Create Interactive Tour

Analysis Report http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/

Overview

General Information

Sample URL:	http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Analysis ID:	341762
Most interesting Screenshot:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on logo template match)

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Invalid links found

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Unusual large HTML page

Classification

Startup

System is w10x64

iexplore.exe (PID: 5908 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 3560 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on logo template match)

Show sources

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/

Matcher: Template: google matched

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Form action: http://0.0.0.0/post.php azure 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Form action: http://0.0.0.0/post.php azure 0

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-190951695&timestamp=1611113064220
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=150297626&timestamp=1611113085267
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-190951695&timestamp=1611113064220
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=150297626&timestamp=1611113085267
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Iframe src: /_/bscframe

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Number of links: 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Number of links: 0

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Title: Sign in - Google Accounts does not match URL
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Title: Sign in - Google Accounts does not match URL

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Invalid link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&continue=https_%7C%7Caccounts.google.com%7Co%7Coauth2%7Cauth_zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ_E2_88_99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX.html
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Invalid link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Has password / email / username input fields
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Has password / email / username input fields

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Form action: http://0.0.0.0/post.php
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: Form action: http://0.0.0.0/post.php

Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1586286
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: Total size: 1586286

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="author".. found

Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLogin	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49743 version: TLS 1.2

Networking:

Source: so[1].htm.2.dr	String found in binary or memory: ,[36,"YouTube","0 -2829px","https://www.youtube.com/?gl\u003dGB\u0026tab\u003du1","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.dr	String found in binary or memory: ;var zh=new Set,Ah=0,Bh=0,Ch=["PhantomJS","Googlebot","TO STOP THIS SECURITY SCAN go/scan"];function Y(a,b,c){this.o=this.h=this.i=null;this.m=Ca(this);this.j=0;this.u=!1;this.s=[];this.l=null;this.F=c;this.H={};c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host\|\|(b.host=c?Pb(a.src):"https://www.youtube.com"),this.i=new bf(b),c\|\|(b=Dh(this,a),this.o=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.h=a,this.h.id\|\|(this.h.id="widget"+Ca(this.h)),We[this.h.id]=this,window.postMessage){this.l=new O;Eh(this);b=Q(this.i,"events");for(var d in b)b.hasOwnProperty(d)&& equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.dr	String found in binary or memory: </script> <script nonce="iNNFkoUv5F+aQxJjOB5g">window['sc_initLightbox']();</script> <script data-id="video" nonce="iNNFkoUv5F+aQxJjOB5g">var Maa=Dc(qc(rc("//www.youtube.com/player_api"))),qO=[],rO=!1;function sO(){if(!rO){window.onYouTubeIframeAPIReady=Naa;var a=oh("SCRIPT");ce(a,Maa);document.head.appendChild(a);rO=!0}} equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.dr	String found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ka);b.send()} equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.dr	String found in binary or memory: function Iea(a){if(Eg())2==sg().rs?window.YT&&window.YT.Player?SW(a,a.o):(qO.push(function(f){SW(this,f)}.bind(a,a.o)),sO()):Ig("//www.youtube.com/embed/"+a.ka+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: player_api[1].js.2.dr	String found in binary or memory: var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/9f996d3e\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"}; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: accounts.youtube.com

Source: KT0S08Y7.htm.2.dr	String found in binary or memory: http://0.0.0.0/ServiceLoginAuth
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: http://0.0.0.0/post.php
Source: operatordeferred_bin_base__en[1].js.2.dr, cb=gapi[1].js0.2.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-se
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=U
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537.com/accounts/?hl=en#topic=3382296Root
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537.com/accounts/?hl=en45f939.eastus.cloudapp.azure.com/TOS-loc=U
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/2Sign
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/Root
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&cont
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html$H
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.htmlin
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A
Source: RecoverAccount[1].htm.2.dr, operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: http://www.broofa.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: http://www.google.com/help/chatsupport/loading.html
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: http://www.google.com/support/accounts?hl=en
Source: accounts[1].htm0.2.dr	String found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.googl
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.googl-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://accounts.google.com/Logout
Source: KT0S08Y7.htm.2.dr, ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.google.com/RecoverAccount?service=lso&continue=https://accounts.google.com/o/oauth2
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/TOS?loc=GB&hl=en-GB&privacy=true
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.google.com/_/bscframe
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: KT0S08Y7.htm.2.dr, ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQ
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fsupport.google.com&jsh=m%
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://accounts.google.com/signin/recovery?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/recoveryideRoot
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://accounts.google.com/signin/v2/recoveryideqD7Hbfz38w8kxnaNouLcRiD3YTjX.html
Source: RecoverAccount[1].htm.2.dr, KT0S08Y7.htm.2.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1909
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=15029
Source: so[1].htm.2.dr	String found in binary or memory: https://ads.google.com/home/?subid
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: googleapis.proxy[1].js.2.dr, rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr, cb=gapi[2].js.2.dr, so[1].htm.2.dr	String found in binary or memory: https://apis.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/base.js
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://apis.google.com/js/client.js?onload=%
Source: proxy[2].htm.2.dr	String found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: so[1].htm.2.dr	String found in binary or memory: https://artsandculture.google.com/?hl
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://autopush-moltron-pa-googleapis.sandbox.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://books.google.co.uk/?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://calendar.google.com/calendar?tab
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://casespartner-pa.clients6.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://casespartner-pa.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://client-channel.google.com/client-channel/client
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://client-channel.youtube.com/client-channel/client
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://clients4.google.com/invalidation/lcs/client
Source: lazy.min[1].js.2.dr, accounts[1].htm0.2.dr, cb=gapi[2].js.2.dr, cb=gapi[1].js0.2.dr	String found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://console.developers.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://contacts.google.com/?hl
Source: operatordeferred_bin_base__en[1].js.2.dr, lazy.min[1].js.2.dr, accounts[1].htm0.2.dr	String found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr, lazy.min[1].js.2.dr, accounts[1].htm0.2.dr	String found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[2].js.2.dr, cb=gapi[1].js0.2.dr	String found in binary or memory: https://content.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.dr, cb=gapi[1].js0.2.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://dev-externalultron-pa-googleapis.sandbox.google.com
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: www-widgetapi[1].js.2.dr	String found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/document/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: so[1].htm.2.dr	String found in binary or memory: https://drive.google.com/?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://earth.google.com/web/
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://externalultron-pa.clients6.google.com
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)format(
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)format(
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff)
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format(
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)format(
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format(
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://g.co/recover
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://gstatic.com/support/content/resources/
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://gstatic.com/support/content/resources/%
Source: so[1].htm.2.dr	String found in binary or memory: https://hangouts.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://jamboard.google.com/?usp
Source: so[1].htm.2.dr	String found in binary or memory: https://keep.google.com
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
Source: so[1].htm.2.dr	String found in binary or memory: https://mail.google.com/mail/?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://maps.google.co.uk/maps?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://meet.google.com?hs
Source: so[1].htm.2.dr	String found in binary or memory: https://myaccount.google.com/?utm_source
Source: so[1].htm.2.dr	String found in binary or memory: https://news.google.com/?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/
Source: so[1].htm.2.dr	String found in binary or memory: https://ogs.google.com/widget/app/so
Source: so[1].htm.2.dr	String found in binary or memory: https://photos.google.com/?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://play.google.com/?hl
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.google.com
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: so[1].htm.2.dr	String found in binary or memory: https://podcasts.google.com/
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://punctual-dev.corp.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://realtimesupport.clients6.google.com
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-sta
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://realtimesupport.youtube.com
Source: lazy.min[1].js.2.dr, accounts[1].htm0.2.dr	String found in binary or memory: https://scone-pa.clients6.google.com
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://signaler-pa.clients6.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://signaler-pa.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://signaler-pa.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://signaler-staging.sandbox.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidprofileupgrade_all_set.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_accounts.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_familylink.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_privacy.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_two_bikes.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: postmessageRelay[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify-email.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=KwAAdmADmPAAQ
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/avatar_2x.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/logo_2x.png
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p1_cfd8cf40.png
Source: so[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/images/p2_136ed2e0.png
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/inproduct_help/guidedhelp/guide_inproduct.js
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/
Source: operatorParams[1].json.2.dr	String found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base.js
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/icons/common/x_8px.png
Source: KT0S08Y7.htm.2.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark.png
Source: so[1].htm.2.dr	String found in binary or memory: https://stadia.google.com/
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://staging-casespartner-pa-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://staging-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://staging-supportcases-pa-googleapis.corp.google.com
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://support.corp.google.com
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://support.google
Source: accounts[1].htm0.2.dr, so[1].htm.2.dr	String found in binary or memory: https://support.google.com
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://support.google.com/acco
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://support.google.com/accounts/
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://support.google.com/accounts/?hl=en
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://support.google.com/accounts/?hl=en#topic=3382296
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://support.google.com/accounts/?hl=en#topic=3382296cloudapp.azure.com/TOS-loc=US&hl=en.htmlinue
Source: ~DF647CF66800DC8527.TMP.1.dr	String found in binary or memory: https://support.google.com/accounts/?hl=en45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.htmlinue
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/7162782
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?hl=en-GB
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=existing-account
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: operatorParams[1].json.2.dr	String found in binary or memory: https://support.google.com/chat-upload/support-cases/resumable
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/chromebook/?p=familylink_accounts?hl=
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/families/answer/7101025
Source: imagestore.dat.2.dr	String found in binary or memory: https://support.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://support.google.com/favicon.ico~
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://support.google.com/inapp/rts_frame
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://supportcases-pa-googleapis.corp.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://test-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://test-externalultron-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://test-realtimesupport-googleapis.sandbox.google.com
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://test-supportcases-pa-googleapis.corp.google.com
Source: so[1].htm.2.dr	String found in binary or memory: https://translate.google.co.uk/?hl
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: so[1].htm.2.dr	String found in binary or memory: https://www.blogger.com/?tab
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/finance?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/intl/en/about/products?tab
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/save
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/shopping?hl
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.co.uk/webhp?tab
Source: RecoverAccount[1].htm.2.dr, accounts[1].htm0.2.dr	String found in binary or memory: https://www.google.com
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.google.com/accounts/TOS
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/chrome/?brand
Source: so[1].htm.2.dr	String found in binary or memory: https://www.google.com/enterprise/marketplace
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: RecoverAccount[1].htm.2.dr, rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr, accounts[1].htm0.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?onload=%
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.google.com/search?q=
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.google.com/settings/hatsv2
Source: operatordeferred_bin_base__en[1].js.2.dr	String found in binary or memory: https://www.googleapis.com
Source: cb=gapi[1].js0.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[2].js.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com
Source: so[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.re6vWKa2bgc.
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: RecoverAccount[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: accounts[1].htm0.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/support/content/resources/
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/support/content/resources/%
Source: lazy.min[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: www-widgetapi[1].js.2.dr, player_api[1].js.2.dr	String found in binary or memory: https://www.youtube.com
Source: so[1].htm.2.dr	String found in binary or memory: https://www.youtube.com/?gl

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49743 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal52.phis.win@3/88@5/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC2B9C593EF906210.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	0%	Avira URL Cloud	safe
http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.google.co.uk/intl/en/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products?tab	0%	URL Reputation	safe
https://www.google.co.uk/intl/en/about/products?tab	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
https://accounts.googl	0%	URL Reputation	safe
https://accounts.googl	0%	URL Reputation	safe
https://accounts.googl	0%	URL Reputation	safe
https://accounts.googl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://translate.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://books.google.co.uk/?hl	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
https://www.google.co.uk/webhp?tab	0%	URL Reputation	safe
http://router-537.com/accounts/?hl=en#topic=3382296Root	0%	Avira URL Cloud	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
https://www.google.co.uk/finance?tab	0%	URL Reputation	safe
http://0.0.0.0/post.php	0%	Avira URL Cloud	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://maps.google.co.uk/maps?hl	0%	URL Reputation	safe
https://www.google.co.uk/shopping?hl	0%	URL Reputation	safe
https://www.google.co.uk/shopping?hl	0%	URL Reputation	safe
https://www.google.co.uk/shopping?hl	0%	URL Reputation	safe
https://www.google.co.uk/shopping?hl	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
https://www.google.co.uk/save	0%	URL Reputation	safe
http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
http://0.0.0.0/ServiceLoginAuth	0%	Avira URL Cloud	safe
http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl	0%	Avira URL Cloud	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
photos-ugc.l.googleusercontent.com	216.58.206.33	true	false	high
googlehosted.l.googleusercontent.com	216.58.212.129	true	false	high
accounts.youtube.com	unknown	unknown	false	high
favicon.ico	unknown	unknown	false	unknown
www.youtube.com	unknown	unknown	false	high
lh3.googleusercontent.com	unknown	unknown	false	high
lh4.ggpht.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://staging-realtimesupport-googleapis.sandbox.youtube.com	operatordeferred_bin_base__en[1].js.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	RecoverAccount[1].htm.2.dr, operatordeferred_bin_base__en[1].js.2.dr	false		high
https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72	accounts[1].htm0.2.dr	false		high
https://www.google.co.uk/intl/en/about/products?tab	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.broofa.com	operatordeferred_bin_base__en[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://accounts.googl	{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://translate.google.co.uk/?hl	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://books.google.co.uk/?hl	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://casespartner-pa.youtube.com	operatordeferred_bin_base__en[1].js.2.dr	false		high
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html	cb=gapi[1].js0.2.dr	false		high
https://www.google.co.uk/webhp?tab	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://router-537.com/accounts/?hl=en#topic=3382296Root	{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://signaler-pa.youtube.com	operatordeferred_bin_base__en[1].js.2.dr	false		high
https://g.co/recover	RecoverAccount[1].htm.2.dr	false		high
https://realtimesupport.youtube.com	operatordeferred_bin_base__en[1].js.2.dr	false		high
https://www.google.co.uk/finance?tab	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://0.0.0.0/post.php	KT0S08Y7.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://maps.google.co.uk/maps?hl	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.co.uk/shopping?hl	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube.com	www-widgetapi[1].js.2.dr, player_api[1].js.2.dr	false		high
https://www.google.co.uk/save	so[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A	{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://support.google	{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://client-channel.youtube.com/client-channel/client	operatordeferred_bin_base__en[1].js.2.dr	false		high
https://www.youtube.com/?gl	so[1].htm.2.dr	false		high
http://0.0.0.0/ServiceLoginAuth	KT0S08Y7.htm.2.dr	false	Avira URL Cloud: safe	unknown
http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl	{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
https://www.blogger.com/?tab	so[1].htm.2.dr	false		high
https://accounts.youtube.com/accounts/CheckConnection?pmpo	RecoverAccount[1].htm.2.dr, KT0S08Y7.htm.2.dr	false		high
https://staging-casespartner-pa-googleapis.sandbox.youtube.com	operatordeferred_bin_base__en[1].js.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
216.58.206.33	unknown	United States		15169	GOOGLEUS	false
216.58.212.129	unknown	United States		15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	341762
Start date:	19.01.2021
Start time:	19:23:37
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@3/88@5/2
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://accounts.google.com/RecoverAccount?service=lso&continue=https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX Browsing link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&continue=https_%7C%7Caccounts.google.com%7Co%7Coauth2%7Cauth_zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ_E2_88_99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX.html Browsing link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html Browsing link: http://www.google.com/support/accounts?hl=en
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 88.221.62.148, 13.82.197.115, 142.250.180.106, 216.58.206.35, 142.250.180.110, 216.58.208.131, 52.147.198.201, 168.61.161.212, 216.58.198.13, 142.250.180.68, 216.58.209.46, 40.88.32.150, 51.104.139.180, 142.250.180.78, 216.58.212.142, 142.250.180.131, 216.58.206.78, 216.58.208.174, 142.250.180.142, 142.250.180.174, 216.58.205.74, 216.58.208.170, 152.199.19.161, 2.18.68.82, 104.42.151.234, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, scone-pa.clients6.google.com, au.download.windowsupdate.com.edgesuite.net, ssl.gstatic.com, arc.msn.com.nsatc.net, support.google.com, ogs.google.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com, audownload.windowsupdate.nsatc.net, realtimesupport.clients6.google.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, www-google-analytics.l.google.com, plus.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, youtube-ui.l.google.com, www3.l.google.com, play.google.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, apis.google.com, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\B3WIOZ18\support.google[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	39
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aK1r0aKb:JFK1rFK1rFKb
MD5:	B9C5EB570521110110BB7DFF12AF780D
SHA1:	27F5BEBC2200FD8D0B51A93D1357EA954BE44079
SHA-256:	90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
SHA-512:	BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\XFJKAGBC\accounts.google[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	94
Entropy (8bit):	4.499718652390524
Encrypted:	false
SSDEEP:	3:D90aK1ryRtFwsoIcDAqFf32W/GXROqSRgbFKb:JFK1rUFxmAq932W/YIwkb
MD5:	12C8D76485E737D7016BE1E2F6ECBC0F
SHA1:	DDE8ADBEE77FE2264FC589002FF2B0833130A511
SHA-256:	FE6B4801BD7B61AE19CDEE9A909167CA3B33F980F8FACF53C1A7B928C913F6E7
SHA-512:	C204F15F9BB8EF63EAA3079B8730FE55DE5A44A98025D8A9793C8BE7472D059007C69B26D7A0C757AAD2D29A39D8884B9B8A8ABE2A39797389661570D85700E3
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="promo" value="{}" ltime="3434543168" htime="30863067" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC898B7F-5ACE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8611317900083342
Encrypted:	false
SSDEEP:	48:IwBGcpr4GwpLVG/ap8drGIpcSq3GvnZpvSq/GoYgqp9Sq0Go4kbopmSbGWYucK9V:r3ZgZx2d9WShtSRfSshMSRSdS/fSXsX
MD5:	01138F8A88F8EE808CEF259D542CF3E1
SHA1:	B646033F5807235DEF5F8754048A6498B8E5F541
SHA-256:	B404E676E82E2885BB0116CF64337BFF726AC056151B1D6FBA1C4737156A96A2
SHA-512:	820EBFB10F2175A61AEDB5B31BD6F3E7C1B29FEEA8AA3D3FBF3B87800A6BCAE55ABC2F5465FE5ABA80AD4CDF24C4E1638B96027DE980D7B4C3D364037A4CABA0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	141358
Entropy (8bit):	3.0263014290103265
Encrypted:	false
SSDEEP:	1536:jZ5K+5ItX+QuVWhPsM3YYWVj+azRPFvmiFv6dACANAhAF41FvZf0ASAYS3KeAFn1:jZ5X5m3rq+iFcdCKR1FxMhii
MD5:	F9E7FBC5294C56E98BCEB1AF5CB065A4
SHA1:	6F5F50E50AB21895C0AF45DBB1CDEEAB0880D989
SHA-256:	8967DF79F9E000B936BC4F03D56DAFF0F0A109F2D7D8855B284D596423F998E5
SHA-512:	BB4AC6A229C9EFB7D7CA4DCC060BDA49D35CE723A947A8E3313CA5B805BEF548EBA1614A781C9C29F4AA2E9C9C0FC26B661D4E5308A8BA13E7529AC0D69E9358
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC898B82-5ACE-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5668284606624958
Encrypted:	false
SSDEEP:	48:IweGcprLGwpa1G4pQhGrapbSQrGQpKjG7HpRjsTGIpG:rCZFQn6xBSQFAyTj4A
MD5:	9CA0AC6E796B080D3553E0C88F3BD817
SHA1:	790AE2C06C962BEB49BF34D8A1293A02809D950F
SHA-256:	15410CB4227B116104C790FD1D379FFFA330FBADC7A7BEEF7901280D8D6702D2
SHA-512:	AFE88DA7F4B22A01E4DDB2683BF3FD28D843F04801107D1498CE627288D50870A518407D7BE3165DA7214706BFADFCF6EE78C15FF23904D407D9A7BFD349D49C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	11312
Entropy (8bit):	3.747525404305158
Encrypted:	false
SSDEEP:	96:YvIJct+kP47v+rcqlBPG9RHvIJct+cHP47v+rcqlBPG96:YvI6tdPqWceBPG3vI6ttPqWceBPGo
MD5:	9BAAAEFB759F42BE96358DBEDA269A74
SHA1:	9B0C11AFF19654099C20DE2E6A8B0D2EBAECCFEB
SHA-256:	0ABEC99EBC0E38897BF9828CE04D3FD3932F4E1314FFBB07259A0A0600CEA0D7
SHA-512:	CEEBFFEF0AB0DC9D1DD294AAB3B8EF6432EAB96EBB5EE411705F44314CFD8163350F6455A34FE929FE7A1B9BF00B5F7272FA8BF87566FE5B2E5D39A58A1EF020
Malicious:	false
Reputation:	low
Preview:	".h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19888, version 1.1
Category:	downloaded
Size (bytes):	19888
Entropy (8bit):	7.96899630573477
Encrypted:	false
SSDEEP:	384:0c6bX9TSzYzCrQH+qXM6C0ouF0xcYye+5x/U3S0X5v+obEgm:0cCV8GuPVyzx/MS0X5v+oI/
MD5:	CF6613D1ADF490972C557A8E318E0868
SHA1:	B2198C3FC1C72646D372F63E135E70BA2C9FED8E
SHA-256:	468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
SHA-512:	1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......M.................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......P...`u.#.cmap...0.......L....cvt .......H...H+~..fpgm...(...3...._...gasp...\............glyf...h..:q..i..+ Ohdmx..F....f........head..GD...6...6...\hhea..G\|.......$.&..hmtx..G....d.....E#loca..J.........\s@.maxp..K.... ... ....name..K........~..9.post..L........ .m.dprep..L........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20356, version 1.1
Category:	downloaded
Size (bytes):	20356
Entropy (8bit):	7.972919215442608
Encrypted:	false
SSDEEP:	384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
MD5:	ADCDE98F1D584DE52060AD7B16373DA3
SHA1:	0A9B76D81989A7A45336EBD7B48ED25803F344B9
SHA-256:	806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
SHA-512:	7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.\|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O\|.U:...\|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H\|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S...........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20268, version 1.1
Category:	downloaded
Size (bytes):	20268
Entropy (8bit):	7.970212610239314
Encrypted:	false
SSDEEP:	384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
MD5:	60FA3C0614B8FB2F394FA29944C21540
SHA1:	42C8AE79841C592A26633F10EE9A26C75BCF9273
SHA-256:	C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
SHA-512:	C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x\|D...ct.Kx..H@b.3..l..#u.....L......^..4.....rP..{.......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.\|.....n........PHaE...J...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\LDZ5E2H9.js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	3177
Entropy (8bit):	5.039135441491122
Encrypted:	false
SSDEEP:	48:x7aE6E0EMEogE5ElEtEEEfEXEWEzEeE9EAEJE3LEvoESEYELEi6ERE0EtEcEcEhz:xYg4ICyKY
MD5:	35FFA9557825DBC0735CC5E9C57DA77A
SHA1:	A4148AF1D62B70F397490FBCEE9BBCBCA8F20AD3
SHA-256:	7F7C8679DE8FE0C9042FD4E0E50CDFB3A3EDE62A1ABAACEB51BAF121C13A3CFB
SHA-512:	08CA4C900C377C742C685D317994785895AD83DAFB189EAEF259265532745066AD8C4C892CBCB8B7042959BCD94AF0872057E0B614885395E1D5EDACD0C53389
Malicious:	false
Reputation:	low
Preview:	this._G=this._G\|\|{};(function(_){var window=this;.try{._.k("xUdipf");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("NpD4ec");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("SF3gsd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("qfNSff");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("NwH0H");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("YLQSd");._.zu(_.ty);.._.l();..}catch(e){_._DumpException(e)}.try{._.k("lCVo3d");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("o02Jie");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("rHjpXd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("pB6Zqd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("MB66Qc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("QLpTOd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("oWOlDb");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("n73qwf");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("MpJwZc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("zf3eV");.._.l();..}catch(e){_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	dropped
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	51432
Entropy (8bit):	5.555402766212286
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WwXRF1OVxK4X:pK4ye0RkwXR+X
MD5:	380373FCD08CB642C251152059997DB6
SHA1:	12773E4A16BF1B1D37967CEF5FBA90666E93ABBB
SHA-256:	98C669FC51080B27E219227634C7054D28012A063D8E58FCDA823D3688A8A458
SHA-512:	8B2C0AEA25A3C5A50DBE4354307F9FFF03D13966F1557D59156347E06C443897DA2A764F806A95779D34F72BA387F079F9BFD0FCEE5C59B0503C5E547D93C571
Malicious:	false
Reputation:	low
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\chatsupport[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7598
Entropy (8bit):	5.238477683745263
Encrypted:	false
SSDEEP:	192:+d36+swcre98YZwXO1JHq6PrLJRLwMKaSkZkF:Sz8Yjq6DLJ8aTZm
MD5:	81F4E76B75BC005C6C7C42E935F12BE1
SHA1:	1957A432A56569F9072DC082941222ECF58EE426
SHA-256:	EC79CAA8A2B64067631B65AFB295851C8C9F47CCA34B8AB53D341B32EA0C51E6
SHA-512:	79E2138BDDFEF6A632F38282CDF960CC86427A69EDE126159C47500152AEBFA5C5727D408F61D9A191A113382913FFB9CD1F1714B7AF5B6D91F7720345B0B012
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operator/1610960497650/chatsupport.css
Preview:	#topSection{width:100%;height:4px;overflow:hidden}#bottomSection{width:100%;height:calc(100% - 4px);overflow:hidden;box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 2px 6px 2px rgba(60,64,67,.15)}.chatsupport_a{width:12px;height:100%}.chatsupport_b{width:calc(100% - 32px);height:100%}.chatsupport_c{width:4px;height:100%}.chatsupport_d{width:calc(100% - 8px);height:100%;box-shadow:0px 0px 5px #888}.chatsupport_e{width:100%;height:8px}.chatsupport_f{width:100%;height:calc(100% - 8px)}.chatsupport_g{overflow:hidden;display:block;z-index:10000001;bottom:0px;position:fixed}.chatsupport_h{top:4px;position:relative;left:4px}.chatsupport_i{top:4px;position:relative;right:4px}.chatsupport_j{width:100%;height:100%;background:none;vertical-align:bottom;visibility:visible;opacity:1}.chatsupport_k{display:inline-block;vertical-align:top}.chatsupport_l-m.chatsupport_n-m{box-sizing:content-box;font-family:Arial,sans-serif;font-size:13px;position:fixed;width:400px;z-index:10000001}.chatsupport_o .cha

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.148489744650841
Encrypted:	false
SSDEEP:	6:0IFFm15+56Zzhizlpd0celB69JNijFFm15+56ZRWHTizlpd0aFlcLFNin:jFMO6ZN6p4aJqFMO6ZRoT6pIFY
MD5:	B961EAC5D8155FF9FB42F9E3DF486FF1
SHA1:	7C0B50C477EC1EB6C26C0E12ECC41B6188CB95C7
SHA-256:	206D20C2C6E6FE38C42FBCB417EA706E41C340B54E09F46A2DD879FDF83A9663
SHA-512:	395433D298B9B66BF1201CF5C97F316E14B9590240A900C37689129C52E8A8DCC8844728B06F4B8462CAD054188BE1C1D1F38DDD5EEB78AEEFDF7FF93B6F9083
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
IE Cache URL:	https://support.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\forbidframing[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2882
Entropy (8bit):	4.101264567053427
Encrypted:	false
SSDEEP:	48:upYP3V4V1UXvCavVbQdZKUqVtLQI7I6FQ3:u1qlW8rJId3
MD5:	5CD4CA3D0F819A2F671983A0692C6DDD
SHA1:	BBD2807010E5BA10F26DA2BFA0123944D9521C53
SHA-256:	916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B
SHA-512:	4420B522CBE8931BBA82B4B6F7E78737F3BB98FC61496826ACB69CFFF266D1AC911B84CB0AEEADD05BD893A5D85D52D51777ED3F62512C4786593689BF2DF7F0
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/forbidframing.htm
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="LTR">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>Framing Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onload="initUnframeContent();">.... <table width="450" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="red_x.png" id="infoIcon" alt="Info icon">.. </td>.. <td id="unableDisplayAlign" valign="middle" align=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http_404[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	6495
Entropy (8bit):	3.8998802417135856
Encrypted:	false
SSDEEP:	48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
MD5:	F65C729DC2D457B7A1093813F1253192
SHA1:	5006C9B50108CF582BE308411B157574E5A893FC
SHA-256:	B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
SHA-512:	717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/http_404.htm
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/info_48.png
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\m=recovery_view[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	205
Entropy (8bit):	5.131693631338828
Encrypted:	false
SSDEEP:	3:YvCKwZfnvM8vvLNzIJvTSHObSLT8qjSvBHcMMaYTgNNw63G+NpbMNYWLCAZXCn:YvlwxVv5zZtL3ccMMaQINw6JpsLCA0
MD5:	BFB95698F98DCCDA907BAB5882BB73A1
SHA1:	15171EB4B9CD0D3461BD091B574F03CA329C975C
SHA-256:	225175BEE3FFF861CC2E90867219EC730FE97595D1BF4FCCA2743293435B5243
SHA-512:	D53837F9F8A95E80B3C70FFA18A330A6ABF946AA276E07F6A1E645E1D0DC2FF8B325AAB90802B1C5934AE16C04D54500711B796CE6ACFA5B520F39B56ECA4214
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=KwAAdmADmPAAQIAJAAAAAAAAADCAbCjLSPW1wvuX/d=0/ct=zgms/rs=ABkqax0Z2ibrr_OufeCY6h90Xt5HBhB6ng/m=recovery_view
Preview:	this._G=this._G\|\|{};(function(_){var window=this;.try{._.k("recovery_view");._.sDa.$({template:_.h1a,Wa:_.Z({Sa:_.PP}),title:"ignore"});.._.l();..}catch(e){_._DumpException(e)}.})(this._G);.// Google Inc..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\postmessageRelay[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	5.1546229191485455
Encrypted:	false
SSDEEP:	6:haxUpErQWR0NNEXW0YBVk3bVfAbplMIzZIT1ZQKpA8GhWEdCivwyYuB96iGhMJmF:haxyErYfhVkrC9sAsERwPMJmWmM8ytrI
MD5:	6A5B89E71255FEA93C7786DD8ACC1E6D
SHA1:	E9D1A96D0395751DD823B1E3CBA1627A677DFDBE
SHA-256:	DF84286F6D12CAB74F750FF9415EE29BB53416FE56E068E9F89355054591400D
SHA-512:	E876D82F51D8FFF0A7695914583050A62A798EB42B464A50FE7FE0214F842D365D05B0DE9F3E1478E9D3C81C08E5518B1DC148ED72C9AF33B8A1BFE1C2C175DB
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="/oxTFruIl0y2161GihhDxw" src='https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js'></script></head><body ><script nonce="/oxTFruIl0y2161GihhDxw" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	114964
Entropy (8bit):	5.537656093441219
Encrypted:	false
SSDEEP:	1536:rhCYftnkNKwf1W0bNO35jPbCnDChlHtyqvHPGzYlwYrCJRCWg2jyK:xJkM0arb+TqvH3wWCJRCWg4
MD5:	EA34E25D6FB9F3D4377462934E5107EA
SHA1:	811B29961900F6CE526EB9D13C509D476FBA1A1A
SHA-256:	489074445207E8CCE04EDDFFA0224CF4C92F3B8ACA98FA935C2BE111E0A787D3
SHA-512:	51E8323F03BA746F2722B3A9045544616E9F56661B11010CC70FBCAEA4F6FA979A79E62EFC4914C94442A77BEF5DD6C583CB1195AA1FF79A3C7697C9D50BB6C3
Malicious:	false
Reputation:	low
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Pj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Qj=function(){};_.Qj.prototype.o=null;.var Sj;Sj=function(){};_.v(Sj,_.Qj);Sj.prototype.j=function(){var a=Tj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Sj.prototype.B=function(){var a={};Tj(this)&&(a[0]=!0,a[1]=!0);return a};var Tj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("U");}return a.A};._.Rj=new Sj;..}catch(e){_._DumpException(e)}.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./._.Uj=function(a,b,c){a.j\|\|(a.j={});if(!a.j[c]){for(var d=_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rs=AA2YrTuznPbGtxvpTQcK7pdhZKCAEtCeOg[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	301
Entropy (8bit):	5.192037061010406
Encrypted:	false
SSDEEP:	6:6ZwTcqcA2n6gt9VvKcZWbnRVIM6RoeSjIUVY29g+7s8agMNDzY/:6ZfqcA26gAcZWfp6SVY/soY/
MD5:	5E1BA7773FBAB75FDF7B3E74BD4AB2F1
SHA1:	C0EFB23EA4A186B9936A9D441C3DC4907C507D2A
SHA-256:	EB4D490B39F02AE67360FB75D13BEAAE29BBE932C08034A688890A28692C8E1E
SHA-512:	CC62BFDE42DE77EE97AB514DF29155A7A6D3992B1C2E30DC3EA97C364CDF073F46F9937DDFD027274E2F1F6A6C6836ACB75046ED0C06DDCEA0EA64175921A822
Malicious:	false
Reputation:	low
Preview:	.gb_Se{background:rgba(60,64,67,0.90);border-radius:4px;color:#ffffff;font:500 12px 'Roboto',arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000}.gb_Jc .gb_Ec{overflow:hidden}.gb_Jc .gb_Ec:hover{overflow-y:auto}sentinel{}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-widgetapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	104641
Entropy (8bit):	5.509008180524544
Encrypted:	false
SSDEEP:	1536:4WYCtaFqtKp3isv7UBXXeFIRSaYsCfcthfo19eYofRCt/H2J/z8xuPbV+vkY6hi4:2FgekXuO1Dqxtkl
MD5:	9BB96F192FEA45F2988AA6C66AAEBE60
SHA1:	D8033CAC6E43CED2855CC50DC38428A7D2B29215
SHA-256:	45411434D7D8FE258124F2E19CBBC37F0379F0882A64EC263840AB3B5C702A9D
SHA-512:	1B6736B8D34364B8E3E84BE55113A3F89A5E5E28920AD723152E1EB2E6EB238802F4AFCC12468DA6EEE2910DA1D14B345E90BBCA6AEA7DB7E2499134AEAD220E
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/s/player/9f996d3e/www-widgetapi.vflset/www-widgetapi.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var r;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e\|\|"")+"_"+d++,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26412, version 1.1
Category:	downloaded
Size (bytes):	26412
Entropy (8bit):	7.982191465892414
Encrypted:	false
SSDEEP:	768:BXFxTA19K8CdHMT6KHQO8LWhHCWN1ekhzLS:9f29ZYMTwO8qh1nm
MD5:	142CAD8531B3C073B7A3CA9C5D6A1422
SHA1:	A33B906ECF28D62EFE4941521FDA567C2B417E4E
SHA-256:	F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
SHA-512:	ED9C3EEBE1807447529B7E45B4ACE3F0890C45695BA04CCCB8A83C3063C033B4B52FA62B0621C06EA781BBEA20BC004E83D82C42F04BB68FD6314945339DF24A
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
Preview:	wOFF......g,................................GDEF.......q........GPOS.......%..+...RGSUB.......y......m.OS/2.......U...`i`..cmap...........~n...cvt ................fpgm...@.......uo..gasp................glyf......>F..m>Q..head..[\...6...6..'.hhea..[.... ...$...3hmtx..[..........<'3loca..^l...{...._.{.maxp..`.... ... ....name..a........V..4.post..a..........i]\prep..et.......^....x.D...Q...3..IX=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....g...x.....6.E..8..........affff.0.B..&.L...B.Nzy..n.T.t~w&..%[.dYzzz.Oe" ..lE.........m..7[s}...[l..)..)...(H.A.@q.57..S.@.._..]..j.-^N.R...'...]v.0..2n.6...~....X..xN.DN.T..b..Q5.E.).,QI.....M....6.P."..\|...tI5.......t..r.(...{M..T}..@.kbNP.I.9-...=E.U'.{.....p\|.t..qJE.9...'......z...L./.....rnXQ.6.\|.....n.V.....K.?.G...<..<..Q.....C..K(s.PR.x\(..P@.P..z.DL.1.$../.8A.8Q.r.Pr[e.Rt+~.}9.)E.'.U..z.G..G..OH/H...L.../..{S...EP.%........o.................uN...'.}%..9.F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20012, version 1.1
Category:	downloaded
Size (bytes):	20012
Entropy (8bit):	7.966842359681559
Encrypted:	false
SSDEEP:	384:Yc6bX9TagDCXKqs4+W5XVgaflKHjsGdZtlh3K/qzWz/scZpuB:YcCVaeCaF4ea9KHYQZtlh3Kgy4B
MD5:	DE8B7431B74642E830AF4D4F4B513EC9
SHA1:	F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
SHA-256:	3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
SHA-512:	57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:	wOFF......N,................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......R...`t.#.cmap...4.......L....cvt .......\...\1..Kfpgm...@...2......$.gasp...t............glyf......:...j.'..hdmx..G,...f........head..G....6...6...rhhea..G........$....hmtx..G....a......MOloca..JP........\v@zmaxp..L,... ... ....name..LL..........:.post..M(....... .m.dprep..M<.......S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..\|.(o.....\|$,..{\|&\|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47051
Entropy (8bit):	5.516264124030958
Encrypted:	false
SSDEEP:	768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5:	53EE95B384D866E8692BB1AEF923B763
SHA1:	A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256:	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512:	C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self,m=function(a,b){a=a.split(".");var c=l;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING\|\|[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\avatar_2x[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 192 x 192, 8-bit grayscale, non-interlaced
Category:	downloaded
Size (bytes):	626
Entropy (8bit):	6.804758765204737
Encrypted:	false
SSDEEP:	12:6v/7GeuxDolr/82EgWEV+lvL+aLZyckWKFANZntDG9SkiWsc:3eCDe8XaKadnANl4cWsc
MD5:	51116D3ED346AA1A00B4A9393DFE117E
SHA1:	2B2394121D8E3E6526F1B6F686E49D61023A0C3F
SHA-256:	CDCC6D6DCDA827A694DCE8BFA9A1AB41113B629EF1CC11F886866AF9194C81D0
SHA-512:	7D3F2C0F499013BB54D239C770F4BDF910F0D0D6AA8D5BF7D3858FE5767EE1004FAB44A8644A0EF9E8CD2C6C8EB7079805A0A1D6AE414B2F5E6F6987633C30DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/accounts/ui/avatar_2x.png
Preview:	.PNG........IHDR.............w.3....9IDATx...... .F...O?...H....H.J.<..x....s...\|....`.......................................>...`.N?....#y.2..W.$...y@..c...,.k.a@...M.`w...n..;.~....[.....D...L:.d...d.-@..)...%@RC...pj..f.IM%3........6#.....Sc..`Ws.....V.....@Ps..@........K.@{\|..S.?...s.?4..R..J..Pb..p..x....../..f.}.e..m...X9c.}..WV.m...........T......&}S.sJ....9..?.C.M@.K.?..\M.j.^'.1W..m.j./.h.....1my.<}.C3.&.n.To..Y....<.\|. {]..7......:...z%`u.<.^.8.n).....M.r. ..r.@......}..no...4....p..;..f.i..(.T....T....V..X5... hX...iX..@...8^.P........................................x..\|....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	downloaded
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/background_gradient.jpg
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bscframe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.906890595608518
Encrypted:	false
SSDEEP:	3:PouVn:hV
MD5:	FE364450E1391215F596D043488F989F
SHA1:	D1848AA7B5CFD853609DB178070771AD67D351E9
SHA-256:	C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E
SHA-512:	2B11CD287B8FAE7A046F160BEE092E22C6DB19D38B17888AED6F98F5C3E936A46766FB1E947ECC0CC5964548474B7866EB60A71587A04F1AF8F816DF8AFA221E
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	100884
Entropy (8bit):	5.524623565937768
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WCjfyQUEZPpIJYoDpA1/HNpHWNXRRF1OVxK4c:pK4ye0RkCjiE3IJTpoHNpHkR+4roC
MD5:	9534D32DE45A6E13B5E87DC9FCBF2B14
SHA1:	D299559588546F555EFE81E77BE17A7C10F82CD1
SHA-256:	79F21D811C42ACBDED1B2A1B86D7E9BB45D58A1F477E6ACF86B5CEC33EFE46C6
SHA-512:	EA05BD5432EFDA0655A27AB00649E5B6902215AC042BF3CEF2E8D0107A4DA64803EEF58684B0558B5CC8509F3347BFE7757567A05AC6EDF0036AFBAF9988899A
Malicious:	false
Reputation:	low
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	613
Entropy (8bit):	5.157298093683682
Encrypted:	false
SSDEEP:	12:UJO6940FD7O6ZRoT6pYwEmr37uqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:G9XD7OYs/UrR/iOYsNxDv/iOYN7Nxw
MD5:	DC8AE9686BDE8C1517953AAF4C645E68
SHA1:	A95E59D8DDFECBE128C05B8C30E14688F135CA03
SHA-256:	AC7E61AF97048090E29FE6561A86B5FCD8F7BEF016C399D0C32683B02F059AD6
SHA-512:	5728E987376AE9209E44E677BACFE41F03FBC97B468D5BEE6F43D0CAE95B7F6AF7666DC05094B11C77F7BA72A2C963E4C4CB8C438F0B893B2D0A9C47DCB318D6
Malicious:	false
Reputation:	low
Preview:	/. See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo_2x[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 232 x 76, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5274
Entropy (8bit):	7.940636569964172
Encrypted:	false
SSDEEP:	96:7SIhOGx5zQZ6lsDgVWxxWQa6AmBbbpoFkrkRd4i6Rk7/BO3GXSD+pMI:7SU1xBQZAVeQQa6Am9poF9R96RY/gHD0
MD5:	DB5FC480AD614FF46BBA7B3D74E2E5ED
SHA1:	5D7830B172CB2A231C6E4539E202B78563BE2139
SHA-256:	749ECB257B4DABD6C2D346578FCBE63A96BF94C1F2366496409296167F03B7A7
SHA-512:	FC84CF03FE4887492AF460C8105552B222DD4873F919BEB81D19521064F10DBDDBB4BB89613C205123CED4B43A8118A5847790C33A1D6531B38B8753C243C27D
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/accounts/ui/logo_2x.png
Preview:	.PNG........IHDR.......L.....g$......bKGD..............pHYs.................tIME......6.(....'IDATx..].t.......Z......R.BB2.1i.<.....K..Z..m.BY{.{".NB.....NY...B.......ao.&.%!XV.{4...z....,..3.3r.....-.~4s.{.....x...-._o..?Q...j4ug0...F.7.#.b\|]..R...}5./........c....i...@,up0.ji.io.#Z..........@T?T~..U`.feF....jT[d....^...L...W~...o.....[Qn......f(.....JG.Y4($.8..n%.=i\.}...\|s&g..&/....`T....K...@.......4..b..j;...j..ph.jL.HzSi........ci..Y.?.?..Z>..5@.......T...y..#.Gi......(.l.U..i.......L...NhlN...........O..o.._6^o.....Q.....a....c.g......Xy.@S.k........(..GQ..(........DL....O.....'...>W.S..h...i.6FR:....Q...\Pk.#k....4...a..o~p.7Oi..9.`L_.}.7...6l.....{M..<.......\|%8..[."Lm."..5.=O...4.PW=..._h......$@]4...GZ.C.zi..n{O4Os.i..pC...K..u.B..$..v....$@]6x.G....K..u... ..,ex.-.&..vx.r.....p.....'C.S.!...!.s.A....1.=..~G.I...V.9f.F....=.7.yC..\o[...%....=.l^o...}q..#.p{~D.1D........G$.q..1.....`,.3PLw.R...rP]R..v.}M.A...!.x&.v....!.....o..f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=bIf8i,omf1Od,zy0vNb,K0PMbc,otPmVb,rlNAl[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2005
Entropy (8bit):	5.29625798374753
Encrypted:	false
SSDEEP:	48:x7DoEuEfErE+FD7B8oSBUeH2dEUAAkzktkGl:xmD7aNb0AAcktkG
MD5:	0F4BF0CD480FFF5EAB08C24A884A14EA
SHA1:	098CE4E33F7B38603C3703CA3B08836F8DE79DA3
SHA-256:	5C8AEAF501D03A00ECF3831F6B2AD86F6CBF939354737F69A80D810409306A21
SHA-512:	53D1C1A593699344497B6E65C7D6C7BA3FF38CBD4604BF4A91ADD15CB43CD05040A04D6AA65E17B8127A207CE42DCDE043ABEBA797574613BADE6C5C24C8A42A
Malicious:	false
Reputation:	low
Preview:	this._G=this._G\|\|{};(function(_){var window=this;.try{._.k("bIf8i");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("omf1Od");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("zy0vNb");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("K0PMbc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("otPmVb");._.g9=function(a){_.bE.call(this,a.Aa)};_.u(_.g9,_.bE);_.g9.ta=_.bE.ta;_.Vw(_.oua,_.g9);.._.l();..}catch(e){_._DumpException(e)}.try{.var Zzb=function(a){_.x(this,a,0,-1,null,null)};_.v(Zzb,_.q);Zzb.prototype.Ib=function(){return _.r(this,7)};var $zb=function(a,b,c,d,e){var f=_.ce(a.$.location.href);_.xua(a.da,a.$.location.href).then(function(g){var m="accounts.google.com"==f.ea?1:100;var p=new Zzb;p=_.n(p,1,b);p=_.n(p,7,c);m=_.n(p,6,m);g=_.n(m,3,g);g=_.n(g,4,d);m=_.n(g,5,e);g=new _.PD;m=_.uva(a,void 0,m);g=_.n(g,8,m);_.vva(a,g)})};_.k("rlNAl");.var aAb=function(a,b){this.$=a;this.aa=b},dAb=function(){var a=Date.now(),b=bAb(),c=cAb();this.$=[];this.da=a;this.aa=b;this.ea=c},h9=functi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\operatordeferred_bin_base__en[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	382331
Entropy (8bit):	5.1995078791633
Encrypted:	false
SSDEEP:	3072:CuJ4InXTx9szxt/EuJ22upMwqtl9hyG9szSoeVe7pBeb2fjrLaLtrnRp8n+t2Q7u:1c4Tsy/Neb2fjrLalX8+t2ZWhq
MD5:	3027156BE4E85D96A9FE29285C6E72F2
SHA1:	C300D325414F7056690D418DF3AD0A8F2812F2E6
SHA-256:	25EA0C18658CBD918FA066AEA907232E939BE5E98782A9A61BF40BEA9E38509C
SHA-512:	A8755B37800EC108AEBE3F6A0B1A3B56A1C01568EF3DA6EB75A26ACA40F3478FC9570021D9BBCD17FF7B7C8381820D471FE8B6BB765FCDB4E7D71861379B3686
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base__en.js
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var rtsinternal_,rtsinternal_aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},rtsinternal_ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},rtsinternal_ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&.c.Math==Math)return c}throw Error("Cannot find global object");},rtsinternal_da=rtsinternal_ca(this),rtsinternal_a=function(a,b){if(b)a:{var c=rtsinternal_da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&rtsinternal_ba(c,a,{configurable:!0,writable:!0,value:b})}};.rtsinternal_a("Symbol",function(a){if(a)return a;var b=function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\player_api[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	810
Entropy (8bit):	5.297143102456936
Encrypted:	false
SSDEEP:	24:E1QYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1LPcSAXC5kaJLzwYhQ
MD5:	21EC4121D8A6690BD447028A94170F5D
SHA1:	62189FBF9B884D0711836A7BCA97E8E7A345153F
SHA-256:	A29AD79A8AA3C011F165BF0040B910BCF591C2F1533C5477B866770508128782
SHA-512:	3A2710BA1A002FC3C0B4521E1C96B0339397A2B188CC5CFF7FCAD46935B0DE29500222F0F1406AAF70BC000FB5271E5AC8C1AD4190F5FDFACE35309B4B7F87B8
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.youtube.com/player_api
Preview:	var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/9f996d3e\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce\|\|c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)})()};.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proxy[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	436
Entropy (8bit):	5.283061814304958
Encrypted:	false
SSDEEP:	12:hYA0HqJmqGrrsQo79hLFBkAAqJmPm/esHb3rsQP4Nbx4IQL:hYPcBjBvPz754NW
MD5:	3844A2C312757A710D5400994F8FEB39
SHA1:	DDA6E396DD675FA7715CE2468D696A6D01D358FB
SHA-256:	93D227DCDA37F6C4C8778CE15B23B6727E6C123BB8BF78EC196D9D7DFA942EF9
SHA-512:	3FC64B6C8001047111E7F96469ED48E27CF06B98F40B2FD2254418411434851D787D431AC1141CBA7C1D18C2B0B8CB666A89C252F53F3C12456A9469A94AE066
Malicious:	false
Reputation:	low
IE Cache URL:	https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.L7mys-cL6BM.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg%2Fm%3D__features__
Preview:	<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="PHZDcWTvQxap4H/RgmX/5A==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="PHZDcWTvQxap4H/RgmX/5A=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proxy[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	436
Entropy (8bit):	5.285297548270222
Encrypted:	false
SSDEEP:	12:hYA0HqJmqGUZ79hLFBkAAqJmPm/esHbAK4Nbx4IQL:hYPcBr3BvPz7AK4NW
MD5:	BC9C7D598FEA19B9F84155CE6B0C4634
SHA1:	006B2F923A5ADC68398028D53BCDCCCD29328D5A
SHA-256:	83852B48FAB8A85B00B7DB99B7FCB4E4F2FE7A62D6FC4B29E8BD0A7DBE6EC360
SHA-512:	DFE42CE000925EF5E531FA840B3F93FDBDFDE7EE62E265D6CEC8B6E452379F069F8459539C87B0EF5D497E2AEAFD547E4F09383A18149FCF18BABDC08194EF90
Malicious:	false
Reputation:	low
IE Cache URL:	https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.L7mys-cL6BM.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg%2Fm%3D__features__
Preview:	<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="q5awX+XTsuC/SLMyDhk8ng==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="q5awX+XTsuC/SLMyDhk8ng=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\universal_language_settings-21[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	199
Entropy (8bit):	6.654189393031599
Encrypted:	false
SSDEEP:	3:yionv//thPlplWKQuwnloatUBhddF+GKEWEkSpwJOOQfcr5cBluSqS22ZFSGcLMh:6v/lhPbEK7etyB/dF+GKCwGE1V2hD2Ap
MD5:	4A2D1168A691747DAF4D22E0DC483958
SHA1:	E556FED18AFF83A117F173960C66D42D57CBC4B4
SHA-256:	59404AF2D92C53AD1EE9E21B252C07C77DCBA810B248A79D6AE989B1FF63C7D6
SHA-512:	B9AE29A74F4711EA3E49D40F823E00487394B288C0A787FED78B6BCFC769DB4123E2B3A0C7C7E8EE5BDBF8BA304DE666DA3BE797A2ABCA1A9E828DB6799C4715
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png
Preview:	.PNG........IHDR.....................IDAT8.........b4....F1..^=.DUS..K^.._........Mr.X..A..!....{.b.....c.....d[r=.#.]a+...R.S\......[...+.v...C.r...J.(....47..J.,p.. Y.g..*...2...iQ.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\unnamed[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1393
Entropy (8bit):	7.741695342683955
Encrypted:	false
SSDEEP:	24:D/6Bm17qS9DbPDQ45Gkds4VbbBYdVATpFxb+hs3xl0Sau164l2kFSWZR2vtUx2lH:D/6BmIG7hdbYdVules3xla+64l9wxVUo
MD5:	0EAA75E84E3B5D76E26B5BDEF873465E
SHA1:	79DAEA62FA0952E79644B23305210D61B6CBB631
SHA-256:	D375701BEED766135440CC65BD4CEDE9CC455C0116A362E124C3C2158EDCEFF4
SHA-512:	EE117EEF8002ABEF55C7521FDF265C597226994BDD4EDDF9965E22E1FBA4D8526544A6427F847C2BEA3B586B3E4C06BEB6584D1CCEF5A06AD4739CAF837DB7EB
Malicious:	false
Reputation:	low
IE Cache URL:	https://lh3.googleusercontent.com/o9U8AvPuX9gkIYtYfNmH-_wBdTfOJ7jb0VwbLWWbERzml7oTPngODhKv2Br7A64=w64
Preview:	.PNG........IHDR...@...@......iq.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[;l.A..;1!@.@......@" ....44\|KD.......E..(A"....ih ...@.H..B..)............>{w{...H..n.;;og.vfw..T.YM....^.m`...b.0.....V..^\....`Jo..B.-..}....F...)..wq..<6........5.L.a.a.q.}.."...J...g....FZ.....4m.4..n..i.g.8............3...w./:..Be....r.T%.0......g5..v.:..X.r.V..?...c_3.J...u ........da....).c.3p(...T.l.E..3....Q.9.R7{...'...MTQ. ..@...R.....j:up....j...w#?...\|.n.}E.........Q:.Q.._..n....W.Q...x.:.X...aU.....o;../4MS..P...Z....%...a.V...S...x...B..FfL{g....%'^......kd.C.U..7.;.....@{.\|.+K.o.0+;.........\%..,qA...(...@......."Gdd..^..C..c.w..S[.P....`......B^....~.c.'t...4 ...P..I$.....,.-.....Z.^..\M.....d.`...TV.LC.....`..H.....KYYB..,......o.../.\|v...d.Y......H.....q..Bq/. 09...7.@....."."n.".d..:'..r...x..F.O......m.i....}.....SS.'g7...\|1..d.dA........:T._..>.t....M...A..$....vN[.#..\|..7...,.J.."w...D.v4..F2..?}..@.mclf>w+...h.m..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26180, version 1.1
Category:	downloaded
Size (bytes):	26180
Entropy (8bit):	7.9847487601205405
Encrypted:	false
SSDEEP:	768:axmLo3N7711ZHlB8N6yt/DvXjXjmDNzv6:bLodN78Ii7jKJv6
MD5:	4F2E00FBE567FA5C5BE4AB02089AE5F7
SHA1:	5EB9054972461D93427ECAB39FA13AE59A2A19D5
SHA-256:	1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
SHA-512:	775404B50D295DBD9ABC85EDBD43AED4057EF3CF6DFCCA50734B8C4FA2FD05B85CF9E5D6DEB01D0D1F4F1053D80D4200CBCB8247C8B24ACD60DEBF3D739A4CF0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:	wOFF......fD................................GDEF.......\.......QGPOS.......#..+...QGSUB.......y......m.OS/2...\|...U...`h...cmap...........~n...cvt .......y........fpgm...........uo..gasp................glyf......=...m...5head..Z....6...6..'.hhea..Z.... ...$.0.5hmtx..[...........).loca..]....y.....K.6maxp..`H... ... .=..name..`h.......r.i6Ppost..a..........i]\prep..d....p..... ..x.U....Q.F..=#.0ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z..+..=Z...~.................0.8....r.\|...=s&oG....q.Fg...Y...:Wc..>..p..p....)......{.aX..}.?.k... .......N.=.c.Do.....~2.=.i$....0..>..!.'v.....q....>>.....o....30..0.w..\|hR&mrf....,.Y..........%<..0.#.~...._a.c......K.z...H1..u.2.Y_..0.9..`.,.:.=(.N~...a.<.D=.....V....\..>./.B.`iE..A9.S.\|?.g).Rj..8Q...h.y.G.^.kx.o.....(...#....9...,4I8...7..o.I\|@x..1.>'...H.m..$.yp..f..%..F$0.0.I.1...WR...E..8?a..\|"................A.(...ZJ.q.K\|...S.1..ht.ck....e...T.Zs,W..0..%.i.R...Ku.K.y.....j.RD..~..dpsh.fc.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4UaGrENHsxJlGDuGo1OIlL3Owpg[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26228, version 1.1
Category:	downloaded
Size (bytes):	26228
Entropy (8bit):	7.98323449413518
Encrypted:	false
SSDEEP:	768:DBOEuz6T0146JY/J6unqhOYK0GJenzOoyo6:DBHuea4j/vnqo304enzUo6
MD5:	6DD4AD69D53830BDF5232A13482BD50D
SHA1:	6FFF1079D7E5D02A2259CB5D7833E790239E01CF
SHA-256:	5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
SHA-512:	FC91E8C4EAE384D38667E330C5A5E4BF82EBAC9A23AB88439D7C22CCDD125DE7F1371DD953F18DEE60EF68B680DF49A32F684157D90F20E1DAC3BFFC9DF84118
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:	wOFF......ft.......`........................GDEF.......\.......RGPOS.......#..+..P.LGSUB................OS/2.......U...`h...cmap...........~n..cvt .......y........fpgm...$.......uo..gasp................glyf......=...m..N..head..Z....6...6..'.hhea..[.... ...$.0.6hmtx..[<.........})9loca..]....z.....&..maxp..`p... ... .>..name..`........r.i6Ppost..a<........O...prep..e....p..... ..x.U....Q.F..=#.`ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z.......%......033333333...e....r......U..u.r.....sV..Z..^..c..>v..p7.x...w.i...Y.....X...N<.k...0...kc];.u......4.j...@....y."......,....#.;..........9...1....q..b..c...{....i2.H..g..:.....du.FX.].w3...{y...G....E.....~..RdX.\|.\..U.^.x!....e.\|.:.RX.Wxg....&.5....2n.Q...5.{..2....Ia.Vb%....:.Yn..QI.Z...x..Z.6..?........G..W.^#.e..#\|l2p.S+.?'.<E..<....M.H..".>..d....>n%.(..."....<"........U/z.%..=...Le.cL3.4..4..znxgX!JD%.....s....&.a..z1._....O+..g.dm.?.9Vj.1...B...8..S........ ._.E.... .[#_..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19936, version 1.1
Category:	downloaded
Size (bytes):	19936
Entropy (8bit):	7.969635209849544
Encrypted:	false
SSDEEP:	384:mvNCb8Eb+tS9nAIRMeC4J4h4Il7xtUOTCBGt+GXn/TUnOPgdGRhBg9r:Y4zbwTiMedJNIhkGbXn/TUnS+2hS9r
MD5:	E9DBBE8A693DD275C16D32FEB101F1C1
SHA1:	B99D87E2F031FB4E6986A747E36679CB9BC6BD01
SHA-256:	48433679240732ED1A9B98E195A75785607795037757E3571FF91878A20A93B2
SHA-512:	D1403EF7D11C1BA08F1AE58B96579F175F8DD6A99045B1E8DB51999FB6060E0794CFDE16BFE4F73155339375AB126269BC3A835CC6788EA4C1516012B1465E75
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1MmgVxIIzQ.woff
Preview:	wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`s.#.cmap...........L....cvt .......H...H.2..fpgm.......3...._...gasp...0............glyf...<..;...n..e..hdmx..G<...i........head..G....6...6.G..hhea..G........$...`hmtx..H....M.....Wd^loca..JP............maxp..L,... ... ....name..LL.......x..9.post..M ....... .m.dprep..M4........+6.x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RecoverAccount[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	1584501
Entropy (8bit):	5.830638861743387
Encrypted:	false
SSDEEP:	12288:lB23RmovafgjTE+L6d5hVN06G+ZpHlAL30lmdSFwzO6xr:lqFva4jTED5hB8k4YSy4
MD5:	196DCE1443E7845967984405F0E01800
SHA1:	617BCFA6941AA66ADE3F6D5302236C1B9455B3E8
SHA-256:	D379B68DDA250C18B43CF00E8EEC7C0FD5B5514B95A9BF296722FEF8A4787149
SHA-512:	B101CD460873DEB42E64E2BA6A77118195F800A990C3087D1AC0E75E4C4089BA925FE14BF9E8FD14DB64CA6E6F7A9362025095C9906A673F7360EE3DABBF3725
Malicious:	false
Reputation:	low
Preview:	<!doctype html><html lang="en-GB" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="iUk5JhDXTA8lD3MKgsGxBw">window.WIZ_global_data = {"Mo6CHc":-3529726924201059679,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUWNLPHms65l9IGkBL_Vfhg9bCadFw:1611080682645\"]\n","Qzxixc":"S436361241:1611080682628966","thykhd":"AKH95et3tcwk-kDT8CSA-6krWAqDOdAuHpEPdt31riqt74D3u6B8a7r5VWedmQsrTtDkBtp2D6L7uOjieMeYFgi80SCLQJgkl6qkbzqKyD2KxjLIgA930RM\u003d","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/signin/recovery?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&service=lso&am

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\accounts[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	239
Entropy (8bit):	5.232747732712163
Encrypted:	false
SSDEEP:	3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DGCBLCRvisQf:wRkrQWR0iYBtqWt2aSyu5BLCRiRav3oP
MD5:	1E8D7E0C04B462F1E22CA8FB6890A164
SHA1:	EF1049F34658F54C829451C860C74322987C7970
SHA-256:	5A97BF668A1C1916C2528CD3CF3AA78655427F153667554CB551C52CEF5B5DA9
SHA-512:	4BEAB0D6B6CF243CE19F440E66B74650DFC3301D7C18693AE213F4988634CA8DC581F4E7FA0EC49055C1BE46EF269CE107B9F09BA8B024C7BA59407CA0B6EEDF
Malicious:	false
Reputation:	low
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://support.google.com/accounts/?hl=en">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	dropped
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/bullet.png
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\googleapis.proxy[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12541
Entropy (8bit):	5.459023740910877
Encrypted:	false
SSDEEP:	192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sczlq:83pw9dk9JO1UkwmR0+Scxq
MD5:	EAD66A4F95FC1DFBD7EE3CE7A9910671
SHA1:	CCE744DB65F2ADAE41E5D78455B05A25F36E8A91
SHA-256:	312491CFD953CACD6AEECE884F3FB5CE07A3F607F22EB1A22321A83D1C7D8D77
SHA-512:	872FC6A547BFEC2B3746409D46C1C77D62BB6855C40E0E9CA8B86EE0FF893E9E7283170F0B24EE46822DD3BF7D93F148E20A76F79D2A9ABEDADE180E689DB4A6
Malicious:	false
Reputation:	low
IE Cache URL:	https://apis.google.com/js/googleapis.proxy.js?onload=startup
Preview:	var gapi=window.gapi=window.gapi\|\|{};gapi._bs=new Date().getTime();(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var g=this\|\|self,h=function(a){return a};/. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]\|\|c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].&\|[#])jsh=([^&#])/g,d=/([?#].&\|[?#])jsh=([^&#])/g;if(a=a&&(c.exec(a)\|\|d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\homepage_header_background_v2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	60408
Entropy (8bit):	4.746090328799968
Encrypted:	false
SSDEEP:	768:fctDxhgZqb0HZb0HEuZ5V2KKCICtvlc54WA+Vw4G4Fw0RToTQTQDbx4r/MT4gohL:fesZvo2KKVmp29bFhTOG2T4go+9nK8Hm
MD5:	A371D1ADD8D95D9A5AC0222DBFC707DA
SHA1:	B273236FC088B58AEC5BE2E7CD642E290C31CBF3
SHA-256:	0A11003900B5593A71CFAB463C2A5E7D2588B251F697EAE8B64946F4D178FE54
SHA-512:	1C4FC0A64E927A073713435830F9D3044894FFDAF30E6966B28D1F3757D564D6E9124F632EB0B61EA41947973FCB28C82F98696E021A8A827FB96E2FF0D27ACD
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/support/content/images/static/homepage_header_background_v2.svg
Preview:	<svg width="1280" height="307" viewBox="0 0 1280 307" fill="none" xmlns="http://www.w3.org/2000/svg">.<circle cx="1121.01" cy="217.239" r="27.6618" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.58 204.281V292.049" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.58 223.588L1130.88 213.286" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.39 233.491L1113.06 226.163" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.39 217.429L1113.06 210.102" stroke="#D4E1F3" stroke-linecap="round"/>.<circle cx="1132.29" cy="223.588" r="1.69704" stroke="#D4E1F3" stroke-linecap="round"/>.<circle cx="1104.71" cy="210.101" r="1.69704" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1101.26 297.3C1104.15 291.738 1110.46 288.868 1116.55 290.35C1122.63 291.832 1126.92 297.283 1126.93 303.549" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1087.8 303.549C1087.7 300.666 1089.18 297.957 1091.66 296.486C1094.14 295.014 1097.23 295.014 1099.71 296.486C1102.19 297.957 1103

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	24210
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	384:xPini/i+1Btvjy815ZVUwiki3ayimi5eqBG1fm304Pini/i+1Btvjy815ZVUwik5:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y8d
MD5:	7B6C8BD51E49F7F56E2B21311D0EA59B
SHA1:	EDB0F7D21BCEC6C48DEDC14E9ED41383740BAE37
SHA-256:	620BD33A4E0358498D9429FE2DBA00F85A86D6059FA796B482E2A9F6B0794F2D
SHA-512:	DD1D524872EE165D230BE5B3872DEE108B806AB684AACFA955F07B7A87C1ACA63FA3B59210442E1E3C9A2D33409583E0AC3B1A6A0D4EB91BBEEF62D311FD1BC4
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\lazy.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	71698
Entropy (8bit):	5.465668355673036
Encrypted:	false
SSDEEP:	1536:i2lEN2Jg7EIeoBEm/ql4kA2frXYGmuEFGF:+NdrDCrK8
MD5:	9D9AC0AD1B3B38591CCE6E8DFD896BBC
SHA1:	E95072A3D641C9F6A911D9D8EAC0ECAE61D78CCD
SHA-256:	FA21FA76AC81D9A1343FEB798EE495A9F5A346A2FAE52EB5FDEC18F0A91D4A9F
SHA-512:	2B00674B335C65717A619D5127EB4FC89599387DDA0D8C39706BD2D78CB5632DDBC42CB0A3869A9CB9EE377E3B631B87EC7098991312C93B9454A4624695BC22
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},p=ca(this),t=function(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.t("Symbol",function(a){if(a)return a;var b=function(e,f){this.Ub=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo_strip_2x[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 420 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10297
Entropy (8bit):	7.959803431515787
Encrypted:	false
SSDEEP:	192:Jc3vJuA6bFGLfQpJqq8vFCMF3CDpb9b44NYvCad/AseacXV3Hq/:S3vJufDp89Chbk44/LexV3y
MD5:	F5C7A81C8350C4DB461888DDF32C47C8
SHA1:	933B27BF5B46743ACCFA60C84EC7F22A2AFDF45D
SHA-256:	B2D3305551055E5D28AEA38F218EE6FF6006AFB8C80CC4F206A206BCB758DF7C
SHA-512:	B7871F81BAA92FEE2B9B614CB2B455E8A4772CF3D0184E600A8074CAEFD309B0BCF0238A84EB1542EA3F7A1DA7325AF39E6E56B12D81CAA72FEBDEEDCEAF8A44
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
Preview:	.PNG........IHDR....... .....]..O..(.IDATx....d...y...}....>.K.x..@...q.d......_<A.wY....ap....i.........>...dv"]d..o.s.n3C..s..w\.{.cX...!..."D..T.2.M.P!... T..VR].!.T(....x.O..o..7n?3U..r......a.Xl..-H.}9[..r.w...[...u.,u...X......E...f.h....Z...A...E..k..1I......N`.p./...s0S..jA.E.p..Fk..U..5sE..~.jl.:UP..9....K.{?@7o....=.....x..}..C.....P,8.-...WR..NC.4...x.:..........C........h.........}..&.....)p..h....e..P.GU..U...P.t...F..E..JL....=.._...g.....$v.........a.{...Gs9@.....8.:e.....cc.o..hs..U..H..".......y...?..0.....X...(....(.ZU.T./..q.3./?.........\...P...kI.......5.O......^.).-.Bf....J..........g%$8'.....V...H..T.t.v....@u..pN....".A..Q&...Qk...b.....i..P...e4.;...>......u7.p4...z[...@q...2...1..!..y..I..B...}.^.T..h..@<.....(&...%........H.=.k.o.M......o....-..$..j+Q@.h$.P.%.J.....:z.Hg..q.1..#..V-...\|U.....\r.3kN.vR....47.....Xk`q..R....S.5.]....Z.?=ew...:.~"....:..`H...0....0F....>.P._J.d.I....R~.y...ld....S.M..0.P.w'...?.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	14968
Entropy (8bit):	5.587314380291293
Encrypted:	false
SSDEEP:	192:zpTmjh9lX7GTIiRxBWPd8hQjTGYXW+1mcYhdoydID766RdI/azhAtezTURI1l4jb:zpTmjpIMThrmvdoydID26HqEg8y7kQ
MD5:	45BA773E21E145A5690F896365BDF5A2
SHA1:	703532E80D79F42CB9D8145E27DC3380CBCFF5A7
SHA-256:	4F26A5B7DB1D42F54F15B2A14D373C9CE1C50E5AB73D40D27B362654639671FD
SHA-512:	52006BC0476E2CB13A5D02756971D03147288D8058AE89412834C1B8629FA29D9A53B4BED8951996485FC139FB8460EAB21457C8687A0093A9BD73DAC8564CCD
Malicious:	false
Reputation:	low
Preview:	this._G=this._G\|\|{};(function(_){var window=this;.try{._.k("sy1a");._.pS=function(){return"Try another way"};_.qS=function(){return"Enter code"};.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1b");._.rS=function(){return(0,_.D)("Account recovery")};_.sS=function(){return"Verify that it's you"};.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1c");._.T5a=function(a){a=a\|\|{};return _.S5a(a)};_.S5a=function(a){a=a\|\|{};return _.wt(a.qn,1)?"Enter your password":"Enter a password"};_.H("Db","",0,function(){return"Wrong password. Try again or click Forgot password to reset it."});_.H("Eb","",0,function(){return"Forgot password?"});.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1e");._.tS=function(a,b){a=a.oa&&(a.oa.ha\|\|a.oa);var c=b.locale;b="";var d=c=_.xt(_.vt("en,en-US,"),c+",");d&&(d=a.tb(),d=_.G(null==d?null:d.getGivenName()));!d&&(d=!c)&&(d=a.tb(),d=_.G(null==d?null:d.Qc()));return b=d?b+(c?"Hi "+a.tb().getGivenName():""+a.tb().Qc()):b+"Welcome"};.._.l();..}catch(e){_._D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=sym,i5dxUd,RAnnUd,syj,syk,uu7UOe,soHxf[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	19178
Entropy (8bit):	5.634813585677532
Encrypted:	false
SSDEEP:	384:7AiAvATOgNHm05h919g1iL/URBo6v27KuBzSkM9vjZ4IBcWkm:8vYagDo0/LIvjZ4IBDt
MD5:	D51A77322325229021AE01E2CE29BBA3
SHA1:	E4C27F5DB83F934609B1A03AA70894482F93BEF1
SHA-256:	CEB964DEF8E3425D83AC4C8ADBD5306A90BE75341D67D48DB8F96D013E0FE2C7
SHA-512:	5A3A4EF4B92565B30B246EDEA81C5691F99D97CF2051331D391BF1348B6DE39D850190F95E2A38A78FAAA05274C6D5E6EEADC7D716C9052679EB1142BD7D233F
Malicious:	false
Reputation:	low
Preview:	this._G=this._G\|\|{};(function(_){var window=this;.try{._.k("sym");./*.. Copyright 2016 Google Inc... Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. LIABILITY, WHETHER IN AN ACTIO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\operatorParams[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1367
Entropy (8bit):	4.84532271755884
Encrypted:	false
SSDEEP:	24:D76bBS1FvVdG4xp9kfW/rgk4oV4oRCSRv/4QBEwrlcKmlQFHMhfY0ypgkvVvR7RB:H8cNA4xpKi8Pe4aCA34EE6cfAsG42pRZ
MD5:	629608E48B4375F47870FC82BE667C3E
SHA1:	48227C3C637CB47B5C7B87390532DAACAB1641E3
SHA-256:	7F3EED13058A7CA4BB171775597C22873053C53A3888DF1926CA4F27388B07C6
SHA-512:	F23BC768AE8109BA8CEF773A8F99889899DDFB85553C9812F7242DEA6CC333D8615C91F21F39CA6F006CDEFCB02F0842A5A8204BE8754D99A8480AC2C38A273A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/support/realtime/operatorParams
Preview:	{. "operatorDeferredUrl": "https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base.js",. "eagerLoadHostnamePattern": "((https://www\\.google\\.com/express)\|((adwords\|campaignmanager\|support\|support-content-staging.sandbox\|business\|fi\|.+\\.corp)\\.google\\.))",. "eagerLoadHostnameFlags": "i",. "cbfVersion": 1610960497650,. "experiments": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment": true,. "enable_chat_attachment_percentage": 100,. "enable_desktop_screenshare_email_fallback": false,. "enable_emojis": true,. "enable_youtube_specific_endpoints": true,. "mole_show_survey_url_percentage": 100,. "mole_skin_version": 2,. "operatordeferred_report_rpc_events_percentage": 10,. "screenshare_skin_version": 3. },. "settings": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment":

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\so[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47151
Entropy (8bit):	5.7264567508381505
Encrypted:	false
SSDEEP:	768:HBjt/d9SvRug3PM0jcyknoVYnlo5NjQPFJ/N4g5SmIyfq1g3v1AzyK:h3aMZno2na5N21+yfq1gf1AzyK
MD5:	C3FB4861E4C1BFBB0B065CA6765B5459
SHA1:	DB032B245C6E06869995986F80C214F4868F6FE4
SHA-256:	1C86AD11C01F85DF7980B1EB5D2374B0ABEFC43889609E92389BD6A61D4FAD9B
SHA-512:	EF4BC6DA10C5E1ACEB1DAB16C3219F872565B57B5C003D8FCE7B055273EAF76937108D6CBC587F77C84A304CF13EEB4544E95D722A0C446133FB0D20D467FBCE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fsupport.google.com&cn=app&pid=117&spid=117&hl=en
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="2hLgQwawvcWt93e+Y1dJUQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"944090879679231378","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1611080691894347,179610957,2281898475]\n","ZwjLXe":117,"cfb2h":"boq_onegooglehttpserver_20210112.01_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://support.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"OneGo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\unnamed[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3279
Entropy (8bit):	7.715641786855708
Encrypted:	false
SSDEEP:	48:yqQvnLtkzdjmJJ3hAk+dJa9XrVmdGeNXCZ4o6w+Zv4lUWVV4c/952ql7mHiGJ4JU:7Q89mek+dJjnXno/++WSx1Vc/KWoxO/
MD5:	039E5B669C976EAA7569F9FA8ED813BE
SHA1:	1B5E33D16FC2A26B9318DFEAD0FEC938C5A0C98F
SHA-256:	265FE691B1687E0D18A34D33B5958C1A72E4CCB7D90BF3C70311B6DD4BAE13B6
SHA-512:	D9E8934419FC9E0A34CCDE0EEE3D8BC5435A95C4A72D50F9F8F1B3063C54AC6DB97E30B68ED8CD8CB37B5B73AD7400DC6585864E349B0893210B6152F08485D3
Malicious:	false
Reputation:	low
IE Cache URL:	https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
Preview:	.PNG........IHDR...H...H.....U.G....tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:0180117407206811822ABF5C578297F4" xmpMM:DocumentID="xmp.did:FAD30A79931D11E290ACA48D7B31C326" xmpMM:InstanceID="xmp.iid:FAD30A78931D11E290ACA48D7B31C326" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0180117407206811822ABF5C578297F4" stRef:documentID="xmp.did:0180117407206811822ABF5C578297F4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*.P=....IDATx..[l....?J.....4.l'..Rb..f]..-.(Z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2801455510-postmessagerelay[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	9879
Entropy (8bit):	5.579296703325767
Encrypted:	false
SSDEEP:	192:1TyJwMuoQ7zM1ueeFWLCivp3YiIJ1MfWXxPKPo5ulhIEkvwt:1TowMuoQ7zM1yC3ZIJvBiPKWaot
MD5:	F2BD1D2E00DEDBD451AA5003CEDF69CC
SHA1:	1A368F9C023F244F6DE111C8E213F47ACEC891E5
SHA-256:	0B38E24497A006357613322357AF9D5D3CD270F8498A1E78D773620F0910C6E6
SHA-512:	0E076191531E579AF4BD941F5B09579D05097456ACC9294FD29AF730345D262503F9685A9DA6D19874F120DC3E3A72E34D43FB305D287C9F90CAF1534CFFE5ED
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m=this\|\|self,w=function(a,b){a=a.split(".");var c=m;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var e;a.length&&(e=a.shift());)a.length\|\|void 0===b?c=c[e]&&c[e]!==Object.prototype[e]?c[e]:c[e]={}:c[e]=b},x=function(a,b){function c(){}c.prototype=b.prototype;a.A=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.v=function(e,d,h){for(var l=Array(arguments.length-2),n=2;n<arguments.length;n++)l[n-2]=arguments[n];return b.prototype[d].apply(e,l)}};function y(a){if(Error.captureStackTrace)Error.captureStackTrace(this,y);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}x(y,Error);y.prototype.name="CustomError";var z=function(a,b){a=a.split("%s");for(var c="",e=a.length-1,d=0;d<e;d++)c+=a[d]+(d<b.length?b[d]:"%s");y.call(this,c+a[e])};x(z,y);z.prototype.name="AssertionError";var B=function(a,b,c){if(!a){var e="Assertion failed";if(b){e+=": "+b;var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26464, version 1.1
Category:	downloaded
Size (bytes):	26464
Entropy (8bit):	7.981932066790926
Encrypted:	false
SSDEEP:	768:OIYb4Auz6mM1gBEL1WuL1BU91c6HJ8Y4mAS:OI84AueNmwHpBU91qY4m7
MD5:	08F80DE0ACF68D82AABAB974A47D9E5F
SHA1:	E6F1C0F5395A9C297AA162468961C1FAF0EC1ED9
SHA-256:	4070911A1BB9CC52C4E4CD5E85CA186DCDE89308A0517A8FAA4715C2E0A9D45E
SHA-512:	720DE47FDDA648AF7CE5F3F574EFA3322191C4D0001E31181739D65FFE0CCECED56635AF58E5E828072A17EEE1ED1E318AF467B8ED7F4185EE0F5155501CD8D0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
Preview:	wOFF......g`.......d........................GDEF.......q........GPOS.......$..+..K.MGSUB................OS/2.......U...`i`..cmap...........~n..cvt ................fpgm...T.......uo..gasp................glyf...(..>W..mNU!.)head..[....6...6..'.hhea..[.... ...$...4hmtx..[..........1'jloca..^....~......t.maxp..a.... ... ....name..a4.......V..4.post..a.........O...prep..e........^....x.D...Q...3..I.=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....i...x..Z...6.=r...............q`.>....m.....fy.g..y4N...tAg.."KWWW.j.....8...n.3..:..1....9.+.}...b]....0..6V..).G.r........N...,R(.o.t.LU....;.{.l.y....i..w.{F..;p'.....,.........:3...\|..,.`pGPAV.?....q!......=.(cn.'<......sK_...]..U.W.......b....E\|.o..Jp.n.uX....J.q'SFy...l..Cd..XZ..RP...#.w...C)..s../..D..1.G...Sx...e.....x.o.mJ...~./L..r...Y..sD./.......>$R`..&.v......D..w.). .f.Y."<..V/.zQ{.8./...X................B..Jp#%.7.e>+L.Q.1..hd..k._...f..u....+....Q...N..\|....$Lv.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\CheckConnection[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	63420
Entropy (8bit):	5.4418442733879075
Encrypted:	false
SSDEEP:	768:GHWnpYYHbeVnHJptuJ78L4mSgy++HWnpYYHbeVnHJptuJ78L4mSgy+2:kK97eVHxuc4m7yPK97eVHxuc4m7yb
MD5:	B53B728A7CD046B5F599A0FD63EDE707
SHA1:	5554DE0DE3911BD292A7208851840C9DEB10A5E5
SHA-256:	0A417151BE2ED40C81B974BBF0B48369D2DF26753EFF88497F15DD673DD27236
SHA-512:	7857DE22B388E7BB68C0F7981DAF4973666F60B36B5E9A139B5470F13908C99413663063B2BD1B8FA6EF4E090618A127901F22D7A9B89B3DF607B7D1383365EB
Malicious:	false
Reputation:	low
Preview:	<html><head><script nonce="h6eiGOBliO4lGidfv0YD3w">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var k=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,k);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))},aa=function(a,b){a:{for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"===typeof a?a.charAt(b):a[b]},ca=function(a,b){b=ba(a,b);var c;(c=0<=b)&&Array.prototype.splice.call(a,b,1);return c},da=function(a){l(a)},ha=function(){var a={};a.location=document.location.toString();.if(ea())try{a["top.location"]=top.location.toString()}catch(c){a["top.location"]="[external]"}else a["top.location"]="[external]";for(var b in fa)try{a[b]=fa[b].call()}catch(c){a[b]="[error] "+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/ErrorPageTemplate.css
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19916, version 1.1
Category:	downloaded
Size (bytes):	19916
Entropy (8bit):	7.96782347282656
Encrypted:	false
SSDEEP:	384:JiNCb8EbT1rG/3rjJmQ8uLc5ZiRE5HWSiPTI45tKVr6+F7gLLdz:k4zbM3rjEQ8uQPiRERWSGIWtKVrWJ
MD5:	A1471D1D6431C893582A5F6A250DB3F9
SHA1:	FF5673D89E6C2893D24C87BC9786C632290E150E
SHA-256:	3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
SHA-512:	37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:	wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`t.#.cmap...........L....cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..:...j...w.hdmx..F....d........head..GD...6...6.Y.ihhea..G\|.......$...vhmtx..G....k.....\].loca..J.........g.L.maxp..K.... ... ...\name..L........\|..9.post..L........ .m.dprep..L........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19824, version 1.1
Category:	downloaded
Size (bytes):	19824
Entropy (8bit):	7.970306766642997
Encrypted:	false
SSDEEP:	384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
MD5:	BAFB105BAEB22D965C70FE52BA6B49D9
SHA1:	934014CC9BBE5883542BE756B3146C05844B254F
SHA-256:	1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512:	85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...\|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..\|.\|..\|..\|..\|.\|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KT0S08Y7.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	59096
Entropy (8bit):	5.7855139115319165
Encrypted:	false
SSDEEP:	768:aesg9rbjATtj/x3+iTugpTsJaPgAM6JYz3qhygKiDjTJ3QhNSUV1ZNz:XrH+tj//TuVG293qhUit38
MD5:	7B56630D5EFC2AAAE111E1F282370FB4
SHA1:	FDF36D2A6DE5CC5F159C8848B4C442853BD7C691
SHA-256:	760CEE6AF5C228A7E6520AB925238C6BD26302EC3FEE83B061F71FB9B8D0DB28
SHA-512:	8EF534DE077DF01FEC49B4F4D4D30E3964E83D3D815CE84A717660D0307821316BD5F02B2F0E28565FDBCA79800E27E6666F72A321C6EE05E237147181EEE28F
Malicious:	false
Reputation:	low
IE Cache URL:	http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Preview:	.<!DOCTYPE html>.<html lang="en">. <head>. <script>(function(){function e(a){this.t={};this.tick=function(a,c,b){var d=void 0!=b?b:(new Date).getTime();this.t[a]=[d,c];if(void 0==b)try{window.console.timeStamp("CSI/"+a)}catch(e){}};this.tick("start",null,a)}var a;window.performance&&(a=window.performance.timing);var f=a?new e(a.responseStart):new e;window.jstiming={Timer:e,load:f};if(a){var c=a.navigationStart,d=a.responseStart;0<c&&d>=c&&(window.jstiming.srt=d-c)}if(a){var b=window.jstiming.load;0<c&&d>=c&&(b.tick("_wtsrt",void 0,c),b.tick("wtsrt_",."_wtsrt",d),b.tick("tbsd_","wtsrt_"))}try{a=null,window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),b&&0<c&&(b.tick("_tbnd",void 0,window.chrome.csi().startE),b.tick("tbnd_","_tbnd",c))),null==a&&window.gtbExternal&&(a=window.gtbExternal.pageT()),null==a&&window.external&&(a=window.external.pageT,b&&0<c&&(b.tick("_tbnd",void 0,window.external.startE),b.tick("tbnd_","_tbnd",c))),a&&(window.jstiming.pt=a)}catch(g){}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\accounts[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	707389
Entropy (8bit):	5.631367740600935
Encrypted:	false
SSDEEP:	6144:GDUgUm8/SilBvU5Y82KXSYKg+q1qtdOnNr2sKE77bT0KXupCWIuUFgsS:3SilBv6iYctDOnfKE77bT0K+pC/FgT
MD5:	8EAAAE12424679F4F2E8C75C1D750A40
SHA1:	BFA27875224591B78E67595C78BF5A9EF119BA5A
SHA-256:	FEA78937D684D9D2833D9CA8B1CAEBBD7D8FBC73BE3671137B1C794011B5B8A3
SHA-512:	07830D1BDEFFB2370C3BAFA1A3E3547FE1732C416F07BB225C7F3007C632B36EC279FBF133485187C97ED74DC9DD11035C17209ADDFA2963D47BF8C7241949CF
Malicious:	false
Reputation:	low
IE Cache URL:	https://support.google.com/accounts/?hl=en
Preview:	<!doctype html><html class="hcfe" data-page-type="HOMEPAGE" lang="en"><head><title>Google Account Help</title><meta content="email=no" name="format-detection"><meta content="follow,index" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="Official Google Account Help Center where you can find tips and tutorials on using Google Account and other answers to frequently asked questions." name="description"><link href="https://support.google.com/accounts/?hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cb=gapi[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	213220
Entropy (8bit):	5.518438460669518
Encrypted:	false
SSDEEP:	3072:pUnq59U3zzVB2UM8aLCLLbJlco3/TqOJPKB/FL6+LClcL2JDBJt4yU8JMPGBNnX:pOZzlL3JupF2+acaVBJt4ytJMPGBNnX
MD5:	68F7670315C465CF9017576197206812
SHA1:	1A1544DB510EBB9A571A99F6232F603492C31C4A
SHA-256:	5CD7BB98D47F6001973B383BC2C43913D2606F8AD3FACE658A51FBFF4D7C0EC8
SHA-512:	3998CA94E911D8DFE6DE57E5290985BD315EB4919B13CD2B7DA2DA86452C21A1C66A9167FC90C5EF2D50761EA904540761B3579C833FE31F94B13BBC9D02B40E
Malicious:	false
Reputation:	low
Preview:	/* JS / gapi.loaded_1(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var Rx=function(){};Rx.prototype.VD=null;Rx.prototype.getOptions=function(){var a;(a=this.VD)\|\|(a={},_.Sx(this)&&(a[0]=!0,a[1]=!0),a=this.VD=a);return a};.var Ux;Ux=function(){};_.O(Ux,Rx);_.Sx=function(a){if(!a.WG&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.WG=d}catch(e){}}throw Error("la");}return a.WG};_.Tx=new Ux;.._.Le=_.Le\|\|{};.(function(){function a(c,d){return String.fromCharCode(d)}var b={0:!1,10:!0,13:!0,34:!0,39:!0,60:!0,62:!0,92:!0,8232:!0,8233:!0,65282:!0,65287:!0,65308:!0,65310:!0,65340:!0};_.Le.escape=function(c,d){if(c){if("string"===typeof c)return _.Le.escapeString(c);if("Array"===typeof c){var e=0;for(d=c.length;e<d;++e)c[e]=_.Le.escape(c[e])}else if("o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cb=gapi[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	63996
Entropy (8bit):	5.575641152056994
Encrypted:	false
SSDEEP:	1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WgU3zKXRF1OVxKRNc/VC:pK4ye0RkgU3zKXRG4
MD5:	325C4FA4DF8F45F58DAF1D5FE8FBC10D
SHA1:	D8F614488C718BD543B2A2BDF77893E1E593395B
SHA-256:	5E020E137CC87D25C4F921F1BAC926B28B9D98C4E916A685F636DA792B8F2DF0
SHA-512:	BD32609868C0F47259FD8F28476B18A5B707497D1ED92C61C279C00FCA9367037B0D7DC4FB1FFF1A8D21FCEC9C593EC0BAB564FE831FA61AB65FDBA6F569B44E
Malicious:	false
Reputation:	low
IE Cache URL:	https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.L7mys-cL6BM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg/cb=gapi.loaded_0
Preview:	/* JS / gapi.loaded_0(function(_){var window=this;./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http_404[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	6495
Entropy (8bit):	3.8998802417135856
Encrypted:	false
SSDEEP:	48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
MD5:	F65C729DC2D457B7A1093813F1253192
SHA1:	5006C9B50108CF582BE308411B157574E5A893FC
SHA-256:	B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
SHA-512:	717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18668, version 1.1
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.969106009002288
Encrypted:	false
SSDEEP:	384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
MD5:	A7622F60C56DDD5301549A786B54E6E6
SHA1:	D55574524345932DB3968C675E1AEA08C68A456F
SHA-256:	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512:	1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
Preview:	wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....\|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFVZ0d[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 40068, version 1.1
Category:	downloaded
Size (bytes):	40068
Entropy (8bit):	7.986363416256898
Encrypted:	false
SSDEEP:	768:SZjhV5AtCnIR51aT0aCfvoIypmLL5V+VQLwv0JR9D2juelmPrldaC+Qac7:S5r5KRnECf6aL5V+VQLtmk4QaC
MD5:	3ABA54A73723BD3E90CB74D603687CCD
SHA1:	2C3D597CD36CA5856587C8482557B07DD8633329
SHA-256:	A94234B7387BC4E9FA7B73DEDD34E5CC1189A28D526F4DADDECD1C9AB7B86840
SHA-512:	78F4E6514CD81CECC898D151B31B691122715D0239A47AB5D53ACA4F45FC1707DDD8464543D523E355DC1C19FF257C14DF4490D0938518D02BA35AECD72482B6
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
Preview:	wOFF..............`.........................GPOS..........<.?..GSUB...........l..ROS/2.......V...`h...cmap...l...<....T.S$cvt .......g...l...wfpgm...........a.A..gasp...............!glyf......Wm.......Nhdmx..i...(...O.....head...p...6...6..N{hhea....... ...$...Uhmtx.......x......+.loca...@...\...\y"..maxp....... ... .J..name...........,+.I.post............]/1.prep..............oNx.d..G.Q.....5.....n. ....d..d..p..o.........Q.....o..y~.....<..0 ....h..'c..d8.;.N'.....@...._.........LC.@.v......:.<.....r~.c....i..&.C.!Gt.x.jF...r....K...R}H@G.la./i.#..C./Q....pl+..\..$..o.....Hm\......Z..t.".S..-....p..W\...9..a\|IH...9..c.s,.<88dI...%&GD.4..$D$D$.w;.=..%.4N6N].R...V>..O...0q.D$.Ow.HP....7!..v..7.%#.#...;...&?a.W..\oS....P..t+T..........+.K...,.V..h.D.'t......qW......,.e1.n.......}.....G...q..b>.(........#.....#Z./?0~FZ.5...O.".d4.'..\|.ki..G...G.......Sv.w.@.qs`G@K.&.G..yk.......z.2.zB3.g....Mo.......E9..2lq...~H.B\.H..8...&..../.4.k..*6..]R.;.X..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\red_x[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4692
Entropy (8bit):	7.929034471918412
Encrypted:	false
SSDEEP:	96:Sn/2mON/mv8Z7QuHy9TZhjR0ZmegAmURrkxeDlOyMX:SnO8i7QhVTvUbDlq
MD5:	5F3C13A459A72438E42B2289C7AF2034
SHA1:	F43551BE102CD1EB0B2E87DC24F980720194A56B
SHA-256:	A7A63CA1370CD6FC3470FA81BB1DCB21BCE31B0048A36E5BCE8914EEB88DAAB1
SHA-512:	14E82E281DC91ED57EAB780279D167413185DB3FA7BE49FBDB4942888E7F4E30B1A0536B269258FB8C3975BCF2BC189B51AAC4F70BF44887BC17506DF6ECB507
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/red_x.png
Preview:	.PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.G..d;c..8.`........3.....2"Qq.g@.0.aK.I.V.R{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$..I..0. m).8'..P..h..k@...]..C..{.L..qm9...W_.yX.....@.Kh..7/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.\|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\related_item_external_avatar[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 80 x 80, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2577
Entropy (8bit):	7.781446647389294
Encrypted:	false
SSDEEP:	48:hIClmS5juJIIPoy8mJgii5Je64GRWEcaGuFAHvUu3olwHCMtToF3PNxXPqoE:hIQj5jLIwXmJIasRXGhPywHo19P5E
MD5:	DBB859BB594B6AB827C4A148D9343720
SHA1:	BD7E94CCCAEB4B244E0D6A333450013F35FCC817
SHA-256:	679EC39C5CCB27D18357D6E23DE0DFA22D07ED435B09E85F7003FFC3870150D4
SHA-512:	9EA39C37EA3A6395B7E9CD63DA3BAAD1F2585B9BAB598D73B5FEBC7399B8532AC8FE57ED2E77537F9D7E689CE8CC289E20D29060023CD2AAD7ADFF4E03944C71
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/support/content/images/static/related_item_external_avatar.png
Preview:	.PNG........IHDR...P...P.............PLTE................F........?.......@..-..2..:..'.............4..............1..5..A................k..i..[.....I.........(..................T..3..9....!.....}......................%........t.......8..v..'..+.........................k.....x........S........S.........E...................................>..5............A..........G..Y.......&...............".....................@..%....................................................>.....(..`..:............C..O..1..9..........s..M........m...........?..V..2..a..e..j..&..$..:.......R..&....................4........(..... ..............B..9.....-.."..-../.....E..\..2....7.....0........<..I..<..!........$..*...........D..5........B...................................;.f.....tRNS.@..f....IDATx..eTTi......a...k.....6....( ..H.2 .5...42.H.!.....H.....;.;qa..........y.J<..=..+....)cL@..a-..N..u.w....2..H}..q......WD...<i.W.W_.}&5=...p..Q.....1.....\|..T....4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\rpc_shindig_random[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12539
Entropy (8bit):	5.458974573896238
Encrypted:	false
SSDEEP:	192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sczle:83pw9dk9JO1UUwmR0+Scxe
MD5:	DF813DA45C8AE692979B28CB1FD2F417
SHA1:	5E3E14691CDC1E7D9F8626D86D5695FB96BBB029
SHA-256:	ABE23E191DE0904E3B7FE3D486395162DD8B190EED41501AD53E870ED8BB9DD4
SHA-512:	D9AF5073957EF9D4E7F13CDEC08EB7CBE57FC1EBD0E940403187A706DADFA09C3069B2CA3272DC5313C865A9C0F24D690BBC563C612DD9F469248024AA097C1D
Malicious:	false
Reputation:	low
IE Cache URL:	https://apis.google.com/js/rpc:shindig_random.js?onload=init
Preview:	var gapi=window.gapi=window.gapi\|\|{};gapi._bs=new Date().getTime();(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var g=this\|\|self,h=function(a){return a};/. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]\|\|c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].&\|[#])jsh=([^&#])/g,d=/([?#].&\|[?#])jsh=([^&#])/g;if(a=a&&(c.exec(a)\|\|d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=

C:\Users\user\AppData\Local\Temp\~DF647CF66800DC8527.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	119517
Entropy (8bit):	2.428049920199029
Encrypted:	false
SSDEEP:	3072:z535a3rxKtdCKxdCK7CKphbCKtsCKeCKxCK:oKtdCKxdCK7CKphbCKtsCKeCKxCK
MD5:	4BED51E8B159BC20B50FC7A20C27CD04
SHA1:	A06EE0BA6FF1C6E08B8A4E849CCD485204C701FC
SHA-256:	98CFDEE57BB4036995D433AC91772FC2D6571CBDF70CCB55DD37F1CDA13B1664
SHA-512:	307AE29D676F31C5B91838403550408A491F9A18727B10EDAB629B4619F946D60109F50CEBCBE34A0147527954F75D1E2A8E9FAE014C0910EEB23E4750EE37A5
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC2B9C593EF906210.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4806895648472569
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loBF9loD9lWyqA+r+8:kBqoIkayqA+r+8
MD5:	346FBF14FEA0B2501ABB066F0E9B7F8C
SHA1:	773CC83B4B1FB29AF21FDF3E9FD6281A62BF7546
SHA-256:	BB50B7EC44F1455BCDAF60AEF10C5FAB9BD00C4DC3498F494236F8BC3DD056FB
SHA-512:	17BD637F5DDCB8DC14738593EDCF2E569F712BE79E3758BC746EEC68237987BE21D31F336C5B5E42A854F417228670473A84D7D7E1EEA4FBE55AF738C3DE4F45
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF706986C6B70957F.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.30166624613030074
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laANGi7O:kBqoxxJhHWSVSEabNO
MD5:	F9F4FD185E0B73F5BC3ADFD1A40846AE
SHA1:	C2BAD9FB39A546A633BC83E11A1335A99718547A
SHA-256:	F9D1EF110DEA6EAA6BEC37002D77C603AD1153D3AEAF85905CD94878568058E4
SHA-512:	017F91B75A7801A775F7A9D39CFC772CD52A2C2BE7E4DCDB43C978BD1D9E1F3A6D16618259106D2A1BBC35C31EB4AA6652AECAD3DD56B42EAF2D371FE92A27A9
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 114
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2021 19:24:50.211232901 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.211343050 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.251000881 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.251082897 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.251178026 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.251312017 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.264508963 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.265943050 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.304709911 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.305635929 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.311683893 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.311738014 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.311779976 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.311815023 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.311851025 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.311927080 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.311934948 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.311940908 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.312628984 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.312715054 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.312720060 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.312783003 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.312786102 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.312824965 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.312880039 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.312892914 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.322499037 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.322909117 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.323193073 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.348973036 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.362816095 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.362864017 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.362879992 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.363014936 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.363055944 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.363704920 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.363746881 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.363776922 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.363823891 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.363843918 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.363857031 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.363922119 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.389403105 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.389440060 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.389544964 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.541153908 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.544811964 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.545969009 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.546327114 CET	49736	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.582062960 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.582170963 CET	49737	443	192.168.2.3	216.58.212.129
Jan 19, 2021 19:24:50.586908102 CET	443	49736	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:50.591816902 CET	443	49737	216.58.212.129	192.168.2.3
Jan 19, 2021 19:24:51.415497065 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.417490959 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.463969946 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.464075089 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.464833975 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.465272903 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.465370893 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.465967894 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.513401031 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.513623953 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529325008 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529365063 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529427052 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529464006 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529464960 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529510975 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529519081 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529524088 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529618979 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529656887 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529676914 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529706001 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529731035 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529767036 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.529781103 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.529814005 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.536678076 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.539366007 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.539705038 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.540599108 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.540985107 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.584649086 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.584700108 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.584770918 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.584789991 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.585361004 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.586987019 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.587119102 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589257002 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589298964 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589334011 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589356899 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589446068 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589502096 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589524031 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589556932 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589576006 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589607954 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589636087 CET	443	49742	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.589682102 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589710951 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.589716911 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.590375900 CET	49742	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.591778994 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.591873884 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.592025042 CET	49743	443	192.168.2.3	216.58.206.33
Jan 19, 2021 19:24:51.638303995 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.640964985 CET	443	49743	216.58.206.33	192.168.2.3
Jan 19, 2021 19:24:51.642811060 CET	443	49742	216.58.206.33	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 19, 2021 19:24:22.434984922 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:22.498106003 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:23.549367905 CET	60152	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:23.666316032 CET	53	60152	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:23.989111900 CET	57544	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:24.005578995 CET	55984	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:24.053208113 CET	53	57544	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:24.077606916 CET	53	55984	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:24.388313055 CET	64185	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:24.449073076 CET	65110	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:24.455099106 CET	53	64185	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:24.506036997 CET	53	65110	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:38.933653116 CET	58361	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:38.990325928 CET	53	58361	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:39.906616926 CET	63492	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:39.968120098 CET	53	63492	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:40.189532042 CET	60831	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:40.240179062 CET	53	60831	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:41.336121082 CET	60100	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:41.386838913 CET	53	60100	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:42.364447117 CET	53195	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:42.430479050 CET	53	53195	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:45.274920940 CET	50141	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:45.325918913 CET	53	50141	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:45.645629883 CET	53023	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:45.693624973 CET	53	53023	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:45.704201937 CET	49563	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:45.760375977 CET	53	49563	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:46.444912910 CET	51352	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:46.501521111 CET	53	51352	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:47.303232908 CET	59349	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:47.351300955 CET	53	59349	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:47.373219967 CET	57084	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:47.421192884 CET	53	57084	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:48.338321924 CET	58823	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:48.386138916 CET	53	58823	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:49.097871065 CET	57568	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:49.162067890 CET	53	57568	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:50.072705030 CET	50540	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:50.075674057 CET	54366	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:50.123742104 CET	53	50540	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:50.123790979 CET	53	54366	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:50.313930035 CET	53034	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:50.370138884 CET	53	53034	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.034282923 CET	57762	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.098838091 CET	53	57762	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.348589897 CET	55435	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.396251917 CET	50713	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.413443089 CET	53	55435	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.420033932 CET	56132	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.447017908 CET	53	50713	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.479698896 CET	53	56132	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.640685081 CET	58987	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.704756021 CET	53	58987	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.731929064 CET	56579	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:51.796292067 CET	53	56579	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:51.940982103 CET	60633	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:52.005495071 CET	53	60633	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:52.347497940 CET	61292	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:52.395431042 CET	53	61292	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:52.443615913 CET	63619	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:52.499540091 CET	53	63619	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:53.108628035 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:53.156754971 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:53.299622059 CET	61946	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:53.350696087 CET	53	61946	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:53.445753098 CET	63619	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:53.493855953 CET	53	63619	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:54.101687908 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:54.103189945 CET	64910	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:54.150017977 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:54.151055098 CET	53	64910	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:54.608639956 CET	63619	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:54.664767027 CET	53	63619	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:55.117882013 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:55.174141884 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:56.789174080 CET	63619	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:56.825155020 CET	52123	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:56.837269068 CET	53	63619	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:56.886692047 CET	53	52123	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:57.132443905 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:57.139961958 CET	56130	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:24:57.180591106 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:24:57.190613985 CET	53	56130	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:00.047761917 CET	56338	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:00.095715046 CET	53	56338	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:00.804631948 CET	63619	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:00.831672907 CET	59420	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:00.852889061 CET	53	63619	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:00.879699945 CET	53	59420	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:01.148494959 CET	64938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:01.196419954 CET	53	64938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:01.499289989 CET	58784	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:01.557442904 CET	53	58784	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:01.641746044 CET	63978	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:01.697936058 CET	53	63978	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:03.290983915 CET	62938	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:03.341880083 CET	53	62938	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:04.424045086 CET	55708	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:04.472063065 CET	53	55708	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:07.057358980 CET	56803	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:07.072532892 CET	57145	53	192.168.2.3	8.8.8.8
Jan 19, 2021 19:25:07.117810965 CET	53	56803	8.8.8.8	192.168.2.3
Jan 19, 2021 19:25:07.120582104 CET	53	57145	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 19, 2021 19:24:24.388313055 CET	192.168.2.3	8.8.8.8	0x2610	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:39.906616926 CET	192.168.2.3	8.8.8.8	0xe3ce	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:50.075674057 CET	192.168.2.3	8.8.8.8	0xffb4	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:51.348589897 CET	192.168.2.3	8.8.8.8	0x376d	Standard query (0)	lh4.ggpht.com	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:51.420033932 CET	192.168.2.3	8.8.8.8	0x2fb0	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 19, 2021 19:24:24.455099106 CET	8.8.8.8	192.168.2.3	0x2610	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jan 19, 2021 19:24:39.968120098 CET	8.8.8.8	192.168.2.3	0xe3ce	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:50.123790979 CET	8.8.8.8	192.168.2.3	0xffb4	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jan 19, 2021 19:24:50.123790979 CET	8.8.8.8	192.168.2.3	0xffb4	No error (0)	googlehosted.l.googleusercontent.com		216.58.212.129	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:51.413443089 CET	8.8.8.8	192.168.2.3	0x376d	No error (0)	lh4.ggpht.com	photos-ugc.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jan 19, 2021 19:24:51.413443089 CET	8.8.8.8	192.168.2.3	0x376d	No error (0)	photos-ugc.l.googleusercontent.com		216.58.206.33	A (IP address)	IN (0x0001)
Jan 19, 2021 19:24:51.479698896 CET	8.8.8.8	192.168.2.3	0x2fb0	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 19, 2021 19:24:50.311815023 CET	216.58.212.129	443	192.168.2.3	49737	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:50.311815023 CET	216.58.212.129	443	192.168.2.3	49737	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:50.312824965 CET	216.58.212.129	443	192.168.2.3	49736	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:50.312824965 CET	216.58.212.129	443	192.168.2.3	49736	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:51.529464006 CET	216.58.206.33	443	192.168.2.3	49742	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:51.529464006 CET	216.58.206.33	443	192.168.2.3	49742	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:51.529767036 CET	216.58.206.33	443	192.168.2.3	49743	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 19, 2021 19:24:51.529767036 CET	216.58.206.33	443	192.168.2.3	49743	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5908 Parent PID: 792

Function Logs

General

Start time:	19:24:21
Start date:	19/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff6caf00000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 3560 Parent PID: 5908

Function Logs

General

Start time:	19:24:22
Start date:	19/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2
Imagebase:	0x1130000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5908 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Registry Activities

Key Opened

Key Created

Key Value Created