b2903677eb&fvd=n3&v=3
Preview:	wOFFOTTO.........T\........................BASE...D...F...Fe(].CFF ...4...2...B.<?.DYNA...h............GDYN...`.......Q.t..GPOS......!K..OL....GSUB...........N`^.iOS/2.......W...`[.tJcmap..........(..U.head.......4...6..%`hhea.......!...$...Khmtx...x...%...D..H.maxp...,..........P.name.............8..post.......... ...2..............ideoromn..DFLT..cyrl..grek..latn...................`......x.c`d```5.Z...8...+.3........P..?.?....1 ....$..N...x.RMn.@.}&$U7.......-+.V. 5R$"...a... {.......r....^.G..y<mQ.....\|.g......Cs]q6..[....+\|p...0u.M...s.....f~u......_s.....{..-t.O..a.}q.M....Qz....h..w..>?._...-.X...2:..].(.]QFF/.....%..LW....oR....fz..Fe(.^8..'C+..K.`u:..g\|.e...h..s.K..pS.E..EOy...h....i..2..@....cv..9..61rQd].#U]....A.....!.Cq.FX.@.M<....q.... [....rKH.K9.fH..LeW.OM..)..o..L....j..O.".Bz\|..!...b..E.R.e\.e4.U..........B..i;.X.Pel.r.....$...l..-.j......v.l.......r.~..U[.).....u."V'F.....O.G......x.c`f.........................L,,LL,..L.@yF.(ptqr.R..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\express[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	5302
Entropy (8bit):	5.329095079310637
Encrypted:	false
SSDEEP:	96:386R0lH1UHaxH1UPCR0m+ydgW3+y6aSH1UPr+ymTimqY4WjIGTLzmYaq/XYXg0e5:38s0lSaxQU0vydSy6aSQCymOpU/XYXH0
MD5:	28FAED207B8403DC160AD2F2D245FE75
SHA1:	61A7BC35E9ADC188B72A54E0F55DDBCE3BFA14AD
SHA-256:	FD9283232516266C3CF0950385286DB43507720CA29434978CEA01BB9AF27EEB
SHA-512:	B0813AE9FB8F2C1E95F9CE0BA829D158562F61F08E6F96C4884CEB536F1C3A325EC02A07FFAFEB71ED90DD2AC96396FD09E61135F05F857C24B346B493E4DC61
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.adobe.com/express/?r=reader_page_logo
Preview:	<!DOCTYPE html><html>..<head>. <title>Make Social Graphics, Short Videos, and Web Pages To Stand Out.In Minutes \| Adobe Spark</title>. <meta name="x-source-hash" content="TQd2yn6COm8CsXKP">. <link rel="canonical" href="https://www.adobe.com/express/">. <meta name="description" content="Adobe Spark is an online and mobile design app. Easily create stunning social graphics, short videos, and web pages that make you stand out on social and beyond.">. . <meta property="og:title" content="Make Social Graphics, Short Videos, and Web Pages To Stand Out.In Minutes \| Adobe Spark">. <meta property="og:description" content="Adobe Spark is an online and mobile design app. Easily create stunning social graphics, short videos, and web pages that make you stand out on social and beyond.">. <meta property="og:url" content="https://www.adobe.com/express/">. <meta property="og:image" content="https://www.adobe.com/express/media_1414f90572f278eae7d49cf2222e9b7d0063180cd.png?width=1200&fo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\launch-EN919758db9a654a17bac7d184b99c4820.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	565896
Entropy (8bit):	5.347359122266954
Encrypted:	false
SSDEEP:	6144:uX8TWFSklmBpYQkStCSZuRmRqducXVjDXOd//k/kw8zayfjbMK7EWw317:K8aFwpY6ASZuRDucXVjDXOdQIjbM7WG
MD5:	B9CA729BCDD3D9395740E6D390EA3F3E
SHA1:	5E6F6E151C20D9DBA9D8ED1C9078E6EFD811D0B0
SHA-256:	707EA3D5A3AE334F856107C132B68D5846E68C44A32DE55751821B65F02B5C2B
SHA-512:	78F9DDC332421C79699220D72C35AFD723B002A2697D4160BE2061028F5B572E3ECCF832A94D2EAC9FB4FD7697499333A525C63081889B36AE07576758DDF827
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/launch-EN919758db9a654a17bac7d184b99c4820.js`..window._satellite=window._satellite\|\|{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2021-05-11T16:52:00Z",environment:"production",turbineBuildDate:"2021-04-26T16:54:28Z",turbineVersion:"27.1.3"},dataElements:{"digitalData.search.filters":{defaultValue:"",modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return function(e){if(_satellite.getVar("adobe_aec_pages")&&digitalData._get("digitalData.filterInfo")&&digitalData._get("digitalData.filterInfo.filterName")){digitalData.search={},digitalData.search.filter=[],digitalData._set("digitalData.search.searchInfo.sort",digitalData.filterInfo.sortType);for(var t=digitalData.filterInfo.filterName.split("\|"),n=0;n<t.length;n++)for(var a=t[n].split(":"),i=a[0],r=a[1].split(","),o=0;o<r.length;o++){var s={filterInfo:{}};s.filterInfo.category=i,s.filterInfo.keyword=r[o],digitalData.search.fil

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\left-arrow[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 37 x 38, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1058
Entropy (8bit):	7.665700240485992
Encrypted:	false
SSDEEP:	24:CtN+UcVYoWrqGJpH3xVd20s+Yeg3weZpjWQ6c7i43r:CtNWYBO0pH3xVK+Do776F4b
MD5:	5CE00C645964CF02667D083A32CEC874
SHA1:	A8D09FAD595AE7DF7A955030FAA21CCC561FC581
SHA-256:	8BACF7F9552B5706A7E607F2FFAC2393884D09EDD921B22D8274FEAE33629822
SHA-512:	6507ED4DE6F371594F22697D2C7729FA11DB0756E292E418196F1827EDEF12BB6E1E64C89BEE1C28739C5F255D7E2442741AB1A9B6E2925551B33F84744EB5D5
Malicious:	false
Reputation:	low
IE Cache URL:	https://page.adobespark-assets.com/runtime/1.22/images/left-arrow.png
Preview:	.PNG........IHDR...%...&.....C.R.....sBIT....\|.d.....pHYs...........~.....tEXtCreation Time.05/02/13f.`.....tEXtSoftware.Adobe Fireworks CS6.....zIDATX..Ok.A...S.MI.5.....H....D<...[......"..!.,..../..).....YE%1..M..a..m:...H+.....o...M...&#{.`..P.....:.RJ...u.(R.D.Rj.cmO....h.n........= P-.).h(..S>..0.....J...{...^..T>......VWW.i.u.\..............g.Q .d.L.\...f..T...7...}C...\ZZ.....^.j.......B).9?.@p....}A.......\|...o.^Oc...q...........Rt.....L..h~~.n.....4p.......z.`[..h.P]@.@.8......#.)...........;.\|.S."L...p..M...b..T. .Z.-p...i .k..a..........A.<.....W8.G(.R...O.......a..T.....\|j..K.J.r.rr.j@.(.......b.........\|0>>>L dn+...z....m.911.R....^2.V.A.r1Y..\|...z....z.P^B........qzz......!A}.dw.....zw...g....AsU?.....ZNv.Z...P(..p..m........7....3^[.f......_..BaY).m._2......Wz..-..=...0.p..,.t....}.>..d............J).b.&.q...x+..w..T....~.l...<...Z.HGfgg.D......d2.:.o..o.p/........~.>...<[[[{..l6.K{.[...B..h...Ly3^*.n`B.....Q.\|C.....m.R.h.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.604190783593319
Encrypted:	false
SSDEEP:	3:QIk4Xvwg3e/QgY1ALD64XHUQZ6WVSy1ALD64XHUQZ4n:QI5oPX7Ll0AVwLl0tn
MD5:	4DF893C096E968AB098632EB452A252C
SHA1:	0ED4EC3D8D81E70B9D1A9E6E7883FD8E22377AEC
SHA-256:	668862C1854D47A4B178217DEC164025A2A4B1F45CC1409B9D02762DA50878E7
SHA-512:	E6C566F1DF10CA05D7837A9038BB0CD4607B657D5FFC4523256FE1DB1A532E27111BDCF28C230448BAD71B6CA26F37F4AB9AAAAB5318276FAD0A7CF64239B4D1
Malicious:	false
Reputation:	low
Preview:	<p>Moved Permanently. Redirecting to <a href="/sp/login?r=reader_page_bumper_createyourown">/sp/login?r=reader_page_bumper_createyourown</a></p>

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 22:31:14.996362925 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:14.997196913 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.037759066 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.037936926 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.038456917 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.038562059 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.043406963 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.043639898 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.048316002 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.048434973 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.052032948 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.052093983 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.085545063 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085583925 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085727930 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085768938 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085808039 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085848093 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.085858107 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.085911036 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.086020947 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.086040974 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.087774038 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.087883949 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.089601994 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.089706898 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.126192093 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.127295017 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.132050037 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.132153988 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.132293940 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.169589043 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.169632912 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.169661045 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.169780970 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.171232939 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.171957016 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.172084093 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.172193050 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.172224998 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.172303915 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.173471928 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.173499107 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.176145077 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.176177025 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.176429033 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.176461935 CEST	49696	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.176539898 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.188509941 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.188719988 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.197895050 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.214704037 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.216623068 CEST	443	49696	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.239582062 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.427706957 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.427756071 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.427793980 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.427825928 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.427843094 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.427886963 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.427958965 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.428782940 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.428826094 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.428900957 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.428958893 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.429925919 CEST	443	49695	13.225.74.123	192.168.2.3
May 12, 2021 22:31:15.430037975 CEST	49695	443	192.168.2.3	13.225.74.123
May 12, 2021 22:31:15.690723896 CEST	49698	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.690855026 CEST	49700	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.690953016 CEST	49699	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.691366911 CEST	49701	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.691461086 CEST	49702	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.732275963 CEST	443	49700	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.732323885 CEST	443	49699	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.732460022 CEST	49700	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.732465029 CEST	49699	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.732510090 CEST	443	49701	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.732609034 CEST	49701	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.732680082 CEST	443	49702	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.732757092 CEST	49702	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.734221935 CEST	49699	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.734292030 CEST	49701	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.734435081 CEST	49700	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.734667063 CEST	49702	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.738240004 CEST	443	49698	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.738342047 CEST	49698	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.738938093 CEST	49698	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.746659994 CEST	443	49699	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.746745110 CEST	49699	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.748709917 CEST	443	49700	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.748785019 CEST	49700	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.750813961 CEST	443	49702	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.750875950 CEST	49702	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.756699085 CEST	443	49701	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.756773949 CEST	49701	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.766659021 CEST	443	49698	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.766729116 CEST	49698	443	192.168.2.3	13.224.193.81
May 12, 2021 22:31:15.775454044 CEST	443	49699	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.775486946 CEST	443	49701	13.224.193.81	192.168.2.3
May 12, 2021 22:31:15.775578022 CEST	443	49700	13.224.193.81	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 22:31:06.973026991 CEST	52238	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:07.024580002 CEST	53	52238	8.8.8.8	192.168.2.3
May 12, 2021 22:31:08.169234991 CEST	49873	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:08.221033096 CEST	53	49873	8.8.8.8	192.168.2.3
May 12, 2021 22:31:08.933445930 CEST	53196	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:08.985666037 CEST	53	53196	8.8.8.8	192.168.2.3
May 12, 2021 22:31:09.835772991 CEST	56777	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:09.884919882 CEST	53	56777	8.8.8.8	192.168.2.3
May 12, 2021 22:31:10.673698902 CEST	58643	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:10.722529888 CEST	53	58643	8.8.8.8	192.168.2.3
May 12, 2021 22:31:11.616112947 CEST	60985	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:11.665314913 CEST	53	60985	8.8.8.8	192.168.2.3
May 12, 2021 22:31:13.480292082 CEST	50200	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:13.528938055 CEST	53	50200	8.8.8.8	192.168.2.3
May 12, 2021 22:31:13.837718010 CEST	51281	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:13.895144939 CEST	53	51281	8.8.8.8	192.168.2.3
May 12, 2021 22:31:14.577137947 CEST	49199	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:14.626045942 CEST	53	49199	8.8.8.8	192.168.2.3
May 12, 2021 22:31:14.917831898 CEST	50620	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:14.979960918 CEST	53	50620	8.8.8.8	192.168.2.3
May 12, 2021 22:31:15.401633024 CEST	64938	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:15.451164961 CEST	53	64938	8.8.8.8	192.168.2.3
May 12, 2021 22:31:15.503818035 CEST	60152	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:15.572906971 CEST	53	60152	8.8.8.8	192.168.2.3
May 12, 2021 22:31:15.913244963 CEST	57544	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:15.975049973 CEST	53	57544	8.8.8.8	192.168.2.3
May 12, 2021 22:31:16.730295897 CEST	55984	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:16.790159941 CEST	53	55984	8.8.8.8	192.168.2.3
May 12, 2021 22:31:17.072592974 CEST	64185	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:17.131921053 CEST	53	64185	8.8.8.8	192.168.2.3
May 12, 2021 22:31:17.330864906 CEST	65110	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:17.379931927 CEST	53	65110	8.8.8.8	192.168.2.3
May 12, 2021 22:31:18.857068062 CEST	58361	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:18.908791065 CEST	53	58361	8.8.8.8	192.168.2.3
May 12, 2021 22:31:19.818137884 CEST	63492	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:19.866951942 CEST	53	63492	8.8.8.8	192.168.2.3
May 12, 2021 22:31:20.720110893 CEST	60831	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:20.771856070 CEST	53	60831	8.8.8.8	192.168.2.3
May 12, 2021 22:31:21.666695118 CEST	60100	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:21.723989010 CEST	53	60100	8.8.8.8	192.168.2.3
May 12, 2021 22:31:22.968219995 CEST	53195	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:23.019810915 CEST	53	53195	8.8.8.8	192.168.2.3
May 12, 2021 22:31:32.129483938 CEST	50141	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:32.198004961 CEST	53	50141	8.8.8.8	192.168.2.3
May 12, 2021 22:31:40.821342945 CEST	53023	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:40.894679070 CEST	53	53023	8.8.8.8	192.168.2.3
May 12, 2021 22:31:44.021070957 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:44.274457932 CEST	51352	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:44.344441891 CEST	53	51352	8.8.8.8	192.168.2.3
May 12, 2021 22:31:44.524637938 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:44.585784912 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:31:44.749296904 CEST	57084	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:44.811016083 CEST	53	57084	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.014619112 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.071789980 CEST	53	49563	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.232811928 CEST	58823	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.246721983 CEST	57568	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.294162035 CEST	53	58823	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.309828997 CEST	53	57568	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.515213966 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.577758074 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.580198050 CEST	50540	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.639350891 CEST	53	50540	8.8.8.8	192.168.2.3
May 12, 2021 22:31:45.742535114 CEST	54366	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:45.804903030 CEST	53	54366	8.8.8.8	192.168.2.3
May 12, 2021 22:31:46.033216000 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:46.083709955 CEST	53	49563	8.8.8.8	192.168.2.3
May 12, 2021 22:31:46.203922033 CEST	53034	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:46.261765003 CEST	53	53034	8.8.8.8	192.168.2.3
May 12, 2021 22:31:46.517100096 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:46.546550035 CEST	57762	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:46.565912962 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:31:46.605576038 CEST	53	57762	8.8.8.8	192.168.2.3
May 12, 2021 22:31:48.865823984 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:48.923310041 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:31:49.465732098 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:49.522923946 CEST	53	49563	8.8.8.8	192.168.2.3
May 12, 2021 22:31:50.518640995 CEST	55435	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:50.579286098 CEST	53	55435	8.8.8.8	192.168.2.3
May 12, 2021 22:31:50.960355043 CEST	50713	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:51.018579006 CEST	53	50713	8.8.8.8	192.168.2.3
May 12, 2021 22:31:51.477449894 CEST	56132	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:51.559379101 CEST	53	56132	8.8.8.8	192.168.2.3
May 12, 2021 22:31:51.674725056 CEST	58987	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:51.734678030 CEST	53	58987	8.8.8.8	192.168.2.3
May 12, 2021 22:31:52.876832962 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:52.935672998 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:31:53.345267057 CEST	56579	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:53.406409025 CEST	53	56579	8.8.8.8	192.168.2.3
May 12, 2021 22:31:53.471435070 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:53.520375967 CEST	60633	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:53.528512001 CEST	53	49563	8.8.8.8	192.168.2.3
May 12, 2021 22:31:53.580838919 CEST	53	60633	8.8.8.8	192.168.2.3
May 12, 2021 22:31:53.765167952 CEST	61292	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:53.827374935 CEST	53	61292	8.8.8.8	192.168.2.3
May 12, 2021 22:31:55.655950069 CEST	63619	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:55.676026106 CEST	64938	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:55.721561909 CEST	53	63619	8.8.8.8	192.168.2.3
May 12, 2021 22:31:55.724699020 CEST	53	64938	8.8.8.8	192.168.2.3
May 12, 2021 22:31:55.915848017 CEST	61946	53	192.168.2.3	8.8.8.8
May 12, 2021 22:31:55.964569092 CEST	53	61946	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 12, 2021 22:31:15.503818035 CEST	192.168.2.3	8.8.8.8	0x5e64	Standard query (0)	page.adobespark-assets.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.913244963 CEST	192.168.2.3	8.8.8.8	0x60d4	Standard query (0)	use.typekit.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:16.730295897 CEST	192.168.2.3	8.8.8.8	0x92c2	Standard query (0)	s3.amazonaws.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:17.072592974 CEST	192.168.2.3	8.8.8.8	0x84f6	Standard query (0)	p.typekit.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:32.129483938 CEST	192.168.2.3	8.8.8.8	0x6b55	Standard query (0)	page.adobespark-assets.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:44.749296904 CEST	192.168.2.3	8.8.8.8	0x88bc	Standard query (0)	static.adobelogin.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.232811928 CEST	192.168.2.3	8.8.8.8	0x5217	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.246721983 CEST	192.168.2.3	8.8.8.8	0xb19	Standard query (0)	cdn.cookielaw.org	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.580198050 CEST	192.168.2.3	8.8.8.8	0x472b	Standard query (0)	geolocation.onetrust.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.742535114 CEST	192.168.2.3	8.8.8.8	0xb99d	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.546550035 CEST	192.168.2.3	8.8.8.8	0xc8d1	Standard query (0)	api.demandbase.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.518640995 CEST	192.168.2.3	8.8.8.8	0x25ae	Standard query (0)	adobe.tt.omtrdc.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.477449894 CEST	192.168.2.3	8.8.8.8	0xcf71	Standard query (0)	cm.everesttech.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.345267057 CEST	192.168.2.3	8.8.8.8	0xddc0	Standard query (0)	adobe.demdex.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.520375967 CEST	192.168.2.3	8.8.8.8	0xc1e9	Standard query (0)	ims-na1.adobelogin.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.655950069 CEST	192.168.2.3	8.8.8.8	0x47e7	Standard query (0)	adobedc.demdex.net	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.676026106 CEST	192.168.2.3	8.8.8.8	0xf000	Standard query (0)	aa.agkn.com	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.915848017 CEST	192.168.2.3	8.8.8.8	0x4187	Standard query (0)	sync.mathtag.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 12, 2021 22:31:14.979960918 CEST	8.8.8.8	192.168.2.3	0xc66b	No error (0)	spark.adobeprojectm.com		13.225.74.123	A (IP address)	IN (0x0001)
May 12, 2021 22:31:14.979960918 CEST	8.8.8.8	192.168.2.3	0xc66b	No error (0)	spark.adobeprojectm.com		13.225.74.35	A (IP address)	IN (0x0001)
May 12, 2021 22:31:14.979960918 CEST	8.8.8.8	192.168.2.3	0xc66b	No error (0)	spark.adobeprojectm.com		13.225.74.86	A (IP address)	IN (0x0001)
May 12, 2021 22:31:14.979960918 CEST	8.8.8.8	192.168.2.3	0xc66b	No error (0)	spark.adobeprojectm.com		13.225.74.22	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.572906971 CEST	8.8.8.8	192.168.2.3	0x5e64	No error (0)	page.adobespark-assets.com		13.224.193.81	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.572906971 CEST	8.8.8.8	192.168.2.3	0x5e64	No error (0)	page.adobespark-assets.com		13.224.193.29	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.572906971 CEST	8.8.8.8	192.168.2.3	0x5e64	No error (0)	page.adobespark-assets.com		13.224.193.122	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.572906971 CEST	8.8.8.8	192.168.2.3	0x5e64	No error (0)	page.adobespark-assets.com		13.224.193.108	A (IP address)	IN (0x0001)
May 12, 2021 22:31:15.975049973 CEST	8.8.8.8	192.168.2.3	0x60d4	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:16.790159941 CEST	8.8.8.8	192.168.2.3	0x92c2	No error (0)	s3.amazonaws.com		52.217.1.54	A (IP address)	IN (0x0001)
May 12, 2021 22:31:17.131921053 CEST	8.8.8.8	192.168.2.3	0x84f6	No error (0)	p.typekit.net	p.typekit.net-v3.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:32.198004961 CEST	8.8.8.8	192.168.2.3	0x6b55	No error (0)	page.adobespark-assets.com		13.224.193.122	A (IP address)	IN (0x0001)
May 12, 2021 22:31:32.198004961 CEST	8.8.8.8	192.168.2.3	0x6b55	No error (0)	page.adobespark-assets.com		13.224.193.81	A (IP address)	IN (0x0001)
May 12, 2021 22:31:32.198004961 CEST	8.8.8.8	192.168.2.3	0x6b55	No error (0)	page.adobespark-assets.com		13.224.193.108	A (IP address)	IN (0x0001)
May 12, 2021 22:31:32.198004961 CEST	8.8.8.8	192.168.2.3	0x6b55	No error (0)	page.adobespark-assets.com		13.224.193.29	A (IP address)	IN (0x0001)
May 12, 2021 22:31:44.811016083 CEST	8.8.8.8	192.168.2.3	0x88bc	No error (0)	static.adobelogin.com	adobelogin-static.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:44.811016083 CEST	8.8.8.8	192.168.2.3	0x88bc	No error (0)	adobelogin-static.prod.ims.adobejanus.com	dd20fzx9mj46f.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:44.811016083 CEST	8.8.8.8	192.168.2.3	0x88bc	No error (0)	dd20fzx9mj46f.cloudfront.net		13.224.187.69	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.294162035 CEST	8.8.8.8	192.168.2.3	0x5217	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:45.309828997 CEST	8.8.8.8	192.168.2.3	0xb19	No error (0)	cdn.cookielaw.org		104.16.148.64	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.309828997 CEST	8.8.8.8	192.168.2.3	0xb19	No error (0)	cdn.cookielaw.org		104.16.149.64	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.639350891 CEST	8.8.8.8	192.168.2.3	0x472b	No error (0)	geolocation.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.639350891 CEST	8.8.8.8	192.168.2.3	0x472b	No error (0)	geolocation.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	gslb-2.demdex.net	edge-irl1.demdex.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	edge-irl1.demdex.net	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		54.154.123.210	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.17.73.77	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.212.101.97	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		18.200.233.208	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.31.176.223	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.252.115.248	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.251.60.147	A (IP address)	IN (0x0001)
May 12, 2021 22:31:45.804903030 CEST	8.8.8.8	192.168.2.3	0xb99d	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		18.200.157.96	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.261765003 CEST	8.8.8.8	192.168.2.3	0xdab7	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		15.237.76.117	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.261765003 CEST	8.8.8.8	192.168.2.3	0xdab7	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		35.181.18.61	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.261765003 CEST	8.8.8.8	192.168.2.3	0xdab7	No error (0)	adobe.com.ssl.d1.sc.omtrdc.net		15.237.136.106	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.605576038 CEST	8.8.8.8	192.168.2.3	0xc8d1	No error (0)	api.demandbase.com		13.225.74.112	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.605576038 CEST	8.8.8.8	192.168.2.3	0xc8d1	No error (0)	api.demandbase.com		13.225.74.124	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.605576038 CEST	8.8.8.8	192.168.2.3	0xc8d1	No error (0)	api.demandbase.com		13.225.74.58	A (IP address)	IN (0x0001)
May 12, 2021 22:31:46.605576038 CEST	8.8.8.8	192.168.2.3	0xc8d1	No error (0)	api.demandbase.com		13.225.74.37	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		52.51.251.137	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		52.213.168.74	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		52.212.193.208	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		34.252.166.160	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		52.212.164.82	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		52.18.150.20	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		34.252.156.174	A (IP address)	IN (0x0001)
May 12, 2021 22:31:50.579286098 CEST	8.8.8.8	192.168.2.3	0x25ae	No error (0)	adobe.tt.omtrdc.net		18.203.205.32	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.559379101 CEST	8.8.8.8	192.168.2.3	0xcf71	No error (0)	cm.everesttech.net	cm.everesttech.net.akadns.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		52.213.176.171	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		52.209.27.136	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		54.73.76.208	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		54.76.80.163	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		63.32.113.5	A (IP address)	IN (0x0001)
May 12, 2021 22:31:51.734678030 CEST	8.8.8.8	192.168.2.3	0x88b2	No error (0)	services.prod.ims.adobejanus.com		99.81.92.132	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	adobe.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	gslb-2.demdex.net	edge-irl1.demdex.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	edge-irl1.demdex.net	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.17.54.18	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.250.160.147	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		34.254.147.143	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		18.200.233.208	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.30.200.197	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		3.250.252.43	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.18.91.199	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.406409025 CEST	8.8.8.8	192.168.2.3	0xddc0	No error (0)	dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com		52.48.201.185	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	ims-na1.adobelogin.com	adobelogin.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin.prod.ims.adobejanus.com	adobelogin-origin.prod.ims.adobejanus.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		99.81.92.132	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		54.76.80.163	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		63.32.113.5	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		52.213.176.171	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		52.209.27.136	A (IP address)	IN (0x0001)
May 12, 2021 22:31:53.580838919 CEST	8.8.8.8	192.168.2.3	0xc1e9	No error (0)	adobelogin-origin.prod.ims.adobejanus.com		54.73.76.208	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.721561909 CEST	8.8.8.8	192.168.2.3	0x47e7	No error (0)	adobedc.demdex.net	demdex.net.ssl.sc.omtrdc.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:55.721561909 CEST	8.8.8.8	192.168.2.3	0x47e7	No error (0)	demdex.net.ssl.sc.omtrdc.net		35.181.18.61	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.721561909 CEST	8.8.8.8	192.168.2.3	0x47e7	No error (0)	demdex.net.ssl.sc.omtrdc.net		15.237.136.106	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.721561909 CEST	8.8.8.8	192.168.2.3	0x47e7	No error (0)	demdex.net.ssl.sc.omtrdc.net		15.237.76.117	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa.agkn.com	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		18.133.35.94	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		35.176.232.241	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		52.56.207.211	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		52.56.111.113	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		18.132.239.61	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.724699020 CEST	8.8.8.8	192.168.2.3	0xf000	No error (0)	aa-agkn-com-https-1893222849.eu-west-2.elb.amazonaws.com		3.11.29.5	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.964569092 CEST	8.8.8.8	192.168.2.3	0x4187	No error (0)	sync.mathtag.com	pixel-origin.mathtag.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:31:55.964569092 CEST	8.8.8.8	192.168.2.3	0x4187	No error (0)	pixel-origin.mathtag.com		185.29.135.233	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.964569092 CEST	8.8.8.8	192.168.2.3	0x4187	No error (0)	pixel-origin.mathtag.com		185.29.135.227	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.964569092 CEST	8.8.8.8	192.168.2.3	0x4187	No error (0)	pixel-origin.mathtag.com		185.29.135.234	A (IP address)	IN (0x0001)
May 12, 2021 22:31:55.964569092 CEST	8.8.8.8	192.168.2.3	0x4187	No error (0)	pixel-origin.mathtag.com		185.29.133.52	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 12, 2021 22:31:15.087774038 CEST	13.225.74.123	443	192.168.2.3	49696	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:15.087774038 CEST	13.225.74.123	443	192.168.2.3	49696	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:15.089601994 CEST	13.225.74.123	443	192.168.2.3	49695	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:15.089601994 CEST	13.225.74.123	443	192.168.2.3	49695	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:15.790375948 CEST	13.224.193.81	443	192.168.2.3	49702	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.790375948 CEST	13.224.193.81	443	192.168.2.3	49702	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.791728020 CEST	13.224.193.81	443	192.168.2.3	49700	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.791728020 CEST	13.224.193.81	443	192.168.2.3	49700	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794047117 CEST	13.224.193.81	443	192.168.2.3	49699	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794047117 CEST	13.224.193.81	443	192.168.2.3	49699	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794644117 CEST	13.224.193.81	443	192.168.2.3	49701	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794644117 CEST	13.224.193.81	443	192.168.2.3	49701	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794964075 CEST	13.224.193.81	443	192.168.2.3	49698	CN=spark.adobe.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Jun 05 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Jun 10 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:15.794964075 CEST	13.224.193.81	443	192.168.2.3	49698	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:17.249805927 CEST	52.217.1.54	443	192.168.2.3	49705	CN=s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Aug 04 02:00:00 CEST 2020 Tue Dec 08 13:05:07 CET 2015	Mon Aug 09 14:00:00 CEST 2021 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:17.249805927 CEST	52.217.1.54	443	192.168.2.3	49705	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:17.250386000 CEST	52.217.1.54	443	192.168.2.3	49706	CN=s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Aug 04 02:00:00 CEST 2020 Tue Dec 08 13:05:07 CET 2015	Mon Aug 09 14:00:00 CEST 2021 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:17.250386000 CEST	52.217.1.54	443	192.168.2.3	49706	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:44.916570902 CEST	13.224.187.69	443	192.168.2.3	49721	CN=static.adobelogin.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Wed Sep 22 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:44.926029921 CEST	13.224.187.69	443	192.168.2.3	49722	CN=static.adobelogin.com, OU=IT, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 18 02:00:00 CEST 2019 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Wed Sep 22 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:45.399034023 CEST	104.16.148.64	443	192.168.2.3	49726	CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 01 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 01 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.399034023 CEST	104.16.148.64	443	192.168.2.3	49726	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.401799917 CEST	104.16.148.64	443	192.168.2.3	49725	CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 01 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 01 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.401799917 CEST	104.16.148.64	443	192.168.2.3	49725	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.730355024 CEST	104.20.184.68	443	192.168.2.3	49727	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.730355024 CEST	104.20.184.68	443	192.168.2.3	49727	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.731453896 CEST	104.20.184.68	443	192.168.2.3	49728	CN=onetrust.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Feb 12 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Sat Feb 12 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.731453896 CEST	104.20.184.68	443	192.168.2.3	49728	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:45.940293074 CEST	54.154.123.210	443	192.168.2.3	49730	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:45.941040039 CEST	54.154.123.210	443	192.168.2.3	49729	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:46.369581938 CEST	15.237.76.117	443	192.168.2.3	49731	CN=sstats.adobe.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon May 18 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 25 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:46.369581938 CEST	15.237.76.117	443	192.168.2.3	49731	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:46.371767044 CEST	15.237.76.117	443	192.168.2.3	49732	CN=sstats.adobe.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon May 18 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Wed Aug 25 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:46.371767044 CEST	15.237.76.117	443	192.168.2.3	49732	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		3faf2df7ab96c36419c31725cb1fa7d6
May 12, 2021 22:31:46.699083090 CEST	13.225.74.112	443	192.168.2.3	49733	CN=api.demandbase.com, O="Demandbase, Inc.", L=San Francisco, ST=California, C=US, SERIALNUMBER=C3920817, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Fri Oct 09 23:16:41 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Oct 28 02:17:28 CEST 2021 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 12, 2021 22:31:46.699960947 CEST	13.225.74.112	443	192.168.2.3	49734	CN=api.demandbase.com, O="Demandbase, Inc.", L=San Francisco, ST=California, C=US, SERIALNUMBER=C3920817, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Fri Oct 09 23:16:41 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Oct 28 02:17:28 CEST 2021 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 12, 2021 22:31:50.979350090 CEST	52.51.251.137	443	192.168.2.3	49735	CN=*.tt.omtrdc.net, O=Adobe Inc., L=SAN JOSE, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 02 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013	Wed Nov 10 00:59:59 CET 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:50.979350090 CEST	52.51.251.137	443	192.168.2.3	49735	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:51.876328945 CEST	52.213.176.171	443	192.168.2.3	49740	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	3faf2df7ab96c36419c31725cb1fa7d6
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:53.538958073 CEST	52.17.54.18	443	192.168.2.3	49742	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:53.540385962 CEST	52.17.54.18	443	192.168.2.3	49741	CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 02 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Mon Jan 03 00:59:59 CET 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:53.707099915 CEST	99.81.92.132	443	192.168.2.3	49743	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:53.718790054 CEST	99.81.92.132	443	192.168.2.3	49744	CN=ims-na1.adobelogin.com, O=Adobe Inc., L=San Jose, ST=ca, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 24 01:00:00 CET 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Tue Mar 01 00:59:59 CET 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 12, 2021 22:31:55.839978933 CEST	35.181.18.61	443	192.168.2.3	49747	CN=adobedc.demdex.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Oct 14 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Mon Nov 15 00:59:59 CET 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:55.839978933 CEST	35.181.18.61	443	192.168.2.3	49747	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:55.845047951 CEST	18.133.35.94	443	192.168.2.3	49749	CN=*.agkn.com CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Sat Jul 25 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006 Mon Nov 06 13:23:33 CET 2017	Sun Sep 18 14:00:00 CEST 2022 Mon Nov 10 01:00:00 CET 2031 Sat Nov 06 13:23:33 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
					CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:33 CET 2017	Sat Nov 06 13:23:33 CET 2027
May 12, 2021 22:31:55.850872040 CEST	18.133.35.94	443	192.168.2.3	49748	CN=*.agkn.com CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Sat Jul 25 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006 Mon Nov 06 13:23:33 CET 2017	Sun Sep 18 14:00:00 CEST 2022 Mon Nov 10 01:00:00 CET 2031 Sat Nov 06 13:23:33 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
					CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:33 CET 2017	Sat Nov 06 13:23:33 CET 2027
May 12, 2021 22:31:56.245672941 CEST	185.29.135.233	443	192.168.2.3	49751	CN=*.mathtag.com, O="MediaMath, Inc.", L=New York, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 15 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Apr 22 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:56.245672941 CEST	185.29.135.233	443	192.168.2.3	49751	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:56.252473116 CEST	185.29.135.233	443	192.168.2.3	49750	CN=*.mathtag.com, O="MediaMath, Inc.", L=New York, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 15 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Fri Apr 22 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 12, 2021 22:31:56.252473116 CEST	185.29.135.233	443	192.168.2.3	49750	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5920 Parent PID: 792

General

Start time:	22:32:02
Start date:	12/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7dbc00000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5976 Parent PID: 5920

General

Start time:	22:32:03
Start date:	12/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5920 CREDAT:17410 /prefetch:2
Imagebase:	0x890000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://spark.adobe.com/page/80rUPX5WG8FDD

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Malware Analysis System Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5920 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5976 Parent PID: 5920

General

Disassembly