Play interactive tour

Edit tour

Analysis Report Swift-Receipt222.pdf

Overview

General Information

Sample Name:	Swift-Receipt222.pdf
Analysis ID:	432799
MD5:	a67be3d1f4d7f321f58f068399f1fa11
SHA1:	f6872349a822b44ed2662e044995f376bec69fdd
SHA256:	575125b2fcad78ccfd6ac81b71077cfee9c24a92c8549b6185b8a5689c9f895f
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found potential malicious PDF (bad image similarity)

Yara detected HtmlPhish10

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Found iframes

HTML body contains low number of good links

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Unusual large HTML page

Classification

Process Tree

System is w10x64

AcroRd32.exe (PID: 6404 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

AcroRd32.exe (PID: 6528 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf' MD5: B969CF0C7B2C443A99034881E8C8740A)

RdrCEF.exe (PID: 6692 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6904 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 6912 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 7088 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

RdrCEF.exe (PID: 5872 cmdline: 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1 MD5: 9AEBA3BACD721484391D15478A4080C7)

chrome.exe (PID: 996 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6996 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6588 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6480 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 17087.pages.csv, type: HTML

Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177225778&timestamp=1623377106846
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0
Source: https://ga-ine.net/go/home	HTTP Parser: Number of links: 0

Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password
Source: https://ga-ine.net/go/home	HTTP Parser: Invalid link: Forgot my password

Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing
Source: https://ga-ine.net/go/home	HTTP Parser: HTML title missing

Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin

HTTP Parser: Total size: 1706137

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://ga-ine.net/go/home	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&followup=https%3A%2F%2Fpolicies.google.com%2Fprivacy%3Fhl%3Den&hl=en&ec=GAZAoQQ&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

Source: global traffic

DNS query: name: cliffskenya.com

Source: global traffic

TCP traffic: 192.168.2.5:49727 -> 20.150.208.6:443

Source: global traffic

TCP traffic: 192.168.2.5:49718 -> 151.80.25.150:80

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 91.199.212.52 91.199.212.52

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveContent-Type: text/html; charset=UTF-8Content-Length: 167Content-Encoding: gzipVary: Accept-EncodingDate: Thu, 10 Jun 2021 17:04:30 GMTData Raw: 1f 8b 08 00 00 00 00 00 00 03 25 ce b1 0e c2 20 14 40 d1 dd af 20 0c 6e 82 16 1b 8d 29 35 c6 c1 a6 43 57 a3 1b a5 58 30 14 48 fb a4 f8 f7 26 76 bb 39 d3 2d 26 39 9a 00 08 be 41 71 84 41 25 a0 6f 11 c5 c2 b8 9c 8d eb fc 4c ac 97 02 8c 77 44 8f ea 85 38 c2 1a 20 4c 27 4a 7b b1 31 4e 11 a7 80 f6 9e 5a df 1b 47 c4 14 d2 d9 74 fc 59 d5 b1 bd a5 d0 ba e6 22 ab 3a 4a d6 58 39 68 fb b8 a7 ad b8 e6 51 0e 92 af c5 07 34 67 47 b6 cf 14 db b1 43 a6 58 ce b2 7f 1f 71 41 97 8d 72 f5 03 b4 00 65 3b a7 00 00 00 Data Ascii: % @ n)5CWX0H&v9-&9AqA%oLwD8 L'J{1NZGtY":JX9hQ4gGCXqAre;

Source: global traffic	HTTP traffic detected: GET /rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc= HTTP/1.1Host: drollins.cliffskenya.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: zerossl.crt.sectigo.com

Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: ://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav equals www.youtube.com (Youtube)
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: cliffskenya.com

Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0//1.0/V7k
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.19.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.18.dr	String found in binary or memory: http://drollins.cliffskenya.com
Source: Favicons-journal.18.dr, History.18.dr, History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=
Source: Swift-Receipt222.pdf	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=)
Source: History.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=/#
Source: AcroRd32.exe, 00000001.00000002.420388313.000000000CDEA000.00000004.00000001.sdmp, History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2
Source: History Provider Cache.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=2:
Source: AcroRd32.exe, 00000001.00000002.418935057.000000000B491000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=5
Source: Favicons-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=B
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=E
Source: History-journal.18.dr	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=FH
Source: AcroRd32.exe, 00000001.00000002.418209299.000000000B191000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=_8D
Source: AcroRd32.exe, 00000001.00000002.414465174.000000000A770000.00000004.00000001.sdmp	String found in binary or memory: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=ontainerSize
Source: AcroRd32.exe, 00000001.00000002.418636294.000000000B332000.00000004.00000001.sdmp	String found in binary or memory: http://en.wikipedia
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.co
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/77
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#3
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#r
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/B5
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: 10BDC45B4A27319429BBC4F08A4E8A10.19.dr	String found in binary or memory: http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
Source: AcroRd32.exe, 00000001.00000002.420813546.000000000CE6B000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000001.00000002.418863963.000000000B42E000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW
Source: Reporting and NEL.19.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v2?s=tg%2FqX4LyDc8GF%2FiWUQV9RYkrHH4EYSSuDyGsvPKbbkcOEXtu0TRXBkF
Source: 000003.log5.18.dr	String found in binary or memory: https://about.google
Source: Network Action Predictor.18.dr, b8c3df9b5168fca9_0.18.dr, 346866bbe969e451_0.18.dr	String found in binary or memory: https://about.google/
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://about.google/3
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/Y
Source: ca5dd8c4d05c0b30_0.18.dr	String found in binary or memory: https://about.google/assets-products/js/index.min.js?cache=627e25d
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://about.google/favicon.ico0
Source: Favicons.18.dr	String found in binary or memory: https://about.google/intl/en/products
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/
Source: Current Session.18.dr	String found in binary or memory: https://about.google/intl/en/products/3Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/products/Browse
Source: History.18.dr	String found in binary or memory: https://about.google/intl/en/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://accounts.google.com
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com#
Source: d076b6fa748cc943_0.18.dr	String found in binary or memory: https://accounts.google.com/
Source: f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://accounts.google.com//E
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privac
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.com/_/bscframe
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: History.18.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier?passive=1209600&continue=https%3A%2F%2Fpolicies.goo
Source: fe0519b5b8b2b844_0.18.dr	String found in binary or memory: https://accounts.google.com/u
Source: Current Session.18.dr	String found in binary or memory: https://accounts.google.comh
Source: Current Session.18.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1177
Source: Network Action Predictor.18.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 29b9e743bf6a96f6_0.18.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comgs
Source: 150501eb52c82ec4_0.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://apis.google.com
Source: 150501eb52c82ec4_0.18.dr, 5a55e44991ac8b2b_0.18.dr	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.vQiXRrxCe40.O/m=gapi_iframes
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: Network Action Predictor.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: 6eaf70376a4c0fcb_0.18.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.18.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://clients6.google.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://code.jquery.com/
Source: 18a574279a460c61_0.18.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 150501eb52c82ec4_0.18.dr, manifest.json0.18.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsDomainCookiesCheckConnectionHttp/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/external
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityPoliciesUi/externalr
Source: Reporting and NEL.19.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: 120b86f3-b3c5-47f9-a252-a729121ab9fd.tmp.19.dr, d3f71dd8-af7e-4572-962d-7a741cc75787.tmp.19.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://dns.google
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json0.18.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://ga-ine.net
Source: 18a574279a460c61_0.18.dr, Network Action Predictor.18.dr, 29b9e743bf6a96f6_0.18.dr, 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://ga-ine.net/
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/favicon.ico
Source: Favicons-journal.18.dr	String found in binary or memory: https://ga-ine.net/favicon.icoB
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/home
Source: Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/home3
Source: History.18.dr	String found in binary or memory: https://ga-ine.net/go/homeSign
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homeT
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.net/go/homefm
Source: Current Session.18.dr, Favicons.18.dr	String found in binary or memory: https://ga-ine.net/go/login.aspx?id=ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=&auth=38342e31372e35322e3138
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://ga-ine.net/o#
Source: Current Session.18.dr	String found in binary or memory: https://ga-ine.neth
Source: 1fc81d98e0bca5b5_0.18.dr, 901b648cd82f37e1_0.18.dr, 3dbe54b7c92541c6_0.18.dr, abd4f02146639bbf_0.18.dr	String found in binary or memory: https://google.com/
Source: 89976388d776040a_0.18.dr	String found in binary or memory: https://google.com/0q
Source: 70f3e0500aa4a1d7_0.18.dr	String found in binary or memory: https://google.com/3
Source: 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://google.com/5
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/:
Source: 031517cf987ed5ca_0.18.dr	String found in binary or memory: https://google.com/F
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/JF
Source: 2ef175f79a71fadd_0.18.dr	String found in binary or memory: https://google.com/L
Source: 5528c7caf4fa1401_0.18.dr	String found in binary or memory: https://google.com/L-m
Source: 68b3bfd079cc9fcd_0.18.dr	String found in binary or memory: https://google.com/Qr
Source: 0355d4a94b58528a_0.18.dr	String found in binary or memory: https://google.com/T
Source: 08d531cb4a36a419_0.18.dr	String found in binary or memory: https://google.com/V
Source: 1fde12061b590deb_0.18.dr	String found in binary or memory: https://google.com/Z
Source: 2a8215f3bb8c1a18_0.18.dr	String found in binary or memory: https://google.com/_;
Source: ed2289f19713d927_0.18.dr	String found in binary or memory: https://google.com/f
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/h
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/hA9=
Source: 6f8306580c7f29f4_0.18.dr	String found in binary or memory: https://google.com/k
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/l
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://google.com/p
Source: 3dbe54b7c92541c6_0.18.dr	String found in binary or memory: https://google.com/pF
Source: ec79fe2a6efd0153_0.18.dr	String found in binary or memory: https://google.com/r
Source: a45d7a7b5530ef14_0.18.dr	String found in binary or memory: https://google.com/x
Source: manifest.json0.18.dr	String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000001.00000002.407681471.000000000943F000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 4e44c6b63048c53f_0.18.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: Current Session.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ogs.google.com
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com#
Source: Current Session.18.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?bc=1&origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&sp
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: manifest.json.18.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.google.com
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://plus.googleapis.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com#
Source: Network Action Predictor.18.dr, Current Session.18.dr	String found in binary or memory: https://policies.google.com/
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/?hl=en-
Source: History.18.dr	String found in binary or memory: https://policies.google.com/?hl=enPrivacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/Zq
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=enFAQ
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/faq?hl=ena
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en2Updates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=en81
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/archive?hl=enUpdates:
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=en3Data
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/frameworks?hl=enData
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=en5Who
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners?hl=enWho
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=en$Key
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enKey
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy/key-terms?hl=enc
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en)Privacy
Source: History.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enPrivacy
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/privacy?hl=enm
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=en
Source: History.18.dr	String found in binary or memory: https://policies.google.com/technologies?hl=enTechnologies
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=en2Google
Source: History.18.dr	String found in binary or memory: https://policies.google.com/terms?hl=enGoogle
Source: Current Session.18.dr	String found in binary or memory: https://policies.google.comh
Source: manifest.json.18.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 55eb0dad66b87c70_0.18.dr, f2a8eb5d2b3ff76f_0.18.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en.QMyOJliEoZQ.O/am=B2CcYUEBEAAAGAAA
Source: Favicons.18.dr	String found in binary or memory: https://ssl.gstatic.com/policies/favicon.ico
Source: Network Action Predictor.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 5925aba0295ba9a2_0.18.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json62.18.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 33358dc9738a86ce_0.18.dr, a6f875b417e34ffa_0.18.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: AcroRd32.exe, 00000001.00000002.406992348.0000000008B0D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 1154c6710157da27_0.18.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: Current Session.18.dr, History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/products
Source: History.18.dr	String found in binary or memory: https://www.google.ch/intl/en/about/productsBrowse
Source: 000003.log5.18.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr, manifest.json0.18.dr	String found in binary or memory: https://www.google.com
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com/
Source: QuotaManager.18.dr	String found in binary or memory: https://www.google.com//#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=en
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle
Source: History.18.dr	String found in binary or memory: https://www.google.com/?hl=enGoogle/#
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/?hl=enf
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: Favicons.18.dr	String found in binary or memory: https://www.google.com/favicon.ico$
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/Privacy
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: History.18.dr	String found in binary or memory: https://www.google.com/intl/en/policies/terms/Google
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.js
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://www.google.com/js/th/ilh13uZaZ2e13-dsRc8a4GH2CkfJCUgscyiMqTv_Gc4.jsaD
Source: cab3f1698d3d2ebb_0.18.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: Current Session.18.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegzyQbAAAAAG96AXv-vMSRmT9EpT6Do0YVnzG4&co=aHR0
Source: manifest.json0.18.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.18.dr	String found in binary or memory: https://www.google.comh
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: 150501eb52c82ec4_0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.18.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.18.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 588e6311b9075013_0.18.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WQZB4J
Source: 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	String found in binary or memory: https://www.gstatic.com
Source: Network Action Predictor.18.dr	String found in binary or memory: https://www.gstatic.com/
Source: ef04e44c72581d82_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5
Source: a2c2b9d9a8196f25_0.18.dr, ed2289f19713d927_0.18.dr, 70f3e0500aa4a1d7_0.18.dr, dcc9f0651f3eb1d5_0.18.dr, 0bd7a193caaa1084_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.
Source: a0f00e9291262984_0.18.dr, c261bc509fbe0d4a_0.18.dr, abd4f02146639bbf_0.18.dr, 2f41af10b56fa754_0.18.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Y7LEhkj7g0U.
Source: 1d9307e50ef6b7b0_0.18.dr	String found in binary or memory: https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.jsaD
Source: 4739ef39d3645e5f_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js
Source: b8c3df9b5168fca9_0.18.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/picturefill/picturefill.min.js
Source: 346866bbe969e451_0.18.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: c6406bd93370392e_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_d
Source: eaea161a7305b18c_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=q_dnp
Source: 07f049ed7c03b867_0.18.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=qabr
Source: 44f60fe7ed35ed6d_0.18.dr, 5278677776ece701_0.18.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js
Source: manifest.json0.18.dr	String found in binary or memory: https://www.gstatic.com;
Source: 000003.log5.18.dr	String found in binary or memory: https://www.youtube-nocookie.com
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com#
Source: 000003.log0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: Current Session.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js
Source: 2b9380256e0a7a8e_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.jsaD
Source: 0626ecbe5215288e_0.18.dr, 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js
Source: 2ce38f300ec8bea9_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.jsaD
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.js
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.jsaD
Source: d5509dd7f30867b1_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.js
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsa
Source: 2561f356ea6372ae_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsaD
Source: 47711346e1444dcc_0.18.dr, ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.js
Source: 47711346e1444dcc_0.18.dr	String found in binary or memory: https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.jsaD
Source: 0626ecbe5215288e_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/
Source: 9c4b2fb8ecb85057_0.18.dr	String found in binary or memory: https://youtube-nocookie.com//
Source: a68c1a61e9e21efe_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/EE
Source: ef573254f07aabf4_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/S
Source: ac0c226a3fc548ab_0.18.dr	String found in binary or memory: https://youtube-nocookie.com/j

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.5:49886 version: TLS 1.2

System Summary:

Found potential malicious PDF (bad image similarity)

Show sources

Source: Swift-Receipt222.pdf

Static PDF information: Image stream: 26

Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: dlng(.slngV.Arab, Armn, Cyrl, Geok, Geor, Grek, Hebr, LatnArab, Armn, Cyrl, Geok, Geor, Grek, Hebr, Latn
Source: AcroRd32.exe, 00000001.00000002.418729441.000000000B3A2000.00000004.00000001.sdmp	Binary or memory string: .slng

Source: classification engine

Classification label: mal56.phis.winPDF@71/339@19/17

Source: Swift-Receipt222.pdf	Initial sample: mailto:saguero@landaumpierre.com
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/zhjvbgxpbnnachjvc3nlcmhlywx0ac5vcmc=
Source: Swift-Receipt222.pdf	Initial sample: http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc=

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6528

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: QuotaManager-journal.18.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JS count = 0
Source: Swift-Receipt222.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Swift-Receipt222.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: AcroRd32.exe, 00000001.00000002.419896764.000000000CBD0000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 1_2_00B62490 LdrInitializeThunk,

Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000001.00000002.399860176.0000000005A40000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Spearphishing Link1	Exploitation for Client Execution3	Path Interception	Process Injection2	Masquerading3	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Drive-by Compromise1	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection2	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer2	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
cliffskenya.com	0%	Virustotal	Browse
about.google	0%	Virustotal	Browse
ghs-svc-https-sni.ghs-ssl.googlehosted.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://about.google/intl/en/products/	0%	URL Reputation	safe
https://about.google/intl/en/products/	0%	URL Reputation	safe
https://about.google/intl/en/products/	0%	URL Reputation	safe
https://about.google/assets-products/js/index.min.js?cache=627e25d	0%	Avira URL Cloud	safe
https://ga-ine.net/go/home3	0%	Avira URL Cloud	safe
http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c	0%	Avira URL Cloud	safe
https://about.google/intl/en/products/Browse	0%	Avira URL Cloud	safe
https://ga-ine.net/go/homefm	0%	Avira URL Cloud	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://www.osmf.org/drm/default	0%	URL Reputation	safe
http://drollins.cliffskenya.com	0%	Avira URL Cloud	safe
https://ga-ine.net/	0%	Avira URL Cloud	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	0%	URL Reputation	safe
https://about.google/3	0%	Avira URL Cloud	safe
https://ga-ine.net/o#	0%	Avira URL Cloud	safe
https://ga-ine.net/favicon.icoB	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
http://ns.useplus.org/ldf/xmp/1.0/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/Y	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	0%	URL Reputation	safe
https://about.google/favicon.ico	0%	URL Reputation	safe
https://about.google/favicon.ico	0%	URL Reputation	safe
https://about.google/favicon.ico	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-	0%	Avira URL Cloud	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://api.echosign.comgs	0%	URL Reputation	safe
https://about.google/favicon.ico0	0%	Avira URL Cloud	safe
https://ga-ine.net/go/homeT	0%	Avira URL Cloud	safe
http://www.adobe.co	0%	URL Reputation	safe
http://www.adobe.co	0%	URL Reputation	safe
http://www.adobe.co	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	0%	URL Reputation	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW	0%	Avira URL Cloud	safe
http://cipa.jp/exif/1.0//1.0/V7k	0%	Avira URL Cloud	safe
https://about.google/intl/en/productsBrowse	0%	Avira URL Cloud	safe
https://ga-ine.net/go/homeSign	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g	0%	Avira URL Cloud	safe
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	0%	Avira URL Cloud	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
http://www.npes.org/pdfx/ns/id/	0%	URL Reputation	safe
https://about.google/intl/en/products	0%	Avira URL Cloud	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
http://www.osmf.org/subclip/1.0	0%	URL Reputation	safe
https://ga-ine.net	0%	Avira URL Cloud	safe
https://ga-ine.neth	0%	Avira URL Cloud	safe
https://.OKCancelEdit	0%	Avira URL Cloud	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://www.osmf.org/layout/anchor	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/1.0/	0%	URL Reputation	safe
http://cipa.jp/exif/1.0/1.0/	0%	URL Reputation	safe
http://en.wikipedia	0%	URL Reputation	safe
http://en.wikipedia	0%	URL Reputation	safe
http://en.wikipedia	0%	URL Reputation	safe
https://about.google	0%	URL Reputation	safe
https://about.google	0%	URL Reputation	safe
https://about.google	0%	URL Reputation	safe
https://about.google/intl/en/products/3Browse	0%	Avira URL Cloud	safe
https://ga-ine.net/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
stackpath.bootstrapcdn.com	104.18.11.207	true	false		high
ga-ine.net	20.150.208.6	true	false		unknown
stats.l.doubleclick.net	142.250.13.157	true	false		high
i.ytimg.com	142.250.180.214	true	false		high
cliffskenya.com	151.80.25.150	true	false	0%, Virustotal, Browse	unknown
maxcdn.bootstrapcdn.com	104.18.10.207	true	false		high
about.google	216.239.32.29	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.16.18.94	true	false		high
photos-ugc.l.googleusercontent.com	216.58.214.225	true	false		high
ghs-svc-https-sni.ghs-ssl.googlehosted.com	142.250.180.243	true	false	0%, Virustotal, Browse	unknown
crt.sectigo.com	91.199.212.52	true	false		unknown
www.google.ch	172.217.20.3	true	false		high
googlehosted.l.googleusercontent.com	142.250.180.225	true	false		high
drollins.cliffskenya.com	151.80.25.150	true	false		unknown
yt3.ggpht.com	unknown	unknown	false		high
www.blog.google	unknown	unknown	false		high
zerossl.crt.sectigo.com	unknown	unknown	false		unknown
lh3.googleusercontent.com	unknown	unknown	false		high
stats.g.doubleclick.net	unknown	unknown	false		high
clients2.googleusercontent.com	unknown	unknown	false		high
code.jquery.com	unknown	unknown	false		high
accounts.youtube.com	unknown	unknown	false		high
www.youtube-nocookie.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/go/home	true		unknown
https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://about.google/intl/en/products/	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high
https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_lang_pref=en&cc_load_policy=1	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v2?s=tg%2FqX4LyDc8GF%2FiWUQV9RYkrHH4EYSSuDyGsvPKbbkcOEXtu0TRXBkF	Reporting and NEL.19.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	18a574279a460c61_0.18.dr	false		high
https://youtube-nocookie.com/	0626ecbe5215288e_0.18.dr	false		high
https://ga-ine.net/go/home	Current Session.18.dr	false		unknown
https://about.google/assets-products/js/index.min.js?cache=627e25d	ca5dd8c4d05c0b30_0.18.dr	false	Avira URL Cloud: safe	unknown
https://youtube-nocookie.com//	9c4b2fb8ecb85057_0.18.dr	false		high
https://ga-ine.net/go/home3	Favicons.18.dr	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/id/77	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.aiim.org/pdfa/ns/type#	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/c	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://about.google/intl/en/products/Browse	History.18.dr	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/go/homefm	Current Session.18.dr	false	Avira URL Cloud: safe	unknown
https://api.echosign.com	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.js	47711346e1444dcc_0.18.dr, ac0c226a3fc548ab_0.18.dr	false		high
http://www.osmf.org/drm/default	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://drollins.cliffskenya.com	Current Session.18.dr	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/	18a574279a460c61_0.18.dr, Network Action Predictor.18.dr, 29b9e743bf6a96f6_0.18.dr, 4e44c6b63048c53f_0.18.dr	false	Avira URL Cloud: safe	unknown
https://youtube-nocookie.com/S	ef573254f07aabf4_0.18.dr	false		high
http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://about.google/3	1154c6710157da27_0.18.dr	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/o#	5925aba0295ba9a2_0.18.dr	false	Avira URL Cloud: safe	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	4e44c6b63048c53f_0.18.dr	false		high
https://stackpath.bootstrapcdn.com/	Network Action Predictor.18.dr	false		high
https://ga-ine.net/favicon.icoB	Favicons-journal.18.dr	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/property#3	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
https://cdnjs.cloudflare.com/	Network Action Predictor.18.dr	false		high
https://dns.google	120b86f3-b3c5-47f9-a252-a729121ab9fd.tmp.19.dr, d3f71dd8-af7e-4572-962d-7a741cc75787.tmp.19.dr, 958c0856-7797-4e37-89b2-5f62ccb52b17.tmp.19.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.useplus.org/ldf/xmp/1.0/	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://maxcdn.bootstrapcdn.com/	Network Action Predictor.18.dr	false		high
https://about.google/	Network Action Predictor.18.dr, b8c3df9b5168fca9_0.18.dr, 346866bbe969e451_0.18.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://about.google/Y	ca5dd8c4d05c0b30_0.18.dr	false	Avira URL Cloud: safe	unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l	Current Session.18.dr	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	5925aba0295ba9a2_0.18.dr	false		high
https://www.youtube-nocookie.com#	Current Session.18.dr	false		high
https://about.google/favicon.ico	Favicons.18.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i-	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js	2b9380256e0a7a8e_0.18.dr	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsa	2561f356ea6372ae_0.18.dr	false		high
https://api.echosign.comgs	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.jsaD	2561f356ea6372ae_0.18.dr	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js	0626ecbe5215288e_0.18.dr, 2ce38f300ec8bea9_0.18.dr	false		high
https://about.google/favicon.ico0	Favicons.18.dr	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/go/homeT	Current Session.18.dr	false	Avira URL Cloud: safe	unknown
https://ims-na1.adobelogin.com	AcroRd32.exe, 00000001.00000002.407681471.000000000943F000.00000004.00000001.sdmp	false		high
https://about.google/intl/en/products/	Current Session.18.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.18.dr	false		high
http://www.adobe.co	AcroRd32.exe, 00000001.00000002.420263672.000000000CD81000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/schema#	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.jsaD	a68c1a61e9e21efe_0.18.dr	false		high
http://cipa.jp/exif/1.0/	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/iW	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://cipa.jp/exif/1.0//1.0/V7k	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.youtube-nocookie.com	000003.log5.18.dr	false		high
https://www.youtube-nocookie.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l	Current Session.18.dr	false		high
https://about.google/intl/en/productsBrowse	History.18.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube-nocookie.com/	000003.log0.18.dr	false		high
http://www.aiim.org/pdfe/ns/id/B5	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false		high
https://ga-ine.net/go/homeSign	History.18.dr	false	Avira URL Cloud: safe	unknown
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/g	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/	AcroRd32.exe, 00000001.00000002.418991904.000000000B4E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.npes.org/pdfx/ns/id/	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l	Current Session.18.dr	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/remote.js	d5509dd7f30867b1_0.18.dr	false		high
http://www.aiim.org/pdfa/ns/extension/	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
https://about.google/intl/en/products	Favicons.18.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/embed.js	a68c1a61e9e21efe_0.18.dr	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/www-embed-player.vflset/www-embed-player.jsaD	47711346e1444dcc_0.18.dr	false		high
http://www.osmf.org/subclip/1.0	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ga-ine.net	000003.log5.18.dr	false	Avira URL Cloud: safe	unknown
http://www.aiim.org/pdfa/ns/property#	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
http://www.aiim.org/pdfa/ns/id/	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false		high
https://ga-ine.neth	Current Session.18.dr	false	Avira URL Cloud: safe	unknown
https://youtube-nocookie.com/j	ac0c226a3fc548ab_0.18.dr	false		high
https://.OKCancelEdit	AcroRd32.exe, 00000001.00000002.420813546.000000000CE6B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://iptc.org/std/Iptc4xmpExt/2008-02-29/	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.osmf.org/layout/anchor	AcroRd32.exe, 00000001.00000002.400481866.0000000007C50000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube-nocookie.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en&cc_l	Current Session.18.dr	false		high
https://code.jquery.com/	Network Action Predictor.18.dr	false		high
http://www.aiim.org/pdfe/ns/id/	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.jsaD	2ce38f300ec8bea9_0.18.dr	false		high
http://cipa.jp/exif/1.0/1.0/	AcroRd32.exe, 00000001.00000002.415691871.000000000AD80000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://en.wikipedia	AcroRd32.exe, 00000001.00000002.418636294.000000000B332000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.aiim.org/pdfa/ns/type#r	AcroRd32.exe, 00000001.00000002.415847656.000000000AE9E000.00000004.00000001.sdmp	false		high
https://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.jsaD	2b9380256e0a7a8e_0.18.dr	false		high
https://about.google	000003.log5.18.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://about.google/intl/en/products/3Browse	Current Session.18.dr	false	Avira URL Cloud: safe	unknown
https://ga-ine.net/favicon.ico	Favicons.18.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	6eaf70376a4c0fcb_0.18.dr	false		high
https://youtube-nocookie.com/EE	a68c1a61e9e21efe_0.18.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
151.80.25.150	cliffskenya.com	Italy	16276	OVHFR	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.180.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
91.199.212.52	crt.sectigo.com	United Kingdom	48447	SECTIGOGB	false
20.150.208.6	ga-ine.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.13.157	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.180.243	ghs-svc-https-sni.ghs-ssl.googlehosted.com	United States	15169	GOOGLEUS	false
80.0.0.0	unknown	United Kingdom	5089	NTLGB	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
216.239.32.29	about.google	United States	15169	GOOGLEUS	false
142.250.180.214	i.ytimg.com	United States	15169	GOOGLEUS	false
216.58.214.225	photos-ugc.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.20.3	www.google.ch	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	432799
Start date:	10.06.2021
Start time:	19:02:25
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 52s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Swift-Receipt222.pdf
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.winPDF@71/339@19/17
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .pdf Found PDF document Find and activate links Security Warning found Close Viewer Browse: https://www.google.com/intl/en/policies/privacy/ Browse: https://www.google.com/intl/en/policies/terms/ Browse: https://policies.google.com/ Browse: https://www.google.ch/intl/en/about/products Browse: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https://policies.google.com/privacy?hl%3Den&followup=https://policies.google.com/privacy?hl%3Den&hl=en&ec=GAZAoQQ Browse: https://policies.google.com/?hl=en Browse: https://policies.google.com/privacy?hl=en Browse: https://policies.google.com/terms?hl=en Browse: https://policies.google.com/technologies?hl=en Browse: https://policies.google.com/faq?hl=en Browse: https://www.google.com/?hl=en Browse: https://policies.google.com/privacy/frameworks?hl=en Browse: https://policies.google.com/privacy/key-terms?hl=en Browse: https://policies.google.com/privacy/google-partners?hl=en Browse: https://policies.google.com/privacy/archive?hl=en
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 93.184.220.29, 20.50.102.62, 168.61.161.212, 52.147.198.201, 92.122.145.220, 92.122.146.26, 23.32.238.136, 23.32.238.113, 23.32.238.122, 23.32.238.129, 23.32.238.123, 184.30.24.56, 2.20.142.210, 2.20.142.209, 172.217.19.109, 172.217.16.110, 142.250.180.238, 95.168.222.83, 95.168.222.145, 142.250.180.195, 142.250.180.196, 142.250.201.195, 172.217.18.74, 172.217.18.67, 172.217.16.106, 172.217.19.106, 172.217.20.10, 142.250.180.202, 142.250.180.234, 142.250.201.202, 216.58.214.202, 172.217.19.110, 172.217.18.78, 172.217.20.14, 142.250.180.206, 142.250.201.206, 216.58.214.206, 216.58.214.238, 142.250.181.238, 69.16.175.10, 69.16.175.42, 8.241.78.254, 8.241.83.126, 8.238.36.254, 8.238.28.254, 8.241.126.121, 20.82.210.154, 216.58.214.232, 172.217.16.112, 172.217.18.80, 172.217.19.112, 172.217.20.16, 142.250.180.208, 142.250.180.240, 142.250.201.208, 216.58.214.208, 216.58.214.240, 92.122.213.247, 92.122.213.194, 142.250.180.227, 34.104.35.123, 20.75.105.140, 20.54.26.129 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, ssl.gstatic.com, cds.s5x3j6q5.hwcdn.net, cs9.wac.phicdn.net, storage.googleapis.com, clientservices.googleapis.com, policies.google.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, acroipm2.adobe.com, eus2-consumerrp-displaycatalog-aks2aks-useast.md.mp.microsoft.com.akadns.net, r8.sn-n02xgoxufvg3-2gbl.gvt1.com, clients2.google.com, r6---sn-n02xgoxufvg3-2gbs.gvt1.com, ocsp.digicert.com, a122.dscd.akamai.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, update.googleapis.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, au-bg-shim.trafficmanager.net, www.google-analytics.com, www.bing.com, fonts.googleapis.com, fs.microsoft.com, content-autofill.googleapis.com, plus.l.google.com, dual-a-0001.a-msedge.net, acroipm2.adobe.com.edgesuite.net, ajax.googleapis.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, www.googleapis.com, ris.api.iris.microsoft.com, ssl.adobe.com.edgekey.net, youtube-ui.l.google.com, www3.l.google.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, clients.l.google.com, au.download.windowsupdate.com.edgesuite.net, e4578.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, ogs.google.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, redirector.gvt1.com, www.googletagmanager.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, r6.sn-n02xgoxufvg3-2gbs.gvt1.com, accounts.google.com, www-google-analytics.l.google.com, fonts.gstatic.com, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, armmf.adobe.com, play.google.com, r8---sn-n02xgoxufvg3-2gbl.gvt1.com, apis.google.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:03:27	API Interceptor	10x Sleep call for process: RdrCEF.exe modified
19:04:31	API Interceptor	3x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.18.10.207	Evershedsnicea NDA file attach...htm	Get hash	malicious	Browse
	7 #U039c#U0456#U0455#U0455#U0435d #U0441#U0430II#U0455.htm	Get hash	malicious	Browse
	The Village.html	Get hash	malicious	Browse
	GoogleChrome6.8.10.apk	Get hash	malicious	Browse
	#Ud83d#Udda8rocket.com 1208421(69-queue-2615.htm	Get hash	malicious	Browse
	receipt620.htm	Get hash	malicious	Browse
	Secured-Message_7634-7.html	Get hash	malicious	Browse
	original phishing email.html	Get hash	malicious	Browse
	Return-message4928.html	Get hash	malicious	Browse
	_.html	Get hash	malicious	Browse
	Sealant Specialists, Inc. Projects #2021-Proposal #19100.html	Get hash	malicious	Browse
	PAID Invoice name@gmail.com.htm	Get hash	malicious	Browse
	mal.html	Get hash	malicious	Browse
	mal.html	Get hash	malicious	Browse
	mal.html	Get hash	malicious	Browse
	hwJn3new_fax-message.html	Get hash	malicious	Browse
	ATT11972.HTM	Get hash	malicious	Browse
	VoicePlayback for Mjsansegundo Hispasat.htm	Get hash	malicious	Browse
	#U266c Voice_Audio_845021.htm	Get hash	malicious	Browse
	#U266c Voice_Audio_845021.htm	Get hash	malicious	Browse
91.199.212.52	saturo[1].htm	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	cat.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	OW73NJTujh.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	Ak6qIKCI0f.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	DOCUMENT.DLL	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	PNmTyT6wHi.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	DOCUMENT.DLL	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	Documents.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	s.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	s.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	publiclicense.vbs	Get hash	malicious	Browse	zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
	3PL0-MDEO3H-GOF4.html	Get hash	malicious	Browse	zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crt
	pieChart2.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	adobe.dll	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	Employee-Bonus.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	DANGER.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	YjnpgCvRAb.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	CustomerStatement.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
	EmployeeAnnualReport.exe	Get hash	malicious	Browse	crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
stackpath.bootstrapcdn.com	Check 57549.Html	Get hash	malicious	Browse	104.18.11.207
	Secured-Message_7634-7.html	Get hash	malicious	Browse	104.18.10.207
	New_Messagejacob@steinborn.comMessage.html	Get hash	malicious	Browse	104.18.11.207
	Return-message4928.html	Get hash	malicious	Browse	104.18.11.207
	VM_5823_05_24_2-2.html	Get hash	malicious	Browse	104.18.11.207
	Secured-Message_7634-7.html	Get hash	malicious	Browse	104.18.11.207
	_Vm064855583.HtM	Get hash	malicious	Browse	104.18.11.207
	_.html	Get hash	malicious	Browse	104.18.10.207
	PAID Invoice name@gmail.com.htm	Get hash	malicious	Browse	104.18.10.207
	#U266c Voice_Audio_845021.htm	Get hash	malicious	Browse	104.18.10.207
	#U266c Voice_Audio_845021.htm	Get hash	malicious	Browse	104.18.10.207
	VM.HTML	Get hash	malicious	Browse	104.18.10.207
	#U266c Voice_Audio_845021.htm	Get hash	malicious	Browse	104.18.11.207
	Agreement_052521.html	Get hash	malicious	Browse	104.18.10.207
	Retrieve_Messages65904_40_55am.html	Get hash	malicious	Browse	104.18.11.207
	89934.Htm	Get hash	malicious	Browse	104.18.10.207
	SwiftPaymentRef94049.html	Get hash	malicious	Browse	104.18.10.207
	_064855583.HtM	Get hash	malicious	Browse	104.18.10.207
	#Ud83d#Udccc Domesticandgeneral Agreement_052421 Mark.bridges.html	Get hash	malicious	Browse	104.18.10.207
	SKM_Invoice ES27752POP.html	Get hash	malicious	Browse	104.18.10.207
maxcdn.bootstrapcdn.com	#Ud83d#Udce9-peter.nash.htm	Get hash	malicious	Browse	104.18.11.207
	Evershedsnicea NDA file attach...htm	Get hash	malicious	Browse	104.18.10.207
	Check 57549.Html	Get hash	malicious	Browse	104.18.11.207
	7 #U039c#U0456#U0455#U0455#U0435d #U0441#U0430II#U0455.htm	Get hash	malicious	Browse	104.18.10.207
	The Village.html	Get hash	malicious	Browse	104.18.10.207
	#Ud83d#Udda8northerntrust.hscni.net 692233150-queue-7828.htm	Get hash	malicious	Browse	104.18.11.207
	Paid INV for Robert.landis Khs-net.htm	Get hash	malicious	Browse	104.18.11.207
	#Ud83d#Udda8rocket.com 1208421(69-queue-2615.htm	Get hash	malicious	Browse	104.18.10.207
	Payment Advice 006062021.htm	Get hash	malicious	Browse	104.18.11.207
	receipt620.htm	Get hash	malicious	Browse	104.18.10.207
	original phishing email.html	Get hash	malicious	Browse	104.18.10.207
	New_Messagejacob@steinborn.comMessage.html	Get hash	malicious	Browse	104.18.11.207
	Return-message4928.html	Get hash	malicious	Browse	104.18.10.207
	Sealant Specialists, Inc. Projects #2021-Proposal #19100.html	Get hash	malicious	Browse	104.18.10.207
	VM60VWPCVNQS5D.html	Get hash	malicious	Browse	104.18.11.207
	PAID Invoice name@gmail.com.htm	Get hash	malicious	Browse	104.18.11.207
	mal.html	Get hash	malicious	Browse	104.18.10.207
	mal.html	Get hash	malicious	Browse	104.18.10.207
	mal.html	Get hash	malicious	Browse	104.18.10.207
	Ao_Scan_item.htm	Get hash	malicious	Browse	104.18.11.207

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	New Inquiry.exe	Get hash	malicious	Browse	158.69.138.23
	New Order TL273723734533.pdf.exe	Get hash	malicious	Browse	51.222.56.151
	Requestforquote.exe	Get hash	malicious	Browse	158.69.138.23
	SecuriteInfo.com.Trojan.PackedNET.721.2973.exe	Get hash	malicious	Browse	149.202.83.171
	SecuriteInfo.com.Trojan.PackedNET.831.4134.exe	Get hash	malicious	Browse	51.210.201.99
	ORDER-6010.pdf.exe	Get hash	malicious	Browse	178.33.222.241
	U03c2doc.exe	Get hash	malicious	Browse	5.135.185.231
	PO.xlsx	Get hash	malicious	Browse	51.210.201.99
	ManyToOneMailMerge Ver 18.2.dotm	Get hash	malicious	Browse	79.137.68.187
	2iM58wdcXq.exe	Get hash	malicious	Browse	79.137.109.121
	HT.xlsx	Get hash	malicious	Browse	79.137.109.121
	DY2Cl8KZth.apk	Get hash	malicious	Browse	164.132.160.181
	953DD19700177BEAF848E510418DB83C8481CE466819C.exe	Get hash	malicious	Browse	178.33.93.88
	#Ud83d#Udda8northerntrust.hscni.net 692233150-queue-7828.htm	Get hash	malicious	Browse	145.239.131.55
	sample.exe	Get hash	malicious	Browse	144.217.77.41
	banUwVSwBY.xlsx	Get hash	malicious	Browse	51.89.115.124
	banUwVSwBY.xlsx	Get hash	malicious	Browse	51.89.115.124
	Cancellation_1844611233_06082021.xlsm	Get hash	malicious	Browse	51.89.115.125
	Cancellation_1844611233_06082021.xlsm	Get hash	malicious	Browse	51.89.115.125
	Tax Folder.doc	Get hash	malicious	Browse	145.239.131.51
CLOUDFLARENETUS	o8RYFTZsuU.exe	Get hash	malicious	Browse	162.159.129.233
	MrjC4jkPL8.exe	Get hash	malicious	Browse	162.159.129.233
	3c2pU82NQD.exe	Get hash	malicious	Browse	104.21.19.200
	#Ud83d#Udce9-peter.nash.htm	Get hash	malicious	Browse	104.18.11.207
	SKlGhwkzTi.exe	Get hash	malicious	Browse	104.21.65.7
	RFQ-sib.exe	Get hash	malicious	Browse	104.21.19.200
	PO.doc	Get hash	malicious	Browse	104.21.19.200
	Evershedsnicea NDA file attach...htm	Get hash	malicious	Browse	104.16.18.94
	SecuriteInfo.com.Trojan.PackedNET.825.24532.exe	Get hash	malicious	Browse	172.67.188.154
	090049000009000.exe	Get hash	malicious	Browse	104.21.19.200
	Letter 1019.xlsx	Get hash	malicious	Browse	172.67.161.4
	fTxhRIDnrC.dll	Get hash	malicious	Browse	104.20.185.68
	Proforma Invoice and Bank swift-REG.PI-0086547654.exe	Get hash	malicious	Browse	23.227.38.74
	UGGJ4NnzFz.exe	Get hash	malicious	Browse	23.227.38.74
	Order.exe	Get hash	malicious	Browse	104.21.40.174
	DocumentScanCopy2021_pdf.exe	Get hash	malicious	Browse	104.21.19.200
	RRY0yKj2HM.dll	Get hash	malicious	Browse	104.20.184.68
	SecuriteInfo.com.Trojan.PackedNET.721.2973.exe	Get hash	malicious	Browse	104.23.98.190
	SecuriteInfo.com.Trojan.PackedNET.831.4134.exe	Get hash	malicious	Browse	104.23.98.190
	SWIFT COMMERCIAL DUTY 0218J.exe	Get hash	malicious	Browse	172.67.188.154

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	WcCEh3daIE.xls	Get hash	malicious	Browse	142.250.180.225
	ATT00005.htm	Get hash	malicious	Browse	142.250.180.225
	kxjeAvsg1v.exe	Get hash	malicious	Browse	142.250.180.225
	VSA75RUmYZ.exe	Get hash	malicious	Browse	142.250.180.225
	iX22xMeXIc.exe	Get hash	malicious	Browse	142.250.180.225
	QWkt5w3cO2.exe	Get hash	malicious	Browse	142.250.180.225
	#U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTM	Get hash	malicious	Browse	142.250.180.225
	vTtOheCXBQ.exe	Get hash	malicious	Browse	142.250.180.225
	6b6zVfqxbk.xlsb	Get hash	malicious	Browse	142.250.180.225
	Check 57549.Html	Get hash	malicious	Browse	142.250.180.225
	audit-78958169.xlsb	Get hash	malicious	Browse	142.250.180.225
	Docc.html	Get hash	malicious	Browse	142.250.180.225
	askinstall39.exe	Get hash	malicious	Browse	142.250.180.225
	Lista e porosive.exe	Get hash	malicious	Browse	142.250.180.225
	askinstall39.exe	Get hash	malicious	Browse	142.250.180.225
	SecuriteInfo.com.Trojan.GenericKD.46459351.411.exe	Get hash	malicious	Browse	142.250.180.225
	Yl6482CO6U.exe	Get hash	malicious	Browse	142.250.180.225
	ZmZvKByoew.exe	Get hash	malicious	Browse	142.250.180.225
	V2GC02n03l.exe	Get hash	malicious	Browse	142.250.180.225
	research-1315978726.xlsb	Get hash	malicious	Browse	142.250.180.225

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	410
Entropy (8bit):	5.60538622034126
Encrypted:	false
SSDEEP:	6:men9YOFLvEWdM9QHntHi7Z+P41TK6tken9YOFLvEWdM9QJt/i7Z+P41TK6tg:vDRM9pZiEXDRM9+YZiE
MD5:	2109DBC9F79D963C50DC17BEF49E9B7F
SHA1:	38E73CC638B3C6D187BDDCE14267AB529D09E0D6
SHA-256:	04C8CBDD5C6FD76C27A9957D94501646037CC34FC533FABE970A756DEDC6C08B
SHA-512:	160AEEFC288527325D99638732A27760BE0D87615B39C8BDAF2CADE648E3E31A0321075137125858D35F58FCC8083F7EB4D45128DBEC7505A0717FFBD8DA2026
Malicious:	false
Preview:	0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...33.#/....."#.D..G..0.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.................0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js .{;`3.#/....."#.D... .0.A....d.{v.^.G...d.W.:...P..k%..A..Eo...................A..Eo.......g.n........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.583947346846152
Encrypted:	false
SSDEEP:	6:mi9NqEYOFLvEkNMlUXbZ8Be7Ywcr1TK6tG8i9NqEYOFLvEkFdXrJi8Be7Ywcr1Td:V9zC6LZ9PQg39zld7Ji9PQV9zs/z9PQ
MD5:	C77B747BF11204CE99D8617282673DD1
SHA1:	509A074B7442222E9083FD2063C59603355780B7
SHA-256:	19C518A2556C7877067FCE1D3FC6F33821494F2CC19BCE72AB12E9D4BF228FA9
SHA-512:	7E5DC29EC94F8EB8DF5CB8DF2AE09692D7BB447996E3DFB72E04F8FC76B4494CC32D58CC35BAA9107A47FA4F6C5FCF7D88420120871BAC4828735DD2AE4744E3
Malicious:	false
Preview:	0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .B..2.#/....."#.D.\x..0.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo........$........0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .k. 3.#/....."#.DE....0.A.1.x.'.vI..\|Z..o...+.4....0..A..Eo...................A..Eo..................0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...E3.#/....."#.D{....0.A.1.x.'.vI..*\|Z..o...+.4....0..A..Eo...................A..Eo......~..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	492
Entropy (8bit):	5.591962287512719
Encrypted:	false
SSDEEP:	12:DyeRVFAFjVFAF3uvlUo6j0yeRVFAFjVFAF8UjvlUo6jNW:tB4v4ESBwB4v48SSB
MD5:	25DD5511D599343513906AD296A4BFF7
SHA1:	D497DBF64B0FF35800F3DBC7547C78026B21900E
SHA-256:	F63C11B0DB1C5622E61A109AFA40966D339C143521FA07B4A78956335956F8DE
SHA-512:	E076E6D338565ADA7EE402FAC37524A46E5BA16B1F93D4CA1C95FF1AE2938316939ABC80851F09C0A65A60CB79BC99B78BA235E2172BEEA2ECEE2C04FA3CC72B
Malicious:	false
Preview:	0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..23.#/....."#.D..D..0.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......Xn.........0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..U^3.#/....."#.D... .0.A..hvDO.N.t@.....n....... ....A..Eo...................A..Eo.......K.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.598836978064707
Encrypted:	false
SSDEEP:	6:mNtVYOFLvEWdFCi5RsX/X7L3ZiWulHyA1TK6tm:IbRkiD2/n34WussY
MD5:	31A4091A33030C6B7E070522BA6267DD
SHA1:	7B24696BDD945DCAA621E0C88BDBB6B611882A44
SHA-256:	8192F5C130CD1088CEA72253D35EF26D3DFFA6F866FF8F20038981E055949BE1
SHA-512:	57EE41936B2125639E58146899614CC1BF5FA1D3CBB12CCC4E18D1F5782089E3FBC20FE63D38E5F5D6D51AD08374BF93AC54E9B01CA2B5E8721EC05829DD1492
Malicious:	false
Preview:	0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js .2.93.#/....."#.D..^..0.A..8 P..a...R..Y....7.@..2Dm{..A..Eo...................A..Eo.......E#.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.530726623968927
Encrypted:	false
SSDEEP:	6:m+yiXYOFLvEWd7VIGXVu5+U1kRVyh9PT41TK6t/g:pyixRuZkRV41TEl
MD5:	56206215BE690D3676BF21546E9FD897
SHA1:	D5263A64F0353F646819A0F565FB5F22CE883C31
SHA-256:	F8A05511ECCCA61B58E0EA56958F6F9B4E3E5C77EB6129D54E62512342EF4295
SHA-512:	6F5AFF4A30D4ACA8BA535319665FAE209FDB586174E497D90F0040FCF7A4679771C0C0DB32A13AA92933410F5B12A53AAB1D9F14138B38E0A008426A1EB60820
Malicious:	false
Preview:	0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ..._3.#/....."#.D.\. .0.Ak.Q.....-_..y.....O...>..1....A..Eo...................A..Eo.......v..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.5978273165914345
Encrypted:	false
SSDEEP:	3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuV9Wvl/UV94co2sZI8xeGvP5m1TKo:mvYOFLvEWdhwjQwOUoLZIl6P41TK6tH
MD5:	5AE38279EF4026A6AA1FABBE65C03080
SHA1:	D9D2B5624A741DD1463F9E08C823A5B894105510
SHA-256:	4CC8AF1EDF7BA846ECE20B6C040996588D60B587232284862EF0F41BFC7BFE5F
SHA-512:	CED8F706133901078D26D6E2C3F91758280506054D4A044B91AB1E0AB231B9526774287684B8173C69F765740157A1E506CED627AFF51402EE41D9C3B76FC8D7
Malicious:	false
Preview:	0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ..aY3.#/....."#.DQ....0.A.].>....uUf..N...k......c..l.A..Eo...................A..Eo......7<..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	5.477590967064266
Encrypted:	false
SSDEEP:	3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuV9sd/LXvAVcyxMtv9EWm1TK5w:mJYOFLvEWdGQRQOdQPL4V6g1TK6tf
MD5:	8734DEAACDEB63654A701AA657DF9FBF
SHA1:	696FE47274EDD2C7673F88C720944902EB439FB7
SHA-256:	D2B0F88FC8F5576F828CB1861A4806FFFD36AE8D09998D2A4DAA07A352C7E959
SHA-512:	E53F028B1664C4BDA732C4CAFCAD73FFF0212E0866F2315ED118BDF7C4A493CD3C36323A6AB6B1E432334A9308362FB50094B6711C4EED4D5403AFA0E9ABE6CB
Malicious:	false
Preview:	0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js .o.`3.#/....."#.Dux. .0.A..c..y/L....\|y.n..C/I.....X7-ne.A..Eo...................A..Eo.......n<.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	537
Entropy (8bit):	5.587932215198722
Encrypted:	false
SSDEEP:	12:Z5Mqu2LMuR/Eez5M3drIMuR/Ea5MlQLMuR/E:ZSqyuR/EsS3dduR/EaSlQouR/E
MD5:	9944376933682DC75AE31BD04E10F110
SHA1:	3CB4DE7FCBD19848FD2E227C80A82D014E450B9C
SHA-256:	71A369A4E6C97CCAE4C5BE8641B9FEAB91DF5F16EAAAF97F3FEAFE05531BE77C
SHA-512:	66843B1F932C8DD4E5469B4E74446B51FD722855A56E64E7132C7414B5ECF77FAB52BB2B027FF2C0E8A54895AD1EBD66428AD6B0D7496D51D9AED26557887EEE
Malicious:	false
Preview:	0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .1..2.#/....."#.DQ.x..0.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo.......\2.........0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .. 3.#/....."#.D.....0.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo..................0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js .B.E3.#/....."#.D.....0.A.y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo...................A..Eo......@...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.4792316002723505
Encrypted:	false
SSDEEP:	6:m4fPYOFLvEWdtuModX3by0zBUKSAA1TK6tF/:pR1odnbe
MD5:	7DE8C435AC70F2235D495962B65C01BF
SHA1:	DACA2BB2ED01DA68D0207CA10C83559D79D43B3C
SHA-256:	15D9F625E19CD6E6049B907E3974558225D17D3B6A2443523CE28D1E525D8BBF
SHA-512:	2EC492E16A428AA9855C5E8068652BE954BE4945AE923A35AE7B7B11B994D665A6E30F768B571AF8179085CB30EFA130B61FE4B0A65ED215263EB46F956E50A3
Malicious:	false
Preview:	0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ...`3.#/....."#.D.6. .0.AQ..E.=....=h`t..t..3%A.F$..w..A..Eo...................A..Eo......a.~.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	531
Entropy (8bit):	5.556316799111561
Encrypted:	false
SSDEEP:	12:KkXxKMSCvehtUl9fakXxKMSCvxKFsytUlDkXxKMSCv0HtUlP:KkXxiCaW9ikXxiC8WDkXxiCmWP
MD5:	89118AD39A19A9DEBE385785B4DD917F
SHA1:	DE1F14BF7F0A83C080065B4A4D81B9407C1E5833
SHA-256:	1C235FB248D69C1EAC82C1157AB0B64C33D69E02933574E0A6D9574817B9EFD7
SHA-512:	9FA76ED895F2DB1F229778924BE643A6AC4B16AA38A8BF507F68B83A189F101C94175D6FC1FDF62DC053E0FC47AD58E5CAB194F77A96BFD3966FA254A812B802
Malicious:	false
Preview:	0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ....2.#/....."#.D>yx..0.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......Z%+.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .. 3.#/....."#.D.....0.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......*.@.........0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...E3.#/....."#.D!...0.A.PU ....t^.....a.k..u.7.M.BW6#}..A..Eo...................A..Eo......M.5.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.573785709828203
Encrypted:	false
SSDEEP:	6:mkl9YOFLvEWsfOLHe+twO7WyyM+VY1TK6t92kl9YOFLvEWsfOL/rWyyM+VY1TK6P:5h6OL+FOOkXJh6OL2k
MD5:	CB7AB67E3AFE744CF60C5AE3E6EA1256
SHA1:	50667A6BA6FF486D5ACDFAE407BCC3CCEE747275
SHA-256:	7A2709080F4FF0F6E5C521B07B359936CA59B11F09DC566287B800EDD30C2ED0
SHA-512:	F9B8261D662B39268126F877CB36DC5E059936444F3681A154DE20D1B16A24509AA2B687D2EEB89B1C8842D9736E2159CD4390474F4C4817F84D50C97FAFCADD
Malicious:	false
Preview:	0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .H.,3.#/....."#.D..*..0.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo..................0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js .M.T3.#/....."#.D.a...0.A..q.O...j....._y..L^z...?..@N..A..Eo...................A..Eo......6.[<........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	488
Entropy (8bit):	5.609595463909054
Encrypted:	false
SSDEEP:	12:URVFAFjVFAF1wSeKaTLn2ORVFAFjVFAFuDwSeKaTLnI:UB4v41wzXLn2OB4v48wzXLn
MD5:	D4CEF2B3EAEE4528F692CC6E63494A14
SHA1:	5B3534C509C354D2C06E95332D670C92AC9DA4B7
SHA-256:	123035FCF5271F7EA47BD4F71D1EA0B099051DC3A6C6E5EA6B1CAA0B2C74CF1A
SHA-512:	5533F053FD3D09EA89C01CC74A3D034EAB3BBD424EFC0945FAF86859B8A5247B296F50E14D70798A69A2685173E873B5BE1FAA57C787B6A6D224859C53C23A71
Malicious:	false
Preview:	0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ..o33.#/....."#.D.L..0.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo.................0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .v._3.#/....."#.D... .0.A......H...{...2../.k`..r4.C. .A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.437762315843459
Encrypted:	false
SSDEEP:	6:ms2VYOFLvEWdvBIEGdeXuRi+gE11TK6t9f:BsR2EseCgKf
MD5:	AD1DE4061A685F7DFF20482883066F62
SHA1:	16B4597A9D29CE5663D3F5799AABA7575A88E27F
SHA-256:	2F72508E75B1BC8C3F39AA0BE9D4648716255F49802C4450710C24DCDBE52564
SHA-512:	A21B2FB177394C400AA821AD8B7834CF38E213A35C82B91CE7328D568F6E962E59BAC1B0A94B8C80F01103355D32F1A547DFB9FAC55D945958F8D0192D5F659D
Malicious:	false
Preview:	0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js .D.^3.#/....."#.D... .0.A.A.o]@r..Q.....<w.....].n\....A..Eo...................A..Eo.......p..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.645434370199557
Encrypted:	false
SSDEEP:	6:maVYOFLvEWdwAPCQZDB7OhKlvA1TK6tb:RbR16YBJk
MD5:	9302EE265C50C2378DB5FE4273153A25
SHA1:	34FD456EDDAFE38C94CF799161493151DAA728CF
SHA-256:	50C59142738391F7CDE24360F14F6F1D7566D601C66F952F6056D379A0743F52
SHA-512:	7A36E413DB41629BD6BA3090C1FF392226C929471A9D7884CC49C0C1818FF6903F5119A74423FDA4B4829676CA160EF2DD90BA35177ABAA867CD225973B77DB7
Malicious:	false
Preview:	0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ..CY3.#/....."#.D.d...0.A..4T].....Tw.....(..b...EO....9.A..Eo...................A..Eo.......?..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.565707635380664
Encrypted:	false
SSDEEP:	3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvpYfIQdF5YufMm1TK5ktTl:ms2gEYOFLvEWdGQRQVurYgQdFt1TK6t
MD5:	345E82B9E81643306AA107EB6FB42244
SHA1:	BE6DFA57F5F16CF6AFCDF497BE0D92C2B69083CD
SHA-256:	7177676F81F03AF3B66655BFC764778A04585C826EA6939551D457EAA95E26B4
SHA-512:	C41C392D833EF9207A5FCCB4D03234A31FC4D6D26E69033D55BAB2C42AE1B8400762703184F9486290FC8D2C35D92DD4279D5819CB14C812AB21856E629CB568
Malicious:	false
Preview:	0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ...^3.#/....."#.D... .0.A@..{o]...9o\|..qY....T....{..u.b..A..Eo...................A..Eo.........d........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.594735584500708
Encrypted:	false
SSDEEP:	6:mzyEYOFLvEWdrIOQTqNtyt1S/1TK6taezyEYOFLvEWdrIOQyPtat1S/1TK6tN:WyeRlNYt1wdyeRlZst1w
MD5:	1FDEBF510C7273EB6317C0C2EFD93B98
SHA1:	32AE9DF6B2E668D0742FDCC4D38C1FBEDC760B4C
SHA-256:	D5D493925ECD9E8351CA08E13BB3074FD547333B7E46A36607A1578D2FCE542A
SHA-512:	02EA681A459F8905CB85E82ED3C37831FFA075E96B49AEDDD0D0F5D5AB96AEF2F63CAD37E036F0BCDDF96DE630ED4EFB0CE48FD2D5E0FAC41F2007B1227493E0
Malicious:	false
Preview:	0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ..k/3.#/....."#.D!.6..0.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo..................0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .:.V3.#/....."#.D.....0.A.t\a......x5.'OuE.C..@......x..A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.530077476836983
Encrypted:	false
SSDEEP:	3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvxl/0+yNqww6U+5m1TK5kt1l:mnYOFLvEWdhwyuJ0zqwK+41TK6tv
MD5:	579CB6D7DC7566172843805C0C664F08
SHA1:	C1A7497B9463ABD95595687AAB85DABFB3CD93CD
SHA-256:	44E0EF35FAF70884723FDC98432F115D1AD166B9BCF24B54AC4F5D14C9D779CD
SHA-512:	29A1F0FBD33CB79BCC130F21CE696C9A5F0CBD039CA93C48EE04AB8656407A098F099DA618A1524D64A88C633577B037D3CCC72C6EF388036D6F41EEBCEB3BBF
Malicious:	false
Preview:	0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .C?Y3.#/....."#.D.%...0.A.......7...o..a=.98I......(3.$G.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	5.5724247119560495
Encrypted:	false
SSDEEP:	6:mYXYOFLvEWdrROk/RJbuetUUVfO441TK6tZE98YXYOFLvEWdrROk/RJbuwNZfO4Z:/RrROk/VCUVfLE49lRrROk/TfLEe
MD5:	1B04FE45942F0858B4358EB5B1610EFF
SHA1:	CD2323F731ECF43F72F98732F55F735F59F73FAC
SHA-256:	C6703FF8A8C5473C109405E1E770190D98173E082536C6374C2E4487EC8A8084
SHA-512:	5E29D26F0EAB2BA43C80469CC761CF9492E3A88D1CBBE55D84C0E3DAC7634D6ACA2E7892DFC50ECB162B776CFCF8CB7E4E57E7A1D115DD1390008A5752DD04D0
Malicious:	false
Preview:	0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ..h/3.#/....."#.D.q6..0.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo..................0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .d.U3.#/....."#.D.....0.A..~..rw.+[....!.)?..f.U..(=.=.A..Eo...................A..Eo......n...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.5823422453927165
Encrypted:	false
SSDEEP:	6:mmDEYOFLvEWXI2uXym1QPLr1TK6th2mDEYOFLvEWXI9tDL1QPLr1TK6tvl:xqTXu5CPLnDBqTupLCPLnR
MD5:	F280681F237FC554A2C006C5F7AB1689
SHA1:	0D5C71AF73580675B74EFEE6C34E8300A0836A4B
SHA-256:	A06FD0A29044B60F4CBC41ECD99AE777463EFD389697B462C1A65117034D07F1
SHA-512:	258F39C0A7E38F0800D898F4C0D0BDAD381009003ABB4540E4F4EB6169B9B4680ACAEB958375E703ABAE576FCE2E77AC6F8F460DDC8FBA722A237DDB42466575
Malicious:	false
Preview:	0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..,3.#/....."#.D..*..0.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo..................0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...T3.#/....."#.D.J...0.A..~]...%s..<...n.f..<.....1#..U..A..Eo...................A..Eo........>.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	5.603698762094458
Encrypted:	false
SSDEEP:	6:m52YOFLvEWdMAuZU+tcUsMAsEJ41TK6tY4+52YOFLvEWdMAu0SGsEJ41TK6tzH:zRM4pUs9sDLRMqsD
MD5:	CBB9D2CC56371538EBB891834909D3E0
SHA1:	491F4311D66206680DD6DBCC97AC37041148E5C8
SHA-256:	82F8F932DA74061A5934830CE05109084667B88EFE3D38060AA02B013C67F578
SHA-512:	B496E1CA40B0CEE58B5B1DA5E27DE01DC83018DC7EEE9613AFC27F0ED4F3BC5B2A4AF30DFF8C71439EBE50DC38A4B4DFD41FC76AC038FD1A9E83010130A06925
Malicious:	false
Preview:	0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..}23.#/....."#.D.1D..0.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo.......Y..........0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..._3.#/....."#.DQ.. .0.A..z._a...'.v.......4p3..1.']...A..Eo...................A..Eo......`..X........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.570156729890977
Encrypted:	false
SSDEEP:	6:mYilPYOFLvEWd8CAdAuGodX9aSFong1TK6t5gYilPYOFLvEWd8CAdAuCONfbSFoJ:6lJRduZFoMklJRAf2FoM
MD5:	1197773B0CD6981E71B413FD260F0C17
SHA1:	8A7F132EDDE9CD2C147FA7558650C4A76E881209
SHA-256:	8B12249E6EF2340724AD7CA003FDB707BA784918B1040C752F634E6F109931F0
SHA-512:	794D4C68C2F393FC44F3BFD369881E0D66F9E569F640633254F142AC00F80508DF4C415DA9477EFA1F353FFF20A4C0C89BB189A618EC7F058793C8C521C73D01
Malicious:	false
Preview:	0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...23.#/....."#.D.^D..0.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo.......\|H.........0\r..m......R....\|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..3_3.#/....."#.D... .0.Ac}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo...................A..Eo......h(.$........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	5.583459982518609
Encrypted:	false
SSDEEP:	6:mY8nYOFLvEWdrROk/Iudt8e16wG1TK6thKY8nYOFLvEWdrROk/IuHtd6e16wG1Tq:F8hRrROk/Oe2l8hRrROk/xn6e2g
MD5:	B756E332B7D1F32302703CDE44EA653E
SHA1:	8866EF31720C391E48554D5BEFB5E4EA1BF632A7
SHA-256:	FDBEDD5FFAE52AA589DC236D0B3157B471C890E160B4A1A6256E0F902C1F8ABF
SHA-512:	8D26DDCD6C2A0644263ADA9BD086B7040A0FBFC773A310A3902B4A50B8DBFCC764CA96BA74A041B22417940BC4E4A86FD28ABF22AF7D566F52B4853DDB4A435B
Malicious:	false
Preview:	0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .tf/3.#/....."#.D..6..0.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo......bd.X........0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..U3.#/....."#.D.....0.A..%.k.SZ..~W.....:)'B..ad......A..Eo...................A..Eo.......e..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.670160932768319
Encrypted:	false
SSDEEP:	6:mLrnYOFLvEWdrIoJUQ2+yrNJIi1TK6t7NMLrnYOFLvEWdrIoJUQ9Eta9irNJIi13:ehRcyyrNJICpmhRcKXirNJIC
MD5:	03C5806F40ECC1AEE8CFAB357B3631C8
SHA1:	8D2A898192FE7C8C44A57B2A98841FA1F49D0931
SHA-256:	7E4755F90174114C300D51D69B21E78315828B400CAD4CAFE24BE105C92B22C0
SHA-512:	A64007B9BF5EF177AE6068CF1C4755748636B208F7F3BD86C60B11DC68D8417F6447D2BF10EB3320429E3B3816FBB055281A2362618FF4B44004351DC21AD62D
Malicious:	false
Preview:	0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ..m/3.#/....."#.D..6..0.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo........$.........0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ...V3.#/....."#.D.....0.A.;"./N_.,.:C..2....9L.H...3:...A..Eo...................A..Eo.................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.592097996997362
Encrypted:	false
SSDEEP:	6:mOEYOFLvEWdrIhuPh1hhLzgm2d/1TK6t//EOEYOFLvEWdrIhujeq2hLzgm2d/1TD:0RlhZReJ/KRuZRe
MD5:	65B185DF18D884EBB80E0F2958FF0E5B
SHA1:	BD356244237FAB0D5659D4E06EF47206FABD509C
SHA-256:	FD4E9DCCA091AF2DDF3F7450EB38031FDA600E2BD309214A4CF14E0869388D6D
SHA-512:	DC925822E69B07B285FC6CE698BEE3E62505C31F448307CE79F0A34C6E4E48986AABA42C6844A5140CA6B52C4DF8F59DD3848F4FC197DE2C4C619B38B2A97968
Malicious:	false
Preview:	0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .../3.#/....."#.D.7..0.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo......~.9.........0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js ...U3.#/....."#.D.`...0.AZ.Z}Q..4.o....0+..[\|..n:..U.W.A..Eo...................A..Eo.......P.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.588730497497238
Encrypted:	false
SSDEEP:	6:mAElVYOFLvEW1Kwt/KmkOkx56uvp1TK6tbAElVYOFLvEW1KvGqcX/fkx56uvp1Tg:6JJK+kVtJJKvGpX/AoiJJKkuV3l
MD5:	367AE6F9F617EBB9B6D3824F982B701E
SHA1:	1779342407499A0267DBACDD156218F90BD77802
SHA-256:	C14C740C8246E5551EDAFDD6718DECB44E2A25DFC31690FE8A667EE8E972C1E4
SHA-512:	8EBF14B1EE71B04046334E6429046A813631581348BD735534FB0B0C742AAD489AFA709DB7012CB227F532EF00CEB0C92B786DAF05534249A635259619A9A499
Malicious:	false
Preview:	0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..k.2.#/....."#.D....0.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......2..........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..h#3.#/....."#.D.....0.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo......8Oi-........0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..tI3.#/....."#.D.r...0.Az?...SwC...^..y.....V..7R-O.....A..Eo...................A..Eo.......9.T........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.610560566512953
Encrypted:	false
SSDEEP:	6:mWYOFLvEWdBJvvuutPZyhUDLYtmOZn1TK6t5:xRBJzHDcFZL
MD5:	317A56D5144E53828F2D7491EA761FE5
SHA1:	234C20343B1DDE1F2894949940439834506CF006
SHA-256:	97BA1926F58D711B82226A42A4F896B0437D4B60C02004F2336B465E4C6B61C2
SHA-512:	E5EE984908C1CFF6C41F3F84BCFCE8D79E744EE0A7DF6D9B3B91F246BDD15498E4FFB0184D8D9E9A1D24B48BD10D730CED0382A386CD6490F1E98D3E8E0C7DE5
Malicious:	false
Preview:	0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ...^3.#/....."#.D.=. .0.A....t.q..W.EZ....1...[.zC.7mD..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.61568859580264
Encrypted:	false
SSDEEP:	6:msRPYOFLvEWIa7zp7wl/QeVPu1TK6twa+sRPYOFLvEWIa7zp7NkwHVPu1TK6tPlS:BPH6loec7PHHpcj7PHLScY/
MD5:	583C63A592D26CD34FA71A8C338E7443
SHA1:	AF5443CC810009B128E58BDFF4D86C597213A0DD
SHA-256:	081139855AB4F7BDD8E36A57FBD0B7FBBC8FB431C9190E80BF77317EBBA60297
SHA-512:	81017A7C1B18758CF0EE73873C39B5D3A13DD09D62A496C43F063CAB61BC1F0F2412541362028678F29E8EA5D1683C15904C4718B6A300955DBA79171B0BDA19
Malicious:	false
Preview:	0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ....2.#/....."#.DH.~..0.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ... 3.#/....."#.D(....0.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo.......&..........0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ...E3.#/....."#.DuV...0.A...L...Im.@.........E.nW...IP..A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.592807005700951
Encrypted:	false
SSDEEP:	3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVFd/IzU6Q4XVAZ+8cV3vRm1TK5Q:mKPYOFLvEWdENU9QSIniM3Y1TK6tXN
MD5:	5A78AB4087C6E4348A82F30B9D702030
SHA1:	BFC3365BFD2E97FCDD7008C4FF8B05085BD5BAB7
SHA-256:	A6A70C2E182FA49471C3187768B8EC81D4366A0DE819272346B0DC27E8689637
SHA-512:	7AAEC0A36971D1D4C10631A9AFEE3B7937DCCA8A0CB9ABC431B2EBEBF61298172E654599242F5B794B44B978BAE34648A10790C5197324A0D83CD31BB82EF4A4
Malicious:	false
Preview:	0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .>HY3.#/....."#.D.....0.A...M....m+lS..e.....<7.U.P8*.0K.A..Eo...................A..Eo..................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	modified
Size (bytes):	208
Entropy (8bit):	5.571699507981898
Encrypted:	false
SSDEEP:	6:mQt6EYOFLvEWdccAHQatXpQjBRCh/41TK6t+:XRc9dKDi/E
MD5:	ECAF746469DB9C57ADDAF11955072517
SHA1:	640908C93B6F11AE4BB7ED97654A3EBE98DFCA3B
SHA-256:	CC17B4753B54E5B58EDC53835BD517911EBACF5A0CD9E3A9D1CD1D48F7CC8DEF
SHA-512:	6C524C070FAD6BF085A823E84A32F11185401ABAF39E835AA4782FFD166A2412A0843E71E953A6C29E520AB3CB2FE032FD4399A39DB989B279ABB4AE2D953093
Malicious:	false
Preview:	0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ..._3.#/....."#.D!.. .0.APJm...0x.x..RD...BB!@5..<..]....A..Eo...................A..Eo................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.523277491647371
Encrypted:	false
SSDEEP:	6:mqs6XYOFLvEWdFCi5mhu/tVULlF4r1TK6t:bs6xRkixcLlF4n
MD5:	E73A1A3BC99E9365048C01C300999EB4
SHA1:	93F8161FEDDD680917C63EDD88899CB8919A888E
SHA-256:	540F5136DD3722A28E32A8DA90F608A33A4721C97078F30C1B42D3F3CB71525D
SHA-512:	DABDFA10875D793EC2D584D45810489DAAE37E1DB9182587E2FA6792FF8A69135A80E2D38C67041EAB292156080756E2DDD138F47AA873DAA212395E8046A12F
Malicious:	false
Preview:	0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ...03.#/....."#.D..9..0.A.P...#4..l....5...5..).w.. .h.~..A..Eo...................A..Eo.......".l........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.506561842364582
Encrypted:	false
SSDEEP:	3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvaol/FjcGCh8rcu1isLK5m1TK5kk:mhYOFLvEWd/aFudZi941TK6te9
MD5:	11691350635978832FA448829A39632F
SHA1:	D66A380F28C3FC23D1BE641DB77C1831A44BF556
SHA-256:	DE403458D472BFD18639379596B77AE0EF831D0CC87EB20767777AEC18451B49
SHA-512:	CA4ACEB4D1AFFF5FAE60865E882E825DD0EB85F58A6A91A11DA924A59762BC946E354DCBEBD648C6D7FEF3200E3E720C0DB044D4566B46900CF4979812430E18
Malicious:	false
Preview:	0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js .z.`3.#/....."#.D.F. .0.A...a.f.m.i.o.p..3U5.....^...I.A..Eo...................A..Eo........7.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	208
Entropy (8bit):	5.517302501397829
Encrypted:	false
SSDEEP:	6:mR9YOFLvEWd7VIGXOdQjtLKoBMqVd3G4K41TK6tm:2DRuRCB9Vd2k
MD5:	3733484C341DC006C37C82C841A7C0FA
SHA1:	85CCD38DC8F0BEB6D279BB16280CF74E15C2514B
SHA-256:	7A8D2B7CCFB9795F5A74D0E4FD37B3899DCB1076A8DBF21ABAA51E800BE521F1
SHA-512:	E5C94E929ADD54BB2706E5991C66D35D24E72C16B0EF07848D0F54AEEF97EFB7F758AB14C2E5743927F3811B143408062A50388329ABA5AC7D7F7831EA5EDC3D
Malicious:	false
Preview:	0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js ...`3.#/....."#.D... .0.A..y.$..$.v5j...T...z.]..._S....A..Eo...................A..Eo......i6..........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	5.576250528303445
Encrypted:	false
SSDEEP:	6:mkqYOFLvEWd8CAd9Q6XE7uA424r1TK6tcekqYOFLvEWd8CAd9QHsPtDuA424r1To:+RQbUqrnrRQnPErn
MD5:	ABB022AEA4AA2714E92CE0AF5A0723B7
SHA1:	E62E5798E979CA04779F743E3A179977FCF73185
SHA-256:	D4A956A7E1B405855331CF970FF65516A5DC198387AF50CDCE8F39E0BB5D13E5
SHA-512:	39F45BD021ED574324AAE6C0B54B8924C626A043865E5B5F85A542EDA3C292E50FBE05C1A9CBDC8523DDB8455B60B10E60CCC12DE288E83E0F7706DAF65E1276
Malicious:	false
Preview:	0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .. 33.#/....."#.D.NI..0.A#..@..k(v.8g..5.~_....]Pj...6.A..Eo...................A..Eo...... ...........0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js .p.`3.#/....."#.D.. .0.A#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo...................A..Eo......i.B.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.542238794053818
Encrypted:	false
SSDEEP:	6:moXXYOFLvEWdENUAuHjOFVYAyC8n1TK6tL:xhRTFkVYA7Q
MD5:	FBC886A4B92FBD7E864F3E1288AC7B13
SHA1:	1BF0ECBC85ABBCE69ED31773D34AE9135939D2AD
SHA-256:	85FAC5508C973172B5D135C7525D834F530D1DAADADFA128FCFCE471C9877CFB
SHA-512:	7A13303FFF9164EBA1E7CF2EBEBD0104F73176C0680C0AE7ECB8F6841F32CD3A066D470C3ED45161389FB3B358521D93FC49FE148715CD9CCEBDC82A605EFC4A
Malicious:	false
Preview:	0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ..;Y3.#/....."#.D.....0.A8.../...;.\\o....1..........+..A..Eo...................A..Eo........<.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.5993474155684995
Encrypted:	false
SSDEEP:	6:mQZYOFLvEWdrROk/VQ2t82a00LmB41TK6tt8QZYOFLvEWdrROk/VQxte0LmB41TI:nRrROk/VOhcmJRrROk/VxVm6
MD5:	5C18DFFA5897F475DF56111E9CEBEE2F
SHA1:	35DC7E03A3C25D60E10B5C9193EBA7AD231C2886
SHA-256:	1D069207792A39C3AA77DC9E6BA700A8DEF137FD10BC864870F741A0B1641765
SHA-512:	7D343A761D23CEE96C746C13B94570876D51DE0FD172AE90ECA9553121FD496B7C73DE9FDACA2BAC279E4ABC8E238351A0A82E231AC0D0CD4A4E6CA02FF2D74B
Malicious:	false
Preview:	0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..r/3.#/....."#.D..7..0.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......u=v.........0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ...V3.#/....."#.D"....0.A ./.ev......N~..6.b.....$.j;:C...A..Eo...................A..Eo......Vk[;........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	210
Entropy (8bit):	5.570969290155554
Encrypted:	false
SSDEEP:	6:mZ/lXYOFLvEWdccAWuxX2Adm9741TK6t:qxRcaAdu7E
MD5:	59E9ADFA9DDB2E5F8C3ECE61E55E6AFC
SHA1:	035B93DC27E97DC232B31F5D0987B5EE16156D15
SHA-256:	26CCC2FF3EFF8C4047D04D9069B162FFD312E4BC788186EE98DFB680100A2350
SHA-512:	6FB6FE26EE5BEF390C6EFBF5AE1364FD94E3AACEFB80982B1A24C429802BB492BE2FDA3D26DCE1BBF435AB9B1390ABEABA41FC3EA44BD1B6B75316B3E8596093
Malicious:	false
Preview:	0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .!.^3.#/....."#.D... .0.A...U...I.>P...X...x..0U.~;m.x.k.A..Eo...................A..Eo........4........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.548719465659713
Encrypted:	false
SSDEEP:	3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFvzvotv8/6shoq+Nem1TK5kt:mMOYOFLvEWdwAPVuZvotv8iJn1TK6t
MD5:	C52A50CEE06BF421C218BAEAB6F6282A
SHA1:	5A9A3468F732C008522724305591AF914ACDD4F4
SHA-256:	6C6994E7D5C31F5BF9A0C13EFDAB0AA5050A963E9327B178606611FFCA0C276E
SHA-512:	855790D00859E4C439F0883459399723A376840DCF2CE13CBE5D7A16F0E470F2F6FF1DB8A45A4548E0DB53A504014F86ACDAD85E4DD2D3F26D22A2E84B3E2AA2
Malicious:	false
Preview:	0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..hX3.#/....."#.Dq....0.A.....k....F..D..O.n;[.1m.....=..A..Eo...................A..Eo......i...........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	212
Entropy (8bit):	5.613311668724158
Encrypted:	false
SSDEEP:	6:m3PXYOFLvEWdBJvYQfrSzhcsBXIh1TK6tJ:mxRBJQVDB0
MD5:	DFEC96E6AB9B4AFA3D3499B898661A36
SHA1:	B6685CFA1C78DB1FAFFE6C16C900B8FBAD99E026
SHA-256:	E9999060C77B357A9629A6971F2E5AC4F51728E42EBF18B667C325FBE80A0868
SHA-512:	C7E4B28BDD54BF67CBAA01CE6EA9AB6FE24756FAB3F9C1C9702953E6DB96FDAB43793EB37D0266D3BB48E24D4EF269DA5959E28C1576ADEF942455FAB40297F4
Malicious:	false
Preview:	0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ...`3.#/....."#.D=.. .0.A...k..`..N3.... ..d..$[.....{.A..Eo...................A..Eo.......@T<........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	5.575552127792926
Encrypted:	false
SSDEEP:	6:msPYOFLvEWdrROk/RJUQ/bqyv2tHc3Me/1TK6thsPYOFLvEWdrROk/RJUQybKXAL:3RrROk/sibCHc6RrROk/sfbPzHcA
MD5:	69EDF8F7F25504061C261159A6257C74
SHA1:	EFB3A8A9F2647EE002C67DAB21B0D11538539303
SHA-256:	E4FD3EC1C4DFC3CBC94A0F764EC514A876918D7FCF216DCF9D83413659ABE407
SHA-512:	4EF4C71FE0B19FFAA80FD4F852BB34D5FE9FD6EC04D4343277A14F95E3CF62AF23A2D4647DFAF2E8A4F0183F564C64105AA61DA84534D6A607547097456D72BB
Malicious:	false
Preview:	0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .g./3.#/....."#.D..8..0.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.......sP.........0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .N.V3.#/....."#.D~V...0.A.....9Q].8O.z....=..:.N.{....N{.A..Eo...................A..Eo.......5I.........

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	2016
Entropy (8bit):	5.272574498854153
Encrypted:	false
SSDEEP:	48:t2kdhMkCqmy6kE1vyEqQ55qUiMaYtlz77QeS19BKzftu+f4EVgHM1hOp8:tstdxj1v5b55qUiMa6lz77QeS19BKzfL
MD5:	8632DD5E86BB729ACC2A05BB93F410A3
SHA1:	1408ED231EE5B57DBA2CE2A5781985B1A87949EB
SHA-256:	57AEF43E35AE97EA60A50611703A4D1BC1D66A8B30F879961AA0C954CAB4382A
SHA-512:	9BA84C0332ECC0A525BEDA30AD32D33FE24CB09DBC6FCE8B2ED0F72468D91273C496BF7602A452BD8A6BCB3D9868F7354A5E688906CD26A4BF43A001C92D1B18
Malicious:	false
Preview:	......goy retne....'........'............;.y~A.@..................@...................oB...................#...(@..................k7A.@..................D.4.@...............[.i..%.@..............<...W..J................,+..._.#@...............J..j...@................6<\|...................A?.2:..@...............+.{..'@..............)....J:@................2q....@................P....V@..............+.U.!..V@.................P[. q@..............!...0.o@...............u\]..q@.....................@....................@...............o..k..@..............^.~..z.@..................o.@..............Gy.'.h.@..............F..=z;.@................3...@...............v...q..@...............C..M..@................a.....................~.,.4>.@...............&.S....@...............@..x.@..............=....m..@...............;/...@...................q.@.................MV3..@..............:..N.A..@..............Z..............oy retne

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.138054750739232
Encrypted:	false
SSDEEP:	6:mws0pW+q2P92nKuAl9OmbnIFUtpDs0v5ZmwPDs0JwtVkwO92nKuAl9OmbjLJ:Q0dv4HAahFUtpA0v5/PA0yT5LHAaSJ
MD5:	80873CAEBB142E1BDAA8286098ADB898
SHA1:	6366AB256B6A84FB22DFD216EF381998A8F2160F
SHA-256:	B6A25A244F236AF8E783E8414121CC4E05611CE1825F538FEE8E525C6E0FEC39
SHA-512:	E00C8E7AFE78BA5B0CC391CC8B4C1E8FC9B71B3D1A5D339A0DEF6BF914E01A6AE278B0AA1DCE762DE9F703123EDAF12CEE77CDED567B9641FBC46BEF5E2C0D54
Malicious:	false
Preview:	2021/06/10-19:03:35.028 1aa8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2021/06/10-19:03:35.030 1aa8 Recovering log #3.2021/06/10-19:03:35.031 1aa8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	917504
Entropy (8bit):	0.007909552735237937
Encrypted:	false
SSDEEP:	12:I+1rDro+1rDro+1rDrolfrgrocrgAmJocrgAmJocrgAmJ:T13rz13rz13r+fUrjUVJjUVJjUVJ
MD5:	28C3F901AA5AC270CCAB75AA191F3258
SHA1:	5D399FD68F093714478F4E722E6432F2F242EC89
SHA-256:	7C8E9508FC031C0B9B0EF7AA2AC874A1C14DE506A9AA035917F03E6CA1D3480D
SHA-512:	FE180F9F8D19E668F38B787F02BA2E6871EB3B9D90BD1CB9AAC9FFBCECD2EEB1F21EE16C422994B096BE8AEAF8E05CDB4653B9DD023B9DAA8C7C870706E1E925
Malicious:	false
Preview:	VLnk.....?.......+.}.^1.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210611020328Z-269.bmp Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.8821546458548144
Encrypted:	false
SSDEEP:	48:7Tyt07xPYl/CCejyGYJ3fCo5xpyCCKXyyyy3bpzPKXvio/Dx/:7TytmxPGFejs3fr5xpvC6NjKXn/DR
MD5:	9E018E9AE2881DB77B2EB9668CAAC57B
SHA1:	665D6665D1F79687022BAD3EE94D9C0BF61F4FA2
SHA-256:	D960BD5D78C9D1095D76BC9FE5E65DACC866C3B693FB3205CFC162CBF83A6E64
SHA-512:	37A16F93427D80CA6253A1221881F65015B86E7B6DB78BFAFF92195E7F0F0D2830B9EEF2CF7E030FB3CA038A9BF1204C39EDAB0CB639F810B9EFA5E9E9C95735
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	SQLite 3.x database, last written using SQLite version 3024000
Category:	modified
Size (bytes):	32768
Entropy (8bit):	3.3870351814123563
Encrypted:	false
SSDEEP:	96:iR49IVXEBodRBkQNlOhFVCsL49IVXEBodRBkRUFNlOhAVCs749IVXEBodRBklUFJ:iGedRBtedRBwedRBYedRBp
MD5:	D7B40A1AFDCD7F915F4A8B9B91489E08
SHA1:	375EA47CC53B43E33CD3FC88A3AD9D342F9B3D6A
SHA-256:	184345D2DA0FAB344A8295598C61D7CC22AA75CDEF58CB960BB041F937B4FECD
SHA-512:	19950932F134C6F2732FC9EAF0C107F96EF86335A8C72FEB8F817CA210E90A4C417D116267B3F106049987AEDB6FFB6535ECFF94D91C12D8CDF5F61D6B23D0E3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	34928
Entropy (8bit):	3.2006014813913772
Encrypted:	false
SSDEEP:	96:N7OhFVCP5949IVXEBodRBkuNlOhFVCsELR49IVXEBodRBkHUFNlOhAVCsmd49IVc:NNiedRBPLGedRBQCedRBgyedRBv
MD5:	7CA3CB49F11412095ACC844C448A97E0
SHA1:	5845247DC6EA5FD3CBB8A5818E4DD4167937D6EC
SHA-256:	32119C892C5CBF214A8B96CEC5A6C9E4646E1413E3F62E5CCEDBBC2F5FB703B7
SHA-512:	46662AD12AE50AE0C05593F426A638AA7A19D9C2650C789CFA500BE9DCC92BB68552EF47A3FFF28CD6FCBBD5170F828722A7ACA7757E3F935C07EDB2B3E21E22
Malicious:	false
Preview:	............4S.'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................X...h...y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\10BDC45B4A27319429BBC4F08A4E8A10 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	7.54155945514523
Encrypted:	false
SSDEEP:	48:m4qXYiteL8B0wtUJgVXpxi4sVQmjPOZphFRl12:StO+0mrZn/T5R+
MD5:	58AA23107C8D5AEDEABD0D5E32578592
SHA1:	C81A8BD1F9CF6D84C525F378CA1D3F8C30770E34
SHA-256:	21ACC1DBD6944F9AC18C782CB5C328D6C2821C6B63731FA3B8987F5625DE8A0D
SHA-512:	ED89CA15A1A6150246A3A92EEF6E1E962928BCB2E70FA802513581076C907F276CA0639E700FB4BA7E20F2276A0184D8C19168C9E466CCDA5FE2500D16B8C432
Malicious:	false
Preview:	0...0..........lU............0....H........0..1.0...U....US1.0...U....New Jersey1.0...U....Jersey City1.0...U....The USERTRUST Network1.0,..U...%USERTrust RSA Certification Authority0...200130000000Z..300129235959Z0K1.0...U....AT1.0...U....ZeroSSL10(..U...!ZeroSSL RSA Domain Secure Site CA0.."0....H.............0.........is~..1.#.m...T......!.~].R\|?1..l.Y8^g~KV.u..7.5Zd..L.,$..m....Mf.....!t..C..q...L8}..............8...N..h..kw..@...._.......=$._.d...Y..B.oPR..Z.'<.....^...T.c......q.+{@.5.....A...F..\|2E...E.e..Pt.....Vu..J..j.u...5../.]..\..;..w..%5-.V..^x$.........(g..0...mZ'...;.`.r3..}.c...C.u.;.L..7t...>.D....B.f...tJ..."Y..bf:!...'.{...r2n..]tU.....F......Ex;6E......-5E....X.....B.y9.$....g......\|..OxR..WOaU.'.8y..B...--....jG.iV'4%:KI.J.v.i.-o......"m.z.Wc..%9J.~h.i.H.@...#....Ui.(KBU...........u0..q0...U.#..0...Sy.Z.+J.T.......f.0...U........xh...h.=r._.>....0...U...........0...U.......0.......0...U.%..0...+.........+.......0"..U. ..0.0...+.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 60080 bytes, 1 file
Category:	dropped
Size (bytes):	120160
Entropy (8bit):	7.995256720209506
Encrypted:	true
SSDEEP:	3072:LRc7GHbMNPMhGE3NiUlRc7GHbMNPMhGE3NiUZ:LRaGHAgNlRaGHAgNZ
MD5:	C4B70C37F2B7AD5C9A299F3548BDEAEF
SHA1:	A749B4E946C14BA2D0F6A373F72B4F417ECD352C
SHA-256:	318CCE2AA1EE5903C0278EAE8BBADCF65AB9A9066251385C88F79D310FC14815
SHA-512:	148CC6F8FFB6EBB0E6B3CCB31E184C85CB02F405663B35DE2BD61744A00718F2F6E233FDFA5A1CE01D91CEAB11F8F158767458197683050E03F80EA74BB1968E
Malicious:	false
Preview:	MSCF............,...................I........d.........R9b .authroot.stl.3..).4..CK..8T....c_.d....A.K...].M$[v.4.)7-.%.QIR..$t)Kd.-[..T\{..ne.....{..<.......Ab.<..X....sb.....e........dbu.3...0........X..00&Z....C...p0.}..2..0m.}..Cj.9U..J.j.Y...#.L..\X..O.,...,.qu..]..(B.nE~Q...)..Gcx.....}...f....zw.a..9+[.<0.'..2 .s..ya..J......wd....OO!.s....`.WA...F6._f....6...g..2..7.$,....X.k..&...E...g.....>uv."..!......xc......C..?....P0$.Y..?u....Z0.g3.>W0&.y.(....].`>... ..R.q..wgX......qB!.B....Z.4..>.R.M..0.8...=.8..Ya.s.......add..)..w.4.&.z...2.&74.5]..w.j.._iK..\|\|[.w.M.!<-.}%.C<tDX5\s._..I....nb.....GCQ.V..r..Y.............q...0..V)Tu>.Z..r...I...<.R{Ac..x^. .<A........\|.{.....Q...&....X..C$....e9.:..vI..x.R4...L......%g...<..}'{....E8Sl...E".h...*.........ItVs.K......3.9.l..`D..e.i`....y...,..5....aSs`..W...d...t.J..]....'u3..d]7..=e....[R!:........Q.%..@........ga.v.~..q....{.!N.b]x..Zx.../;#}.f.)k.c9..{rmPt..z5.m=..q..%.D#<+Ex....1\|.._F.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\10BDC45B4A27319429BBC4F08A4E8A10 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	274
Entropy (8bit):	3.0894444543461064
Encrypted:	false
SSDEEP:	3:kkFkl1lEO5XfllXlE/lYoTZELDcqElXlije9DZlOJE5Yol2luN7MS1g15lquGldp:kKBO5qY4qMUjKFgJE5Y7EyUWOJ9jn/
MD5:	05B4D53E81A518217250B310841240BE
SHA1:	3A473988F8613DB39F550E5B6B79B0A8D65AB8D8
SHA-256:	8E7D95C3D293522C0C4C2CE631C7DDD6F5DC1AB8E3CCF100804452B4FEEB0522
SHA-512:	48DF5687A12072AA3445F5044B760FC547DFD0F388500DDCFB035A418CEF89DC173429E5281D150C4E5CDDE7E38DE80B22CC3D76D11262A49D4E2C76287F52D3
Malicious:	false
Preview:	p...... ............f^..(....................................................... ..........6....@8..................h.t.t.p.:././.z.e.r.o.s.s.l...c.r.t...s.e.c.t.i.g.o...c.o.m./.Z.e.r.o.S.S.L.R.S.A.D.o.m.a.i.n.S.e.c.u.r.e.S.i.t.e.C.A...c.r.t...".5.e.3.2.1.c.8.0.-.6.d.9."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	656
Entropy (8bit):	3.1313218827511786
Encrypted:	false
SSDEEP:	12:Nl68kPlE99SNxAhUe3OMz68kPlE99SNxAhUe3OMx:3ZkPcUQUXMzZkPcUQUXMx
MD5:	C832DEC68237374DBA980C00BC64C838
SHA1:	8BBA5EE5FB0149DEFB632F46E3DD897994B0F912
SHA-256:	BFC580A5D8F02163E0C42C7306C1C6C31CFBF846611C3D9A5961E135572EC8D9
SHA-512:	CF4B1A5B72183A19E9C0638BEFFE3B156BAB3E0034E67A05D1056A595A92D4BC133D20D60191B6A706663AA2FE9A06FE0727CBF9263AA9E5C4EB6D512EA4B553
Malicious:	false
Preview:	p...... ........IA.8f^..(....................................................... ............L......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.9.0.e.6.c.f.e.3.4.c.d.7.1.:.0."...p...... ..........1Jf^..(....................................................... ............L......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.9.0.e.6.c.f.e.3.4.c.d.7.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6528 Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	157443
Entropy (8bit):	5.172039478677
Encrypted:	false
SSDEEP:	1536:amNTjRlaRlQShhp2VpMKRhWa11quVJzlzofqG9Z0ADWp1ttawvayKLWbVG3+2:RNj3aRlQShhp2VpMKRhWa11quVJX2
MD5:	A2C6972A1A9506ACE991068D7AD37098
SHA1:	BF4D2684587CF034BCFC6F74CED551F9E5316440
SHA-256:	0FB687D20C49DDBADD42ABB489C3B492B5A1893352E2F4B6AA1247EFE7363F65
SHA-512:	4D03884CA5D1652A79E6D55D8F92F4D138C47D462E05C3E6A685DA6742E98841D9C63720727203B913A179892C413BFB33C05416E1675E0CF80DA98BE90BA5E4
Malicious:	false
Preview:	%!Adobe-FontList 1.16.%Locale:0x409..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Marlett.FamilyName:Marlett.StyleName:Regular.MenuName:Marlett.StyleBits:0.WeightClass:500.WidthClass:5.AngleClass:0.FullName:Marlett.WritingScript:Roman.WinName:Marlett.FileLength:27724.NameArray:0,Win,1,Marlett.NameArray:0,Mac,4,Marlett.NameArray:0,Win,1,Marlett.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:ArialMT.FamilyName:Arial.StyleName:Regular.MenuName:Arial.StyleBits:0.WeightClass:400.WidthClass:5.AngleClass:0.FullName:Arial.WritingScript:Roman.WinName:Arial.FileLength:1036584.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial.NameArray:0,Win,1,Arial.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Arial-BoldMT.FamilyName:Arial.StyleName:Bold.MenuName:Arial.StyleBits:2.WeightClass:700.WidthClass:5.AngleClass:0.FullName:Arial Bold.WritingScript:Roman.WinName:Arial Bold.FileLength:980756.NameArray:0,Win,1,Arial.NameArray:0,Mac,4,Arial Bold.NameAr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin Download File
Process:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
File Type:	data
Category:	dropped
Size (bytes):	63598
Entropy (8bit):	5.433041226997456
Encrypted:	false
SSDEEP:	768:PCbGNFYGpiyVFiCUZ6ITizLsOz6z3GrgcnmxMUv27sdYyu:J0GpiyVFiB6MsLsO+TwU+7kK
MD5:	8497B2AAF72E6A38BA57ACD5ECDA58BB
SHA1:	63177F7C492CB841A4F08904F6E94977267BCF50
SHA-256:	E25EC2F248EC25B8B856E17D27EE221FE303945BBDA78A56FD98CB1E36AE88C0
SHA-512:	CD299DC9214C931D5A10B00B77FC22176D8DD33C75340BC27C5A46C8637990A6E89B81FACF976BE0AAAB837A5CA5EBC5D460872586CB8C0A15318EBCD4E72FE2
Malicious:	false
Preview:	4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

C:\Users\user\AppData\Local\Google\Chrome\User Data\184fbdfa-666c-4113-8e68-2fd4ac56419a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	363081
Entropy (8bit):	6.01527242753768
Encrypted:	false
SSDEEP:	6144:yjSixW7HyKDLn0y8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dB5:0zUHyKDgfxzurRDn9nfNxF4ijZVtilB5
MD5:	15543C38F2818516CE8223184C648E25
SHA1:	7AAD0191695D853FBB735A84CEF82928A05FD235
SHA-256:	93ACB0A8B55A33B4ECD979E51C3291BE7725468F93B5CD7C926D325E8CC0E599
SHA-512:	348DF0F66DC5AFE1BA5F2DFA589EE40BB74F3415444F3C29157D7891C0FF92FDBEA95FC95342121CB9F31C891600C41B6B6565CFBE2C0B0E71EFAA6C02461FE6
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.623377069604868e+12,"network":1.623344671e+12,"ticks":179549209.0,"uncertainty":4595135.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075396516"},"policy":{"last_statistics_update":"13267850666270

C:\Users\user\AppData\Local\Google\Chrome\User Data\5704b89a-ab69-41c7-94c7-1ae1d49ed637.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	366756
Entropy (8bit):	6.027994956915462
Encrypted:	false
SSDEEP:	6144:cjSixW7HyKDLn0y8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dB5:azUHyKDgfxzurRDn9nfNxF4ijZVtilB5
MD5:	2F30E954122F2EB66CFF436C92043B3F
SHA1:	67EA0DB0F61E25C4128282165573027D284C0648
SHA-256:	CF3BC84B9666D138DB1DD48F7BBF7653BB507C2A4413E2CF5A0504CE20ACCB38
SHA-512:	A5FC7914E9107C11BA6A45AFDA182BA9E9460B743B4329B6433E5C2B8D4A24854A89F8FDAF15ADC2398C8937F518C12E1AD6C2795BAB21A7247B7261F20BEA8D
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.623377069604868e+12,"network":1.623344671e+12,"ticks":179549209.0,"uncertainty":4595135.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075396516"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\81aa94b8-5b01-44d1-a0b6-42f222678895.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	363081
Entropy (8bit):	6.015271981844565
Encrypted:	false
SSDEEP:	6144:fjSixW7HyKDLn0y8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dB5:bzUHyKDgfxzurRDn9nfNxF4ijZVtilB5
MD5:	0A59815EEAA9857FC9891592E572C5FA
SHA1:	C44A7CC3763D12514F2C1FD83F2B63CF9799FEB3
SHA-256:	1F97284DEA7756392E947325EFE0BF526E33647CF50AC5F78D53BC7F8766B173
SHA-512:	65AF96C527BDABA08C8F3CD3B2E6884F63959E90F29A2C5415B6174301EB62094957FD39AB5BFF8A2FDFA244734E1FDC18AB4266B1D86734800F19D823910CEC
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.623377069604868e+12,"network":1.623344671e+12,"ticks":179549209.0,"uncertainty":4595135.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"13267850666270

C:\Users\user\AppData\Local\Google\Chrome\User Data\950fe2ac-a451-4131-a663-37959f0b0812.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	366662
Entropy (8bit):	6.027815464392613
Encrypted:	false
SSDEEP:	6144:wjSixW7HyKDLn0y8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dB5:WzUHyKDgfxzurRDn9nfNxF4ijZVtilB5
MD5:	1971AE5A6C509F31BCC37337AF25D289
SHA1:	E52DF66B2694F640764B3D18A8279DA67B6FA0F8
SHA-256:	EDE4173A1667F47495423F0A1363A62D403D806E4A99EEF0700D0D59A55A17B5
SHA-512:	807ACD03A53DA897B1FF6181824CE42A1B1132416264CE9472A31885DBC4778223BE05217B7D38D7EC1D967DB10A6785713C377C7EA6767F7D455F313DAF1DB1
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.623377069604868e+12,"network":1.623344671e+12,"ticks":179549209.0,"uncertainty":4595135.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075396516"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\9b880236-7c95-4edb-bf3a-b5a3e3e1a23e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	363080
Entropy (8bit):	6.0152723230242655
Encrypted:	false
SSDEEP:	6144:RjSixW7HyKDLn0y8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dB5:xzUHyKDgfxzurRDn9nfNxF4ijZVtilB5
MD5:	E754647089C1E0BF83640B15F45288D1
SHA1:	08C7FA0481B78276E2F0BD26F8E211E93EA5A839
SHA-256:	350BDA832498BD3563A129A6C2825DD8E2522DEC58D20615B38A45DA0AF360BE
SHA-512:	FF565358B731385649AC0FE445B4DD4B248284B2FABB6F5C1B125F647F3D33A52C55F140690DCB9B325DA787AE78F8DE8943F0166867D1429B55517A5A2FB591
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.623377069604868e+12,"network":1.623344671e+12,"ticks":179549209.0,"uncertainty":4595135.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"13267850666270

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXYDu6cR9iTXYDu6cR9iTXYDu6cR9n:+Y66cR4TXY66cR4TXY66cR9
MD5:	569FA64ACAA310B1DE1A6250CC7356B0
SHA1:	14251450C245F8612958BF94779E8B72AE6D6213
SHA-256:	AEE20ADEBF2D35EB8A39BE2DC391B0E5966EFCB4AFDC971BB3A18115C929F563
SHA-512:	850914A053EF541046B29260266C17FEFF2466A87784394F9AB3B565D2EA1E656F61F02BDB78F9F9676E90365F837F3709BCC0856B3B844256848F477250E0C7
Malicious:	false
Preview:	sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0b191ceb-9476-49ef-b067-7e3620e5d2b1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0db4e215-15c3-4766-b1b2-90d520780196.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2380
Entropy (8bit):	5.599189144483312
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQFU/eUjieU96UUhrUOKUeU7qPeUxUrwUcsYU9UH:YRUCUiU/eUjieU0UUVUOKUeUuPeUxUUv
MD5:	E51781DFFCCBDBCF9A8753A2095A82C8
SHA1:	47B66ED9B5F860686F724483F9B48D48B34C9A25
SHA-256:	0DB9F621F84BF6946919AD8D69DFCC83E38F2672048321BF097AA6DE2E80D913
SHA-512:	625B06F66C98EFD994323BE02670A7A5193D6EF664D59AF3E972C4D6328DB406B34F8E51BEEA775D33A5600D6EE55114AD4C6441188B768BE0170C6AF29900A9
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1654913192.679823,"host":"KVivTTKTVC3D7/hfpnbDFfPAgoVJQnjFfXBq+8P8zk8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377192.679828},{"expiry":1634263652.947442,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377252.947447},{"expiry":1654913192.201975,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377192.20198},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\181009f7-b4b4-4300-bc2b-954eeedce5f8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	874
Entropy (8bit):	5.561662941633634
Encrypted:	false
SSDEEP:	12:YdDZ6Hk3O+UAnIvld06cY8rNgmh4r+UAnIElIWcNnYj+UAnIECmUR7N+UAnIsmD4:YT6H0UhHPkG1KUe9aUeCB7wUGvRUeIQ
MD5:	D1002CDE4BA80D9E6FC138422F5249F7
SHA1:	7A64A06BF7FFCCEAA490FBAD1F0A7363DD2A4061
SHA-256:	67DF6795EE0CECBA720F98296DB80F5DBEE9487BD8327DEE60499F8565DD68A6
SHA-512:	A197AF282D2A8818B0135CD1A7160432C5426385C31591C6347414A3A76ADB08F66DFD8F23A5FD149F59BA6FB4569DAD7127E225EDB5177EDF68B8C830FA3E34
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.743728},{"expiry":1633013040.850112,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477040.850115},{"expiry":1654913069.492229,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377069.492235},{"expiry":1633013028.952627,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.95263}],"version":2}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1f13c986-7fe8-4907-ab8b-398924ed6e12.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6177
Entropy (8bit):	5.181349837720687
Encrypted:	false
SSDEEP:	96:n3rDsW2RlzZxlSV4KIk0JCyvR7RLL8qQkRS111bOTQVuwn:n3rn2R/xlS2KC4yv9ZbQkgN
MD5:	6DE61FEB07A4E91D7E1103DA068C2FA4
SHA1:	BC229D481CE0550A996BFF719516815F9EA715D1
SHA-256:	766693CD7AA7E6CEEAE8ED27C17CC1E6A9C041774B0858880A5BB237B0F7925C
SHA-512:	C0915C555421CDDC0B34D93E85FB74CB09BF0DCA129D1EDBBF72C394B014D6B257BA8567C010891F448005ACFA589D38BAF63E07C314161B0C54F235370B8145
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13267850666753736","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\243db880-fdc7-48cb-9123-966dc9e37c3e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1879
Entropy (8bit):	5.585315034605951
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQYeUu6UUhrUqDKUeIUlUeCJwUGZsYUNhUHw:YRUCUBeUzUUVUqDKUZUlUHKUGyYUvUHw
MD5:	69D43023708C992D832B2A2A52EDECBD
SHA1:	5B45D109E2FA8961D7702FF4E05207EC9213FC03
SHA-256:	0D02E0B32DAC17989ACF4C3EAE2761993F0E1F7CFDA4111B28E1111BB0F8A9C8
SHA-512:	BEDA0C0A3795A78FC1DEB08C0CA35573FFC99A439241119ECCD5999D03DA38C9BF2B310F8E44040D067C182583F861A9B7D3D0FBD7ACBA4E984B2D21120CF3D3
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1634263580.001786,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377180.001791},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1634263513.046073,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377113.046079},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_ob

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2ea638b3-0b1b-40d2-b0c8-af8a6ffb06b5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.596366424537966
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQFUTeUVieU96UUhrUOKUeUrUeCrwUFsYUNhUHw:YRUCUiUTeUVieU0UUVUOKUeUrUHUUGYO
MD5:	4F9DCF887CD6133049F5FEF7F9AD4C46
SHA1:	3EF5C3D2705706410461CF065D7BD675A1A75935
SHA-256:	55BC86643759214383E4271C1C02EBBBF3644F88EAAA79F097F7969966EAC2EF
SHA-512:	6623223DD8097A998E3CACDF0EDABCA0632DE6E2F86DF29EAAB897226D68D503A2F7779387A5048F4399FC5B8646AC1337DB5E7E4F03BD0BB7ABED3883D7B665
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1654913192.679823,"host":"KVivTTKTVC3D7/hfpnbDFfPAgoVJQnjFfXBq+8P8zk8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377192.679828},{"expiry":1634263608.346691,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377208.346696},{"expiry":1654913192.201975,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377192.20198},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3ac53a55-ec66-4d99-9c05-42325b83deda.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22594
Entropy (8bit):	5.535932046919922
Encrypted:	false
SSDEEP:	384:TIitqLlQ2Xo1kXqKf/pUZNCgVLH2HfDOrU7HGunTSH6c4u:ELlZo1kXqKf/pUZNCgVLH2HfirULGun2
MD5:	D0874EE8EDB069B8605B96D474CF3864
SHA1:	45B37AD55ED01C91F73972AC2C5164B9C283600B
SHA-256:	A60B5EB02E9E48F71D1C3C2FC841E7CECA2E284B4B79F12EDCBF2E2C83DE3804
SHA-512:	620153F35F90BBF46F448C771548F604860CFF2B35078BF94E0A65BB15ABB237F61A1A26B0D3928837DC155DDD6C1D691C8124F527B5AC96BC3448FAF5B506B0
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13267850666388045","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\41d862a5-bae4-440c-bba3-8f4c58f7e3e6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.535836284514527
Encrypted:	false
SSDEEP:	384:TIitvLlQ2Xo1kXqKf/pUZNCgVLH2HfDOrU7HGlnTKNA6c42:ZLlZo1kXqKf/pUZNCgVLH2HfirULGlnR
MD5:	399DDE9F97946861F03BA1B042496831
SHA1:	A9B65A9FBCC1EA1355B7FBB0468620A4C376900C
SHA-256:	1B3F85569AD7FA221C93BAD67186F0CB63AE494514821D0C357F909154EF23DC
SHA-512:	9F3CD662A40277FCD662C127DF32B9CFDB0D132354272C7CB13F85B8D9AA48B1EA294A58C26B1F9CA4E1A7C18F4C90D2D7A4245B82EB4534BB8D685059F275CD
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13267850666388045","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4da04598-1954-46a3-aaa6-c1f6737a5502.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6232
Entropy (8bit):	4.891022647047153
Encrypted:	false
SSDEEP:	192:JzAM7CZv6N5G64HLUM90VBNs6aSZhKnq/zAVbMDLirgKSHlbxI6V1R5D:JsM70v6N5G64HLUM90TC6aSZhyKzAVYd
MD5:	761E8BF2094DCD6CF362997B1B6BF880
SHA1:	004A452B5AA8FBF6A333768CCC59434C2DBD999B
SHA-256:	D70CDE91754B66BE36CCE22F756FC7F581BC3E4716ADA671D478E7FDFED0C6EB
SHA-512:	88FEB2C2329E2B5E9EC103856340094C24993875224BE98A106F7045D5E37D2F638E5D6E6970AF9D347E7264627E9C7DF42C68D59A69A93A82F5897780A94DC0
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442669477158","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442669834286","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13270442669834290","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r8---sn-n02xgoxufvg3-2gbl.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442705712196","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442713418870","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://yt3.ggpht.com","supports_spdy":true},{"isolation":[],"serv

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\54e6dba9-c9b3-4630-8fbf-9907ebefbe13.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.5969720566045975
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQFUVeUGieU96UUhrUOKUeUIUawUFsYU9UH:YRUCUiUVeUGieU0UUVUOKUeUIUHUGYUI
MD5:	DC185E504E13C60425CF4DECA2DAFF31
SHA1:	FBB04C65F51B3C10A35A1EC89E6EB09A8D6443B9
SHA-256:	BC33B2508C8E488522FB56EAD91DC308E5940F1C21437B229B79293F0FEF8110
SHA-512:	F9CBC751B9E9F658B126D19371D2A0CAE964D37F859107B4FDE228055E63770FE7F8B93E82A39D95B3228CE991B2AB9C971BF609D7F70238F2BC67A07EB25089
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1654913192.679823,"host":"KVivTTKTVC3D7/hfpnbDFfPAgoVJQnjFfXBq+8P8zk8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377192.679828},{"expiry":1634263618.543473,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377218.543477},{"expiry":1654913192.201975,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377192.20198},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5fd09da4-70f8-45be-b6f9-abaf63cca512.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	6484
Entropy (8bit):	4.893360015565092
Encrypted:	false
SSDEEP:	192:JzAM7CZv6N5G64HLUM90Vs6aJKJXjHVSfT6V1/zKnwMn7BDHTAkWxD:JsM70v6N5G64HLUM9066aoJXjVSfT6V3
MD5:	D1820BD400E59AAB2AC440B85FCD8DCB
SHA1:	67384578ADD03165024BCCA6D732009795553F2E
SHA-256:	D82072ED5E44974DA16227B0C0A899AAAA3467DE35F4CC6F5EC1F4B47616A29E
SHA-512:	89DEA40C1A8C8642E1D5A73A7B031DD398C46906CC45105E1A5330BEEA86699767E8D288B87DCD4D5B05F80C7AB8F436EA1721AB348FD7A3E15FC9F51A2F24BC
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442669477158","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442669834286","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13270442669834290","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r8---sn-n02xgoxufvg3-2gbl.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442705712196","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13270442713418870","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://yt3.ggpht.com","supports_spdy":true},{"isolation":[],"serv

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\619c8010-7e7b-4a10-a692-f2942f5eeb14.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2212
Entropy (8bit):	5.598786245001926
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQFU/eUjieU96UUhrUOKUeUIUrwUcsYU9UH:YRUCUiU/eUjieU0UUVUOKUeUIUUUlYUI
MD5:	F315D72AFF78631C0DE6E69C89BFC9B5
SHA1:	F74E8191FD6F236D037A734FB48A40CA546791D8
SHA-256:	571A993D91CE4914122BF77EF1C318D45ED42E33C34C377A9F84EE65465CBF1F
SHA-512:	E31330A85F66C528A8C22DF4DA8474A63F98C45EF6C88C1D45B7D4358F65CC8D769A6FCC983E58F44083A7FA6076C3588A9538B5A5E1E49A4FB6E6866F99BF8E
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1654913192.679823,"host":"KVivTTKTVC3D7/hfpnbDFfPAgoVJQnjFfXBq+8P8zk8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377192.679828},{"expiry":1634263652.947442,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377252.947447},{"expiry":1654913192.201975,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377192.20198},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\79759c7c-f769-4ebe-b8cf-f2bfa742c547.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6086
Entropy (8bit):	5.177496588289392
Encrypted:	false
SSDEEP:	96:n3rn/W2RlzZxlSV4nIk0JCyvR7RLL8qQkRS11rbOTQVuwn:n3ru2R/xlS2nC4yv9ZbQkgv
MD5:	C4F5DC2929F5667E094AE7B3B69C8F63
SHA1:	3B43F7B2A526B840845C519C4C785B9F29145A6B
SHA-256:	6013104AB1650FB05EAA83BA3479266AC94C9C59869F6122BCB46F75BC15A4A0
SHA-512:	0134C0A18C649C1351FC1D35A5D75CE0F66E43D29CC087D974E59FB764875A075AAC93F911F19577DDAAC8552A247A51B91EF527922F8E9234C4CB0040589EEB
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13267850666753736","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\958c0856-7797-4e37-89b2-5f62ccb52b17.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.871599185186076
Encrypted:	false
SSDEEP:	48:YXs2MHRzsoMHT5s0MHyKsTMHksrDys4Csb7synWsQItFsym6zs6zMHWLsZMH5YhV:+GDGTHGmGHDW1/nOIbmOGlGGhVD
MD5:	829D5654ADF098AD43036E24C47F2A94
SHA1:	506C8BA397509BA0357787950C538C1879047DF3
SHA-256:	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
SHA-512:	D9B18E6B0AD1E8E4BECF9E84BBE30D64730CFEC2CBEAF96D5DF52E28B907B03EADF22F020FBE0A56D137A52F4F09798031BC6CA026CFA8A979A608B3445DBCAA
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600883925","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":40156},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542628822803","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":30856},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600893104","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":25300},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600872791","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34789},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"exp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9760342b-3eb6-45e8-9b9b-451ff2f4643c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2211
Entropy (8bit):	5.5955499097175965
Encrypted:	false
SSDEEP:	48:Y0cRU7VwUQFUteUUieU96UUhrUOKUXUlUeCrwUFsYUNhUHw:YRUCUiUteUUieU0UUVUOKUXUlUHUUGYO
MD5:	08FA22EBCDEACE2F2D27B8F862549F39
SHA1:	14840C2EFCC753183C1B595CFBEFAE1461F2E0B7
SHA-256:	BB22D778C168F0AE62F9C3F5DDFDE2A39A51087FD28D41640DEFFC7D5D101096
SHA-512:	C1C1A0F4D82A12C6907B9F7C80F6585D1CA21F91374908F7D08EB917C41B3D4E83B9AD86E2E0AA380C95213649B5D40A9C9006A7336DF8D0EF713EBB3C8A6964
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1654913117.122805,"host":"AKBA0EXj1W1QmJumkxUOTpibibkAwoUEp1CDrh5UFWY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377117.122811},{"expiry":1639157115.113911,"host":"E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377115.113916},{"expiry":1654913192.679823,"host":"KVivTTKTVC3D7/hfpnbDFfPAgoVJQnjFfXBq+8P8zk8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623377192.679828},{"expiry":1634263593.742894,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377193.7429},{"expiry":1654913192.201975,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1623377192.20198},{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_obser

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.222779910316434
Encrypted:	false
SSDEEP:	6:mwsz0nyq2P923iKKdK9RXXTZIFUtpDszIi11ZmwPDszTSjlRkwO923iKKdK9RXXH:Qwnyv45Kk7XT2FUtpAsiX/PAijlR5L51
MD5:	FF5DF686533F4FD858668833B31C3194
SHA1:	89B6888CB09767EBF11A8F0ADF597C76F1327619
SHA-256:	FCEB48910D6D17E7E24B10F1B2709ECC60292121F359BEB70F23CD514D824A0C
SHA-512:	291A4F40DE3F31CC78E55B30AE5ACDF23A9985F4EFB9219940CE7310B0901884A62DB2BCEFA791A73C14BF0C07A57376B8E536565FF26B681513B27A00E2A4FD
Malicious:	false
Preview:	2021/06/10-19:04:33.735 c74 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/06/10-19:04:33.761 c74 Recovering log #3.2021/06/10-19:04:33.762 c74 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.223081935505293
Encrypted:	false
SSDEEP:	6:mwsztmmlyq2P923iKKdKyDZIFUtpDsz2z1ZmwPDsz11RkwO923iKKdKyJLJ:QYKyv45Kk02FUtpACZ/PA51R5L5KkWJ
MD5:	3EF1D6599FFB096C570EE32537F9D053
SHA1:	49D99A0DE9D962E842F3B2E4639792B73AD0423C
SHA-256:	A7A9679978459CAFD62BC848C777BF7E2A13BA1CC6397D6A70B1996391A03F11
SHA-512:	4A5013C9D5B6B7A4EFB231B6BA782D5E4B0387B385C880F1472BC29F173AD69F992099366684D717C9A29BC998F1E57DEA69488670A0CFA7935EF38535437389
Malicious:	false
Preview:	2021/06/10-19:04:33.448 c74 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/06/10-19:04:33.450 c74 Recovering log #3.2021/06/10-19:04:33.451 c74 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\031517cf987ed5ca_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	966
Entropy (8bit):	6.068738578425699
Encrypted:	false
SSDEEP:	12:vb9wwhy8fc4XcsfZwV5yUAksB2gKpZqVCXcu+oSxsjGYs+JLwfoblagLtXsFZHYe:hww/1NM4KuLMZkCr+T9dob5Q4kQ8
MD5:	1727E5C42CF13EC44EA4F71BFCD3B09B
SHA1:	D191DD463E398146453A881B4C6EE2407F1B3D5E
SHA-256:	09B0D083F7CD29AE29CDCAE6EE2E7EC944100A9094A73B1D6F3537D2D70B2145
SHA-512:	FCA8D3A0A5FD141D2FC8DEB81BB78073ED10A3EB20C502013F6DE48AE6328CE5A2A8FBB395EA15A398A53B0733EC8EB0E094E2D9BA219FF9D837916B40B18766
Malicious:	false
Preview:	0\r..m......B....@......_keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=A7fCU,BVgquf,CBlRxf,COQbmf,EFQ78c,HDvRde,HLo3Ef,IZT63,JNoxi,Jis5wf,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,MpJwZc,NpD4ec,NwH0H,O1Gjze,O6y8ed,O8k1Cd,OmgaI,PQaYAf,PrPYRd,QIhFr,RMhBfe,Ru0Pgb,SF3gsd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,UgAtXe,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Y2UGcc,YLQSd,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,b7FMof,blwjVc,byfTOb,duFQFc,e5qFLc,fKUV3e,gychg,hTAg0b,hc6Ubd,iTsyac,iWP1Yb,lPKSwe,lfpdyf,lsjVmc,lwddkf,n73qwf,o02Jie,p8L0ob,pB6Zqd,pjICDe,pw70Gc,r2V6Pd,rHjpXd,s39S4,tfTN8c,w9hDv,ws9Tlc,x60fie,xQtZb,xUdipf,xiqEse,yDVVkb,yJVP7e,zbML3c/excm=_b,_tp,faqview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=krBSJd,uiNkee,wmlPKb,IavLJc .https://google.com/F.>.#/.............D........$...}y.!XY.1}\G..4..i...XT...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0355d4a94b58528a_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.94175466270935
Encrypted:	false
SSDEEP:	6:mDqIEYGLKdGMwjM71/XER3M75VMQmkpUSXs4eNQYSyZZkvimuuAOyI0GHEMz4JK+:cVh9wwhy8fcIs4sFZZkvi7a0GFQ
MD5:	9BCE3BF8F77DAAF7A997B4D90995B9B6
SHA1:	D37248B14688B257899D63315B827071F4A7D14A
SHA-256:	DC66ADE8AE25414232ECE39809FAFA84224F498B9AD054A3236071385C0AE3DE
SHA-512:	F005C6713B24FA4CB5CB2BCFA83834691B97F4BBE03D913E64076065443771CAEE931635FF0B90EF795AA9E23B14DBE49A25596B615455F418C023503B6DC528
Malicious:	false
Preview:	0\r..m......'..."5 ,...._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=_b,_tp/excm=_b,_tp,faqview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=byfTOb,lsjVmc,LEikZe .https://google.com/T.>.#/............................e...."...s..)?.(.....l.A..Eo.........M.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0503d498eda84732_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	368
Entropy (8bit):	5.810154136581057
Encrypted:	false
SSDEEP:	6:mmEYGLKdGMwjM71/X+cyIihkbOacQURU9UcuIHGNEl8ZdH0+4kK6t:L9wwhGchR9cH1N6B8ZF0+x
MD5:	1DE37642792083EB51D8B09E6CCA0A4D
SHA1:	93334D318467CD2D527888B529E1A5708A8AFEEE
SHA-256:	BC7EEC9CE5FADEE853A0E571AFD16F16CCFC223859C530B110F88C1367AFA0A8
SHA-512:	BE32167EF89D731A8F326A718298C93B009C9144F1246837CD8A6129483088E2BD51C7C5090A697FDA9D529BCE979DDFD75E79E40BEF34EE97E01E2DA4D96439
Malicious:	false
Preview:	0\r..m............Z....._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/am=FDAg/d=1/excm=_b,_tp,privacyarchivehomeview/ed=1/dg=0/wt=2/rs=AOaEmlEX-ohAc4WO5e-0ARtn-hXkpFeqxQ/m=_b,_tp .https://google.com/.bc?.#/.............1.............>...W.r..g.JP..fO..)PWa..A..Eo.......I%8.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0626ecbe5215288e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	633
Entropy (8bit):	5.782271251385104
Encrypted:	false
SSDEEP:	12:PMq6IgPqsLCgTPxyz0tsLCgTP0z0VsLCgTP/Mz05sLCgTPdvz07CAl3UlpcZeCgh:PAI3sVyotsIoVswo5sBvoexncQ
MD5:	F532655C9D8435E7DF058968C27BA633
SHA1:	16BF6E59A0AFB715A28CC1478DE0ABEC624292A5
SHA-256:	A495A4F8977799F90E87E0E570CF79A1A88653831DED9B7B14E4CBAB3253B431
SHA-512:	70362F2819979ED659D0DD6D24F42D5182A03F69B44738D9715442CE34C82B1CA284DDD833F9C91BAA04B63501F54A6E157A425B185F0D9680DB2A610B11412F
Malicious:	false
Preview:	0\r..m......u.....k....._keyhttps://www.youtube-nocookie.com/s/player/1fe59655/player_ias.vflset/en_US/base.js .https://youtube-nocookie.com/..8.#/.............h.......=\|.y...yj.........Ti/.[..5..=..A..Eo.......N...........A..Eo....................8.#/.....................=\|.y...yj.........Ti/.[..5..=..A..Eo...................8.#/.............C.......=\|.y...yj.........Ti/.[..5..=..A..Eo....................8.#/....................=\|.y...yj.........Ti/.[..5..=..A..Eo......4.]9..........8.#/.`...E2ADD4E92B1BAD6918D86DD0A8DB5371CFF1B481439EC716D59EAA2B2E96FE03=\|.y...yj.........Ti/.[..5..=..A..Eo......".l.L.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07f049ed7c03b867_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	365
Entropy (8bit):	5.802348081217534
Encrypted:	false
SSDEEP:	6:mqqgEYGLKdbVnIIZEDyxJvJmba6BnoG8aT7pUCbnGd/yCuIIyPydnXH9hxgK6t:eo7n/SDyPRmoG5pUcWyXpdnNjC
MD5:	1C11B0F9143E7F2A4224289B295D8659
SHA1:	7B1A3AE7B34E3E1E5BAFCED09126D6AD5C94FA1B
SHA-256:	E9766439C44F0DCED3E6524722AE45A62248696E85DABD141776D1C06AFE74F2
SHA-512:	078102E6A5E409E4B944322DDB3FD74F736751BD235E085B9B61AB05589D18D35902E1BF3510CF12287DAEB229DF03745A1801FC908285025B2DDA366C08CD22
Malicious:	false
Preview:	0\r..m..........+......._keyhttps://www.gstatic.com/og/_/js/k=og.qtm.en_US.cTIKiXxS_RM.O/rt=j/m=qabr,q_dnp,qcwid,qmutsd,qapid,qald/exm=qaaw,qadd,qaid,qein,qhaw,qhbr,qhch,qhga,qhid,qhin,qhpr/d=1/ed=1/rs=AA2YrTs7Zb87CqdFxEjh5qFvninf3C7moQ .https://google.com/p..>.#/.............*.......Q.,...1#.$ .......1._^.J.G...Ic.A..Eo......o...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08d531cb4a36a419_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	953
Entropy (8bit):	6.061385835363151
Encrypted:	false
SSDEEP:	24:Eww/ORpLTt7pdJQzibQVKJWzobhp3mI0NN1:EN/CpdzJQhVKD//qN1
MD5:	CA9C0833FC613A07BEF2F98826AEA155
SHA1:	176D094EF6583963AB71F5E0123523F68FD30424
SHA-256:	A65E870CCFD5D9D2CFE60ACCCA479FD30FBA83965A8CA07F26D7656ADC4E6EB5
SHA-512:	39635E7775BB490B8B8FC7204874DC4A629550D46D98A81F0EE081B56FA48CC4D413F8E951A0F01ABCDD9CED5C46C1741E64129CE236795A48423D140AACF011
Malicious:	false
Preview:	0\r..m......5...V......._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,privacyarchivehomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=n73qwf,ws9Tlc,IZT63,e5qFLc,UUJqVe,O1Gjze,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,U0aPgd,ZwDk9d,V3dDOb,r2V6Pd,p8L0ob,O6y8ed,NpD4ec,PrPYRd,MpJwZc,O8k1Cd,NwH0H,OmgaI,HLo3Ef,x60fie,xiqEse,hTAg0b,XVMNvd,L1AAkb,KUM7Z,lfpdyf,duFQFc,s39S4,Jis5wf,lwddkf,gychg,w9hDv,RMhBfe,Y2UGcc,SdcwHb,aW3pY,YLQSd,PQaYAf,iWP1Yb,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,Ru0Pgb,CBlRxf,xQtZb,lPKSwe,MdUzUe,QIhFr,JNoxi,b7FMof,rHjpXd,yDVVkb,pB6Zqd,SF3gsd,iTsyac,hc6Ubd,KG2eXe,SpsfSb,tfTN8c,o02Jie,VwDzFe,zbML3c,HDvRde,Uas9Hd,BVgquf,yJVP7e,A7fCU,UgAtXe,pjICDe .https://google.com/V.i?.#/......................q....v.-F.;e....\|Z....o&.....A..Eo......Eh@j.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\09bc3e1afcfb1edc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	44429
Entropy (8bit):	5.738860857202446
Encrypted:	false
SSDEEP:	768:UcmQEn/JyZniVEzenz1QHy6Sfn3HtODFMRFpFiJR5/HtprINkqcpMoWjfzx:lqyni0fHydf3NODFMRFCtaPB
MD5:	5DEF2AD317E49D22303EAB1D886A6816
SHA1:	C8989B1018C5CE14B3D5CBC0E2DC9AEE4A5036B9
SHA-256:	3316F4644FF8A7A1CA33513FC90EA3FF2DBA4796D5885A37318EC3A6D068BDEF
SHA-512:	29BBD93D2C08F05464BE6B0E52BB8B1E2838929D3AA0618620C8980EA35C82C869B583394F3DCE26A4D2C72DB1ECF860BB29986F62DEA0E1579BA5B5DCDBFA62
Malicious:	false
Preview:	0\r..m......-...x......_keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=_b,_tp/excm=_b,_tp,termshomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=byfTOb,lsjVmc,LEikZe .https://google.com/...9.#/.....................Ysr.m.J<c......S..j.~.4GB!..9.y.A..Eo.......+5..........A..Eo................................'.I.....O.........Y.S................t ...........................................................(S.\..`t.....L`........(Q...L......default_IdentityPoliciesUi...(S...u .`.@.....E.L`.....].Rc..................Qb......._.....Qcr.......window....Qb../.....iu....Qbj.......ku....Qb.h7....Ifa...Qb.%4G....lu....Qbf.....Ffa...Qb.*.>....Efa...Qb.!h.....Hfa...Qb.o.....Gfa...Qb........nu....Qb..H.....pu....QbJ.......ou....Qb.3......Ny....Qb..`.....Py....Qb2'iL....Qy....Qb.@=.....My....Qb.6.Q....Ty....Qb&9......$x....Qb........Uy....QbF.H.....tga...QbV

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0bd7a193caaa1084_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	357
Entropy (8bit):	5.759929628174577
Encrypted:	false
SSDEEP:	6:mr/VYGLKdGMwjM71/s9cxbOacQGD65SqUcuF6mtl5371UCVjrbrFK6t:Qo9wwh/s9cx9cV+5SqUNLXLPbj
MD5:	80802EFA4C0586EEF9989916859A697C
SHA1:	3F5ABBC8AF6A8248DD96EE2BF88816F6872089D4
SHA-256:	13B28B3341C42ABAA3504A89808E03764561304EEFFC4841574DCEF449CDEAA6
SHA-512:	8AAEA675F3F2932170C01E95FCF032BBBAB9609CAC02621BF9721AFE5623E76A40CB787047E2ECC40D934FB34398CE9E7BCE621CA579C4C9E4525E1CBA4CDB0A
Malicious:	false
Preview:	0\r..m..........9......._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en_US.pWi_f_o0gHU.es5.O/am=FDAg/d=1/excm=_b,_tp,homeview/ed=1/dg=0/wt=2/rs=AOaEmlGoetiJLF1PxJAGy4eEXb19nk7wZg/m=_b,_tp .https://google.com/5.0=.#/..............1......5u(.O.+...9...%..?.e+..}c...P.A..Eo........p9.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1154c6710157da27_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.45909134966346
Encrypted:	false
SSDEEP:	3:m+loGxlzA8RzYrSLLiMIwJJSp2KZlFg1lHCIXvqrMjWxkh6qUm1eYJllpK5kt:mWj9YGL+MIwJJGZjIXxjWc/1HJhK6t
MD5:	363E6AA47EB041D3AB49F6B9B5C53A2A
SHA1:	5352725BEC91A92327A0E72C9B2D1671ECBF0BDA
SHA-256:	84C17D357066A1182A5C3C31B0E6E39D1074D055DE531BE161442C493450119A
SHA-512:	62711AC261D047C9EC21006D8A56D53A9907A3D3BD2C0BA56917659F9EDCF01E80DA4CE271C546B21F45EC427ACBE34627AAD331FE661FF5534A33A539448FA7
Malicious:	false
Preview:	0\r..m......H...6..N...._keyhttps://www.google-analytics.com/analytics.js .https://about.google/3.m=.#/..............@.......3k...w[..).`P_s..Y...`W.......A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12fc5b60660b3e84_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	14923
Entropy (8bit):	6.062973596716947
Encrypted:	false
SSDEEP:	192:aPN3SsPN3FcquqGPV0WTclOwWBYKtHVKmQxcHRjOyJliMn2vc/LD+78E0mUD51wY:aPvP7qdBxt4m1H2iV6Y3wG3NR
MD5:	47689762357B9558703A7CFD4D86E37B
SHA1:	44123F47B7D8D900CF9BCA9FD6564D257A43BE35
SHA-256:	ECDE82272AB1FAA9F6D671F6721FA3A6632B1D5A9F3509B904D2D642E10B5B7F
SHA-512:	A7BC656D2D0FF154F4C218014A964BBBB5D7B23542B9068919A6C1C70600804B6AF0F8D35278EB2C61EF79ADABE176A9B324C9A89671BB8FC08F51689CBF2931
Malicious:	false
Preview:	0\r..m..........]V......_keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=A4UTCb,A7fCU,BVgquf,BqFhcd,CBlRxf,COQbmf,EFQ78c,FqLSBc,HDvRde,HLo3Ef,IZT63,IavLJc,JNoxi,Jis5wf,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,MpJwZc,NpD4ec,NwH0H,O1Gjze,O6y8ed,O8k1Cd,OmgaI,PQaYAf,PrPYRd,QIhFr,RMhBfe,Ru0Pgb,SF3gsd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,UgAtXe,Ulmmrd,V3dDOb,VXdfxd,VwDzFe,XVMNvd,Y2UGcc,YLQSd,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,b7FMof,blwjVc,byfTOb,duFQFc,e5qFLc,fKUV3e,gychg,hTAg0b,hc6Ubd,iTsyac,iWP1Yb,krBSJd,lPKSwe,lfpdyf,lsjVmc,lwddkf,n73qwf,o02Jie,p8L0ob,pB6Zqd,pjICDe,pw70Gc,r2V6Pd,rHjpXd,s39S4,tfTN8c,uiNkee,w9hDv,wmlPKb,ws9Tlc,x60fie,xQtZb,xUdipf,xiqEse,yDVVkb,yJVP7e,zbML3c/excm=_b,_tp,privacyhomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=Wt6vjf,_latency,FCpbqb,WhJNk .https://google.com/...8.#/....................].DtlB..j+..F..>..~hs]mM....A..Eo...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\14bb1f10c738be2f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	943
Entropy (8bit):	6.061967428480867
Encrypted:	false
SSDEEP:	24:7ww/yvpLTt7pdJQzibQVKJWzobhp3m0mpqg:7N/yvpdzJQhVKD/Fmpz
MD5:	AAFB482DBAE9F75D842158FC6F6E656A
SHA1:	1F455C1225C616A279097EF012817DEF4CB373B0
SHA-256:	A7734A468945C1432470AA88A55038E389B38031F28D202F635CAC100BB8A190
SHA-512:	85130C3AA401D0AF85540FE5C08E62A8C86B9413235490CAB5E72F83887090C6174CF1E16DEC3CEA12E58631021FE365BBAC76B760D59A5D2608DF8E010D32F7
Malicious:	false
Preview:	0\r..m......+.........._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,techhomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=n73qwf,ws9Tlc,IZT63,e5qFLc,UUJqVe,O1Gjze,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,U0aPgd,ZwDk9d,V3dDOb,r2V6Pd,p8L0ob,O6y8ed,NpD4ec,PrPYRd,MpJwZc,O8k1Cd,NwH0H,OmgaI,HLo3Ef,x60fie,xiqEse,hTAg0b,XVMNvd,L1AAkb,KUM7Z,lfpdyf,duFQFc,s39S4,Jis5wf,lwddkf,gychg,w9hDv,RMhBfe,Y2UGcc,SdcwHb,aW3pY,YLQSd,PQaYAf,iWP1Yb,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,Ru0Pgb,CBlRxf,xQtZb,lPKSwe,MdUzUe,QIhFr,JNoxi,b7FMof,rHjpXd,yDVVkb,pB6Zqd,SF3gsd,iTsyac,hc6Ubd,KG2eXe,SpsfSb,tfTN8c,o02Jie,VwDzFe,zbML3c,HDvRde,Uas9Hd,BVgquf,yJVP7e,A7fCU,UgAtXe,pjICDe .https://google.com/..r>.#/...................../.F.....N(.Jy.i.}..XFN...*..4.A..Eo........-K.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\150501eb52c82ec4_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	125104
Entropy (8bit):	5.880116696756447
Encrypted:	false
SSDEEP:	1536:ObL1d6JV/6Nh9+atD+rCVaw6YvZWaMA2T7a0fJcP4LgTM/PqHv9DYjMZ7phC5g:O3iJYNvFtD+rCo9ZA2T7c4Lgg/Evjtf
MD5:	68B6BA0568CCD5F013C5948A0FA6C516
SHA1:	9C7BD5D7012451459782D5ECD56A2532100FE018
SHA-256:	17EB6BBC20DC270C6D29B266F92EADE4406311934EDA031FC149369D1E444DE5
SHA-512:	14206D5E43515F4A39DD328659D58C8CD2342332453D0ABA273BB32035864C6E47620E9D683D71579CAEC8FA017290DEF1ED2BE1277C1CC57B885C763C8F33DD
Malicious:	false
Preview:	0\r..m......@..........F0696025E21AE3E50E3D1B36D374EEA086BD7C212122E5D65C89523C01EC4496..............'......O%...H.......................c..0.......H................................................................................................................................(S.<..`2.....L`......Qb.y.P....gapi..Qc...\|....loaded_0.(S....c.`>......1.L`.........Rc..................Qb........_...........Qc.e).....window....Qb.._....ia....Qb........ka....Qb...w....na....Qb..[....pa....QbR-\}....wa....Qb.A......Aa....Qb.......Da....Qb.`.....Oa....Qb..[.....Ea....Qb.o--....Ka....Qb........La....Qb6..Y....Qa....Qb~f8.....Ra....Qb...E....Sa....Qb2G......eb....Qb.......hb....Qb.......kb....Qb.n......ub....Qb~kb.....wb....Qbn3.K....Ab....Qb.k......zb....Qb..P.....Kb....QbNq......Wb....Qb:m......Zb....Qbv..J....bc....Qb.kj.....ic....Qb........uc....Qb~M......Nc....Qb.......Oc....Qb..:....Tc....Qb......Wc....Qb..".....Pc....Qbv..5....Qc....Qbj.......Rc....Qb..T.....Xc....Qbra.....cd

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\18a574279a460c61_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	205
Entropy (8bit):	5.483707843491167
Encrypted:	false
SSDEEP:	3:m+l08Kl/gv8RzYP2FycyGYWCULLuFvDONE0bdvGelHCgVQ0uq2EHdj/72kvRmclJ:mz8WYerCUjE0A1gJHd7AUhK6t
MD5:	8CB68E20E9A3578D50B14539830F7D53
SHA1:	0AD0FE4D4472631F6102BD6DAFC4FBE8EDFB65CA
SHA-256:	78EC6A27CB8D5B34B66D61F11D538559859561C162E1FCD45A95DC81B7D291C6
SHA-512:	0E340AF03298C74DE0AFECEDF97E1E50CE8566C6CB16FE510DBF2C28053A741D5458E0256F996DA1977C79B69D9778D65C257D037970D03AEC6260214D669821
Malicious:	false
Preview:	0\r..m......I....g......_keyhttps://code.jquery.com/jquery-3.2.1.slim.min.js .https://ga-ine.net/{U.8.#/.............s.......^..Lzs.!\`....3...;...W.......]..A..Eo......"n.}.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1d9307e50ef6b7b0_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	248
Entropy (8bit):	5.3929539552743835
Encrypted:	false
SSDEEP:	6:maYGLKdZgRbLe8INdZoHQ1bT/vd4tzK6t:mjybLlINV55M
MD5:	AB60F5FFBCF33AB80CA315F2D4630AB9
SHA1:	1795C694BA69E008D2265A202BD03EEC1B930769
SHA-256:	334AAF8FF35AEA08B8E315F08855B92F902CD283CDDBAF077247383F09B018E6
SHA-512:	572894C217B51704D1F280A67EE63D532B8E4C707006E6A885F530124C15CB580F2EC44435F38B88FCD8985C5DE052E4F1C8538494360FE0D496A5D5EFA3BA30
Malicious:	false
Preview:	0\r..m......t...P_k%...._keyhttps://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js .https://about.google/.bY=.#/..............<........ex.{T.;4.a[..Tt.NzpL..q.@..8...A..Eo......@.x..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1fc81d98e0bca5b5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	435
Entropy (8bit):	5.943075355751134
Encrypted:	false
SSDEEP:	6:mbYGLKdGMwjM71/XER3M75VMQmkpUSXs7ImIbNQYSyZZkvimuS5t1T0QCk4e/ZK+:79wwhy8fcIsU5pFZZkvi7S5tNgkVr
MD5:	57B64B858C7A80227C2B4DEDD0D4E4B7
SHA1:	1DF06CDC942C34DE55A727AAE8F8CEE7E05C1927
SHA-256:	F65D9FD611982B668C316C4E055DC8F2D24CDB81AAD9F54CFAD4F1BE809695A5
SHA-512:	4B660D3F718C7E5C78191D8967111A2DB17797A9D9AA6737D5761A50E625A3F321A1DAC9E78902FD7DB4562985F90122D142270495BB21A0B0986F15A407EA60
Malicious:	false
Preview:	0\r..m....../...I......._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=_b,_tp/excm=_b,_tp,privacyhomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=byfTOb,lsjVmc,LEikZe .https://google.com/...8.#/.....................@....%....H........i.....k...y.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1fde12061b590deb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	6.234150317496863
Encrypted:	false
SSDEEP:	24:iww/dpLTt7pdJQzibQVKJfpzobhp3mkZ75Q9Lzb4757:iN/dpdzJQhVKw/z9Q9Lzb49
MD5:	DB846480553A6845428CF853A5A359E5
SHA1:	01687825BCDD4DC5409B2DED0C90AA24EA5CD923
SHA-256:	36E5ED75C0EFDC0A10D061EF61B41D93D6C61B41F2E94C9BF6BCEA0A1BED16CE
SHA-512:	80DFA99E2E6C7120856CC2AAE40356A53C821BD76E914F362B5CDB5900CB76CBF0AA400FEC5006D1597D1A31F5F494DE68668EB1F7B618CC48437E2EFDFA405B
Malicious:	false
Preview:	0\r..m......2.....j....._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,termshomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=n73qwf,ws9Tlc,IZT63,e5qFLc,UUJqVe,O1Gjze,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,U0aPgd,ZwDk9d,V3dDOb,r2V6Pd,p8L0ob,O6y8ed,NpD4ec,PrPYRd,MpJwZc,O8k1Cd,NwH0H,OmgaI,HLo3Ef,x60fie,xiqEse,hTAg0b,XVMNvd,L1AAkb,KUM7Z,lfpdyf,duFQFc,s39S4,Jis5wf,lwddkf,gychg,w9hDv,RMhBfe,Y2UGcc,SdcwHb,aW3pY,YLQSd,PQaYAf,iWP1Yb,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,Ru0Pgb,CBlRxf,EGlAz,xQtZb,lPKSwe,MdUzUe,QIhFr,JNoxi,b7FMof,rHjpXd,yDVVkb,pB6Zqd,SF3gsd,iTsyac,hc6Ubd,KG2eXe,SpsfSb,tfTN8c,o02Jie,VwDzFe,zbML3c,HDvRde,Uas9Hd,BVgquf,yJVP7e,A7fCU,UgAtXe,pjICDe .https://google.com/Z..9.#/.............`..........(.^..b.(.*Z;.....z..(...%...A..Eo......X..E.........A..Eo..................Z..9.#/.....D424ACD2FA75655B94C4749F3F93CF913CD485

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2561f356ea6372ae_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	66464
Entropy (8bit):	5.375097944601694
Encrypted:	false
SSDEEP:	1536:yEl85kI/c+MNilK5H1CPHyjSACYzVtUMEYyxU:yf580lK5HKy+S4dxU
MD5:	F05775EE845BEC5B75852EE338AD87BC
SHA1:	A8DF776AD16F38005CE5415121BAEF2121EEFA8F
SHA-256:	7DFD6FA52FA0A4D1DEE6001082E676745C22B6D0E19DCD54770643BD54A9CC63
SHA-512:	0EBDFDE3A2F20E5D257274795A2C7E6A6402FB6A8867C55A1D0CB1236FDA4BC889C4954BC666135295742AC20B6DA3D57599ECF98426D8E306BB98B866AF095A
Malicious:	false
Preview:	0\r..m......@...........433296F6494A003FBAD2B1F4A1991B6CB31A99E248783C238A51486A6F7B69D0..............'.......O....p......B.................;..............................................................d....................(S.4..`$.....L`.....(S....;.`.u.......L`.......}.Rc:............................Qc..j;....window....Qb..m.....OKa...Qb........PKa...Qbr.......QKa...Qb.W9.....R4....Qbf.......S4....Qb.jU.....T4....Qb.DH.....RKa...Qb........SKa...Qbj)H.....TKa...Qb........UKa...Qb*..;....U4....Qb&.v.....VKa...Qb.D......WKa...QbJ.eo....XKa...Qb.......YKa...Qb...t....ZKa...Qb~.Q.....$Ka...Qb.j.....V4....Qb.H......W4....Qb.h5.....X4....Qb...\|....aLa...Qb.\|......bLa...QbZV[.....Y4....QbRh.]....Z4....Qb.q.U....dLa...Qb..am....eLa...Qb.v.....fLa...Qb~.......$4....Qb.H......a5....Qbr.F.....b5....Qb.ceC....gLa...Qb..z....c5....Qb........d5....Qb.s.p....hLa...Qb.B.^....e5....Qb^.uN....iLa...Qb...J....jLa...Qbr.->....g5....QbZ.].....h5....Qb&.7.....kLa...QbR..2....lLa...Qb>..t....mLa...Qb.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\26935c3c1817a046_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1017
Entropy (8bit):	6.040746273927604
Encrypted:	false
SSDEEP:	24:VIww/gtX4KuLMZkCr+T9WAobrN9RpjrPDVE:VIN/gF4RCra9RobrdpXPJE
MD5:	D5D042A0FAF8D332FCA3796B2BAAB8FC
SHA1:	12DDC778AB565ACD76D18F386326869C0BADD7A7
SHA-256:	B90500F0BCE348E23CB6CC823F2038234BAE6233D6A92F1F7CE89847B38AE7F4
SHA-512:	4A31F63F50E84367B68AA6E3C77AA227E6DBA734D8C1C0119F9E5D449F2167C0D710175E5204326BC56C179B276E1D14B485DBCA33708B3225BBE542DB870D8E
Malicious:	false
Preview:	0\r..m......u.....-9...._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=A7fCU,BVgquf,CBlRxf,COQbmf,EFQ78c,FqLSBc,HDvRde,HLo3Ef,IZT63,IavLJc,JNoxi,Jis5wf,KG2eXe,KUM7Z,L1AAkb,LEikZe,MdUzUe,MpJwZc,NpD4ec,NwH0H,O1Gjze,O6y8ed,O8k1Cd,OmgaI,PQaYAf,PrPYRd,QIhFr,RMhBfe,Ru0Pgb,SF3gsd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,UgAtXe,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Y2UGcc,YLQSd,ZfAoz,ZwDk9d,_b,_tp,aW3pY,aurFic,b7FMof,blwjVc,byfTOb,duFQFc,e5qFLc,fKUV3e,gychg,hTAg0b,hc6Ubd,iTsyac,iWP1Yb,krBSJd,lPKSwe,lfpdyf,lsjVmc,lwddkf,n73qwf,o02Jie,p8L0ob,pB6Zqd,pjICDe,pw70Gc,r2V6Pd,rHjpXd,s39S4,tfTN8c,uiNkee,w9hDv,wmlPKb,ws9Tlc,x60fie,xQtZb,xUdipf,xiqEse,yDVVkb,yJVP7e,zbML3c/excm=_b,_tp,privacyarchivehomeview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=Wt6vjf,_latency,FCpbqb,WhJNk .https://google.com/..n?.#/........................[..)..'..2.=Oc..8.:1..I...dn.A..Eo......9............A..Eo.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29b9e743bf6a96f6_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	221
Entropy (8bit):	5.5062444307878895
Encrypted:	false
SSDEEP:	6:maIfYSHT8NWQAlKPUQyqE0T16e/8F1O6uk4GRK6t:Yz8NWQCUUcL1Yq2
MD5:	9B150E423A7843EFA3682FFCE7596E92
SHA1:	3380C9747F8437114B1961E6E8BAC90F12A289BA
SHA-256:	78508930E9C9AFB9D4D0E26DE29DD55727D9EE49E4C89A84DD2EA01251F2BACF
SHA-512:	FBF405B137F6ECE06447FB273C4BFCE16AA01D04B0599CB2A963E04E977782178D76E36BB8DC5868E24DB2BA918539C0E0B2669DD78A28B984FD58F754046DCD
Malicious:	false
Preview:	0\r..m......Y....+......_keyhttps://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js .https://ga-ine.net/@&.8.#/.............x...........W..Z......U.[).\WR.../.`.x.A..Eo......d.\..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2a8215f3bb8c1a18_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	952
Entropy (8bit):	6.08122049358289
Encrypted:	false
SSDEEP:	24:9Gww/OwALTt7pdJQzibQVKJWzobhp3m8rUp:kN/HAdzJQhVKD/J0
MD5:	1CA7A386B815CF411E1E6CCA9E96F723
SHA1:	812DCAB0DECABF3035BD66E4E6284A49A0FB6F3D
SHA-256:	E7F0828E2C067BF7E2E2C0E0049897318AD22CF9DED9D6D1E5EA4C8CEA743166
SHA-512:	DC770BAE90A2FA22CDBD99A69DECD685541580D16C37A986670A7EB9FD9828ED62490C0C33E6A8FC8B18331F0E5E6A38F3B38236064D867EE1FD7A14C272038E
Malicious:	false
Preview:	0\r..m......4..........._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,privacyframeworksview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=n73qwf,ws9Tlc,IZT63,e5qFLc,UUJqVe,O1Gjze,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,U0aPgd,ZwDk9d,V3dDOb,r2V6Pd,p8L0ob,O6y8ed,NpD4ec,PrPYRd,MpJwZc,O8k1Cd,NwH0H,OmgaI,HLo3Ef,x60fie,xiqEse,hTAg0b,XVMNvd,L1AAkb,KUM7Z,lfpdyf,duFQFc,s39S4,Jis5wf,lwddkf,gychg,w9hDv,RMhBfe,Y2UGcc,SdcwHb,aW3pY,YLQSd,PQaYAf,iWP1Yb,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,Ru0Pgb,CBlRxf,xQtZb,lPKSwe,MdUzUe,QIhFr,JNoxi,b7FMof,rHjpXd,yDVVkb,pB6Zqd,SF3gsd,iTsyac,hc6Ubd,KG2eXe,SpsfSb,tfTN8c,o02Jie,VwDzFe,zbML3c,HDvRde,Uas9Hd,BVgquf,yJVP7e,A7fCU,UgAtXe,pjICDe .https://google.com/_;.>.#/...................8....w....<.r..E.\.!..r.....k\|...A..Eo......;R.l.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2b9380256e0a7a8e_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4497
Entropy (8bit):	5.630323944564785
Encrypted:	false
SSDEEP:	48:wZIYwqlfiB5Z9+kme+QlW194PCQxdns4pN8WiIHTTJXbGaSws2bTUXWODnGU9ApW:gvwqlaB5SgbcwCQdn1NJz3SmXyWxR+1L
MD5:	159AC2B52CFEB69E6231212DB0A73845
SHA1:	A26BB6624FE3D8918CD1DDA5CD8CFF4C9B0F4EE7
SHA-256:	16D11D29E80971AE05B37BC2E7AA656561B56F2999C9ED936FFF02EFD1AFDA98
SHA-512:	9D6839BFFA6682BF2FFC68FC5839A461F60D321E1884E9F2FF5BC9B4600B8CF8530C8B11A5596DDD0B1FE8C837849BFE65E82DA174F001DD3FD9492ADFA8AA3A
Malicious:	false
Preview:	0\r..m......}...M.#....._keyhttps://www.youtube-nocookie.com/s/player/1fe59655/fetch-polyfill.vflset/fetch-polyfill.js .https://youtube-nocookie.com/.\|.8.#/.............i............y.<.)Z..=..h-....Z.......A..Eo......D............A..Eo...................\|.8.#/..........................y.<.)Z..=..h-....Z.......A..Eo......dg?..........\|.8.#/.............F............y.<.)Z..=..h-....Z.......A..Eo.......$f).........\|.8.#/.........................y.<.)Z..=..h-....Z.......A..Eo...................\|.8.#/.P.................'._!....O..........ue................\....................(S.@..`<.....L`.....(S....`r.....L`l.....RcL.................Qer[D.....normalizeName.....Qe^[z}....normalizeValue....Qc...N....Headers...Qc~R#i....consumed..Qe........fileReaderReady..$Qg..@5....readBlobAsArrayBuffer.....Qe.z......readBlobAsText....Qc.Q......support...Qc..a,....methods...Qef0.[....normalizeMethod...Qc&..y....Request...QcbY.)....decode....Qc.t......headers...QcV.......Response..Qe~y.Z...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2ce38f300ec8bea9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	962568
Entropy (8bit):	5.777659022669616
Encrypted:	false
SSDEEP:	12288:bIVD8WUqKtjJbkZXDWgBMNIL1QF6ATdRU3VUNyf8cglPX:wJUqKtjJ+XDWgBM+5KNTdsE
MD5:	EC17DF554514790BCC6A314902BBF79F
SHA1:	EB3A5B32A7B964279900B397EE5F2620786B6372
SHA-256:	A7079A05E6208C9FD333CB9FEA3316DB881799FD497A7E65869385CFA3CDAA53
SHA-512:	4DE40D2942516EEE4F0D5D14A9E9E8C53C2D74447C8306DF89A1CB4E4F2E166C7789D5282C80BD09CAB348FD8CF3D45724C6472DBB81938D2F133E9A6AF4CE2F
Malicious:	false
Preview:	0\r..m......@...u..<....E2ADD4E92B1BAD6918D86DD0A8DB5371CFF1B481439EC716D59EAA2B2E96FE03..............'......O.......be.....................4~..................................................................$.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D.......d................................................................$..<...........DD...(S.D..`D.....L`......L`......Qd

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2ee205ee6db824d2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	367
Entropy (8bit):	5.815261661485867
Encrypted:	false
SSDEEP:	6:mtnYGLKdGMwjM71/X+cyInWSKXftacQURU9UcuXuSBETK4HOK6t:d9wwhGchwwcH1NbOTjw
MD5:	C74442A21FE69D00978ADBA04F2820A1
SHA1:	4EADF8A787D0FE8AFF956C9292D933C138D801C2
SHA-256:	9D1BBF56D786277DCE154B5C58C7257912B3B69EF21F55793406F2D1405F83CC
SHA-512:	E9234CDFAE3668FA0981FDADFDE73FC10678A1A43BE859F3F451148A71B4986CED3DB90F30AD72A2142C6FC63A199048BEAA340F6EA651EDE46C645D70A003CB
Malicious:	false
Preview:	0\r..m.............7...._keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/am=FDAg/d=1/excm=_b,_tp,privacyframeworksview/ed=1/dg=0/wt=2/rs=AOaEmlEX-ohAc4WO5e-0ARtn-hXkpFeqxQ/m=_b,_tp .https://google.com/...>.#/.............h.........c.7.+l.X.c....cg...Kb...p.....A..Eo.........t.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2ef175f79a71fadd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	441
Entropy (8bit):	5.914754892494784
Encrypted:	false
SSDEEP:	6:mqYGLKdGMwjM71/XER3M75VMQmkpUSXs7InWSKXfsQYSyZZkvimuUMx6v105st7H:29wwhy8fcIsUwsFZZkvi7qv1p1
MD5:	8D6DD87F3AD00A9FF7E921A9EC8A68AE
SHA1:	1AE90BAF61FABA35FE480C2D2233BB790ACCEBCE
SHA-256:	11CA7D172007A32057FAEA74E6D1BD3E84E8C7BB9172FC3DA9AA52E875E1FB09
SHA-512:	ACB4F811C382F69CE09A72F82B1A99AEADE8983E7AD5560C8E044359C83C6E1E73BBC569ABFA358D1EC09D1A70595A25A23BF595B796072FDE5A044FCB658D32
Malicious:	false
Preview:	0\r..m......5....~......_keyhttps://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdentityPoliciesUi.en.ROaJ9ynLGFI.es5.O/ck=boq-identity.IdentityPoliciesUi.920uEyzD5CA.L.B1.O/am=FDAg/d=1/exm=_b,_tp/excm=_b,_tp,privacyframeworksview/ed=1/wt=2/rs=AOaEmlHsweInmKcI_ympQaYZkeJ1kYHUVw/m=byfTOb,lsjVmc,LEikZe .https://google.com/L..>.#/......................}.+..n....7..$.\..V-.t..q)U..o.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f41af10b56fa754_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	443
Entropy (8bit):	5.908572980516017
Encrypted:	false
SSDEEP:	12:w6hQ3ZM0/B7jZMg2pszPJF2kvi7L+HF6IyZVRGT:XqCYQHsz+4Fw8
MD5:	BE040F89EEF7305915AF6BC59A1BF850
SHA1:	A28D286DAE26088BDAFC4E15FF47DEAEC0629599
SHA-256:	03832EAEDEF73F11932ADBF68BCDB1D96E2BF8494CB153414244209C1B3DFF8C
SHA-512:	91FE3C6A14A057366CD6BEBE60C0B3244F5F867EE68CEF253BBCF058498EE4029766AC9C2842DD36F27EDEE762E58BB8A3A57013B7E0E5EDB422B0B1E0DA3486
Malicious:	false
Preview:	0\r..m......7..........._keyhttps://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.Y7LEhkj7g0U.es5.O/ck=boq-one-google.OneGoogleWidgetUi.rIsH2Ox4DBU.L.B1.O/am=WACA/d=1/exm=_b,_tp/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/rs=AM-SdHu_dwSt0Wu5unYfICICOmg7p1auFw/m=byfTOb,lsjVmc,LEikZe .https://google.com/..A.#/.............^e........O>...O.....+P".I'..(.j].H...b.A..Eo......#u...........A..Eo..................

Static File Info

General
File type:	PDF document, version 1.7
Entropy (8bit):	7.881402736191549
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Swift-Receipt222.pdf
File size:	90968
MD5:	a67be3d1f4d7f321f58f068399f1fa11
SHA1:	f6872349a822b44ed2662e044995f376bec69fdd
SHA256:	575125b2fcad78ccfd6ac81b71077cfee9c24a92c8549b6185b8a5689c9f895f
SHA512:	76503bd659a1b3f5be7f82744c1f2512ba3b488c1c6e27d6dbd84a745e00223110d1ffc6c1f57cd622ccc98ac727583d62b0d517011b87b9f6d46f4f2cfd83a7
SSDEEP:	1536:g7oXE6Pk71xEmOe2Qu15Zm5LO7VMGh5klmlnavi21hHFZtys0px06DTyQHF4rW:CCPk7hCZm5kVT5flnOi21h3tgp/DT3
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 28 0 R/MarkInfo<</Marked true>>/Metadata 99 0 R/ViewerPreferences 100 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0

File Icon


Icon Hash:	74ecccdcd4ccccf0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.881403
Total Bytes:	90968
Stream Entropy:	7.949112
Stream Bytes:	82032
Entropy outside Streams:	0.000000
Bytes outside Streams:	8936
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	41
endobj	41
stream	11
endstream	11
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	1
/URI	4
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
23	02f1e0e8ecd4f800	ae1e43a466bafa4ac12bb880ff6d38a0
24	02e1c0c4c4c0e460	26094fbe4a80e9a0a7f43993aaa2fc20
25	00b1a6a2ba8a8400	c4a0bd09755f54e985fbfd245e02f002
26	40b5a6a2ba8a8d20	0b6bcbe9031327790de179e5856b5b7f

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 10, 2021 19:04:29.656821012 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:29.683149099 CEST	49719	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:29.710938931 CEST	80	49718	151.80.25.150	192.168.2.5
Jun 10, 2021 19:04:29.711077929 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:29.711838007 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:29.736268997 CEST	80	49719	151.80.25.150	192.168.2.5
Jun 10, 2021 19:04:29.736406088 CEST	49719	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:29.765778065 CEST	80	49718	151.80.25.150	192.168.2.5
Jun 10, 2021 19:04:31.154432058 CEST	80	49718	151.80.25.150	192.168.2.5
Jun 10, 2021 19:04:31.194082022 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:31.362123966 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.362920046 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.504765034 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.535603046 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.535718918 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.535986900 CEST	443	49727	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.536020994 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.536087990 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.536808014 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.678721905 CEST	443	49729	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.678848028 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.679191113 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.710131884 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.710181952 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.710232019 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.711563110 CEST	443	49727	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.711602926 CEST	443	49727	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.711683989 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.851583004 CEST	49731	80	192.168.2.5	91.199.212.52
Jun 10, 2021 19:04:31.854172945 CEST	443	49729	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.854209900 CEST	443	49729	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:31.854262114 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:31.913861036 CEST	80	49731	91.199.212.52	192.168.2.5
Jun 10, 2021 19:04:31.913963079 CEST	49731	80	192.168.2.5	91.199.212.52
Jun 10, 2021 19:04:31.914745092 CEST	49731	80	192.168.2.5	91.199.212.52
Jun 10, 2021 19:04:31.976885080 CEST	80	49731	91.199.212.52	192.168.2.5
Jun 10, 2021 19:04:31.976982117 CEST	80	49731	91.199.212.52	192.168.2.5
Jun 10, 2021 19:04:31.977005005 CEST	80	49731	91.199.212.52	192.168.2.5
Jun 10, 2021 19:04:31.977118969 CEST	49731	80	192.168.2.5	91.199.212.52
Jun 10, 2021 19:04:32.014214993 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.015484095 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.016541004 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.016988993 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.186908960 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.186930895 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.187005043 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.189188957 CEST	443	49727	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.189224958 CEST	443	49727	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.189327955 CEST	49727	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.207139015 CEST	443	49729	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.207262039 CEST	443	49729	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.207350969 CEST	49729	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.252873898 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.827920914 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:32.889158010 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.889369965 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:32.889847040 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:32.898953915 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.898982048 CEST	443	49728	20.150.208.6	192.168.2.5
Jun 10, 2021 19:04:32.899090052 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:32.951647997 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.962132931 CEST	80	49718	151.80.25.150	192.168.2.5
Jun 10, 2021 19:04:32.962300062 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:32.972424030 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.972465992 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.972486973 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.972508907 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.972526073 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:32.972578049 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:32.972639084 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.018913031 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.019409895 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.020009995 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.069962025 CEST	49718	80	192.168.2.5	151.80.25.150
Jun 10, 2021 19:04:33.079705954 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.079761028 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.079941034 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.080075026 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.081221104 CEST	49728	443	192.168.2.5	20.150.208.6
Jun 10, 2021 19:04:33.083389044 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.083430052 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.083460093 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.083487034 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.083600998 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.087652922 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.087692022 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.087786913 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.087810040 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.091851950 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.091892958 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.091974020 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.092001915 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.096122026 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.096155882 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.096312046 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.096350908 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.100339890 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.100383997 CEST	443	49732	142.250.180.225	192.168.2.5
Jun 10, 2021 19:04:33.100475073 CEST	49732	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:04:33.104619980 CEST	443	49732	142.250.180.225	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 10, 2021 19:03:11.418168068 CEST	54302	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:11.468672037 CEST	53	54302	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:11.605273962 CEST	53784	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:11.655638933 CEST	53	53784	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:11.658113956 CEST	65307	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:11.716809034 CEST	53	65307	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:11.723957062 CEST	64344	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:11.774148941 CEST	53	64344	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:12.463076115 CEST	62060	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:12.523000956 CEST	53	62060	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:12.673429012 CEST	61805	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:12.724911928 CEST	53	61805	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:13.745656013 CEST	54795	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:13.806153059 CEST	53	54795	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:14.919173956 CEST	49557	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:14.970057011 CEST	53	49557	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:15.887458086 CEST	61733	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:15.940932989 CEST	53	61733	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:17.020201921 CEST	65447	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:17.070272923 CEST	53	65447	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:17.849117994 CEST	52441	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:17.899494886 CEST	53	52441	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:19.246324062 CEST	62176	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:19.296274900 CEST	53	62176	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:20.048495054 CEST	59596	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:20.107043028 CEST	53	59596	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:20.433330059 CEST	65296	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:20.485326052 CEST	53	65296	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:21.527015924 CEST	63183	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:21.579942942 CEST	53	63183	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:22.482367992 CEST	60151	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:22.532510996 CEST	53	60151	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:36.077702999 CEST	55161	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:36.099283934 CEST	56969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:36.137811899 CEST	53	55161	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:36.162652016 CEST	53	56969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:36.348704100 CEST	54757	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:36.412096024 CEST	53	54757	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:37.092020988 CEST	55161	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:37.092137098 CEST	56969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:37.151036978 CEST	53	55161	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:37.155651093 CEST	53	56969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:38.107739925 CEST	56969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:38.107866049 CEST	55161	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:38.167680979 CEST	53	55161	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:38.169408083 CEST	53	56969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:40.123527050 CEST	55161	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:40.123670101 CEST	56969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:40.184207916 CEST	53	55161	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:40.187796116 CEST	53	56969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:44.169176102 CEST	56969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:44.172103882 CEST	55161	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:44.232275963 CEST	53	56969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:44.232883930 CEST	53	55161	8.8.8.8	192.168.2.5
Jun 10, 2021 19:03:50.697598934 CEST	49992	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:03:50.756498098 CEST	53	49992	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:06.651762009 CEST	60075	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:06.710573912 CEST	53	60075	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:15.086139917 CEST	55016	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:15.176955938 CEST	53	55016	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:29.552977085 CEST	54791	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:29.554552078 CEST	50463	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:29.557722092 CEST	50394	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:29.573057890 CEST	58530	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:29.612878084 CEST	53	54791	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:29.617770910 CEST	53	50394	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:29.620805979 CEST	53	50463	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:29.653120041 CEST	53	58530	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:30.148272991 CEST	53813	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:30.216437101 CEST	53	53813	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:30.380505085 CEST	63732	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:30.442224026 CEST	53	63732	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:31.254304886 CEST	54450	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:31.359199047 CEST	53	54450	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:31.526482105 CEST	59261	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:31.588040113 CEST	53	59261	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:31.785255909 CEST	57151	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:31.838460922 CEST	53	57151	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:32.744652987 CEST	59413	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:32.814373970 CEST	53	59413	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:33.815984011 CEST	60516	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:33.880337954 CEST	53	60516	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:34.228543997 CEST	52929	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:34.286736012 CEST	53	52929	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:35.163831949 CEST	64317	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:35.232907057 CEST	53	64317	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:35.799252033 CEST	61004	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:35.860829115 CEST	53	61004	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:36.129957914 CEST	56895	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:36.190833092 CEST	53	56895	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:39.187035084 CEST	56675	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:39.253159046 CEST	53	56675	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:40.757208109 CEST	55267	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:40.828063965 CEST	53	55267	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:43.197354078 CEST	50969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:43.198713064 CEST	64362	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:43.258366108 CEST	53	64362	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:43.265372992 CEST	53	50969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:43.506288052 CEST	54766	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:43.556447983 CEST	53	54766	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:43.858093023 CEST	61446	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:43.864417076 CEST	57515	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:43.917318106 CEST	53	57515	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:43.928173065 CEST	53	61446	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:44.161242962 CEST	58199	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:44.211276054 CEST	53	58199	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:44.819777966 CEST	65221	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:44.886039019 CEST	53	65221	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:44.902081013 CEST	61573	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:44.960357904 CEST	53	61573	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:45.301239014 CEST	56562	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:45.341454029 CEST	53591	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:45.351767063 CEST	53	56562	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:45.398371935 CEST	59688	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:45.404341936 CEST	53	53591	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:45.458910942 CEST	53	59688	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:45.692111969 CEST	56032	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:45.742104053 CEST	53	56032	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:46.965496063 CEST	61150	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:47.031771898 CEST	53	61150	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:47.053633928 CEST	63458	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:47.081986904 CEST	50422	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:47.112359047 CEST	53	63458	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:47.133198977 CEST	53	50422	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:47.376482010 CEST	53247	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:47.444813013 CEST	53	53247	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:47.445651054 CEST	58544	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:47.508821964 CEST	53	58544	8.8.8.8	192.168.2.5
Jun 10, 2021 19:04:50.800342083 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:04:50.854665041 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:04:50.854697943 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:04:50.857057095 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:04:50.911870003 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:04:50.912446976 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:04:50.912695885 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:04:50.967303038 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:04:50.967331886 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:04:50.967746973 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:04:55.169013023 CEST	53814	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:04:55.236491919 CEST	53	53814	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:00.266356945 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:00.322897911 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:00.322947025 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:00.323690891 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:01.294711113 CEST	51305	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:01.353904009 CEST	53	51305	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:01.615863085 CEST	53670	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:01.679491997 CEST	53	53670	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:01.851382017 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.902921915 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.902993917 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.903037071 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.906227112 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.908150911 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.908904076 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.960257053 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.960833073 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.969814062 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.969854116 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.969875097 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.969897032 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970124006 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970149994 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970165968 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970392942 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.970426083 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.970431089 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.970459938 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970484018 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970786095 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.970818043 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.970957041 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.972333908 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.974046946 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.974080086 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.974248886 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.977294922 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.977328062 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.978233099 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.979335070 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.980802059 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.980815887 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.982376099 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.982408047 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.985011101 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.985045910 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.986104012 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.988044977 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.988085985 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.988097906 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.988658905 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.990425110 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.991856098 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.993535042 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.993565083 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.996505976 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:01.997164965 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.997196913 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:01.997201920 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.074373960 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.109765053 CEST	55160	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:02.110577106 CEST	61414	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:02.125478029 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125511885 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125536919 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125560045 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125585079 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125608921 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125634909 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125659943 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125684023 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125709057 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125731945 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.125754118 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.127300978 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.127329111 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.130106926 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.130136013 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.131937981 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.131964922 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.134263039 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.134293079 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.136312008 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.136362076 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.138617992 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.138647079 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.140546083 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.140573025 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.146626949 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.146657944 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.146823883 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.146851063 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147031069 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147258043 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147330046 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147346020 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147428036 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147665977 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147684097 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147689104 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.147782087 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.169370890 CEST	53	61414	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:02.181257010 CEST	53	55160	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:02.191072941 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.196156979 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.246563911 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246601105 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246623993 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246644020 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246665001 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246685982 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246711016 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246731997 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246752977 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246773958 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246798038 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.246817112 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.248697996 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.248795033 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.251574039 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.251924038 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.252073050 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.252120972 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.252183914 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.252305984 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.252335072 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.275412083 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.275446892 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.275469065 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.275840998 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.302548885 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.319458008 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.321326971 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.321562052 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.321856022 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.322135925 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.322412014 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.322714090 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.322974920 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323237896 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323370934 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323556900 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323690891 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323817968 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.323936939 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324043989 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324146032 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324265957 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324387074 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324613094 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324790955 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.324970961 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325149059 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325284004 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325433969 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325553894 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325675964 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325795889 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.325918913 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326051950 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326180935 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326298952 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326431990 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326551914 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326672077 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326792955 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.326917887 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327040911 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327200890 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327351093 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327497959 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327622890 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327765942 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.327904940 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328025103 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328172922 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328357935 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328463078 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328596115 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328726053 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.328877926 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.329011917 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.329332113 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.329781055 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.329787970 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.329946995 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330091000 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330224037 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330349922 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330497980 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330620050 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330744982 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330871105 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.330991030 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331161976 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331291914 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331445932 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331564903 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331684113 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331800938 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.331922054 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332035065 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332149029 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332267046 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332526922 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332535028 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332643032 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332758904 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.332923889 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333045959 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333177090 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333390951 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333444118 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333619118 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.333954096 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.334049940 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.334265947 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.334769011 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335009098 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335139990 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335304976 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335551023 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335673094 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335819006 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.335946083 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336071968 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336188078 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336303949 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336457014 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336595058 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336716890 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.336833000 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.408149004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.424521923 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.425187111 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.426129103 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426851988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426884890 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426914930 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426940918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426964998 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.426989079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.427015066 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.427047968 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.427073002 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.427093029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.427475929 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.427609921 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.427673101 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.427946091 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.428081036 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.428222895 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.429104090 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.430701017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.431777000 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.432528973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.434251070 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.435034037 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.435995102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.438424110 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.439984083 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.440021038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.442177057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.443191051 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.443701029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.445250034 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.445693016 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.447300911 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.449723005 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.449951887 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.451186895 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.451591015 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.452970982 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.454488039 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.455111027 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.456953049 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.457341909 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.458216906 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.460289001 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.460648060 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.462202072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.464243889 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.464493036 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.466068983 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.466489077 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.470220089 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.470254898 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.470586061 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.470733881 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.472620964 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.474685907 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.476258993 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.478252888 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.488682032 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.492580891 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.492964029 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.493177891 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.493201017 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.507873058 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.508234024 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.508296967 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.514540911 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.514584064 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.518572092 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.518603086 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.523884058 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.523922920 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.531490088 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.550867081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.564893961 CEST	63847	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:02.575735092 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575773001 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575797081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575818062 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575839043 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575860977 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575884104 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575901031 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575917006 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575936079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575961113 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.575983047 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.576325893 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.576359034 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.576534033 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.576668024 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.576788902 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.577002048 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.580981016 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.581017017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.581041098 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.581062078 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.581780910 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.581824064 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.586256027 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.586308956 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.586340904 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.586585999 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.586599112 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.586780071 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.586956024 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.591275930 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.591376066 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591412067 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591434002 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591466904 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591485023 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591506004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.591738939 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.591783047 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.591833115 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.594855070 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.594896078 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.595093012 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.596853971 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.596892118 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.597553015 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.599248886 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.599278927 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.599705935 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.601794958 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.601834059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.602195024 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.603810072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.603904009 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.604043007 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.606075048 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.606182098 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.606436014 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.609040976 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.609080076 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.609571934 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.610826015 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.610860109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.611027002 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.613441944 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.613461971 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.613998890 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.615490913 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.615513086 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.616060019 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.616204977 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.617517948 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.617542982 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.618287086 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.620268106 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.620304108 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.621660948 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.622354031 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.622376919 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.622777939 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.623939037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.623987913 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.626187086 CEST	53	63847	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:02.626946926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.626981974 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.629029989 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.629070044 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.632494926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.632565975 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.632611036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.632643938 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.635204077 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.636042118 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.636133909 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.638252020 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.638926029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.642050028 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.642085075 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.642484903 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.642507076 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:02.642750025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.642803907 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.642816067 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:02.643265963 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.645432949 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.645541906 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.647486925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.647582054 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.649934053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.649998903 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.650543928 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.650568962 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.650682926 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.653897047 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.653934002 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.654331923 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.655142069 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.655179024 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.658616066 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.658651114 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.659004927 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.660283089 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.660307884 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.662729979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.662787914 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.664891005 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.665010929 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.665946960 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.665975094 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.669656038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.669691086 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.669707060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.669723034 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.670181990 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.672435999 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.672461033 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.673253059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.673270941 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.676033974 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.676062107 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.677413940 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.677442074 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.677938938 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.679413080 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.679439068 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.681591034 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.681628942 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.683028936 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.683062077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.684999943 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.685049057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.685084105 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.685122967 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.685363054 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.686165094 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.686209917 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.688709974 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.688750029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.689527988 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.690604925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.690635920 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.690660954 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.690684080 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.690924883 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.692892075 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.698699951 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.698740005 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.700438023 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.700474024 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.701081991 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.701858997 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.701909065 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.703635931 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.703666925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.703690052 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.703710079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.704045057 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.707093000 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.707154036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.707185030 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.707209110 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709534883 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709569931 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709599018 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709619045 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709646940 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709673882 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709691048 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709762096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709791899 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709815025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.709955931 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.710143089 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.710230112 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.710371017 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.712167025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.712198019 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.712225914 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.712249994 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.712279081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.712306976 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.714296103 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.714329004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.714353085 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.714379072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.715960026 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.716459036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.716489077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.716510057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.716526985 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.716547966 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.716567993 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.717861891 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.717900991 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.717926025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.717951059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.719497919 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.719528913 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.719552040 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.720221996 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.722646952 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.722683907 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.722708941 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.722735882 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.723938942 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.724241972 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.724282980 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.724306107 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.724330902 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.726129055 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.733721972 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.733757973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.733782053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.733800888 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735213041 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.735224009 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735265970 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735287905 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735313892 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735338926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.735364914 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.736268044 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.736489058 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.737680912 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.737737894 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.737770081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.737786055 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.737804890 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.737823963 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.739752054 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.739821911 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.739871979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.739912033 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.739953041 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.742609024 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.742655039 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.742687941 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.742939949 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.744302988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.744333029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.744355917 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.744380951 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745389938 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745415926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745434046 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745579004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745600939 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745625019 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.745862961 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.746077061 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.746189117 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.746388912 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.746860981 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.747232914 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.747248888 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.747283936 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.747313976 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.747335911 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.747359991 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.748984098 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.749015093 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.749114990 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.749141932 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.750237942 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.750263929 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.750286102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.750303984 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752238035 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752276897 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752302885 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752325058 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752348900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.752373934 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.753091097 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.753120899 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.753665924 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.753894091 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.754002094 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.754167080 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.754492998 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.754549026 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.754590988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.754626036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.755439043 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.756198883 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756262064 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756287098 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756302118 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756320953 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756342888 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.756915092 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.758217096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.758239985 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.758260965 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.758276939 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.758363008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.758392096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.759533882 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.759561062 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.764925003 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.764956951 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.764972925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.764993906 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.766995907 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.767023087 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.767663956 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.767692089 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.767714024 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.767736912 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.769474983 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.769659042 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.769692898 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.769788980 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.770178080 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.770452023 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.773562908 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.773602962 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.773622036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.773643017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.774055958 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.774117947 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775861979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775886059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775921106 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775944948 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775969982 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.775984049 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777554989 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777585983 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777607918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777630091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777652979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.777677059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779361963 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779386997 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779402018 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779427052 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779447079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779638052 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.779766083 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781546116 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781568050 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781586885 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781598091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781615973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.781632900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783226967 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783245087 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783256054 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783299923 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783350945 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783366919 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783443928 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.783505917 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.785084963 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.785104036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.785119057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.785135984 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786432981 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786454916 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786472082 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786484003 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786580086 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786601067 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786618948 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.786637068 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.787622929 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.787641048 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.787657022 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.787672997 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789141893 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789165974 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789176941 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789231062 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789247990 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.789263964 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.790688992 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.790709972 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.790725946 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.790743113 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.790759087 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.791009903 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.791029930 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.791047096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793292046 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793314934 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793333054 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793351889 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793370008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793385983 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793404102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.793420076 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.795099020 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.798779011 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799237967 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799261093 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799278021 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799891949 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799910069 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799926043 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799942970 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799958944 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.799977064 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.800236940 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.800365925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801666021 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801687956 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801704884 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801719904 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801733971 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.801749945 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.804980993 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.805500984 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.805726051 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.805815935 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.805970907 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.806153059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806181908 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806216955 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.806231022 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806255102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806274891 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806297064 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806339979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806344986 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.806363106 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806380987 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806402922 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806423903 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806466103 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806485891 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.806490898 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.806507111 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.809448004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.809602022 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.809621096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.809640884 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.809659004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810215950 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810239077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810256958 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810272932 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810899973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.810925007 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.811194897 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.811542034 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.811928034 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.812212944 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.812367916 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812387943 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812405109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812421083 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812474966 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812619925 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812637091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.812654018 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.813082933 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.814642906 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814665079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814709902 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814728975 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814745903 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814764023 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814779043 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814840078 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814858913 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.814897060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.816378117 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.816428900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817433119 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.817608118 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817641973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817662954 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817686081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817709923 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817738056 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817766905 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817791939 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.817850113 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.818263054 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.819010019 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819111109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819154978 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819189072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819215059 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819241047 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819268942 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.819294930 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820559025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820612907 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820636988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820660114 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820682049 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.820708036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.821842909 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.821897984 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.821932077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.821963072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.821990013 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.822019100 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.822046041 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.822073936 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823292971 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823333979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823364019 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823394060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823426008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823457003 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823487043 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.823512077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824647903 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824693918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824723959 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824754000 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824786901 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824882030 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824913979 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.824944973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826100111 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826572895 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826594114 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826617956 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826642990 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826668024 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826694012 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.826716900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827773094 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827801943 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827841997 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827862978 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827878952 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.827980995 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828008890 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828028917 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828125954 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828152895 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828171968 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828389883 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828416109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.828443050 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833205938 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833235025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833250046 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833283901 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833331108 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833445072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833583117 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833606005 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.833975077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.834001064 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.834022045 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.834039927 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.834364891 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.834391117 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836016893 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836049080 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836082935 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836107016 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836132050 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836153984 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836175919 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836194038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836215973 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.836236954 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837512970 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837541103 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837562084 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837585926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837605953 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837622881 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837670088 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837693930 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837714911 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.837737083 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.838973999 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839001894 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839016914 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839037895 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839059114 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839085102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839107037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.839174986 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.842156887 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.842715979 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.843169928 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.843821049 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.850580931 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.850862980 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.851260900 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.853564024 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.853931904 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.854656935 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.856849909 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.857660055 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.858043909 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.858381033 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.860265970 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.860505104 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.870229006 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870265007 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870285988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870310068 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870333910 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870351076 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870374918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870395899 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870763063 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.870790958 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872576952 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872616053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872632027 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872653008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872673035 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872692108 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872709036 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872728109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872745037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.872764111 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874000072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874032021 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874049902 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874074936 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874104977 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874129057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874150991 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874217987 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874242067 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874267101 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874742985 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874890089 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874918938 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.874943972 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.875077963 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.875112057 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.875546932 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.875574112 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.876454115 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.876486063 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.876511097 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.876538038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877793074 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877824068 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877844095 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877868891 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877892017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877912045 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877932072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.877954960 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.879930019 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.879966974 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.879992008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880011082 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880038023 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880064011 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880088091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880110025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880130053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880203009 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880228996 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880253077 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880275965 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.880299091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881154060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881186008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881206989 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881232023 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881262064 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881284952 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881526947 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881555080 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881679058 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.881702900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883419037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883483887 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883510113 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883533955 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883557081 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883583069 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883605003 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883641958 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883666992 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.883683920 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884835005 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884866953 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884888887 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884912014 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884933949 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884954929 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.884975910 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.885000944 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886224985 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886256933 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886281013 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886303902 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886333942 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886357069 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886377096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.886408091 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888605118 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888631105 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888650894 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888679981 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888700008 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888721943 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888744116 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888763905 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888784885 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.888806105 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.905646086 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.905688047 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.905709982 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.905733109 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.905755997 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906043053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906071901 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906096935 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906156063 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906183004 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906208038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906500101 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906526089 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.906655073 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.906948090 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.907207966 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.907238960 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.907263994 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.907290936 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.907378912 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.907690048 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.908827066 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.908876896 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.908905029 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.908931017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.908960104 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.908986092 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909004927 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909220934 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909245968 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909265041 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909291983 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.909321070 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911145926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911175966 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911202908 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911226988 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911253929 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911278963 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.911299944 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916223049 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916249037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916266918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916282892 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916302919 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916320086 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916337967 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.916354895 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.917007923 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.917032957 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.917048931 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.917064905 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918025017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918046951 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918064117 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918077946 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918127060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.918173075 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919421911 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919450045 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919470072 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919486046 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919533968 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919553041 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919570923 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919593096 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919651985 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.919670105 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.920901060 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.920923948 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.920941114 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.920993090 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921010017 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921026945 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921044111 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921118975 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921138048 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921154976 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921463966 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921542883 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921659946 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.921703100 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923032045 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923147917 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923166990 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923187971 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923207998 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923222065 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923238993 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923254967 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923269987 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923343897 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923363924 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923381090 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923692942 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.923712969 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924896955 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924915075 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924935102 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924958944 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924974918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.924993038 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925010920 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925055981 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925072908 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925086021 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925143957 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.925194025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926340103 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926362991 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926423073 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926440001 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926457882 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926475048 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926495075 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926513910 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926531076 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.926547050 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927602053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927623987 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927640915 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927661896 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927680016 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927696943 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927715063 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.927731037 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928853989 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928873062 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928889990 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928906918 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928929090 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928941011 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928960085 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928975105 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.928991079 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.929007053 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.929003954 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.929151058 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.929322004 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.929570913 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.930118084 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930140018 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930157900 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930177927 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930197001 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930213928 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930231094 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930248022 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930263042 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.930283070 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931442022 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931462049 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931479931 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931497097 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931514025 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931529999 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931546926 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931564093 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931583881 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.931600094 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.932857990 CEST	61523	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:02.932986975 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.933011055 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.933029890 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.933047056 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.933063030 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.933075905 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:02.958898067 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.960876942 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.961162090 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.961391926 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:02.999475956 CEST	53	61523	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:03.051772118 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.052005053 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.052190065 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.052397966 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.100650072 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.100940943 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.101200104 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.101377964 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.137551069 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.137762070 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.137960911 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.138166904 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.164081097 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.177644014 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.177958965 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.178081036 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.180468082 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:03.196968079 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.197091103 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.197983027 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.198546886 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.220707893 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.288964987 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:03.606333017 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:03.648999929 CEST	50551	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:03.657727003 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:03.657761097 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:03.657773018 CEST	443	53671	216.239.32.29	192.168.2.5
Jun 10, 2021 19:05:03.658093929 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:03.684595108 CEST	53671	443	192.168.2.5	216.239.32.29
Jun 10, 2021 19:05:03.730021000 CEST	53	50551	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:03.741317034 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:03.771547079 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:03.779642105 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:03.799774885 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.799808025 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.800174952 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:03.828202963 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.828229904 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.828583956 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:03.836899996 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.836925983 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:03.837462902 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:04.484282017 CEST	62847	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:04.543205023 CEST	53	62847	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:04.672691107 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:04.727410078 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:04.727437019 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:04.727914095 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:07.543241024 CEST	57712	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:07.606770992 CEST	53	57712	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:10.554806948 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:10.609365940 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:10.609391928 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:10.609874010 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:13.186677933 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:13.269360065 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:13.269390106 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:13.270662069 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:13.271044016 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:13.356965065 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:13.373967886 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:13.374279976 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:13.379461050 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:13.407175064 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.227222919 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:14.283938885 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:14.283966064 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:14.284423113 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:14.297389030 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.359149933 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:14.448421955 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.477283955 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.477797031 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.538958073 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:14.539149046 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:14.539274931 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:14.683154106 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:14.754580021 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.755398035 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.786191940 CEST	61069	443	192.168.2.5	142.250.180.214
Jun 10, 2021 19:05:14.841654062 CEST	443	61069	142.250.180.214	192.168.2.5
Jun 10, 2021 19:05:16.713346958 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:16.769334078 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:16.769352913 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:16.769731045 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:17.330398083 CEST	61415	443	192.168.2.5	142.250.180.225
Jun 10, 2021 19:05:17.409933090 CEST	443	61415	142.250.180.225	192.168.2.5
Jun 10, 2021 19:05:19.287487030 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:19.342961073 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:19.342994928 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:19.343383074 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:19.766431093 CEST	61891	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:19.829590082 CEST	53	61891	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:20.999989986 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:21.057013988 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:21.057048082 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:21.057410002 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:23.125675917 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:23.180613995 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:23.180644035 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:23.180999994 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:27.076344013 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:27.131289005 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:27.131339073 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:27.131696939 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:27.459095955 CEST	61585	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:27.520601034 CEST	53	61585	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:27.985635042 CEST	58969	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:28.049783945 CEST	53	58969	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:28.245563030 CEST	53977	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:28.304410934 CEST	53	53977	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:28.527956009 CEST	57147	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:28.591572046 CEST	53	57147	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:29.487205029 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:29.541996002 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:29.542030096 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:29.542509079 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:33.950388908 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:34.005727053 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:34.005776882 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:34.006191969 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:34.211697102 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:34.268963099 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:34.269011974 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:34.269435883 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:36.158535004 CEST	52381	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:36.158966064 CEST	49231	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:36.217732906 CEST	53	49231	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:36.222553968 CEST	53	52381	8.8.8.8	192.168.2.5
Jun 10, 2021 19:05:37.200567961 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:37.257296085 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:37.257340908 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:37.257797956 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:52.348999977 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:05:52.428499937 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:05:59.469239950 CEST	53217	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:05:59.612365007 CEST	53	53217	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:00.736289024 CEST	52554	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:00.795689106 CEST	53	52554	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:01.759298086 CEST	49603	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:01.780503035 CEST	64476	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:01.821978092 CEST	53	49603	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:01.838869095 CEST	53	64476	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:01.933341026 CEST	49975	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:02.000106096 CEST	53	49975	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:02.679624081 CEST	57701	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:02.738339901 CEST	53	57701	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:03.832866907 CEST	60334	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:03.876045942 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:06:03.891057968 CEST	53	60334	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:03.930839062 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:06:03.930866957 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:06:03.931416035 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:06:05.193979025 CEST	64958	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:05.244371891 CEST	53	64958	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:06.017395973 CEST	58504	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:06.076853037 CEST	53	58504	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:07.522445917 CEST	64971	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:07.581127882 CEST	53	64971	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:09.563030958 CEST	58041	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:09.621776104 CEST	53	58041	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:10.679748058 CEST	57764	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:10.738683939 CEST	53	57764	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:18.533499956 CEST	57973	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:18.534877062 CEST	63286	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:18.593616009 CEST	53	63286	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:18.600943089 CEST	53	57973	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:18.877695084 CEST	58553	443	192.168.2.5	142.250.13.157
Jun 10, 2021 19:06:18.956897974 CEST	443	58553	142.250.13.157	192.168.2.5
Jun 10, 2021 19:06:34.272954941 CEST	52589	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:34.332763910 CEST	53	52589	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:39.432584047 CEST	54875	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:39.492302895 CEST	53	54875	8.8.8.8	192.168.2.5
Jun 10, 2021 19:06:43.427383900 CEST	49862	53	192.168.2.5	8.8.8.8
Jun 10, 2021 19:06:43.486233950 CEST	53	49862	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 10, 2021 19:04:15.086139917 CEST	192.168.2.5	8.8.8.8	0x988a	Standard query (0)	cliffskenya.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:29.573057890 CEST	192.168.2.5	8.8.8.8	0xec3	Standard query (0)	drollins.cliffskenya.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:31.254304886 CEST	192.168.2.5	8.8.8.8	0xfdc0	Standard query (0)	ga-ine.net	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:31.785255909 CEST	192.168.2.5	8.8.8.8	0xe129	Standard query (0)	zerossl.crt.sectigo.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:32.744652987 CEST	192.168.2.5	8.8.8.8	0xec6c	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:40.757208109 CEST	192.168.2.5	8.8.8.8	0x4bb3	Standard query (0)	www.youtube-nocookie.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.858093023 CEST	192.168.2.5	8.8.8.8	0x8146	Standard query (0)	yt3.ggpht.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.864417076 CEST	192.168.2.5	8.8.8.8	0x306e	Standard query (0)	i.ytimg.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:44.161242962 CEST	192.168.2.5	8.8.8.8	0x83aa	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.301239014 CEST	192.168.2.5	8.8.8.8	0x8e1c	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.341454029 CEST	192.168.2.5	8.8.8.8	0x519c	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.398371935 CEST	192.168.2.5	8.8.8.8	0x7b70	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:47.445651054 CEST	192.168.2.5	8.8.8.8	0x97f	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:01.294711113 CEST	192.168.2.5	8.8.8.8	0x935d	Standard query (0)	www.google.ch	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:01.615863085 CEST	192.168.2.5	8.8.8.8	0x8793	Standard query (0)	about.google	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:02.109765053 CEST	192.168.2.5	8.8.8.8	0xb287	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:02.932857990 CEST	192.168.2.5	8.8.8.8	0x11ea	Standard query (0)	www.blog.google	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:04.484282017 CEST	192.168.2.5	8.8.8.8	0x7477	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:07.543241024 CEST	192.168.2.5	8.8.8.8	0x3c49	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 10, 2021 19:04:15.176955938 CEST	8.8.8.8	192.168.2.5	0x988a	No error (0)	cliffskenya.com		151.80.25.150	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:29.653120041 CEST	8.8.8.8	192.168.2.5	0xec3	No error (0)	drollins.cliffskenya.com		151.80.25.150	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:31.359199047 CEST	8.8.8.8	192.168.2.5	0xfdc0	No error (0)	ga-ine.net		20.150.208.6	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:31.838460922 CEST	8.8.8.8	192.168.2.5	0xe129	No error (0)	zerossl.crt.sectigo.com	crt.sectigo.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:31.838460922 CEST	8.8.8.8	192.168.2.5	0xe129	No error (0)	crt.sectigo.com		91.199.212.52	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:32.814373970 CEST	8.8.8.8	192.168.2.5	0xec6c	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:32.814373970 CEST	8.8.8.8	192.168.2.5	0xec6c	No error (0)	googlehosted.l.googleusercontent.com		142.250.180.225	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:40.828063965 CEST	8.8.8.8	192.168.2.5	0x4bb3	No error (0)	www.youtube-nocookie.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		142.250.180.214	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		142.250.180.246	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		142.250.201.214	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		216.58.214.214	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		216.58.214.246	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		172.217.16.118	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		172.217.18.86	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		172.217.19.118	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.917318106 CEST	8.8.8.8	192.168.2.5	0x306e	No error (0)	i.ytimg.com		172.217.20.22	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:43.928173065 CEST	8.8.8.8	192.168.2.5	0x8146	No error (0)	yt3.ggpht.com	photos-ugc.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:43.928173065 CEST	8.8.8.8	192.168.2.5	0x8146	No error (0)	photos-ugc.l.googleusercontent.com		216.58.214.225	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:44.211276054 CEST	8.8.8.8	192.168.2.5	0x83aa	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:44.211276054 CEST	8.8.8.8	192.168.2.5	0x83aa	No error (0)	stats.l.doubleclick.net		142.250.13.157	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:44.211276054 CEST	8.8.8.8	192.168.2.5	0x83aa	No error (0)	stats.l.doubleclick.net		142.250.13.156	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:44.211276054 CEST	8.8.8.8	192.168.2.5	0x83aa	No error (0)	stats.l.doubleclick.net		142.250.13.154	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:44.211276054 CEST	8.8.8.8	192.168.2.5	0x83aa	No error (0)	stats.l.doubleclick.net		142.250.13.155	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.351767063 CEST	8.8.8.8	192.168.2.5	0x8e1c	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:04:45.404341936 CEST	8.8.8.8	192.168.2.5	0x519c	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.404341936 CEST	8.8.8.8	192.168.2.5	0x519c	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.458910942 CEST	8.8.8.8	192.168.2.5	0x7b70	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:45.458910942 CEST	8.8.8.8	192.168.2.5	0x7b70	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:47.508821964 CEST	8.8.8.8	192.168.2.5	0x97f	No error (0)	stackpath.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
Jun 10, 2021 19:04:47.508821964 CEST	8.8.8.8	192.168.2.5	0x97f	No error (0)	stackpath.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:01.353904009 CEST	8.8.8.8	192.168.2.5	0x935d	No error (0)	www.google.ch		172.217.20.3	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:01.679491997 CEST	8.8.8.8	192.168.2.5	0x8793	No error (0)	about.google		216.239.32.29	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:02.181257010 CEST	8.8.8.8	192.168.2.5	0xb287	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:05:02.181257010 CEST	8.8.8.8	192.168.2.5	0xb287	No error (0)	googlehosted.l.googleusercontent.com		142.250.180.225	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:02.999475956 CEST	8.8.8.8	192.168.2.5	0x11ea	No error (0)	www.blog.google	ghs-svc-https-sni.ghs-ssl.googlehosted.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:05:02.999475956 CEST	8.8.8.8	192.168.2.5	0x11ea	No error (0)	ghs-svc-https-sni.ghs-ssl.googlehosted.com		142.250.180.243	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:04.543205023 CEST	8.8.8.8	192.168.2.5	0x7477	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 19:05:04.543205023 CEST	8.8.8.8	192.168.2.5	0x7477	No error (0)	googlehosted.l.googleusercontent.com		142.250.180.225	A (IP address)	IN (0x0001)
Jun 10, 2021 19:05:07.606770992 CEST	8.8.8.8	192.168.2.5	0x3c49	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

drollins.cliffskenya.com

zerossl.crt.sectigo.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49718	151.80.25.150	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Jun 10, 2021 19:04:29.711838007 CEST	1433	OUT	GET /rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc= HTTP/1.1 Host: drollins.cliffskenya.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 10, 2021 19:04:31.154432058 CEST	2196	IN	HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Content-Length: 167 Content-Encoding: gzip Vary: Accept-Encoding Date: Thu, 10 Jun 2021 17:04:30 GMT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 25 ce b1 0e c2 20 14 40 d1 dd af 20 0c 6e 82 16 1b 8d 29 35 c6 c1 a6 43 57 a3 1b a5 58 30 14 48 fb a4 f8 f7 26 76 bb 39 d3 2d 26 39 9a 00 08 be 41 71 84 41 25 a0 6f 11 c5 c2 b8 9c 8d eb fc 4c ac 97 02 8c 77 44 8f ea 85 38 c2 1a 20 4c 27 4a 7b b1 31 4e 11 a7 80 f6 9e 5a df 1b 47 c4 14 d2 d9 74 fc 59 d5 b1 bd a5 d0 ba e6 22 ab 3a 4a d6 58 39 68 fb b8 a7 ad b8 e6 51 0e 92 af c5 07 34 67 47 b6 cf 14 db b1 43 a6 58 ce b2 7f 1f 71 41 97 8d 72 f5 03 b4 00 65 3b a7 00 00 00 Data Ascii: % @ n)5CWX0H&v9-&9AqA%oLwD8 L'J{1NZGtY":JX9hQ4gGCXqAre;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49731	91.199.212.52	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Jun 10, 2021 19:04:31.914745092 CEST	2232	OUT	GET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: zerossl.crt.sectigo.com
Jun 10, 2021 19:04:31.976982117 CEST	2267	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 10 Jun 2021 17:04:31 GMT Content-Type: application/pkix-cert Content-Length: 1753 Connection: keep-alive Last-Modified: Thu, 30 Jan 2020 00:00:00 GMT ETag: "5e321c80-6d9" X-CCACDN-Mirror-ID: mscrl2 Cache-Control: max-age=14400, s-maxage=3600 X-CCACDN-Proxy-ID: mcdpinlb5 X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes Data Raw: 30 82 06 d5 30 82 04 bd a0 03 02 01 02 02 10 6c 55 ab db d0 07 92 c7 9d 07 0c d8 11 9e d6 bf 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 4e 65 77 20 4a 65 72 73 65 79 31 14 30 12 06 03 55 04 07 13 0b 4a 65 72 73 65 79 20 43 69 74 79 31 1e 30 1c 06 03 55 04 0a 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20 4e 65 74 77 6f 72 6b 31 2e 30 2c 06 03 55 04 03 13 25 55 53 45 52 54 72 75 73 74 20 52 53 41 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 30 30 31 33 30 30 30 30 30 30 30 5a 17 0d 33 30 30 31 32 39 32 33 35 39 35 39 5a 30 4b 31 0b 30 09 06 03 55 04 06 13 02 41 54 31 10 30 0e 06 03 55 04 0a 13 07 5a 65 72 6f 53 53 4c 31 2a 30 28 06 03 55 04 03 13 21 5a 65 72 6f 53 53 4c 20 52 53 41 20 44 6f 6d 61 69 6e 20 53 65 63 75 72 65 20 53 69 74 65 20 43 41 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 86 69 73 7e a3 b5 31 d8 23 e1 6d dd a4 13 d3 54 15 f5 02 eb dc 03 21 b5 7e 5d 1d 52 7c 3f 31 eb 9e 09 6c d1 59 38 5e 67 7e 4b 56 8f 75 90 b2 37 0c 35 5a 64 a5 be 4c 10 2c 24 18 c4 6d 89 8c c1 c5 92 4d 66 02 83 9d f7 e1 21 74 f9 cb 43 02 c1 71 b1 7f ab 4c 38 7d 91 2a c6 ff 89 a9 e8 e4 a1 b9 b2 da 10 85 09 89 9a 38 b7 ce f7 4e e4 9d d1 68 f9 0d 6b 77 0e da 40 1b c4 f7 e6 5f ef fb 1a cd f2 e6 fc 3d 24 a8 5f 95 64 83 0f a3 59 fe 0a 42 d3 6f 50 52 c3 ab c9 85 5a 15 27 3c be a3 1c 00 03 5e 9b ec e2 54 cd 63 03 ad c7 dc 90 b5 ba 71 c1 2b 7b 40 96 35 f8 80 ab 99 12 41 e8 1b 8a 46 df e3 7c 32 45 f4 9b 1c 45 05 65 1c 8c 50 74 a0 09 97 ba 1a 56 75 e0 0e 4a ad 93 6a 9d 75 dd e4 08 35 dd ef 88 2f f3 5d c6 f7 5c fb 0a 3b 06 c8 9f 77 a0 92 25 35 2d d4 80 56 c3 e9 5e 78 24 c8 19 de b4 a6 a2 d6 1b cf df 28 67 15 fb 30 a6 ed 0a 6d 5a 27 fa be 85 3b f6 60 ad 72 33 1a e7 7d c8 9e 2a 63 98 05 b1 43 86 75 b9 3b a4 4c 03 bd 37 74 12 bd da 3e 97 44 dd 84 b6 d2 e4 42 eb a3 66 0c be 8d 74 4a b5 a5 8c 22 59 0d 91 62 66 3a 21 e6 12 b4 27 80 7b ed 88 d9 08 72 32 6e 9a ad 5d 74 55 f8 89 a4 c8 e3 46 ba ce 0b c8 06 dc 45 78 3b 36 45 f7 1a 1f bd de af b7 2d 35 45 2a 81 04 f9 ac 58 09 84 c9 85 c7 be ab 42 00 79 39 95 24 a1 d6 f9 93 67 b1 ec ff 86 bb 82 7c e9 b4 b5 e7 4f 78 52 e6 1c 57 4f 61 55 e9 27 99 38 79 13 1f 42 04 a8 a9 2d 2d 96 db 02 81 6a 47 fe 69 56 27 34 25 3a 4b 49 c0 4a ab 76 c6 b6 69 18 2d 6f ee fe 83 86 e7 a9 cb 22 6d 9f 7a 92 57 63 e8 06 25 39 4a a9 7e 68 04 69 c1 48 9b 40 c1 a6 e3 88 23 c8 d0 ea 0e 55 69 f9 28 4b 42 55 07 f7 1f 02 03 01 00 01 a3 82 01 75 30 82 01 71 30 1f 06 03 55 1d 23 04 18 30 16 80 14 53 79 bf 5a aa 2b 4a cf 54 80 e1 d8 9b c0 9d f2 b2 03 66 cb 30 1d 06 03 55 1d 0e 04 16 04 14 c8 d9 78 68 a2 d9 19 68 d5 3d 72 de 5f 0a 3e dc b5 86 86 a6 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 1d 06 03 55 1d 25 04 16 30 Data Ascii: 00lU0H010UUS10UNew Jersey10UJersey City10UThe USERTRUST Network1.0,U%USERTrust RSA Certification Authority0200130000000Z300129235959Z0K10UAT10UZeroSSL10(U!ZeroSSL RSA Domain Secure Site CA0"0H0is~1#mT!~]R\|?1lY8^g~KVu75ZdL,$mMf!tCqL8}8Nhkw@_=$_dYBoPRZ'<^Tcq+{@5AF\|2EEePtVuJju5/]\;w%5-V^x$(g0mZ';`r3}cCu;L7t>DBftJ"Ybf:!'{r2n]tUFEx;6E-5EXBy9$g\|OxRWOaU'8yB--jGiV'4%:KIJvi-o"mzWc%9J~hiH@#Ui(KBUu0q0U#0SyZ+JTf0Uxhh=r_>0U0U00U%0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jun 10, 2021 19:05:04.688653946 CEST	142.250.180.225	443	192.168.2.5	49885	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Mon May 17 04:58:56 CEST 2021 Thu Jun 15 02:00:42 CEST 2017	Mon Aug 09 04:58:55 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jun 10, 2021 19:05:04.688653946 CEST	142.250.180.225	443	192.168.2.5	49885	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		37f463bf4616ecd445d4a1937da06e19
Jun 10, 2021 19:05:04.692377090 CEST	142.250.180.225	443	192.168.2.5	49886	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Mon May 17 04:58:56 CEST 2021 Thu Jun 15 02:00:42 CEST 2017	Mon Aug 09 04:58:55 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Jun 10, 2021 19:05:04.692377090 CEST	142.250.180.225	443	192.168.2.5	49886	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: AcroRd32.exe PID: 6404 Parent PID: 5760

General

Start time:	19:03:18
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Imagebase:	0x1340000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: AcroRd32.exe PID: 6528 Parent PID: 6404

General

Start time:	19:03:19
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\Swift-Receipt222.pdf'
Imagebase:	0x1340000
File size:	2571312 bytes
MD5 hash:	B969CF0C7B2C443A99034881E8C8740A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: RdrCEF.exe PID: 6692 Parent PID: 6404

General

Start time:	19:03:26
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Imagebase:	0x2d0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: RdrCEF.exe PID: 6904 Parent PID: 6692

General

Start time:	19:03:29
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4210813165074894668 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4210813165074894668 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x2d0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: RdrCEF.exe PID: 6912 Parent PID: 6692

General

Start time:	19:03:32
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=1429679197753697552 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Imagebase:	0x2d0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: RdrCEF.exe PID: 7088 Parent PID: 6692

General

Start time:	19:03:37
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=8998359058420623262 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8998359058420623262 --renderer-client-id=4 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x2d0000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: RdrCEF.exe PID: 5872 Parent PID: 6692

General

Start time:	19:03:39
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1720,18195732785066292290,8441989653715131873,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10020858510568826130 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10020858510568826130 --renderer-client-id=5 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
Imagebase:	0x7ff797770000
File size:	9475120 bytes
MD5 hash:	9AEBA3BACD721484391D15478A4080C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 996 Parent PID: 6404

General

Start time:	19:04:25
Start date:	10/06/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://drollins.cliffskenya.com/rdr/ZHJvbGxpbnNAcHJvc3NlcmhlYWx0aC5vcmc='
Imagebase:	0x7ff6de240000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 6996 Parent PID: 996

General

Start time:	19:04:27
Start date:	10/06/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1868 /prefetch:8
Imagebase:	0x7ff6de240000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 6588 Parent PID: 996

General

Start time:	19:04:45
Start date:	10/06/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=5112 /prefetch:8
Imagebase:	0x7ff6de240000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 6480 Parent PID: 996

General

Start time:	19:04:46
Start date:	10/06/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,12073614518499679902,10990376403196387028,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=4716 /prefetch:8
Imagebase:	0x7ff6de240000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to elicit sensitive information and/or gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments.
Tactics:	Initial Access
Data Sources:	DNS records, Detonation chamber, Email gateway, Mail server, Packet capture, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Swift-Receipt222.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Image Streams

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: AcroRd32.exe PID: 6404 Parent PID: 5760

General

Analysis Process: AcroRd32.exe PID: 6528 Parent PID: 6404

General

Analysis Process: RdrCEF.exe PID: 6692 Parent PID: 6404

General