Play interactive tour

Edit tour

Windows Analysis Report http://edgedl.me.gvt1.com

Overview

General Information

Sample URL:	http://edgedl.me.gvt1.com
Analysis ID:	450696
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 4688 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4572 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4688 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.186.102:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.102:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.154:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.154:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.99:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.99:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.98:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.98:443 -> 192.168.2.3:49739 version: TLS 1.2

Source: chrome[1].htm0.3.dr	String found in binary or memory: <link rel="preconnect" href="https://www.youtube.com" > equals www.youtube.com (Youtube)
Source: chrome[1].htm0.3.dr	String found in binary or memory: <a href="https://www.facebook.com/googlechrome/" title="Facebook" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:facebook" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:facebook" > equals www.facebook.com (Facebook)
Source: chrome[1].htm0.3.dr	String found in binary or memory: <a href="https://www.youtube.com/user/googlechrome" title="Youtube" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:youtube" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:youtube" > equals www.youtube.com (Youtube)
Source: chrome[1].htm0.3.dr	String found in binary or memory: "https://www.facebook.com/googlechrome", equals www.facebook.com (Facebook)
Source: chrome[1].htm0.3.dr	String found in binary or memory: "https://www.youtube.com/googlechrome", equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: '#https://www.facebook.com/googlechrome/ equals www.facebook.com (Facebook)
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: 'https://www.facebook.c equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: 'https://www.facebook.com/googlechrome/ equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: 'https://www.facebook.com/googlechrome/ey/collection/artist_themeshrome/b equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: *#https://www.youtube.com/user/googlechrome equals www.youtube.com (Youtube)
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: *https://www.youtube.co equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: *https://www.youtube.com/user/googlechromeroducts/chrome/celebrate-black-creative-visions-chrome/ equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: *https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/ equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: *https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/t equals www.youtube.com (Youtube)
Source: gtm[1].js.3.dr	String found in binary or memory: D=O("YT"),F=function(){e(C)};B(r.vtp_gtmOnSuccess);if(D)D.ready&&D.ready(F);else{var I=O("onYouTubeIframeAPIReady");ap("onYouTubeIframeAPIReady",function(){I&&I();F()});B(function(){for(var N=O("document"),J=N.getElementsByTagName("script"),R=J.length,P=0;P<R;P++){var T=J[P].getAttribute("src");if(b(T,"iframe_api")\|\|b(T,"player_api"))return}for(var G=N.getElementsByTagName("iframe"),Q=G.length,V=0;V<Q;V++)if(!u&&c(G[V],C.Tf)){L("https://www.youtube.com/iframe_api");u=!0;break}})}}else B(r.vtp_gtmOnSuccess)} equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.facebook.com/googlechrome/ equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.facebook.com/googlechrome/*Can equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechrome equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechrome*Can equals www.youtube.com (Youtube)
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechrome*CanRoot Entry equals www.youtube.com (Youtube)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: jres://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460#https://www.facebook.com/googlechrome/ equals www.facebook.com (Facebook)
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: mres://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460#https://www.youtube.com/user/googlechrome equals www.youtube.com (Youtube)
Source: gtm[1].js.3.dr	String found in binary or memory: var p=["www.youtube.com","www.youtube-nocookie.com"],q={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,u=!1;(function(r){W.__ytl=r;W.__ytl.h="ytl";W.__ytl.m=!0;W.__ytl.priorityOverride=0})(function(r){r.vtp_triggerStartOption?n(r):Ci(function(){n(r)})})}(); equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: 2542116.fls.doubleclick.net

Source: modernizr[1].js.3.dr	String found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f
Source: chrome[1].htm0.3.dr	String found in binary or memory: http://schema.org
Source: ScrollMagic.min[1].js.3.dr	String found in binary or memory: http://scrollmagic.io
Source: autotrack[1].js.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://2542116.fls.doubleclick.Root
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://2542116.fls.doubleclick.net
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=76163836804
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://about.google/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://about.google/products/
Source: gtm[1].js.3.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://adservice.google.ch/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://adservice.google.com
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=
Source: gtm[1].js.3.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://blog.google/pr
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://blog.google/products/chrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://blog.google/products/chrome/celebrate-black-creative-visions-chrome/
Source: gtm[1].js.3.dr, js[1].js.3.dr, js[1].js0.3.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://chrome.google.
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://chrome.google.com/webstore/category/app/8-education?hl=en
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://chrome.google.com/webstore/category/collection/artist_themes
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://chrome.google.com/webstore/category/collection/artist_themeshrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://chromeenterprise.google/
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://chromeenterprise.google//category/collection/artist_themeshrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://chromeenterprise.google//category/collection/artist_themeshrome/b
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://chromeenterprise.google/browser/
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://chromeenterprise.google/browser/download/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://chromeenterprise.google/devices/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://chromeenterprise.google/os/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://cloud.google.com/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://developer.chrome.com/webstore/?hl=en
Source: installer.min[1].js.3.dr	String found in binary or memory: https://dl.google.com
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://edu.google.com/products/devices/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://edu.google.com/products/more-products/
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://fonts.gstatic.com
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlI3K.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94bt3.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff)
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://gsuite.google.com/
Source: installer.min[1].js.3.dr	String found in binary or memory: https://itunes.apple.com/us/app/chrome/id535886823
Source: gtm[1].js.3.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm[1].js.3.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: installer.min[1].js.3.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.android.chrome
Source: installer.min[1].js.3.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.beta
Source: installer.min[1].js.3.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.canary
Source: installer.min[1].js.3.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.dev
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://policies.googl
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://policies.google.com/technologies/cookies?hl=en
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://policies.google.com/technologies/cookies?hl=enoogle.com/accounts/answer/3118621?hl=en
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://policies.google.com/terms
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://policies.google.com/termsanswer/96817?hl=en
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://s.ytimg.com
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://schema.org/WebPage
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://static.doubleclick.net
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://support.google
Source: ~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/accounts/answer/3118621?hl=en
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/3118621?hl=end?
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/3118621?hl=enoogle.com/accounts/answer/3118621?hl=en
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/311862Root
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://support.google.com/accounts/answer/311862erprise.google/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chrome/?hl=en&rd=3#topic=7438008
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chrome/answer/95414
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop&hl=hl=en
Source: ~DFA77BFA01D50202F8.TMP.2.dr, answer[1].htm.3.dr, {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/96817?hl=en
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://support.google.com/chrome/answer/96817?hl=enocal
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chrome?p=chromecom_home&h1=en
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chrome?p=mac_compatibility
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chromebook/answer/177889
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://support.google.com/chromebook/answer/177889?hl=en
Source: analytics[1].js.3.dr	String found in binary or memory: https://tagassistant.google.com/
Source: installer.min[1].js.3.dr	String found in binary or memory: https://testflight.apple.com/join/LPQmtkUs
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://tools.google.com
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://twitter.com/go
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://twitter.com/googlechrome
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://twitter.com/googlechromeechrome
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://twitter.com/googlechromeechromey/collection/artist_themeshrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://twitter.com/googlechromeechromey/collection/artist_themeshrome/b
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.chromeexperiments.com/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.chromium.org/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.chromium.org/chromium-os
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.facebook.c
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google-analytics.com
Source: js[1].js.3.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chrome/
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.google.com/chrome/Root
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chrome/cleanup-tool
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngOOj$
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chrome/static/images/homepage/homepage.png
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.google.com/chrome/zGoogle
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chromebook/
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/chromecast/
Source: gtm[1].js.3.dr	String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.google.com/support/chrome/bin/answer.py?answer=96817&hl=en
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.googletagmanager.com
Source: gtm[1].js.3.dr, js[1].js.3.dr, js[1].js0.3.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: gtm[1].js.3.dr, js[1].js.3.dr, js[1].js0.3.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PZ6TRJB
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.wikidata.org/wiki/Q777
Source: {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://www.youtube.co
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.youtube.com
Source: chrome[1].htm0.3.dr	String found in binary or memory: https://www.youtube.com/googlechrome
Source: gtm[1].js.3.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: ~DFA77BFA01D50202F8.TMP.2.dr, {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr, chrome[1].htm0.3.dr	String found in binary or memory: https://www.youtube.com/user/googlechrome
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechromeroducts/chrome/celebrate-black-creative-visions-chrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/
Source: ~DFA77BFA01D50202F8.TMP.2.dr	String found in binary or memory: https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/t

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 142.250.186.102:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.102:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.154:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.140.154:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.99:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.99:443 -> 192.168.2.3:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.98:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.98:443 -> 192.168.2.3:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/78@4/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF0806343135C5ADAF.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4688 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4688 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://edgedl.me.gvt1.com	1%	Virustotal		Browse
http://edgedl.me.gvt1.com	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://chromeenterprise.google/	0%	URL Reputation	safe
https://chromeenterprise.google/	0%	URL Reputation	safe
https://chromeenterprise.google/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/download/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/download/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/download/	0%	URL Reputation	safe
https://2542116.fls.doubleclick.Root	0%	Avira URL Cloud	safe
https://chromeenterprise.google/browser/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/	0%	URL Reputation	safe
https://chromeenterprise.google/browser/	0%	URL Reputation	safe
https://chromeenterprise.google/os/	0%	URL Reputation	safe
https://chromeenterprise.google/os/	0%	URL Reputation	safe
https://chromeenterprise.google/os/	0%	URL Reputation	safe
https://chromeenterprise.google/os/	0%	URL Reputation	safe
https://chromeenterprise.google/devices/	0%	URL Reputation	safe
https://chromeenterprise.google/devices/	0%	URL Reputation	safe
https://chromeenterprise.google/devices/	0%	URL Reputation	safe
https://chromeenterprise.google/devices/	0%	URL Reputation	safe
https://chrome.google.	0%	Virustotal		Browse
https://chrome.google.	0%	Avira URL Cloud	safe
https://www.youtube.co	0%	URL Reputation	safe
https://www.youtube.co	0%	URL Reputation	safe
https://www.youtube.co	0%	URL Reputation	safe
https://www.youtube.co	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/	0%	URL Reputation	safe
https://about.google/products/	0%	URL Reputation	safe
https://about.google/products/	0%	URL Reputation	safe
https://about.google/products/	0%	URL Reputation	safe
https://about.google/products/	0%	URL Reputation	safe
https://chromeenterprise.google//category/collection/artist_themeshrome/b	0%	Avira URL Cloud	safe
https://policies.googl	0%	URL Reputation	safe
https://policies.googl	0%	URL Reputation	safe
https://policies.googl	0%	URL Reputation	safe
https://policies.googl	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://support.google	0%	URL Reputation	safe
https://www.facebook.c	0%	URL Reputation	safe
https://www.facebook.c	0%	URL Reputation	safe
https://www.facebook.c	0%	URL Reputation	safe
https://www.facebook.c	0%	URL Reputation	safe
https://chromeenterprise.google/browser/download/	0%	Virustotal		Browse
https://chromeenterprise.google//category/collection/artist_themeshrome/	0%	Avira URL Cloud	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
dart.l.doubleclick.net	142.250.186.102	true	false	high
pagead46.l.doubleclick.net	172.217.23.98	true	false	high
stats.l.doubleclick.net	74.125.140.154	true	false	high
www.google.ch	142.250.185.99	true	false	high
2542116.fls.doubleclick.net	unknown	unknown	false	high
adservice.google.ch	unknown	unknown	false	high
stats.g.doubleclick.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.youtube.com/user/googlechrome	false		high
https://www.facebook.com/googlechrome/	false		high
https://twitter.com/googlechrome	false		high
https://blog.google/products/chrome/celebrate-black-creative-visions-chrome/	false		high
https://chromeenterprise.google/browser/download/	false	0%, Virustotal, Browse URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://chromeenterprise.google/	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/t	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://www.youtube.com/user/googlechrome	~DFA77BFA01D50202F8.TMP.2.dr, {78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr, chrome[1].htm0.3.dr	false		high
https://twitter.com/go	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://2542116.fls.doubleclick.Root	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/user/googlechromeroducts/chrome/celebrate-black-creative-visions-chrome/	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://blog.google/products/chrome/	chrome[1].htm0.3.dr	false		high
https://chromeenterprise.google/browser/download/	~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	false	0%, Virustotal, Browse URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://chromeenterprise.google/browser/	chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=76163836804	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://www.youtube.com	chrome[1].htm0.3.dr	false		high
https://blog.google/products/chrome/celebrate-black-creative-visions-chrome/	~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	false		high
https://www.youtube.com/iframe_api	gtm[1].js.3.dr	false		high
http://schema.org	chrome[1].htm0.3.dr	false		high
https://www.chromium.org/chromium-os	chrome[1].htm0.3.dr	false		high
https://adservice.google.ch/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2	~DFA77BFA01D50202F8.TMP.2.dr	false		high
http://scrollmagic.io	ScrollMagic.min[1].js.3.dr	false		high
http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f	modernizr[1].js.3.dr	false		high
https://twitter.com/googlechrome	chrome[1].htm0.3.dr	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.3.dr	false		high
https://2542116.fls.doubleclick.net	chrome[1].htm0.3.dr	false		high
https://chromeenterprise.google/os/	chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://chromeenterprise.google/devices/	chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://static.doubleclick.net	chrome[1].htm0.3.dr	false		high
https://chromium.googlesource.com/chromium/src/	chrome[1].htm0.3.dr	false		high
https://blog.google/pr	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false		high
https://chrome.google.	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	autotrack[1].js.3.dr	false		high
https://chromeenterprise.google/	~DFA77BFA01D50202F8.TMP.2.dr, chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://schema.org/WebPage	chrome[1].htm0.3.dr	false		high
https://www.youtube.co	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.youtube.com/googlechrome	chrome[1].htm0.3.dr	false		high
https://www.chromium.org/	chrome[1].htm0.3.dr	false		high
https://about.google/	chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://about.google/products/	chrome[1].htm0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://googleads.g.doubleclick.net	chrome[1].htm0.3.dr	false		high
https://www.wikidata.org/wiki/Q777	chrome[1].htm0.3.dr	false		high
https://chromeenterprise.google//category/collection/artist_themeshrome/b	~DFA77BFA01D50202F8.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://policies.googl	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://twitter.com/googlechromeechromey/collection/artist_themeshrome/b	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://cct.google/taggy/agent.js	gtm[1].js.3.dr, js[1].js.3.dr, js[1].js0.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://developer.chrome.com/webstore/?hl=en	chrome[1].htm0.3.dr	false		high
https://s.ytimg.com	chrome[1].htm0.3.dr	false		high
https://www.youtube.com/user/googlechromey/collection/artist_themeshrome/	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://www.google.%/ads/ga-audiences	analytics[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://support.google	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.facebook.c	{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://twitter.com/googlechromeechrome	~DFA77BFA01D50202F8.TMP.2.dr	false		high
https://chromeenterprise.google//category/collection/artist_themeshrome/	~DFA77BFA01D50202F8.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/googlechromeechromey/collection/artist_themeshrome/	~DFA77BFA01D50202F8.TMP.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	www.google.ch	United States	15169	GOOGLEUS	false
74.125.140.154	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
172.217.23.98	pagead46.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.186.102	dart.l.doubleclick.net	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	450696
Start date:	19.07.2021
Start time:	15:55:08
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://edgedl.me.gvt1.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/78@4/4
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://support.google.com/accounts/answer/3118621?hl=en Browsing link: https://policies.google.com/technologies/cookies?hl=en Browsing link: https://www.google.com/support/chrome/bin/answer.py?answer=96817&hl=en Browsing link: https://policies.google.com/terms Browsing link: https://blog.google/products/chrome/celebrate-black-creative-visions-chrome/ Browsing link: https://chrome.google.com/webstore/category/collection/artist_themes Browsing link: https://chromeenterprise.google/ Browsing link: https://www.youtube.com/user/googlechrome Browsing link: https://twitter.com/googlechrome Browsing link: https://www.facebook.com/googlechrome/ Browsing link: https://chromeenterprise.google/browser/download/
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 40.88.32.150, 168.61.161.212, 23.203.80.193, 34.104.35.123, 142.250.185.196, 142.250.185.232, 142.250.186.35, 142.250.185.234, 216.58.212.174, 142.250.184.227, 142.250.184.226, 142.250.186.142, 20.50.102.62, 23.211.4.86, 152.199.19.161, 67.27.157.254, 8.252.5.126, 67.26.139.254, 67.26.83.254, 67.26.137.254, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, adservice.google.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, www.google.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, www.gstatic.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google-analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, www-googletagmanager.l.google.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, tools.l.google.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, tools.google.com, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\12E94ANP\www.google[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	39
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aK1r0aK1r0aKb:JFK1rFK1rFKb
MD5:	B9C5EB570521110110BB7DFF12AF780D
SHA1:	27F5BEBC2200FD8D0B51A93D1357EA954BE44079
SHA-256:	90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
SHA-512:	BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{78E3EB32-E8E4-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.851280630209494
Encrypted:	false
SSDEEP:	48:IwQGcpr9GwpLDG/ap8EjGIpcJaGvnZpvJ8rGotqp9J8cSGo4hpmJ7cg+GW3d9JGV:rUZnZj2AWJntJrfJ5hMJVIJnJTfJn8X
MD5:	B15FB55902331C830528895073F963AE
SHA1:	DE827E1633DE2DB5F98A8C7B6181A5CF3184C00D
SHA-256:	A401163C0AEA6987C6C8000D56F1BF2A5ADE6CB9FDD414E7BF68B6BDDD792463
SHA-512:	75411EB4B22D3EF43D3A7CB1E67C04216E9D7CF7107BEC4E0A8866F0A2FA6ABFE593A10A3F5DEC2F9140A5060254D0C5C3B55E9C36E74E200640AEB7DFF89F4B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{78E3EB34-E8E4-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	284120
Entropy (8bit):	2.688031947952749
Encrypted:	false
SSDEEP:	384:r/PSSY4/TXRF5e/+Og+dK52MDs8Z9D1IrZL1vyW1ryKjmcFiN5VmUF1oF7KVmAHJ:L6rG79vdpILfA
MD5:	6105ADC1D8B4FAAADBA987F39E874604
SHA1:	4EFD7E94523E18EE4301E03317586F8860A7FDAD
SHA-256:	B0397A7FCCEE4F24327110251DCA2E1AA21894C8B810CD5F6D72BD450F1A0E64
SHA-512:	51738E43F9E187C1F59C035155833DD39D9AEAA36770DA00213BC73EDC817B60702B3F29CAB6580FEFF1E017ED37D4BE21D55D5401498C390D88648EC3F5C3AB
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80D06B10-E8E4-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5659485538653017
Encrypted:	false
SSDEEP:	48:IwoGcpr/fGwpa50G4pQbmGrapbS2JjGQpKPG7HpRDETGIpG:rcZxQa6kBS2XAeT0A
MD5:	56189693D5E6B035474DD74D7BE9B0A3
SHA1:	9046EAE2464F716A1F2C63464CC906EFF0E78F34
SHA-256:	BFADD5AF911710263D49EB578F478B14D63D99C4224F7D0AF89F373BC98202F1
SHA-512:	DD5B63EF1656E54AB00AFF1A35E74557A3B752B0BD473165BC9FF430DC461A6A5265418B07F1BF36984B5D4A884C8594EB9201A099AA1DECEDD9ADF1F842918F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	889
Entropy (8bit):	7.1090419648174805
Encrypted:	false
SSDEEP:	12:15uDGZbVl+KkDbMRv/7//76PcVAcDDx6UK9QEVJoOfJG4KH/TLWRNAfk0YndDe3H:1wDGTjfx77DDxtK9jfAH/3WRmoDWOX4V
MD5:	A3C53410047296A17F889526DE884B6C
SHA1:	5B030524251C9BEFB58C7413E3B67431ADBB4D73
SHA-256:	B956C41060C65FF98A07448E0C8A33915DB6A0F60BD35DAB6F1ACB69C0748C27
SHA-512:	A2C32E4D089D7EF629A6441BE7732E8BD5328858C84FF62F72889D138EE079CE3799824AAEA6E866898DED26E1B8594EF61EE36F2148D6331726A04C1B1D4BD7
Malicious:	false
Reputation:	low
Preview:	F.h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.c.h.r.o.m.e./.s.t.a.t.i.c./.i.m.a.g.e.s./.f.a.v.i.c.o.n.s./.f.a.v.i.c.o.n.-.1.6.x.1.6...p.n.g......PNG........IHDR.............(-.S...YPLTE...z.Q.K..A..[.RK.I>.PD..A..\..a..A..a.K@..[..@..[..@.SH..Z.._.WL..@.qQ.PC..A.L@..\.l;.UI..B.fI..A.PC-.P..E.SH..@..X..=.PC.VJ..A!.f..@.VJ.OA.<.QE.YN..@/.e..?T.L.<.RF.WK..B..[.MAK....^I..".d..a.QE.RF.h;F..........>.v..u.~s.J=..;e..[..q..c..H.................?.ud.t.m..k.si.yd?.\/.[n.W..V..T.`T..S#.Qz.LlqL.G.SG.RE..D.PC..A..@.P?.:..s....9tRNS...%..........{i=;1)$........................RPFE?8#..../......IDAT..=..r.Q.D..@H.....2.{W.@...w...`..<M.....y.n....xq.m.l....... ,..0...4U .f[.s..k..htN...3*..;..W0.....\|`..+..'Iz~.[.F...3..Q...G.U..E.#!..$&]4Q.9."..~..i.v.X$..}'....X....o.A.K .K<Q.".8...N+.........w7.v...0.tc....A.)XbJ......IEND.B`....................`.......`....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4UabrENHsxJlGDuGo1OIlLU94bt3[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 82716, version 1.1
Category:	downloaded
Size (bytes):	82716
Entropy (8bit):	7.993713530548
Encrypted:	true
SSDEEP:	1536:hijC7nihKxAiyoVOuS+VhAhFO22tkZWEleJ/oItoGIN9:gIgKThK+XPkZ7It9k
MD5:	6108B8DFDDDD5F9D46A75347D4D803BE
SHA1:	E6A27CF8C983E886B7FBFE3BC8D51E7C797D2F89
SHA-256:	F811A1FE35E8D890E072467515DF338DB4CE562E1CEFDCAC5CB8F76E505AE89B
SHA-512:	52D04EFDC8F3A9F52F7227CEA3E5E5808C3B8E1C12D9D98EB5BABFE2E7953162FA2E13639CD850D595B15214357FB42340B4494E300EC9E4D25C00A2F577BDE7
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94bt3.woff
Preview:	wOFF......C.................................GDEF...........XkvkWGPOS...X..;.........GSUB..=....<..#X....OS/2..P8...U...`k.\.cmap..P........@Y..Dcvt ..V.............fpgm..W8.......uo..gasp.._.............glyf.._.......u.ua.8head.......6...6..'.hhea...T... ...$....hmtx...t.......H.Nq(loca..$........&..8.maxp..-.... ... ....name..-,...m......H.post../.......*N....prep..Ad.......^....x.EO%T@.........{...i..4.4\...t.z...7..mgi....`RR.H.....9...C.I.....).._..h.^C.g...\|@,.r........8d.q.......lp.x....p\Lc.sX`...}.p...T...H.DW..N...Q.x......B..H..zI....A..&%P+.R8Vf..UVE]mu.k`O..).9.57h....1tx..Y.t.G...kv%.....1.........0..%v....h..!l.7....1..N........f.~US]..F... ..\5...>.X.=.wC....!g..>.O.p0.#...a..(m0w(BY.9Q.rT...qh'T.}.a..`34A..)gEAN.....p.....\|.C........k>....R....i@T.b.QM.ZYu..7..r...;...:~.a....N<!.4B..I....8...P.....3.w-.tw{......r3...>.l.....<..q ....p"......2a..-c...v...P;..5..i.....Y...8G..8....K....+..k...(..:XG.d...{..gm.M.I...h....?.R..!..YH.q..K

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6448
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	96:5nqrehEw7U6ZCnqrehEw7U6ZCnqrehEw7U6ZCnqrehEw7U6k:5RvZCRvZCRvZCRvk
MD5:	115FBFCDA3FD32C5EF89E5BAF7C64174
SHA1:	63525C151394706A206442D6A9F38C9D31E9A26F
SHA-256:	2AAE272863E327495B31D7E7068E7EE60DCDB39ECCCF2DFA9316B1F101539C80
SHA-512:	801D1D8AA49B01726F16EE48029EC64247ABC45D444B6E2401F67569D7218F5B062BCDDF440D18884372D7DA16C5C67CCF6991E18CEDF52A3632BDE0082A32E5
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3224
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	48:5m73jcJqQep89TEw7UxkZCm73jcJqQep89TEw7Uxkk:5nqrehEw7U6ZCnqrehEw7U6k
MD5:	3A35614D9A6156057F7D30C91C1ED4F2
SHA1:	7DDE5D14A15F465C9BFD0B0C0B3416175E69D1BC
SHA-256:	D544FAC44B7B2CD937726C401B5C9C726F900CEF22980A7B39F8756581901B73
SHA-512:	8A31C0C90EF443E3B7AC5B930466CD8CEF1D540D2D436A7DC4D12F38686368303882A9610A57B2A1CF9AB973DB684FDA0B1831B116EAEB4D86BE816FDD627C28
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/NewErrorPageTemplate.css
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	49377
Entropy (8bit):	5.521008419138659
Encrypted:	false
SSDEEP:	768:/yR3fYFBCwsNDsP5XqY0TyPnHpl1TY3SoavyVv6PU+CgYUD0lgEw0stZK:/y9g1r5h0UHp/Y3SowCw0sy
MD5:	042B7183D8645F5CF9D0D6ACD5FF8358
SHA1:	447A98467EA31E253ECB63EE8564C8B5E1E77D58
SHA-256:	73D6A5EA11FB7BF6E6A6CCD44B1635D52C79B0A00623D0387C9DDDD4B7C68E89
SHA-512:	72AA2F221BB5EFEC3A9C0CBC2D01DEBD827361369F7E84AA613D4CA70838FF68EA2C3300167FB263A4F416A857BABF0354A1FF8B3EC669BF88452633981CA18F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q={},r=function(){q.TAGGING=q.TAGGING\|\|[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListener(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\chrome[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	269427
Entropy (8bit):	5.3968303060079865
Encrypted:	false
SSDEEP:	3072:YVTWX0MNuTN3qNEEwJ5piTdp4j1A+fbpqTNJQz1ARr527BFaiexDE:6iOHEWz7N
MD5:	FF94A0719176DB3B219AD016609FA7FC
SHA1:	A6577C02E5284B471D8AE12B523D02B72DCADCFD
SHA-256:	BF9ABE9E2FDD26558A4A4D37455806EF7526172A69C09BD647C646B6BC9598E5
SHA-512:	410A5BE383E651438E0930BAEB5C2951ABB8379C3675E933FABDB5C6DB99D5D75A5724FF769405384F2CE150ED53D593AE8CB21CF9B19D14C4E789E4E9F49F2C
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>. [if IE 9 ]> <html class="no-js ie ie9" lang="en" dir="ltr"> <![endif]-->. [if IE 8 ]> <html class="no-js ie ie8" lang="en" dir="ltr"> <![endif]-->. [if IE 7 ]> <html class="no-js ie ie7" lang="en" dir="ltr"> <![endif]-->. [if IE 6 ]> <html class="no-js ie ie6" lang="en" dir="ltr"> <![endif]-->. [if (gte IE 10)\|!(IE)]> > <html itemscope itemtype="https://schema.org/WebPage" class="no-js no-ie" lang="en" dir="ltr"> <![endif]-->.<head>. <meta charset="utf-8">. <meta http-equiv="content-language" content="en-us">.. <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>. <link rel="preconnect" href="https://tools.google.com" >. <link rel="preconnect" href="https://www.youtube.com" >. <link rel="preconnect" href="https://s.ytimg.com" >. <link rel="preconnect" href="https://www.googletagmanager.com" >. <link rel="preconnect" href="https://adservice.google.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	883
Entropy (8bit):	5.157930885270289
Encrypted:	false
SSDEEP:	24:G9X3OY7aRqU3OY4aRK/iOY7aNxh+/iOY4aNx6:IOEaRqoOXaRNOEaNJOXaNA
MD5:	4208B698C4AC9DB709B944897B7D8EE8
SHA1:	09E7EC9BD0CD4DABA35FE7D1EAB6E807BBB94C44
SHA-256:	A07F599AFA3FB2C9A1090A3B0A1A115FDF611032829C30BFDA51CD3430CFD01D
SHA-512:	9F2A252425A2F47E59159FD9F51112D18278D196DDB1FFF1C3ACEA4785DB2C74104BC930627DA3E04B1D751D7D7EC833CAFBB68ECB7657529B62FAD9DE322125
Malicious:	false
Reputation:	low
Preview:	/. See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlI3K.woff) format('woff');.}.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94bt3.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	11988
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	96:vIlJ6G7Ao8RiIlJ6G7Ao8RiIlJ6G7Ao8RiIlJ6G7Ao8Ra:vI7Ao8II7Ao8II7Ao8II7Ao8E
MD5:	B162EF11D2D2DF2BBF40CF8A1C28076A
SHA1:	38388C2E223DC94893D8BACF7208DFE46275DBEC
SHA-256:	572B1FC41E62B530B6016E736957B6409C4B64D13F1ABAD96C0D42ABD8C9742C
SHA-512:	F48A7F82731288131AA3823C729EC52FE0F911D8A75FC7A554CBBBF251C3381E41B68B2C19AEE3E56F11EB877385019E966DD5DBBAD7145D717CA94AFF008914
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5994
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8RrN7u5V4VyhhV2lFUW29vj0RkpNc7KpS:vIlJ6G7Ao8RiIlJ6G7Ao8Ra
MD5:	713ADD0E98C772CE39C7B2452806602B
SHA1:	7888DE86275AE869D6E82EE4D392C71EB9BCCD25
SHA-256:	6DE0370BA485689D411FF66EEA6EBCC577A1D19CFD489FA4DC7E22BD91F65806
SHA-512:	ABFB3EF6B1EA2A12B9A1E425BD94F807A4CE1C8FCE8CC618FBC700222CE573CFAB47BA9FCDCDE7157142F43CD3349014AAD1DC720EB8C327000B9211BAB3339F
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2992
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	48:pDeqkbiU6MTrFFMDeqkbiU6MTrFFMDeqkbiU6MTrFFMDeqkbiU6MTrFFE:qOHMTr7pOHMTr7pOHMTr7pOHMTr7E
MD5:	F9A1E38928DCE2D0F05CF03226B7DAEA
SHA1:	7E1AA273A9570B896C2CF2A1EF254376E73F996B
SHA-256:	8D3AF374CC18D9E88EDBB4BD804ED1AFE949842E80BEA09F8E390357BA6F1A00
SHA-512:	BA11DB17B2E199A4B8E135C0410852E0864C77F0D687F2FFCF1408805D15BE76B1FEB7F81649D38F464BF49BB44EF4FC9A46F8844ACCAB5EB3004EB744D4132A
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`..PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.....................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	modified
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	18880
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	384:JsDhpNOWLiIb7b4sDhpNOWLiIb7b4sDhpNOWLiIb7b4sDhpNOWLiIb7bk:Js1pNOWLFb7Us1pNOWLFb7Us1pNOWLF2
MD5:	336CC54EB5B8B017FF58FE451B00E9E9
SHA1:	C011825AEBDDC219E740FEDC09ED3B5607BAF2D0
SHA-256:	3C1C6295B4F22D9B2E6BED404914BD6AA83C3E8FF33011D13C3F72BD4B1DF7B6
SHA-512:	D1E60FC2DBBD4ECFC77960FFAF5BF6A5107390C2CB6A4F8F7E8D9A8149D0B2CFF2047AAD9848622B146B2798B3B76C245836C012C8F5656741CCF3FD530830BB
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon-16x16[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	711
Entropy (8bit):	7.4911673943513915
Encrypted:	false
SSDEEP:	12:6v/7//76PcVAcDDx6UK9QEVJoOfJG4KH/TLWRNAfk0YndDe3ybvCrOXr86:e77DDxtK9jfAH/3WRmoDWOXL
MD5:	988D28184980A93CA829A9BDC2A300A4
SHA1:	9681B2963D0FB24A11F18EF5F8F408619FA02F13
SHA-256:	534A229E57245A665AAD607B16288D90AD0476653B3A4866C1B7276D22F67214
SHA-512:	B4BDC67AB606A3EBF61023E7CB5B6E676D0AC8F7033CC138D6A40FB751BDF94ADB00CB161B21F8B3A94BBC08CA0B819F24AAF0C21C2BF42FD5A40D5BCD00E6E3
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Preview:	.PNG........IHDR.............(-.S...YPLTE...z.Q.K..A..[.RK.I>.PD..A..\..a..A..a.K@..[..@..[..@.SH..Z.._.WL..@.qQ.PC..A.L@..\.l;.UI..B.fI..A.PC-.P..E.SH..@..X..=.PC.VJ..A!.f..@.VJ.OA.<.QE.YN..@/.e..?T.L.<.RF.WK..B..[.MAK....^I..".d..a.QE.RF.h;F..........>.v..u.~s.J=..;e..[..q..c..H.................?.ud.t.m..k.si.yd?.\/.[n.W..V..T.`T..S#.Qz.LlqL.G.SG.RE..D.PC..A..@.P?.:..s....9tRNS...%..........{i=;1)$........................RPFE?8#..../......IDAT..=..r.Q.D..@H.....2.{W.@...w...`..<M.....y.n....xq.m.l....... ,..0...4U .f[.s..k..htN...3*..;..W0.....\|`..+..'Iz~.[.F...3..Q...G.U..E.#!..$&]4Q.9."..~..i.v.X$..}'....X....o.A.K .K<Q.".8...N+.........w7.v...0.tc....A.)XbJ......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\google-chrome-logo[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 160x24, frames 3
Category:	downloaded
Size (bytes):	2745
Entropy (8bit):	7.741604826071945
Encrypted:	false
SSDEEP:	48:4ewFmUlcfuDKaAooAhjZQKNFaSze+coezpM6yDdEC5axXO8lldq:ZwRlmu+aIAbbNNbeVMBDdECzYlI
MD5:	DABB508820425E63D8138A1F7E94FDE0
SHA1:	E16615B860F2C203488E000CA7C489D49B2B5521
SHA-256:	84D5A4525BE1835AE8F3DEA212A449572B0200C0AA1CBD5D0CFB68783B6034F9
SHA-512:	6723552796917C2841DAD928F7912DE2E6F1B9967DF099BC6D49C724B84275AF807E44B503F30B50ADE8F12645394B709EB72B33C51262D8BE795FF5DBD4A49C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg
Preview:	......JFIF.............C....................................................................C...............................................................................................................................................................x.N..Z.o9[..{.`{...MM..Xs..5A"........3.B...?D..2.\.........W.C...O./..Ve-.............T/..l"6ftkq..TV.^o.,-..Z...L....7 %FTZ..sj.@.....$..............................!12"..........G.v.m..[.W...!.7....[.~..h.E..f.^...T#..y\|...Y"....#..3..U..b...F.X....<s...o...J.t.l"4U{5W(g}.>....v...e)m.]k.....O.9.,M.7...Ek....;..YJe........R..:.......K.n..;..QF.0...N.G7./._..O>=#.V#...UF....O^.$~.z#\|.^...5.?........)...1g.N....2.Qc........A....XL.R.)$....N. ~(X..^sch...u....\|.G.1..2..a.d.Tf.._.'.?.._..+..:.f...+.#....LM-... ..\|.lo..Lt\|.J.4._....VzH.....g.....J.NH.....8!o.!..........&.C.~c+.p....5...GsA.5.%n.:}E...=...g1...}....:.P........f.b..r.X..;.P..].2.".t3D..h.8.:.....)3.IW...l(l.\|..7,fD..5xL...6...h..d.q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	48420
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	768:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y815PUNZ3ab3fBK9i6+1B1y815PUNZ3ab3F:8i6+1B1y815PUNZ3ab3ZUi6+1B1y815p
MD5:	D7963BFBD51BED910372E9D252C30CA2
SHA1:	6AB5A3E9B78874E7600B3D9DB1035DF60E333860
SHA-256:	182B0112F6FADB33E7E77D31CA0685D690ED03875108591E391AFCC56E70D799
SHA-512:	301BB249FF524CD914B91F7611B479635AB1F947A170E9F713FD457EFFA0EF3919EF8D4E21F6458A065453BDD9585700ABE98242ABBC7A5F9A8A6E82FF90D51D
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	159394
Entropy (8bit):	5.532638623883631
Encrypted:	false
SSDEEP:	1536:hx+dkVoiaikE9OF5JZ0SfAs5KQiVmX6pg+LM9GfxJ0hM9/P0KBbpDf1096hdYq+A:hWit9OLJZ0KdXX6ep8jDRoK/Z
MD5:	6D983C4286A6C3C2188CD71D3659BE34
SHA1:	37360C9880A696F6B47FF988418BFD26107DF92C
SHA-256:	2BE9344F77A012EA2D5433C554ED120ED113E40D26173504FC0A9203909D8952
SHA-512:	1E0155B8F62B711118FA24D7BF25852A930B058D82A530CF50DD826791A590D895285A9794695A10FD1C6EC481038C7FC934ED9E71D70031BE205675BE95E8DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/gtm/js?id=GTM-N7S69J3&cid=949958236.1626735360
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"660",. . "macros":[{. "vtp_permittedValues":["list","96889789:213678349:10968557149","96889789:213678349:10968557389","96889789:213678349:10968557269","96889789:1938578798:73636564707","96889789:1938578798:73636565987","96889789:1938578798:73636566387","96889789:1938578798:73636567387","96889789:1938578798:73636564227","96889789:1938578798:73636566947","96889789:1938578798:73636568307","96889789:1938578798:73636565667","96889789:1938578798:73636567347","96889789:1938578798:73636565747","96889789:1938578798:73636566867","96889789:1938578798:73636567907","96889789:12762705731:121117593996","96889789:12762705731:121117593836","96889789:12762705731:121117593796","96889789:12763366979:123750279329","96889789:12763366979:123750279249","96889789:12763366979:123750280929","96889789:12763366979:123750277809","96889789:12763366979:123750279969","96889789:12763366979:123750279569","968

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\lpo_hero_masked_payments_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 636 x 585, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	138522
Entropy (8bit):	7.981733206480848
Encrypted:	false
SSDEEP:	3072:q0fhUaoFDEg3tJSkF6Spq9fgDCduQCgqNcnpj/6xKcAY4mDuLc5ojY:qEUBFPSkGKPi2eY4mDIWoc
MD5:	861E564BC33F7ACD52BAC3DB06CC8979
SHA1:	8B4CFACCC896010017CE46903A5C825964D0FBE8
SHA-256:	E0488A84641D7749D2086DCA9DEE26ADEA32C0C29D0CB85C91D64FF6BE3E8EA3
SHA-512:	EF6B4EA705380064BDD822CA8FA70FA26387135E052F411FE09EF8248CEE98EA7182C693403559AF13E1F98AB05DF82E28CD3818506C27B21BAB0111989076E4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_masked_payments_desktop.png
Preview:	.PNG........IHDR...\|...I........z....PLTE.............w\|................SME......\|vl/.0.s..s..............................].............a..f...hbXa[R..................W.....rmg..k...nC...jAkgb...............................wrl.....~X2..........R.....z...vwS-...wO\|vo.............tG.......dB.kG".b7.^7....S.zL.{ung[.\|U.qJ.......p.........g:.o...d>]:....{...qK)...jww..h.........}K\VK..{rf\|W.[..sT4.ul`..wTTO.....~....}p..}.....]/...wj..sLLFq\|\|...tP$.............w`_[.........$.....x....~.~K-.....x}.z..^....................+(%...7.......vC.....A%....,..95/..q.......n:.....DA;..j.dwyu..s.yP..{.........V?.............Y.rJ...{c.jA.e0....J4....X).aK.`8.A..N"VK=M;).t\..i8..l...kT.....p5.bos...e..}.~bt_Hm=+..%.pSbH0Z ..e&....{.'>3@M.....Q..#\|...]r.......tRNS....PD.O..yv...........IDATx..k#W.....o..=....2.@[......*..n...E...F..p"..0..@..@`....H.).N.r...@....>.8...hu.......{.71......g...ow.....d.........5^Y]}w5...<.%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\lpo_hero_ui_payments_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 187 x 169, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4827
Entropy (8bit):	7.928495979584374
Encrypted:	false
SSDEEP:	96:VkoZbiO+MmKesi6MSci/vGmqgk3ZYNyJDOQpDCE99iKfZh/oEBuf:xiRi+tSBGd+NapDN9giQEB4
MD5:	2980A2D304B329F8BDA6BD3B80D8EA3C
SHA1:	E74EC2E366C557C33945B6EDA673DE4D22C0EA32
SHA-256:	F91710FA04891DD22E0181657049A24CF70C104B0AD0021D525D976ADDFC90BC
SHA-512:	D82EB6E0ED21AF3D72A45AE4E30C25590F6141207592B719572D87D2B2AF3A0B501A114D2F35618A37470A5E62CD143A0A213A159C0C79C9A85DCDB000EFEBEE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_ui_payments_desktop.png
Preview:	.PNG........IHDR.............DP......PLTE...)@@A..$..555>AE...:AD...CKN...:;C...78>......?DH>BB=FF,/7<<@.........8?A......6:<...............:MM..............................y~.<>BCEH...............................?CG.....................................................s..........................................................6....{....................t....m..p..................................................}..stv.............................XXZ(\|.......Q............_.......abdn..m...W.yz{u........efh...b.....E..........#m.sw{ffh...D............ooo............a.._..S..........~~~JJM.B5...X..N..C........7....1w..c.......??@......n.........e.O..J........g.~g.~)Hn..j;.c............5......s...X.......p....._..[....................t.....C.PPP.Ne.?.Q/.......KtRNS......+0y.......0....y../,,..z+....y,...w_.\|A*" .....peP@..............ha.h-....EIDATx...J.1..3..J.;7.....g.?(...Q..A(>.[.t]..ta.}.]..'.L..op.&.$..t.C.%..'..G.+..%.{.7....N....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main.v3.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	262446
Entropy (8bit):	5.053721108717235
Encrypted:	false
SSDEEP:	1536:+pD5IyFUL+lqSLMd6Ll0sRslr6YY1llN2hDts52j9sJwW7jWlelqnVr7nAqj+2Fa:+WJQ5i1zce6
MD5:	1590199C0E709E1914C7CCED79BE0435
SHA1:	5931D58E7CD47436D2F63FF732E46051ADAC8D51
SHA-256:	488626645F87CC8B38710A325253A12E2B3FBAE0B390CD9850747F2AC55EFE6D
SHA-512:	FD5C93088B68FD0533D766CF86C43B790BEF829E63D30DE050C70F8F61B3AB7A40D0794449342F696D8130B28F701B61C73324BA56B6DC8FC09188837B0EB10D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/css/main.v3.min.css
Preview:	.chr-accordion__image img,.chr-card-and-image__image,.chr-cards-grid__image-container img,.chr-fifty-fifty__half-1 img,.chr-fifty-fifty__half-2 img,.chr-google-translate__device-image,.chr-privacy-sandbox-hero__logo-container img,.chr-scrollable__image{height:auto;width:100%}.chr-modal-dialog.eula ul,.chr-footer-social__list,.chr-footer-links__list,.chr-footer-glinks__list,.chr-footer-help-language,.chr-header-v3__drawer-nav-list,.chr-header-v3__drawer-subnav-list{list-style:none;padding:0}.chr-browser-hero__simplified .platform,.chr-browser-hero__simplified-links,.chr-modal-dialog__buttons .throbber,.chr-modal-dialog.eula .eula-content,.chr-modal-dialog.eula .other-platform,.chr-modal-dialog.eula .os,.chr-modal-dialog.eula .platform,.chr-modal-dialog.eula .chrome-os,.chr-modal-dialog.eula .other-platform.mac .other-mac,.chr-modal-dialog.eula .other-platform.win .other-win,.chr-modal-dialog.eula .other-platform.win64 .other-win64,.chr-modal-dialog.eula .other-platform.linux .other-linu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pixel_phone[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 246 x 519, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	17046
Entropy (8bit):	7.974328873653252
Encrypted:	false
SSDEEP:	384:4cs0wRmhTo6wSMXRiSNS/DKafA8lqNGA6rd224t8up++:GPQhTGXRhNRw2GAumtLL
MD5:	321ADE6F55D8E8B902E9C6C5BA63A8CD
SHA1:	B855E78E006D062425F08BC2F9840DE6528C30B0
SHA-256:	775ED5BCFDCC93EF5AE31559D75DAE23B877E930317AAA41A5667FF4F87FAC7D
SHA-512:	0B73C4E3825808CB2D8BB22DFDF804D9BF48BCC448C0C94C2FE97BFA66ACE2A0861DD756775F6851F70936E37939DAD90684BB71CA6938DE5D27719E6CCF3130
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/download-browser/pixel_phone.png
Preview:	.PNG........IHDR...............Qo....PLTE...*!!!LLL<<<777777@@@;;;788111$$$```NNN\]\YYY___```WWW... [\\///...............###...'('+++777. /00.........==>???QRREEE;;;LLLBBB....t.............XXY.........344....C5........GHH.o.............p.....................4.Tkll&...q..s..Uqtv..l.m...beh.....e........oon..{......fv.EHZ....5r...t.....l}stz.h.").QR.. ...J...c..U..\.m@.{..9=.~..VtfFI9$...._p.{.}M.wL.;=dN/"\]....sdc\....c;SF/...;....vGuW5....b=pm6BF......u>LP..o.\S..jtJ.zE).......Hbd>...f.`.......U..K.jc: ......_u.W~...~J...rUdj0a]......./hh'#.....}^TG...JW\TW6......l.M..z.E]8*....Q..Dxw..^.X...n.m-...PA..<.`6..\|Q.Q.#%.....}\|..........phJqE@K-.rF........T_I.......^..m{.{}xF`957%..............[.&";...g.................F.........&..... .. x..r(].Ro.hl.z..s....tRNS....j'K[..7.l.........I.....?+IDATx..]n.0...(M..a.."y`.=....}`e.)gYi...{.^.G.z.>..;%AK."e..%..../3.'..l.^,.A.Zm...#...Fs\....r}7...l.l...iy.7......;......v.z]..v{.40.o....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4UaGrENHsxJlGDuGo1OIlI3K[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 82300, version 1.1
Category:	downloaded
Size (bytes):	82300
Entropy (8bit):	7.993868899885629
Encrypted:	true
SSDEEP:	1536:nG4K6l+BuoexS2Sv1TEThLUb2AQ3i/U7sCV30lbRS5NA7UFloGIN46:nGxkBxS2YEThIb2v3iIsCV2H7UFl9Z6
MD5:	78F084CD32CB85327C04655BD20D7135
SHA1:	BA8CD3AC9F80EC121C20A4423987BE8B3A706D55
SHA-256:	DC662D2DD599D356BAF970A6AE9AACB4477FCC84E39159FE4B49ED82D2ACB4B7
SHA-512:	06CF2D6AD91ABF5B8DF8AC54D4345E6560A43C59D013B2170454BA00FBF255B1D5060BD89F34640E0DFFBCB6323B7C4A94AEBEE9A4125286997E17E3606BB5D0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlI3K.woff
Preview:	wOFF......A\|................................GDEF...........<e.e.GPOS...D..;.....Qr.'GSUB..=\...<..#X....OS/2..O....U...`kr[.cmap..O........@Y..Dcvt ..V....y........fpgm..V........uo..gasp..^H............glyf..^T...a..x..head.......6...6..'.hhea....... ...$.0..hmtx...........H.v4loca.."........&O..^maxp..+.... ... ....name..+....e...m...+post...D......N....prep..@....p..... ..x.U..F.q...s.G........jiZ ...DCB...H...BO....ao........{.^......lb>..zCz......O...i..k.......$9-S.m.$..S<. .x.\|...}..e.V2Z..g4\p..{.5.....~[}_.X}^.#.`..S..U.T.......;... {....!...._../.....?."-=x..Y.p...}.z.$.......f4..w..9.J.033...'.0.p.....^.....:.T...AS.;...^.l.m...@..jD;...h{.C...'....9c.. ...a..(.7v(BY.1Q.rT.{.{'T......34A.B?.gE..B.Q5...C0....c...Y?.....+~\...IR`.'.4 )B...(.R....7..0...w.>>...O......w.x^Xi.r..:...p8R#..."....t-..p[.].-..v..E.K..5..=y8.. ..9...p._.{.;.3a..,c...6..mw;..5\|...5..78.S.&.)v.gr6.p..s!.q1.p9..j.....:Yg......I.`.m.=c..{...9..Ud..d.Rp\|....LI.'\)Y%Y...].O..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9vAA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 65492, version 1.1
Category:	downloaded
Size (bytes):	65492
Entropy (8bit):	7.991232185639051
Encrypted:	true
SSDEEP:	1536:8o/13YBCGZQwcfqIq+Czw6UdcJaznRbmySbbxB8DtseIGoIix/uq:h/13Y4GZQxq+H6UdcJonRObbxgXIVpuq
MD5:	08926D7A008503F9C640B1772C225476
SHA1:	6A57DF5217D336599BDEC757772025BEB40C4536
SHA-256:	C93F4332DAA92F95A2C2446599D6CF9E87B00B20D60DB827AF63B0E4A3FEB22B
SHA-512:	1EA8EB016DC4163F51F1CA7BE439E2C3468BE9B39BB5487FA93386E180DFFD88682FC5E2C5EB190C4CE274B92AFC24A4C331E298EE641B06B672036DC868220F
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff
Preview:	wOFF........................................GDEF.......-....p.m.GPOS......&...VL.o?]GSUB..).........u.]?OS/2.......S...`..cmap../.........v...cvt ..3....\...\1..Kfpgm..4....2......$.gasp..54............glyf..5@......n.t...hdmx...\...P........head......6...6...rhhea....... ...$....hmtx.......B.....K..loca...H............maxp....... ... ....name..............:.post........... .m.dprep...........S...)x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x.R..]A......G...m....E..2Nm.E.'/N..y.Z....F..!RE..F.w..k..L\.`..L]0y.....h...x!...9.7f...sD..fDk.BPI.wDL.:..s&..<.I\|.4D...5...'.B.R=.....I....~.H.t.......g`F'..#....5...2..:.+.T.Y.2S!.Y..W.....L[.opD.."..QIrIfI.7....]..o.>.f...V...zK.}.P2..j..F7..h..q..........f..Wai.w.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Me5g[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 65244, version 1.1
Category:	downloaded
Size (bytes):	65244
Entropy (8bit):	7.991096421944703
Encrypted:	true
SSDEEP:	1536:usLyiYRm7KcA16K7XxlQSa3DucaXhMBbGaDWz2e:xL3YMWcAM8Fa36vRhag
MD5:	73F26BF98A715ECAB4D2287FF3A02AD0
SHA1:	C6C8A2B7E67C182D77916CD2118B1B0D8A6CA549
SHA-256:	55110586D3719C3E8BDAA21F06E4CC1C0A7451ABBAE662344CBD4411536B585F
SHA-512:	429C24A54FD35F9E7DFE341425BC88746BAE605DD3BB53E48679F0174312A2A8C0C29C2B138411118E8D2678258224FF50EF10FB460CEB4B010F2FA30FA40FE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff
Preview:	wOFF...............0........................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]?OS/2......R...`....cmap..+8........v...cvt ../....T...T+...fpgm..0....5....w.`.gasp..1L............glyf..1X......u`..p6hdmx...T...R........head......6...6.j.zhhea....... ...$....hmtx.......L......3rloca...L.........j..maxp....... ... ....name...........t.U9.post........... .m.dprep...........I.f..x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\activityi;src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https___www.google[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.387553770434628
Encrypted:	false
SSDEEP:	12:hnMQbwuOaxyCkv4A1ZHLX+KIS9SQg0Pya2W2KD:hMiRO9LlISwByl
MD5:	87237C0BA7D40E5BB6869C5E2EB4F29E
SHA1:	3E197E665D05123825F3EAC6D6B02A20A2300E4E
SHA-256:	49C5FE5D7930AB6EC473297F441500C9E23054B5047A8EFBD4074BAF7FD21A67
SHA-512:	84EF0C3B88D26CF4C11A8A4700AEC0A80F873CAC07F69BAD9415C62923A451B8EB8C34005563B911543D6625C985EC558CBA83A745010FF17BDD4DB466245332
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><iframe src="https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F" width="1" height="1" frameborder="0" style="display:none"></iframe></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bhm-laptop_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 745 x 450, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	33384
Entropy (8bit):	7.973877792468172
Encrypted:	false
SSDEEP:	768:ZgR81ygKoeyQyUNs5WWVMODsj+jCRx6CGnBf5/hASk:WRYSIWWi6CYB/hASk
MD5:	76728BF26D9D66091CCF0B337026B1F6
SHA1:	956339924182EB8B63842E532133D27D9873AE27
SHA-256:	11CD12EE193D31F60EB21253FDAB996B33C0C44819BE3C36F0FB7272F4E41046
SHA-512:	999F864BF7744911019C0A88C90536CAAE0278CF6B6B2FBB150463B67A4E5B57F2FAC0323422B9865DBB9E44C393CB722BBEAD1C1AEDC4854EE7701EC314563C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/bhm-laptop_desktop.png
Preview:	.PNG........IHDR.............e..Q....PLTE...QQQ???===>>>::: ... LLL###......???...MMMUUU...............///'''888)))>>>///+++=-l===K9.YA.^E.;;;I>n6664K..PK\2_\O...............34....5&..F...h...r....hR..Kr.0&D.G.............vc....ZZZ...{{...E...UUU.....^^_.....7Oi...444.........---LLL...111...............kkk.j`.}................=.......m^X........<.fk....===tP.tM.uQ.f.............x.xS...m...\|X.~\.000zU.c.V...f...yyy....`......\|......_.......```....u..n.....o...].j..x....s...x.......x....q...p...i.f.......xS.yT.{V.}Y.~Z.{W.....~W.\.d.l.p.a.uQ...c.^...`....c.................w....rJ.v.....tS.pF..o...L.XI..g.h`X..F..f8.`2.e6.lA.s:..C..9..D._.\|Q.m.........s.........=...............l9.eA.gggCCCttthhhcccOOOaaaooo___...........tRNS./Qcy..........?..................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\chrome[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	227
Entropy (8bit):	5.235866058577928
Encrypted:	false
SSDEEP:	3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DISLIgNXK9qQ:wRkrQWR0iYBtqWt2aSyujLIgNa9GoP
MD5:	0F8BA3DA5EC9C4330A36CEFACDAC783F
SHA1:	6E4B5B387A0526ED1AD8E2A6D4CF0E01945CDD21
SHA-256:	8213FC7F4340216DE2C6E83C25C362D05D66663CBB7126A6ECD4A7D0A276802F
SHA-512:	F1FAED20A402DD75E994D3A4B56D4035C88097492C39C946F7A3A3CFAC4DE48CFEB0A5063EC2AC05E5131CA9DC9F42981C20DBF73D6142A0E32BBC3956ED4925
Malicious:	false
Reputation:	low
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://www.google.com/chrome/">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\chrome_throbber_fast[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 24 x 24
Category:	downloaded
Size (bytes):	4469
Entropy (8bit):	6.7695629044778185
Encrypted:	false
SSDEEP:	48:HwGZ9KnRJzLTMYtb62yy6J/7aQ5xhU8gACGyL7orC:HzHgHMcauQ5x5eLH
MD5:	81247683E65B6F536D25AF4B2917E823
SHA1:	331043F7F52D006377003B2AFAE4EC8EB877CEE5
SHA-256:	3E846532CACBDA65EB384367C713A798D6D6D619D97ED30D136C6ECB911AB9BB
SHA-512:	075EF7168959423DC01D3057384B1D6ADDCF7848162C44405ADCD8A8FE9412C8FF30B80259302D96D25BF262AB382E362626482AF3D5036E19817D1A5D6B9A39
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/chrome_throbber_fast.gif
Preview:	GIF89a.......4f...t.....L~......\.....<r.......\.....T~....Dr...4j...\|...\..........d.....T.....Dv.................................................................................................!..NETSCAPE2.0.....!..... .,..........b@.p......q..B......8...aeb"..@l.......P.A..v..x.CJ. p.A..Z...C.cc..C.a..C.Z..B....~.............A.!.......,.........4f...d........Lz............Dv.t........\..<n........4j...l........T..\|.....\.............U.'..tp.P....R.t..8..........}...R.M..D..]v5.Quu\|.........+..`4j!!N.....~.......d!.!.......,.........4f...t..Lz....\.......Lv....\........<n...T.....d..4j...t..T~....\..........................S.&..0B.Q.q..xL. .x.X1.=9...P.D....V...Sr.8... ...$..,.xA3..#.m...\|N.....~.....\|!.!.......,.........4f......t..T~......Dr.........\.....<n.......Lv......4j......\|..\........Dv......d.........U.'..(....0.i@.L6A.....`.W..z.G.6..&....9L...EA ...O..c$..Bxj@m..\|N.....~......."!.!.......,.........4f...d.....Lz..........Dr...t..T.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hero-anim-bottom-left[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 400 x 400, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3892
Entropy (8bit):	7.8613691044066805
Encrypted:	false
SSDEEP:	96:MyX5+VdODLHSHb4eaKGR/qbKicH8PjgSzlIas45EhSHCU:MyX5cADjSHb4WGR/q+iA8cd45qSiU
MD5:	D5484F84888D5D422C3214E0D058DD09
SHA1:	84D5F337D3C3C0024F4AFAF1B89FE87273FCD977
SHA-256:	EB9C623C4651F1C7ACDD25A5A7104EE9A460A3751446D4BF14F5853924628F6E
SHA-512:	9509FDA3EAB3CC7817CC3B421144FD89A92ED526C260AD44D49994D1E6D00F445E3ABC0D99E22FFEB20214B6427307838405DFC55F1784CC8C580996469DC6E4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/hero-anim-bottom-left.png
Preview:	.PNG........IHDR..............a......PLTE..........................................................................................................................................................................................................................................................................................................................................................................................................................tRNS.. @`.......P0..o@ 0P.o@ .._....!_.p.1o..............`.@...P.O..`.......p...A..p.....A.._Q.o.Na^?.......A1p.!o"O..`_..?..Apn_!O..r.....IDATx...E..0..ah...n.......n\|;6.~.....XT..\|.xh.\...-...U!VK].L...q.....a....m.sc.TW....$.r2e.'.....q)5.;.U.<...t...}=..o..p?i.B...y..o....H..U.w..Jn..0J..aD.(.`.....6......m-<,..]....&-p.p@..0.'.G.......W].....-]...&^.X.......a(..G...4.3....23C.....r..;.......O..0.L....$..mm6.n..<.AU..M.71.k.bH.....i.v9k.6.z......8\e.^.v61..4.1..dkS.T...8..w..q.....l.D..\.....k.!e...Q......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hero-anim-middle[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 120 x 119, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	886
Entropy (8bit):	7.427995541035093
Encrypted:	false
SSDEEP:	24:hMi6X9BEPJkKfuJP7DWiV3Stm5s7EKka9INPYSTcDO:htcQhffuJDDps4Kka6PYSwDO
MD5:	7DC4991880C08D2E4BA8C7084F3E84AC
SHA1:	DD38319D7E7BEE0EDB715BC6E3FD13DDCCB9EDCD
SHA-256:	7F85E4EC9841CD9011F8CCA307134654DA2684CF45872439960D31B0D2E0C7E8
SHA-512:	031B824AB1B32B586C67BBDBE4DA3D6BDDFCF1A87CBC7089B0ADC97B22108FE9F57F07191860C72A1A82C9944A14B996D3F6B38EA0EE48118BD62EEEBABF7B2C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/hero-anim-middle.png
Preview:	.PNG........IHDR...x...w.......t5....PLTE.............................................................................................................................................................................................=tRNS. @`P0o....@...._ @. 0_P.p`..p.@.p.o......AQQ`.........:......1IDATx....V.@........lI.@...4- ..ZQ...<.....&.[~.{.{...&i..t:.N........^.....8r.!....u...<.E.h..j..w..cU.rcU2..[';q#.c...v.X...F.D...&N..uj.+..\|&...%RK.7.u..8..V...4p..2i$G]N.s.{.....r.[X.s.+G.+..../....V.;Z..w.U.P.1. P.FR..D....rgK.E.B....j.u-f....<.#.......y.........4B./F<...g..r....b..@.9..Vy.;...UI...na.....v....{.UI^h.$/.ZIM.4.gR..C..l...l..U...j AV.V..."n."..T0..D..sM..J.%..w.]..\|^..A..A1s.z.~tQ.........-.>.\".G..@t{.t.>_...A6.o..%..........mw p..}g.....Z.....<+!.+.n.....oF..M..\|.U!.BQ+.`..>.M...X..f..<...)u....}......../......C.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hero-anim-top-right[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 540 x 540, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5219
Entropy (8bit):	7.89268241859277
Encrypted:	false
SSDEEP:	96:tFUJG+wWh9w0PkErG1ELYPjitEufzKptINAcrth66XF8LlW:vUJG+wlKXrM6EpGALmyW
MD5:	B1E38C38BFE1598A615A5CD29A8A6934
SHA1:	BD32EAF0BA944329967B96268FBB2F4771152054
SHA-256:	0BC177AB9CDFE4D264E5111C552D58DB89C477A4112DD4D1091F9F3338C8F1AF
SHA-512:	DFAA36CAA1514696E34031A6E8050C7D4AADBA84529B5ABDA1F46976D35B709ED45B05B7E9F26A8446C986F9FAECF546260D255EBB1F295D35EE98A9534FED24
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/hero-anim-top-right.png
Preview:	.PNG........IHDR.............. .N....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................{.D....tRNS.. @P`o........0.o@0 P.. @.._......o.A.1.Q..p.!P..p.._.`a.A....@.....p...O..`Q.`....................a...p.........q.........?.1!nQ.....!O...._A.B:.j....IDATx...G..0..a.mY....'..&.....W...=....KQ...{.J&..d..'gMQ.....-..M%u'.n...BL..A......y..b.frJ..RS..4.......q..n...".u....2J.{.......K]5.lA....K-..U.o1.f..)...h.c2...3q'...Ek..EN..kv.U.mA....<......1...P{4....6....@..b.0...0.06......D. ....K\|..6..d..v'.\.3.......;5.He[P.....;../.....;.!.z.%X..;..3~.O...Sh.U..}..a9.F#..c2...X.........y...n?

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\icon-fb[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 24x24, frames 3
Category:	downloaded
Size (bytes):	3273
Entropy (8bit):	3.4997108570579964
Encrypted:	false
SSDEEP:	24:XK1hxWwN85Xhw3wtQGI5ruDNYYta+F6Bksj:Y6N5Xhw3WQGI5rnC6V
MD5:	54E3C5D4FEF2ED67136B2D2089D51B6D
SHA1:	468FABF67390BED6EC8CCFD42D8C4CB3642F2503
SHA-256:	30D9BB71A0CEF1AF6AC9D3820B19ADE24E27E8ACD8F1BC17E00014A4DFDED12A
SHA-512:	676C56CE9642765A2FB7DFAAFE81456DCC2AD3D9C177BBCB3199C02D1BC5236CE2F2C1981BB15501BD5758A6172436E958F528A5F07F54751428DA2DC9F19D2D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/icon-fb.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\installer.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	57073
Entropy (8bit):	5.478510274164533
Encrypted:	false
SSDEEP:	1536:v2/wN+1ZJGYKZn1IUgwqhGdQ+I46kus2dNQg1b:4Rmn15dQzn9b
MD5:	EEFC45FDD4769C3DA2170C339A3AC789
SHA1:	9074409797CCF5343C380BE2F5794DD61EF5D513
SHA-256:	06F0D093E4F55DCCA6DD25F7EA9086507BA1E80D3CD7561338225D2BC01D8B55
SHA-512:	93D9ED2247402F7897D33BDE59D5E7801B7EE7148DD4614D4ADD804394EDB0328C94817737BDBA21D63D97507EE4073D8FCAD3406A8C6352E3F73CB07B3F4CB6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/js/installer.min.js
Preview:	(function(){var h,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},ba;if("function"==typeof Object.setPrototypeOf)ba=Object.setPrototypeOf;else{var ca;a:{var da={Mb:!0},ea={};try{ea.__proto__=da;ca=ea.Mb;break a}catch(a){}ca=!1}ba=ca?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}.var fa=ba,ha="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){a!=Array.prototype&&a!=Object.prototype&&(a[b]=c.value)},k="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this;function ia(){ia=function(){};k.Symbol\|\|(k.Symbol=ja)}var ja=function(){var a=0;return function(b){return"jscomp_symbol_"+(b\|\|"")+a++}}();.function ka(){ia();var a=k.Symbol.iterator;a\|\|(a=k.Symbol.iterator=k.Symbol("iterator"));"function"!=typeof Array.prototype[a]&&ha(Array.prototype,a,{configurable:!0,writable:!0,value:function(){return la(this)}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lpo-chrome_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 924 x 578, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11632
Entropy (8bit):	7.923086755138449
Encrypted:	false
SSDEEP:	192:5WVVIZIgHF0bLtB3z8oIq/FDqxLAwyEk0EQW/DNyNRTIkeZOLaGG:UV0H2bJB5P/FDqS0ayRTI5ZOLaN
MD5:	C4F0C8F0D7C9D67E73E321E6DB8CAA2D
SHA1:	8C9D6D2F6F31DAE05DC44F5A86D22B3E63B1A389
SHA-256:	0A0A3CCBB9F67B152C452E86B715797F0A401AE42AC55763BFC2474FEC42394E
SHA-512:	9F2BD258A303A7AE3C38BA2669200A20B249B62CCECB7845AE0273B2B6D4F78043D124980D02E4386B28FAEF19EE0FABB2D91B20ACB88BCA8F7A4C638E93E004
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo-chrome_desktop.png
Preview:	.PNG........IHDR.......B....../8.....PLTE...111@@@'**....88......?@@&''...4CC..............................9EE............................ghk...........r..e..V........ZN.....}..[YZ....$$.M@..!...X..&...v..g......C5..w.....................quy.TI.'".......A.................q...jmryz\|......JKM.V.o.=..G........r...F.pc...........=.r.........4.SC..B........@:;.....h....R..e....`...Q.M.....[.w........................--/.............bcf............!!!.wn.u.....ttv...sv{....f[.NB.rh.......rg.eS............NC.......................N.i........ron...M..Z..........................b..A..Z..{...........&..........tw\|..O.........$.........=w.....:.Vj.K...[.Wqh._.............8..Vo.....e...1(.,".'...?.:1..p..E=.....I......$.......L_.............-..(//+00'..'''8996BBCCC..o5....tRNS.........&-.17/.......................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lpo-gmail_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 924 x 578, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	25328
Entropy (8bit):	7.959355427988772
Encrypted:	false
SSDEEP:	768:nfHnf+YacJTKe2WGn2GW2IcGmuIil7oqTnJr72U0u:n/nocJuqr2VGmOl7dnB77
MD5:	D4A38743E52B43A7C74B92C21C16E8C6
SHA1:	A0D70BBA30AC460748419911C0E7A68AD84022F7
SHA-256:	8165F959A8CB25666FF0D6C65962D0AC222B96E737DC1BB7C1E6932BCC5D96E3
SHA-512:	8C6D143DC5A20FE4D509B930AC06EEC1F071DE29B516365D97F91EB39969C3576ED4579EC9679A4798EB6C5438399911973BBC4F93C54A4B62632B29B3BBFD2B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo-gmail_desktop.png
Preview:	.PNG........IHDR.......B....../8.....PLTE...???-22......?@@',,...4CC.......==............9==.....................ijl.....................p..`........C5...............\\\....#!.D8...............&...s.A~....zv.e]...........sv{.SG./)............./..H..b.....HIKpqs.....QSUstv....X...C..E.........SN...........z\|}...f...ZOY.wr..P.jK..B..V...O...............:;>...2e.......J...5.Sg....c......-.........................../1.............=<>[KJcdf............._chimq...................... !"......na^.wn.n...................IJL.pe.q_.................~{.OB.cS......}..UVX.............<=?..........yXXZ...g<4......LMM....sn..d...:5.....sss.......:g......y......d.U.......>2.O...;.....................ljt........s..G.p.UVY.....).8..................5AA(--CCCG......tRNS......&/.17........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lpo_hero_masked_browse_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 943 x 966, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	88096
Entropy (8bit):	7.970558878677478
Encrypted:	false
SSDEEP:	1536:wznpg53ZW2s32b6DT5lzmBNIiXAGfQdrfRvOtMUemk55fvJ0wx9aQNbvTGV:Y83ZvsGeDT5ogyDQbvOtdemS5fRv9EV
MD5:	47CB0980316B0010AC791B03851B5105
SHA1:	8851530D95EDCC67CC8DF5EC96215820C8E23C3A
SHA-256:	0C7A532CDCB5BC7D81AC6897569F227B7728D00B2B667A86FD9F4F8F7277DA0A
SHA-512:	77246BF9AC7A9CFBFD209B62EAF27CAEF5E4391B86E278A4249314A67F7EBC91C546E9FA4DA06EECDB7F75412EA367EB582586F6F7218D15BF05D40D071571E1
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_masked_browse_desktop.png
Preview:	.PNG........IHDR.............;.\I....PLTE....s.....h..........s.....r..r.....s........t..............8D+.Q_......0....\|........(+.B.W3-..t...4-...s..u.h[.fX.NQ.................}!..C.......y.........#..)".L".......B,$7!.X2....:..R(."=......6.G$.Q..4)"...O/..........0..P/..w..c.....\|W<([$..rZ.iRkA?gH1c>%.....i_86E...u.ybp8.aI]E3......c0$......._:P:3\|eR...txIG.{..n.Y5.wR.LD.eA.{{......jEvA".....E&.....}X..}.rq.S0..m...s]L..cjRB....wZ.B.....^.....s.WU.qL.oL...?94{A611..8...xXA..........i.mP....jl...VJ.}........qN3.yp....^[..gEh6.UHC\|TX._<.wS....eY.+..af.pc.].....5M..R1..f.....BEE....J(.......r....DM..........R1....v\|v.~......AW......._SP..gus...ed`..z\|pe.....~.p\|.~q...+N...}..p............`e .R...fHc-.\|qs<LX\.' ..Q...i.&0.I...? ...B..L.t\|...j...H....T.8e2y....*tRNS.....;!/..^`....p..O.2.P.r.Q.....q..j.u...g.....T.IDATx.........................................................................`v.X.a...UsY..&x.'m..i.L..v9g.......................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lpo_hero_ui_tabs_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 657 x 36, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4040
Entropy (8bit):	7.929077018779176
Encrypted:	false
SSDEEP:	96:IhW/sVQ3MFgqCvDESQZ0dtS6brVJgdE+3wPUx:IhWyTFgqCbEZ0dtS682q
MD5:	3F4E109AB51ADCBB204ECF803B3E3270
SHA1:	E07A8B50CDF2D1D5CCDD6177B69A697CA6AE78E2
SHA-256:	0FAC8396EDF362E6AAD9D3DE7BBFD70AD7506BDDF146D52CC2436C14039FCE47
SHA-512:	865F7BEE46419D39E6C61E84934677C3DED7CD652B75FE7963A1F927543B2AF082AA48E4707A96803448D1A2AA8DF25A51F3446C9DE348EF6ADFFFD708C9C087
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_ui_tabs_desktop.png
Preview:	.PNG........IHDR.......$......m......PLTE...;;;!!!..........."......**((.............&&&""".. ......""&..).....#.....#....................!!!..&... !..............".............................y\|.....................orv...................[^b..........dhl...<@C.......%...........lpr..Gdhk..9............C6........4.S....QUX......mns_cg...B........7.n\.......FJM..............s.ja...C......z................q....y}.x\|.gin.VK.........=................................o.....a.zP.k8._..Y..%..$.\|....Q..m......N.......f....\|.........................m..tl .^.dTKMRL.P..@..>.:8.R...-.6-.(-...........y..6.........7........R..f...n......=......u^........_........vv..p..p..m.tiW.f.Sf7.[.ZN..K:.C.=..=s.:..5`.........jg....1tRNS......%....OO...%.O.&..$...O........... ...n9)y\aX...sIDATx..X.N.@...L.....f....oJ..=.I~.U.E....8L.3Mu.+......).9i.. .....wq=y&...~..r1...S.."..J3.H."0.z0vQg^e...d.-..H......G._G.'[....,+..F.R>..[..~i..Z...n..XX'...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main.v2.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	94361
Entropy (8bit):	5.3668452903664265
Encrypted:	false
SSDEEP:	1536:VXehoqj6VnSFfmkJgrxzPCVvYNK3U9GTAacxCJwIliR7iLqF9y/W:4HYrJPuvYNlCJwIM7EqF9mW
MD5:	63F44051C495F4111E805EAECEE1137D
SHA1:	4526C6B6B8ADEDC89DBE26C24C384DB5F68E6EE7
SHA-256:	51C974BB555778A70D10FE726CDC902E4792066CA4E02DE248DE846FFF4997CB
SHA-512:	EDC3720136F19F1D9AC57C769607B4D8BCAD4AE0E8FF09BF197E959FBF3E2E9818285E5EC149D6289C9C29F404B0460A8730FA0749E3BBB8360B8F80973C567C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/js/main.v2.min.js
Preview:	(function(){var f,aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){a!=Array.prototype&&a!=Object.prototype&&(a[b]=c.value)},k="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this;function ba(){ba=function(){};k.Symbol\|\|(k.Symbol=ca)}var ca=function(){var a=0;return function(b){return"jscomp_symbol_"+(b\|\|"")+a++}}();.function l(){ba();var a=k.Symbol.iterator;a\|\|(a=k.Symbol.iterator=k.Symbol("iterator"));"function"!=typeof Array.prototype[a]&&aa(Array.prototype,a,{configurable:!0,writable:!0,value:function(){return da(this)}});l=function(){}}function da(a){var b=0;return ea(function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}})}function ea(a){l();a={next:a};a[k.Symbol.iterator]=function(){return this};return a}function m(a){l();var b=a[Symbol.iterator];return b?b.call(a):da(a)}.var fa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},ha;if("functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3224
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	48:5m73jcJqQep89TEw7UxkZCm73jcJqQep89TEw7Uxkk:5nqrehEw7U6ZCnqrehEw7U6k
MD5:	3A35614D9A6156057F7D30C91C1ED4F2
SHA1:	7DDE5D14A15F465C9BFD0B0C0B3416175E69D1BC
SHA-256:	D544FAC44B7B2CD937726C401B5C9C726F900CEF22980A7B39F8756581901B73
SHA-512:	8A31C0C90EF443E3B7AC5B930466CD8CEF1D540D2D436A7DC4D12F38686368303882A9610A57B2A1CF9AB973DB684FDA0B1831B116EAEB4D86BE816FDD627C28
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ScrollMagic.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	18500
Entropy (8bit):	5.288803063564337
Encrypted:	false
SSDEEP:	384:CEKmt3JtBOgr3CSEVbMtClyCJ4qelm2JDX6r:jv395bO+t7e4qEJDM
MD5:	955ABE8CF2E241745BEE38B92BEBC76C
SHA1:	414B13E1866A94EAEF2643A5167381BBE2AA7699
SHA-256:	09756F2D963931CD3831E019D7DFC7A71DC6EC0E02ED4CF6232C46E3B40A9909
SHA-512:	0A8289AE94A67E9262ADBE1198E622B78B01F031713A0C808854EE91A3C2101E3003C61586A7D4B05D5666531B8B5A51DCC8BB53AF5D29FD34C36C17BFEBED51
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/external_hosted/scrollmagic/ScrollMagic.min.js
Preview:	/** @license ScrollMagic v2.0.6 \| (c) 2018 Jan Paepke (@janpaepke) \| license & info: http://scrollmagic.io. . Copyright (c) 2018 Jan Paepke. . Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. . The above copyright notice and this permission notice shall be included in. * all copies or substantial portions of the Software.. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\animation.gsap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2411
Entropy (8bit):	5.443885333865454
Encrypted:	false
SSDEEP:	48:T9CwjsCJ9lDEtsQQMQHWs5G7Jo3oAFzSHrcTXwhKF1baz0vwCQ5biBz5bhLr24:T9djrgtYMQHqEoc9e54DLy4
MD5:	FBC6FD5E2FC6409C75F602320CB5909E
SHA1:	A37D2D19425526B6F9DC1873525AFB437CEFE25F
SHA-256:	ECA64F6A9419A07B0638C88AC89F7B1C7B8D6F16865291DF6F668D200064A233
SHA-512:	1092F44A35A17423AE8F70D554B5204B8A0FFE41355706567B09469D42D60F6A174434DA921D8A21B73EF6862B6FC8D6EAD14FF2B85A373AD4E5B090C39C5801
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/external_hosted/scrollmagic/animation.gsap.min.js
Preview:	/** @license ScrollMagic v2.0.6 \| (c) 2018 Jan Paepke (@janpaepke) \| license & info: http://scrollmagic.io. . Copyright (c) 2018 Jan Paepke. . Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. . The above copyright notice and this permission notice shall be included in. * all copies or substantial portions of the Software.. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\answer[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	249
Entropy (8bit):	5.304276500103586
Encrypted:	false
SSDEEP:	6:wRkrQWR0iYBtqWt2aSyu5BLCRgNa9fizi3oP:ekrY1tdkys9CRvfiuW
MD5:	CFE4236C7343D96419B974F43FD2B304
SHA1:	3FA4FD9C9F30BC6BD944F642235FAC195E27E80D
SHA-256:	B8D3165E308C8BEBF81082E1D50F75DC360E5A9E2953BE1580599F39B7DAB11F
SHA-512:	45ACB4D4AB08B3A46DA52997B3240BC7D2D726E7BFB63CCBAA3DCCB97D030267AC75123176168FF2BC7021D086AD8FCDC6A658F8F8C0499AEDF0E50DECFE83F0
Malicious:	false
Reputation:	low
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://support.google.com/chrome/answer/96817?hl=en">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\autotrack[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	25247
Entropy (8bit):	5.291680583527389
Encrypted:	false
SSDEEP:	768:Rt9hXjJ9UP+8qeyDVrQi7xD21qTOxcVB9yNGm:L9hXjJYyDVrQi7xD21qTfBu
MD5:	5E6539FD0B1C0778A5254A4ED1305DB8
SHA1:	6DFE476E85112334A53D16C11E319A7422D8396E
SHA-256:	449F80795C70E94FA7457BA00A62EEAE62CE7EFE0ABAB9681B379833AAFED838
SHA-512:	003D9E211CCA5C2FF77EB9A2C275796697C931EF1361D7013B010ECD41E304C33BD3F538105241C3A69224853B5AA45021596B3766FA13B9143CA82AAA23FC60
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Preview:	/*. @license. * Copyright 2016 Google Inc. All Rights Reserved.. . Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. . http://www.apache.org/licenses/LICENSE-2.0. . Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. */.(function(){var f,aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(c.get\|\|c.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[b]=c.value)},k="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this;function l(){l=function(){};k

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chrome-logo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 72 x 72, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2748
Entropy (8bit):	7.881860668507997
Encrypted:	false
SSDEEP:	48:MirRbkUuTaXe1SeWCco8faPIf3s05itHRxLcuI3k1AuG3S32gvawBCfpNr8nUA:Mi9baTOiSBCjHa35itHRxA8AuuFNfAUA
MD5:	9BE9465EDAD3C7E54F701272C41C2BBB
SHA1:	136531DA8AFA225BA2B1C2ACBF02ED33E0046E60
SHA-256:	B86BC964EAAEBC1AEF4CFC42B3E7B166C50F66EF521DCD3BFD7533DF18E4CCD7
SHA-512:	283BEDA09DC3D7ADBDE317D62006755766BF4D2424F682B1396B8E59B58D81064B225DC283C57960FE3F27CD32562D428198F1F8FE1BD1818F2FC0344BA71A0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/google-assistant/chrome-logo.png
Preview:	.PNG........IHDR...H...H.....b3Cu....PLTEGpL..@..O.g]..Z..V.maO...=..V..>.:.f[..B..@..T.k_..W2.q.XM.=..=!.`.kb%.f..[..V.Z..@..^.;.bW..[.NB..=.=..@..a..@..A.ZO..]..c..S..I2.o.aU..O..U.T..Y..E..>..A.oo..Z..?..Z.wo..\..E..L.@..[.WK.bW._S.cW.tj!.e..S.UH\|uU.OO..D..A..]J..I....\.._..b..E..B..a..^..`..c..^..[..`..Z..X..F..U..S..N..M.}J..J..Q.>0.....R2.K..P..I..U..U....D....yH..?..Aj.S..K..N...?2{.O...uFfpL...o.Pj..............+.[.=0\|...n......z.....Y..&.`..o>.g....SG.TH.K>.QD#.f.M@.RF.L?.QE.PD.OB.NB.L@.QD.VJ..BK...NA.<.M@.K=.H<.J=.F:.\Q.OC!.e.K>N...NB.I<...M...RE.TH...F:.....C.[P.....9.B5..C.;..<.I<L..O...OB.9.\D..A.F8.....D.[..?.. .d..=.:...U..,.e]yRu...H:.A4..>6._.7....B...0.n.7...xp..........AuhK.O>...G7.....`......@......B4...8.4..E.~...O....o.......JtRNS..... ...0...P0..P.0P...... .@..`......P.``@... .. `....`.`.@.. wR.q...6IDATx^..Gk.].........C...x.Eb........7}.{/....Kz.e.sn..;.......x.....y.....#_c....;.>/.._U..@..zk.GU.:.eC2...W.T

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chrome-logo[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5828
Entropy (8bit):	5.292681906113015
Encrypted:	false
SSDEEP:	96:+4JqrKfS5c6qyc/7IRy9dvNK60ALhVxeHRI:HvJ4rHi
MD5:	C365DFBEBEFF9E8606BDF3E3B3AECBCA
SHA1:	4CF31EC373CFE7D1E3A03CF21AC11D38B888F9C3
SHA-256:	610FFD583BAF9476A6AAB758F9C3B76A5C8EBB8A7B2446B7EFCA0B26A97D761D
SHA-512:	70FA9071CEFA580844B41CAF796894CB7CC2ABF2B7E8990B62BA3D09C7975503587DE3787C6B864940DD1318BBD583C9ECA6356C497AD97DBF85F22B8A77EB41
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/chrome-logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="48" height="48" viewBox="0 0 192 192"><defs><circle id="a" cx="96" cy="96" r="88"/></defs><clipPath id="b"><use xlink:href="#a" overflow="visible"/></clipPath><g clip-path="url(#b)"><path fill="#DB4437" d="M21.97 8v108h39.39L96 56h88V8z"/><linearGradient id="c" gradientUnits="userSpaceOnUse" x1="29.337" y1="75.021" x2="81.837" y2="44.354"><stop offset="0" stop-color="#a52714" stop-opacity=".6"/><stop offset=".66" stop-color="#a52714" stop-opacity="0"/></linearGradient><path fill="url(#c)" d="M21.97 8v108h39.39L96 56h88V8z"/></g><path clip-path="url(#b)" fill="#3E2723" fill-opacity=".15" d="M62.31 115.65L22.48 47.34l-.58 1 39.54 67.8z"/><g clip-path="url(#b)"><path fill="#0F9D58" d="M8 184h83.77l38.88-38.88V116H61.36L8 24.48z"/><linearGradient id="d" gradientUnits="userSpaceOnUse" x1="110.872" y1="164.495" x2="52.538" y2="130.329"><stop offset="0" stop-color="#055524" stop-opacity=".4"/><stop offse

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\close-icon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	380
Entropy (8bit):	6.947082124793556
Encrypted:	false
SSDEEP:	6:6v/lhPkMFKQ6sXRBOgM1Vi/rlsZ/DuujMnD673pN6BOQwVMBQbKRU6z8l0Q+jp:6v/7sDQpSc/yZ/DFjf75N6BOQ1mbx6zX
MD5:	C4EC8F447FC5E74D5344720083582D0E
SHA1:	BA55F17FF89D96F909B79B396EC88098240C8B67
SHA-256:	129A06E9E3C9F1F7AA75B0EE630F000184F08A36E9BFB14CBA1DF578C5013FE6
SHA-512:	21FF30024F47E06C143B555669A8F2971E30FFEEA61A7603F67B57A428EC9CECDCAA793D301249508F5163A5E7549A018D27FA2F2952C5DCC8FDBAE4F23AB9DE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/close-icon.png
Preview:	.PNG........IHDR... ... .....D......BPLTE................................................:;? !%......TVYTUYq.w\....tRNS.... ..._0.`.......IDAT8.....0.C.-.(`(...u...J+`.)....B.....>D'5};....]...7.hz..c...5...........d..x.`....o...~"38.P....$(Q;.au........:.......:_.........z.]8.du.:..B/.Q..O.~..P..v:..0.H.....y:.%.ewu..g..6...i...@..dY'}.+...../\|..Sl....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2244
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	48:pDeqkbiU6MTrFFMDeqkbiU6MTrFFMDeqkbiU6MTrFFE:qOHMTr7pOHMTr7pOHMTr7E
MD5:	4C447BE97D19007A5CFDD2C7AEE9A26F
SHA1:	6C9E824A27077EC9ED68E894816EF8084B19041E
SHA-256:	965D01350B29DBCD1D0CB269A49FAFD5CE0F1908F8ABC0925CF9058F6B851286
SHA-512:	74A5AB4D616AA682BA5A5A9D4C4C4670C5E4A8B1607CC635DF73F633C472B9784245C4A91C115E96243AAA26AA6DD619B5E321E7959E18ABE778FE1E8E6F112A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`..PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.....................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	9440
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	192:JsUOG1yNlX6ZzWpHOWLia16Cb7b4sUOG1yNlX6ZzWpHOWLia16Cb7bk:JsDhpNOWLiIb7b4sDhpNOWLiIb7bk
MD5:	9FDEE838E7C036092E81A4E7CC949643
SHA1:	364FC6C36972FFD803E5999AD501F3D7A2216FDF
SHA-256:	C6BF586821E13F7F6D6EF75AA82E69BD5E3E1336615C85AE513C70704F5C0787
SHA-512:	622BC3BD9F0615C191B03F2E8D018867C9D9ADCF1015DA5FB4D3462D71512B72558B32CA9F74A925C150B57FD232ABD48AFFC8D32128C50540DF02FCA8ECBB2B
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\gtm[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	131289
Entropy (8bit):	5.546759004842878
Encrypted:	false
SSDEEP:	3072:U7h1m/2MLfgLJk0KdcX6ekJoDR5eiKB2Z9:U7h1m/2MLIOdXCbeiK8
MD5:	05A8763F100CDBB4CF253A644A941E91
SHA1:	F6F9975CCE484D078CD15EA94299D0A9D41FA1F3
SHA-256:	5E71DDDF61831783A90D97F5DA6A545E229A1E415C93CB49C1C31299D21BBE7E
SHA-512:	FD4EEE71482D1A3BE4B3E06D02078A2019F116E7460129DAE4040B1147A023522338A826DFA543C466C7F271D3938F3ED1FED7A0E49BF0F92042D0778A21EB5A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"44",. . "macros":[{. "function":"__e". },{. "function":"__v",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":false,. "vtp_name":"edgeSModeApi". },{. "function":"__v",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":false,. "vtp_name":"linkUrl". },{. "function":"__v",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":false,. "vtp_name":"edgeVersion". },{. "function":"__v",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":false,. "vtp_name":"formerSMode". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__r". },{. "function":"__u",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	24210
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	384:xPini/i+1Btvjy815ZVUwiki3ayimi5eqBG1fm304Pini/i+1Btvjy815ZVUwik5:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y8d
MD5:	7B6C8BD51E49F7F56E2B21311D0EA59B
SHA1:	EDB0F7D21BCEC6C48DEDC14E9ED41383740BAE37
SHA-256:	620BD33A4E0358498D9429FE2DBA00F85A86D6059FA796B482E2A9F6B0794F2D
SHA-512:	DD1D524872EE165D230BE5B3872DEE108B806AB684AACFA955F07B7A87C1ACA63FA3B59210442E1E3C9A2D33409583E0AC3B1A6A0D4EB91BBEEF62D311FD1BC4
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	99913
Entropy (8bit):	5.5159140917740235
Encrypted:	false
SSDEEP:	1536:JBF5JG0SfAs5KQiNmX6pg+hX2M9jfOJ0hMiHvmRN/PRyRzGDf1096UAEkd/n1:JBLJG0KdvX6zRDPkqwDRT1
MD5:	AAA955BE3B11CE449F908182C5193AA7
SHA1:	ADA330BCEFCCC1F43A2529721D56764E4ED56C83
SHA-256:	DD6E1F43FD1B0C65EADB8EB615A8BE6B2EDB87E4BCFCCCF9F8425D165031504C
SHA-512:	1C1CA8671D14FD80987CC523B5F9899A7FCE5AED27EC7CB799E2441C1CE540690E6557D6FA3924EF66A506E857830032A052895EB3F1849979888FA0979AB3D5
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtag/js?id=UA-26908291-4
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};.../.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},da="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},ea;.if("function"==typeof Object.setPrototypeOf)ea=Object.setPrototypeOf;else{var fa;a:{var ha={a:!0},ia={}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\modernizr[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	18121
Entropy (8bit):	5.487052413899393
Encrypted:	false
SSDEEP:	384:sEVrsUrsbn8b9ElD9HW590TpJGd+xesmAnxpakrwHVXHh1pz:RV/Q8b9wD5jebALak0HVXHl
MD5:	22B1D136ACE6916B80EE05FD4889066E
SHA1:	03903EC6E52233623AFE851E351E160B72ED2828
SHA-256:	8C2D2E5D88589A1283EC0CDF49BEDC2DD3A8F40FE77C39C3E00ED8CEF1968FF3
SHA-512:	9BBBCBA7803D76C8F8CBD9974733211D8ED703E640B2FC673715DCC091413A2FE3E385CE1886DFCD7C5153EBDC154B1A5D83D0F004369C355EBCEDD841E2E9F7
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/external_hosted/modernizr/modernizr.js
Preview:	/*. @license. * MIT License. * Copyright (c) 2009.2011. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. * The above copyright notice and this permission notice shall be included in. * all copies or substantial portions of the Software.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, T

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https___www.google[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.389589165064501
Encrypted:	false
SSDEEP:	12:hnMQbwuOaxyCkv4A1Z3LX+KIS9SQg0Pya2W2KD:hMiRO97lISwByl
MD5:	4F57CD688E74E13C600410851DDB8050
SHA1:	B046ADB4B52AC11C175116D6169392F329AC46FC
SHA-256:	2A6DF73F93621769E1C3EC350F20F5E715244D7A7105F673258184CA7BB7886F
SHA-512:	9508AE52DA605FA3F44CF9B7858C06FB09ED3A872DB9B968E73FBCF3C1009F0D989250874B055E15BDA51B88F5A0F12C8943FA9791CB8AE499AAF84E4736B0A7
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><iframe src="https://adservice.google.ch/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F" width="1" height="1" frameborder="0" style="display:none"></iframe></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https___www.google[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	194
Entropy (8bit):	5.144203472842556
Encrypted:	false
SSDEEP:	6:hn8FQiowadCc4svmzw9xUpCX96v6OqPbRm9:hnMQbwuOaxyCkv4A9
MD5:	5EDEA4CDE2C1A9C8E8150DEAF71CE73D
SHA1:	725019DAAF24DED79DCAAC96C897CC4727CC8B35
SHA-256:	05978957C6C8B028F2785DC77271C286BFAC76E30B7BCD7E835C2927FBE897CF
SHA-512:	E55349AB79FEF70C5DF45009E9EA2E4CA57678305A25B3279CFFAD472192654FE86E30B9471313243FB081D7B2C2958E8F888F87C648AAE5FF00E289C69B615E
Malicious:	false
Reputation:	low
IE Cache URL:	https://adservice.google.ch/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=7616383680459;gtm=2wg7e0;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4836
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	96:5nqrehEw7U6ZCnqrehEw7U6ZCnqrehEw7U6k:5RvZCRvZCRvk
MD5:	CF9210C3462FD7EE63BC9ABCD479FF03
SHA1:	21C1170ABFD4DDDE51071F199963F41EB99B7670
SHA-256:	FFC87B85D8EC4F18E411212D57F21F5132DC9DE81E45383753DDB2B1D52952D5
SHA-512:	090ABA2AFBF1CED1DA64AA020B40BE912CA762CCF0273EF1776246FF3387E825F9FB98E51C207F7BD3EC1E7E671A3D685B5EA22CFF08FFABEBD63860149E9AFF
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\big_pixel_phone[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1251 x 755, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	26437
Entropy (8bit):	7.956184672039696
Encrypted:	false
SSDEEP:	768:QjmRgRsN8lazIhprbI3rnCSb3oP3Ng7jwKq:rr8lQ7nCQ3oFg7j2
MD5:	AD13A18F88F85F7EF4FBD15AE3D8379C
SHA1:	7866C9A3AABD2EF92EAC7F0D8442B752C2852F22
SHA-256:	BB82508D130CC877EFD5227CEC9741B73218703533ABB915E0C21AE7380162B0
SHA-512:	9CCF442C8E4290D13D237290B05E983A1B5E2CE925D2B4B45E0A49423852EB42CAA51C6E99E0A4800B4B7CC7646384B98A7CBB885A9DC6F2D90547B3B2B2BAC1
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/download-browser/big_pixel_phone.png
Preview:	.PNG........IHDR.............d.3N....PLTE...............NNN... ...<<<...@@@BBB<<<EEEKKK...RRR...EEEGGG@@@JJJOOOHHHCCC???@@@......QQQ...aaaGGG!!!;;;"""iii......www&&&LLLbbbkkkuuu.............................. .........CCCB..GGGhhh...444888]^^000---......**$$$;;;OOO.C5>>>...'''......IIIUUU......[[[XXXRRRAAA...mmn...jjjMMM`aaeee4.Sfgh.............rrr...cccsw{KKKyxx..............LLLvvv.....uuu..G......%........Z..y\|....ttu_ch...oop..........!{{{p..M...1(..........^S.......%............................{..=....NB.........\.........h..orv..M...........................rhv...j......6...y.J.....`N..0.i......5e..,.{u.xe[.S.k...p..zl.......6....y......OC.@7w....1.$$.{w.O..7..g.a[mC;.\| ..x..;.X......g..quy.{r.Ygn.B.J?..V......m.8.a....R...pw.Oo...S...prwpzF.`(3....h..D.fn.....tRNS............s(...b6.V.G........\|.i...y.........c.IDATx..X.j.@.4....OUb...0...!.z....uv2.....;x.....juwjCf_....s'l>....r..G....5.......%.9.As....+p.s.y.J..%.d.et...O.qI)..".@.+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\black-history-month-themes[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1000 x 610, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	86193
Entropy (8bit):	7.977361224524661
Encrypted:	false
SSDEEP:	1536:hcUOSnfj5gFbt5+mSpGJ9/4uevUXGmvfOSYsDE4wYde+TiHkQdmlhd1A5xkcRaZ1:yafiF55JjJ9wU7mStY43dNiHLQu5986Y
MD5:	0FDFC12CF786E48F5362BD5A0E84EC68
SHA1:	4D90E1EA2B1ECA226CEA167AF5690E7B1F6C142B
SHA-256:	06E8D79AFE74A5D39DEB1781A3B42637C4128F9A588A65C5186EE669604F347C
SHA-512:	1112677E3966D996938B72E876B4A39692E299489B52387A2B0A36B26C78C85E36D55A41ECA37DB894B866B1C9C240223E42222C63066BE0522726FBC5138ECE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/black-history-month-themes.png
Preview:	.PNG........IHDR.......b.....c!......PLTE..............................nnqLNO.\|{...g`W.........^`c..............A7/459................&...;U$Aj.!k..G...+.)C.I_.....E..<.....C..C..:..6.c\|.F........B...'Z...R\|.w..9g.Hu.......N....A.e.....EZ..,{.>.........{..0a.An.a..K_..j.......'R...}Jm.M\|....:.~.\|Sw..Y.....T............M.k0I.....w.~5.....-..1Y.)..,..`~....e.z........!x..;..;.I..F....~k..}....A....X....!p..J..D.8u..?..S.p.......I....Z..L..V.....g.%^.+d..S.Bz.....2j.`........:r......;q.x...../X...m..i.......&N.?Y.9^.-Q.!K..F...o..Cc....E].Tj.lq.p..`m.{v.Na..9V.3S.&Q..R..x..v...G.qK.D..b..........Yk....9...Pv.Z].Ih.'P.SZ.;a.UW...^.G...Y.q...m...E....a`.jc.ug.FV.#I..C./M.@T.:R.v{..G.5O.)K.LX..E....,U.t.=.u.k.#qC1.e"..6..1.g6S..=.....Nt.h...+.....tRNS..............................T..........................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chrome-logo-new[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 121 x 40, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2064
Entropy (8bit):	7.804367689715755
Encrypted:	false
SSDEEP:	48:38DhfQf3qtjhOc0TkbYJDSeNu57dXCoIf3NUHwOjdyc81RmXj:381YiCkb0SeNudby9vAz
MD5:	4B9A71E5C15A4DA1E20F200E9D250780
SHA1:	BD6B89544D35B20E50B439F3A3970F75B39A431D
SHA-256:	A2062146BA85EEAEDD0B68706FF94C3DF4022F6B08D7E2B5ADF18F24DFB91DEC
SHA-512:	A11EA249CD58AA8E94E5B883D9C76F6479B8597AB84F645F1AC4D32CBF90D00D16FF9F2B15F21177161224EDC221546EAF549091487099F7B002457A4A3D2CA5
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/chrome-logo-new.png
Preview:	.PNG........IHDR...y...(........)....PLTE..._bh^ah``h_bg_ch`ah`en^bh_ch_bh_cg^cg_bg`hh^bh`ci`bf_cg.e[..Y..[^ch.qj..[.>`gh.8_ch..@.^S`dh..^.cX..E.._.WL..b.RE..B..@..?..Z.bV..>.]Q..?..^..@..Z.\P.L?..]..@.N@.K?_bh+.k.UK..C^ah^.[..Y.SG..@..H.>.<.j^.l`..b.e]..F.@..@8.s.L.pe..@_bi_bh_ch..D..B..A.OC.MAJ...._.....`..^K..M....c.QE..b..\".e.SG.K?.RFL..H....]..[.UI.J=.THL....`.....@..C.N@..?.....Z..X.RF.QD..@.L>.....I.PC..B.H:........L.WK..A.h<_...........e..U..S..P..O..D.j<..;.9.D7.C6.....................`..M.....{r..n+.g,.`@.X.\Q_wPk.O^.M..K.M@.J=..<.m;.k;.I;.:.:.m:.L:.H9.8.7.A4b............................k......y.yE.wp.w3.q.vm.md.yb.mb.xa'.VQ}R..QsqQ.O..N2.N2.M..L..L..L.XL..K.Y@.f=.A4R..d...QtRNS..` .@....o.P ._0.@@ . .@! ..pP .......po`P@0 .................o``PPO@@00...=.O....IDATX...s.A....+.%........m..^.(..mBJ.h..........._...\..o.e..i.7....{ow..!....2.%.r....:G...,...J.)U...&8.D=z.hg.....U-..z.....SjO..R.j.?.]..5}.'.. &f..A=.....Tq...)S.7A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11988
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	96:vIlJ6G7Ao8RiIlJ6G7Ao8RiIlJ6G7Ao8RiIlJ6G7Ao8Ra:vI7Ao8II7Ao8II7Ao8II7Ao8E
MD5:	B162EF11D2D2DF2BBF40CF8A1C28076A
SHA1:	38388C2E223DC94893D8BACF7208DFE46275DBEC
SHA-256:	572B1FC41E62B530B6016E736957B6409C4B64D13F1ABAD96C0D42ABD8C9742C
SHA-512:	F48A7F82731288131AA3823C729EC52FE0F911D8A75FC7A554CBBBF251C3381E41B68B2C19AEE3E56F11EB877385019E966DD5DBBAD7145D717CA94AFF008914
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2244
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	48:pDeqkbiU6MTrFFMDeqkbiU6MTrFFMDeqkbiU6MTrFFE:qOHMTr7pOHMTr7pOHMTr7E
MD5:	4C447BE97D19007A5CFDD2C7AEE9A26F
SHA1:	6C9E824A27077EC9ED68E894816EF8084B19041E
SHA-256:	965D01350B29DBCD1D0CB269A49FAFD5CE0F1908F8ABC0925CF9058F6B851286
SHA-512:	74A5AB4D616AA682BA5A5A9D4C4C4670C5E4A8B1607CC635DF73F633C472B9784245C4A91C115E96243AAA26AA6DD619B5E321E7959E18ABE778FE1E8E6F112A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`..PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.....................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	18880
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	384:JsDhpNOWLiIb7b4sDhpNOWLiIb7b4sDhpNOWLiIb7b4sDhpNOWLiIb7bk:Js1pNOWLFb7Us1pNOWLFb7Us1pNOWLF2
MD5:	336CC54EB5B8B017FF58FE451B00E9E9
SHA1:	C011825AEBDDC219E740FEDC09ED3B5607BAF2D0
SHA-256:	3C1C6295B4F22D9B2E6BED404914BD6AA83C3E8FF33011D13C3F72BD4B1DF7B6
SHA-512:	D1E60FC2DBBD4ECFC77960FFAF5BF6A5107390C2CB6A4F8F7E8D9A8149D0B2CFF2047AAD9848622B146B2798B3B76C245836C012C8F5656741CCF3FD530830BB
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\google-logo-one-color[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 86x28, frames 3
Category:	downloaded
Size (bytes):	4992
Entropy (8bit):	5.4750750601521405
Encrypted:	false
SSDEEP:	48:Y6N5XhwyUuL0GXV60ipLcvyCoyHzQ4m8WOTcDN8D5fE6:H5qyUuT60iCvPRm8WOTcDSD5fE6
MD5:	5B856138975423814107326E2FA47826
SHA1:	27E99D08D7EC1C73C4A938C69C275EEC3CE62F9E
SHA-256:	47C129740EF242CBE19218FB5A8EF253391C875F92423EB2CB1D73F34AD22474
SHA-512:	B2A23129EE45236F0E41ED63C8F73FD337DA168ADDDFBF50738E71CD84268160CE77FDE06FF93D3C6CAD056FB35DBB13AF8677BCA441B97056068206B637613F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	48420
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	768:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y815PUNZ3ab3fBK9i6+1B1y815PUNZ3ab3F:8i6+1B1y815PUNZ3ab3ZUi6+1B1y815p
MD5:	D7963BFBD51BED910372E9D252C30CA2
SHA1:	6AB5A3E9B78874E7600B3D9DB1035DF60E333860
SHA-256:	182B0112F6FADB33E7E77D31CA0685D690ED03875108591E391AFCC56E70D799
SHA-512:	301BB249FF524CD914B91F7611B479635AB1F947A170E9F713FD457EFFA0EF3919EF8D4E21F6458A065453BDD9585700ABE98242ABBC7A5F9A8A6E82FF90D51D
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\icon-help[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 20x21, frames 3
Category:	downloaded
Size (bytes):	3287
Entropy (8bit):	3.54107963615874
Encrypted:	false
SSDEEP:	24:XK1hxWwN85Xhw3TL/Fbm+j5djx41tQKC/g3nfmp9hx3B:Y6N5Xhw3li+vx41+1p933B
MD5:	B14EDD59B0B6BBE624B8EFC19F2724AC
SHA1:	3B1345D845498E12723B24770DF8863BF72BAC45
SHA-256:	BB963DED37FEEA9AEA52FDC5901808752446E5EB0A901304F15C4A923F5FF659
SHA-512:	13302472CF0EB048B5199B98F7B56A56033338371771E45A9E8BBDD441BAC8C2A32C6E2C125536B70B1349D0D47D06C109244DB7F4326436A19979125B782EDF
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/icon-help.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\icon-twitter[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 24x24, frames 3
Category:	downloaded
Size (bytes):	3248
Entropy (8bit):	3.4606109454311187
Encrypted:	false
SSDEEP:	24:XK1hxWwN85Xhw3wL0t6FzmnTuICCMfX1Ek2kS8:Y6N5Xhw3MI6xkTG/GNkP
MD5:	1AA78E00E927D91BE556E86102C4A81D
SHA1:	8CFA69EAB3F53EC2E2B06809B76D3603DD8ED775
SHA-256:	3EE62D693DC92044C158DA9FCBB15951220C6A7177D98D2D55724FD87E99B2F7
SHA-512:	BD2A4F6276A56714CB0339834831255E0357EA8B22895979C7677C04DEA1E4129A6DFF0DA897C4FC12CB5DA89D1CF96F4C5F8436F764B55F69725F3077725D69
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/icon-twitter.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\icon-youtube[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 24x24, frames 3
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	3.2116499708773896
Encrypted:	false
SSDEEP:	12:XK1TbpOo4IU2cDPilY1Q92Im3XhwDk0qneKcBdpuNyCay9DNX8l77ijKfHq1bFn:XK1hxWwN85Xhw3wcnpBy9DKxGOfOd
MD5:	4EC281E5F8C5DDD2D7E8BFAEACA5BA09
SHA1:	FF5AC0CABCC97D1DF7A58FA6C50BB88D16186969
SHA-256:	CE9F74A710EC6612D9AE867C817C0556EBF218B77954137F7D13BD8147E94FA7
SHA-512:	A36DDF264D42955204AFA7FDCCC799CA849E1F6759C8B07A82A1A76B579AAACEC729F504B013F4278CE15A38B4CFFDE97484098607561DCD93B69AAC538A1C0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/fallback/icon-youtube.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\lpo_hero_masked_tabs_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 858 x 948, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	113610
Entropy (8bit):	7.981377935068443
Encrypted:	false
SSDEEP:	3072:gsha/XwSDyVmCGZaj4pQLhpY+b9Q1CK9pvfh+Q:gwa/wSDJCGZajJ0+baB9pvn
MD5:	C96A2D96B890AAA3FC479A0ADCBB2D6F
SHA1:	FEF2DFD7984DC661AA329BF253C7CDEDFF70210C
SHA-256:	44D6BE9691A1B0C80FACC7689456A8676D8AFDFA0085FB9F20D251B58539A6C3
SHA-512:	9592A94DDD08555A4A318E7D62F25A3E668020496936948C404BF0ECFD90C729B4A3005B207E450DFD1F53262E33D675159805BA0114E71654E6CB7D8853A2BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_masked_tabs_desktop.png
Preview:	.PNG........IHDR...Z..........2.^....PLTE......Ydp................s..s.............!t.......y.....Zmt...................................wL^p....s.........................................................................$"...................$..fmv...v~...mt}ow....%&)\bk68;_foX^gt{..M3...cir.... #SZb...,0PU\)'.....D+y..,.....015ry.^1.V+.yAu<%....H1.....\|..@CG4..1&.e7$..m5.K0"75+m<'....../.$f0.jpx6=D...S6'KNT.S:....Q18,"==@CIQ,...H)...C....ir\|.oN?=2@1'.Y<.wVS#.F7,.Y5^)..hH...\=-:"....N=1wG2...J....r.`@HRZL&.>.....C!.GE9jD1wxe.?#...OM?.c..a.b;#..n...~_..x.jA...WE7pr^.uJ.ljiW..n~.i...UTF.........aN@\\J.x.....;EM.O9...HIK....w.....b..Y..3<r....TccP......a..Qu.v7..ZD.......nZK.bI.jP..rP=\|..................uY..R..\\]{gVAj.{yr......Bcziii.ta..m..f.....s..um..7Wo...?\|......!Xv.....{......."tRNS.. ...E..~.>`.@.dg.\.S.p.0..~.....t.....ZIDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\lpo_hero_ui_browse_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 553 x 40, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3070
Entropy (8bit):	7.914385553019721
Encrypted:	false
SSDEEP:	48:YYHGuEbhPQT5NisTnKzWSIJ1dWg8zqNWEpRTLrU2SlvRSH7N1urf+W/cjEk8uGXn:JmubT5Y8nfLdWg8z4HxFSXA7NErfD/++
MD5:	68EC59A4783479D5374D5D8D80B61AEB
SHA1:	45CD46CE5042CA21DD7D32FF5F98A31DC70C103C
SHA-256:	A025999B7270BC2217ED010AC92713CEB8CD3FB861565AE8AADFD0D9B3A2606F
SHA-512:	CD5ED4B5E2B293341C97941488AD9D6534874FC394C000B44C4120E754F72FE1059AA2177839760C55FAF3D4B14962129C6536ACEDEA0E9D073537E1AAD71CC4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/homepage/lpo_hero_ui_browse_desktop.png
Preview:	.PNG........IHDR...)...(.............PLTE...666!!$!!!..... ..!...##$...!!/......UUT(((''(.........!!"..!........"............**..............;;;...........................x.!!!............._ch..................................................sw{.............jlp......&+.........................\|}.............>=@......................^]^534" $.....w.........sv{rrr..............JIJ..........................onpRPQ:4:....r.pW.WSYOBS........s..........m.._.`Jo0&6......u......b.d......(tRNS...._..O.O......``O........[.`U2)(.feA+.nt.....IDATx..=o.0...!.E......k..d... 1..\|...._....J.,V.?....=''...P`.......~.1.f...y.......W....................-c.k`..Fb........V0.?..YFD..i...&...(B.....$Pd.o...9e......>.F...4.....4.@!.y..............$...l...I.[...Km.&..Z.....,.K$.u.LJz.*7....H.;...1.%.-IO......y....I.....$i.iD..&%.T"...$LJ.A3MbLJ2}W.8...G...;l6..o....g5..N.N...x.k.S......,.i.........&..2S.8.9q.yV............I..O.eR._v.7. ..?.......s..+..v...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pixel_tablet[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1083 x 750, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	34075
Entropy (8bit):	7.941095083927892
Encrypted:	false
SSDEEP:	768:qbc3AGbtnspyWSGe7h6/eoJVsHGNpDZPoXNe2vpIEWGrehP7:d3AiKBSGeyxHsHG/ZgkKpJWGkP7
MD5:	CBEAEC87A130EFA8768250D15AF44F3C
SHA1:	7E0F13C0D7EBF7E681A842740F4EA5FC67B486EA
SHA-256:	9444D3D3FDD218337B6B3E1C6E8B11C37DDD21C5FC8D7930E89DCDE97A4CE27C
SHA-512:	741882E8004CFC098D526A608A8B3195415325422F1E9DDA9B635AC14A07C559CD8A9F12F6056EBE020BB6707A3AB2765891A51B681E7381D4A34127BFD524A7
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/chrome/static/images/download-browser/pixel_tablet.png
Preview:	.PNG........IHDR...;..........N..../PLTE...............&&&...>>>888111...,,,...CCC..+...!(:.g.+0@..!7>Q...D.....JJK...qt~06FCI[....#5kmsQQQ....D6...dfk___....Z.VWW...~....."&3..............%.PJP`......z...+"....eV&............4)).....)..j..>...r................3.......}+ !...z.L............n]...YI..h...zca......$"V}.xMF.j..@n..B@.......IDATx...n.1.D{.......Kdl.).(\|.........u.v..i..D...$'.....:...<.t8.i0..E.....!..N....<.-%:7./E...i5..,..X3@3)...N.8.4.. .!..2.Ki....5...S..0.iN.....9.....7o..........?.U7d..c..(.......$%,...e..<....3.t.9.TK....$lK....`9.A....G".B....&.SX........4..h.c>.1.F..#.AF..~..b.~...Y#4....S.<-.D;C{D.<.Z..H.c..$..n..n..X.i..:.;..r.......`...=.....7X(X....G...\|....R.{;.2.._...u..... #{..F...8.F........":"m.F..' Mo..6.#Bnl.H.q....(..(...e%2..<....i.K...+.ZD....e....!.J.~;...a.R........Z\|kC...a....]..J......^%;......'.%m.N.l,..jI..V.............&C.Gr.!'.G.......,(V..@......y>.K)...R..o.4..s..h..<[.P4m..2..qXe.T.H$=G..

C:\Users\user\AppData\Local\Temp\~DF0806343135C5ADAF.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47838690295660347
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loAF9loo9lWpXbfmR1V:kBqoITFprfm7V
MD5:	2688FF3174D799E9459A612118E33CD0
SHA1:	3FF8A08D0EB689874650013232AEF9CEFF3FFE0A
SHA-256:	EE28FA4843C721E5CB7867BD1D29E76E02F2C085D91D81C94711B274A9E33711
SHA-512:	832DFBD511ED80DAE14587D2313EE242170A3D0115A21B3DC56BDE51D7D983F8B1234480A57A7AEACBD2D6173C024D91D0ECC7D1EF189FF1DD9C1034ECF743B6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF9132F252BECD2BC7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA77BFA01D50202F8.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	201464
Entropy (8bit):	1.439820776220861
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+PxzaB9AM165Ew2vBx1m10g0XFHOXCuFHOXWhZ+vs+B7+Dgg+TWI18:UkF+3
MD5:	8C2C064B080BF02B27F28BD17399EB21
SHA1:	5C8D330C136DE16BE074BB9ABD216A545F08BDDA
SHA-256:	8C4F7CE1F7862634D0AB8ABC9E6ACDC689B2A61782AAB47A39DEACDAC5F4B89F
SHA-512:	CC870E6E45F59FFF4A8052532D2F27A077042048E7C4189E21A5023DBB7130F63AB315D95D29E07171FFD6B23494A9836819C5932F51F9D11B2307505720C248
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 195
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 19, 2021 15:56:01.371064901 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.371592045 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.420362949 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.420712948 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.421281099 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.422837019 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.423046112 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.423557997 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.469892025 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.475296974 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.477672100 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.477713108 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.477761984 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.477807045 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.477879047 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.477935076 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.477941990 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.482574940 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.482633114 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.482686996 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.482728004 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.482793093 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.482844114 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.483711958 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.495603085 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.495686054 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.496048927 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.506454945 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.506838083 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.544591904 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.544625044 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.544753075 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.544804096 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.545320034 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.546674013 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.546806097 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.558316946 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558355093 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558406115 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558408976 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.558440924 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558471918 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.558478117 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558512926 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.558521032 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.558554888 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.558557034 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.559082985 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.566886902 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.566895008 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:56:01.600485086 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.617198944 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:01.623368025 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:56:02.564946890 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.566190958 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.622559071 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.622687101 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.622874975 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.623003006 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.627079964 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.627656937 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.683954000 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684367895 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684449911 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684509993 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684536934 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684540033 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684593916 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684600115 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684649944 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684650898 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684845924 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684896946 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684928894 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684942961 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684962988 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.684963942 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.684974909 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.685012102 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.694350958 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.694937944 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.695233107 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.695358038 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.699290991 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.699660063 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.751024961 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.751072884 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.751178026 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.751281023 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.751750946 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.751816988 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.752342939 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.752376080 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.752399921 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.752443075 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.752465010 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.752480984 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.752552032 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.752578974 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.752649069 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.753537893 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.753560066 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.753570080 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.756886959 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.756916046 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.756956100 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.756975889 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.757002115 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.757055998 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.760902882 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:56:02.810028076 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:02.823992014 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:56:03.178379059 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.179456949 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.216485023 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.217349052 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.227765083 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.227925062 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.228606939 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.231246948 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.231389999 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.231885910 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.258126974 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.258222103 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.258569002 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.258683920 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.259119034 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.259296894 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.277964115 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.283688068 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.285038948 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.285082102 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.285118103 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.285144091 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.285157919 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.285209894 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.285217047 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.285319090 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.291049004 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.291091919 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.291156054 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.291197062 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.291249990 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.291295052 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.291301966 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.291306973 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.298628092 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.298970938 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.299164057 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.300342083 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.300523996 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.303852081 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.304168940 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.307440042 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.307482958 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.307519913 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.307539940 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.307607889 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.307647943 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.307653904 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.308509111 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.308551073 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.308587074 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.308604956 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.308615923 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.308619022 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.308644056 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.308671951 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.314007998 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.314394951 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.314564943 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.317924976 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.318243027 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.348196983 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.348242044 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.348263979 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.348452091 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.348505974 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.352689028 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.355396032 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.355424881 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.355439901 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.355593920 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.355792999 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.355945110 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.355973959 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.356009960 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.356040955 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.356060982 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.359536886 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.359575033 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.359605074 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.359628916 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.359652042 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.359657049 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.359678984 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.359688044 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.359694004 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.359735966 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.359775066 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.359802961 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.359833956 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.359846115 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.361098051 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.392304897 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.392357111 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.392498016 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.392863035 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.392931938 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.392965078 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.393027067 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.447118998 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.447179079 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.449023008 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.449071884 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.452348948 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:56:03.452780962 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:56:03.490911007 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.496668100 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:56:03.499283075 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:56:03.509299994 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:57:48.339922905 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:57:48.340171099 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:57:48.340615034 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:57:48.340792894 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:57:48.341067076 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:57:48.341227055 CEST	49735	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:57:48.342894077 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:57:48.343147039 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:57:48.381869078 CEST	443	49740	172.217.23.98	192.168.2.3
Jul 19, 2021 15:57:48.381928921 CEST	443	49739	172.217.23.98	192.168.2.3
Jul 19, 2021 15:57:48.382133007 CEST	49740	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:57:48.382345915 CEST	49739	443	192.168.2.3	172.217.23.98
Jul 19, 2021 15:57:48.390496016 CEST	443	49737	142.250.185.99	192.168.2.3
Jul 19, 2021 15:57:48.390717983 CEST	49737	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:57:48.393229008 CEST	443	49738	142.250.185.99	192.168.2.3
Jul 19, 2021 15:57:48.393341064 CEST	443	49728	142.250.186.102	192.168.2.3
Jul 19, 2021 15:57:48.393402100 CEST	49738	443	192.168.2.3	142.250.185.99
Jul 19, 2021 15:57:48.393641949 CEST	49728	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:57:48.395193100 CEST	443	49727	142.250.186.102	192.168.2.3
Jul 19, 2021 15:57:48.395317078 CEST	49727	443	192.168.2.3	142.250.186.102
Jul 19, 2021 15:57:48.397541046 CEST	443	49736	74.125.140.154	192.168.2.3
Jul 19, 2021 15:57:48.397641897 CEST	49736	443	192.168.2.3	74.125.140.154
Jul 19, 2021 15:57:48.398672104 CEST	443	49735	74.125.140.154	192.168.2.3
Jul 19, 2021 15:57:48.398767948 CEST	49735	443	192.168.2.3	74.125.140.154

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 19, 2021 15:55:48.516396046 CEST	53	49199	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:49.276370049 CEST	50620	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:49.328831911 CEST	53	50620	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:50.083868980 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:50.141305923 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:50.894047976 CEST	60152	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:50.954377890 CEST	53	60152	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:52.408703089 CEST	57544	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:52.458281040 CEST	53	57544	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:53.422529936 CEST	55984	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:53.476186991 CEST	53	55984	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:54.225625038 CEST	64185	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:54.276473045 CEST	53	64185	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:55.113847017 CEST	65110	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:55.163491964 CEST	53	65110	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:56.112138987 CEST	58361	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:56.165468931 CEST	53	58361	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:56.903708935 CEST	63492	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:56.962400913 CEST	53	63492	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:57.426655054 CEST	60831	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:57.486875057 CEST	53	60831	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:59.577543020 CEST	60100	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:59.634954929 CEST	53	60100	8.8.8.8	192.168.2.3
Jul 19, 2021 15:55:59.818794966 CEST	53195	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:55:59.879039049 CEST	53	53195	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:00.288815022 CEST	50141	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:00.292814016 CEST	53023	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:00.308151007 CEST	49563	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:00.345136881 CEST	53	53023	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:00.345675945 CEST	53	50141	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:00.368325949 CEST	53	49563	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:00.500978947 CEST	51352	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:00.553090096 CEST	53	51352	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:01.301351070 CEST	59349	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:01.342700005 CEST	57084	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:01.367544889 CEST	53	59349	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:01.399733067 CEST	53	57084	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:02.052273989 CEST	58823	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:02.117216110 CEST	53	58823	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:02.497060061 CEST	57568	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:02.556775093 CEST	53	57568	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:03.116774082 CEST	50540	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:03.156980991 CEST	54366	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:03.176537991 CEST	53	50540	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:03.214140892 CEST	53	54366	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:03.618894100 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:03.687172890 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:04.625097990 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:04.686309099 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:05.671947956 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:05.732280016 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:07.723474026 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:07.791697979 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:11.726906061 CEST	53034	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:11.744776011 CEST	57762	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:11.786768913 CEST	53	53034	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:11.797048092 CEST	53	57762	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:13.369771957 CEST	55435	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:13.423191071 CEST	53	55435	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:14.325624943 CEST	50713	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:14.378372908 CEST	53	50713	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:15.420367002 CEST	56132	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:15.474085093 CEST	53	56132	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:16.451771975 CEST	58987	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:16.510133028 CEST	53	58987	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:17.493231058 CEST	56579	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:17.551084042 CEST	53	56579	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:18.236134052 CEST	60633	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:18.287341118 CEST	53	60633	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:19.962814093 CEST	61292	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:20.031873941 CEST	53	61292	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:25.593303919 CEST	63619	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:25.645284891 CEST	53	63619	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:25.924757957 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:25.983910084 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:26.973325014 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:27.034127951 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:28.002638102 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:28.062953949 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:29.135096073 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:29.188164949 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:30.198791027 CEST	64910	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:30.249131918 CEST	53	64910	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:31.158624887 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:31.211000919 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:35.206367970 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:35.267162085 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:43.178374052 CEST	52123	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:43.240612984 CEST	53	52123	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:43.909037113 CEST	56130	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:44.008810997 CEST	53	56130	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:44.681018114 CEST	56338	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:44.738389969 CEST	53	56338	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:44.952776909 CEST	59420	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:45.018407106 CEST	53	59420	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:45.449316025 CEST	58784	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:45.508925915 CEST	53	58784	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:46.385876894 CEST	63978	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:46.445998907 CEST	53	63978	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:47.587172985 CEST	62938	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:47.647448063 CEST	53	62938	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:48.354738951 CEST	55708	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:48.461925030 CEST	53	55708	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:49.111234903 CEST	56803	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:49.170947075 CEST	53	56803	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:50.192482948 CEST	57145	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:50.242117882 CEST	53	57145	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:51.420736074 CEST	55359	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:51.480912924 CEST	53	55359	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:52.056086063 CEST	58306	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:52.116959095 CEST	53	58306	8.8.8.8	192.168.2.3
Jul 19, 2021 15:56:57.621189117 CEST	64124	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:56:57.683542967 CEST	53	64124	8.8.8.8	192.168.2.3
Jul 19, 2021 15:57:30.570945978 CEST	49361	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:57:30.628386974 CEST	53	49361	8.8.8.8	192.168.2.3
Jul 19, 2021 15:57:33.176127911 CEST	63150	53	192.168.2.3	8.8.8.8
Jul 19, 2021 15:57:33.236855984 CEST	53	63150	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 19, 2021 15:56:01.301351070 CEST	192.168.2.3	8.8.8.8	0x3426	Standard query (0)	2542116.fls.doubleclick.net	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:02.497060061 CEST	192.168.2.3	8.8.8.8	0x4c76	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:03.116774082 CEST	192.168.2.3	8.8.8.8	0x45f0	Standard query (0)	www.google.ch	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:03.156980991 CEST	192.168.2.3	8.8.8.8	0xca1e	Standard query (0)	adservice.google.ch	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 19, 2021 15:56:01.367544889 CEST	8.8.8.8	192.168.2.3	0x3426	No error (0)	2542116.fls.doubleclick.net	dart.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jul 19, 2021 15:56:01.367544889 CEST	8.8.8.8	192.168.2.3	0x3426	No error (0)	dart.l.doubleclick.net		142.250.186.102	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:02.556775093 CEST	8.8.8.8	192.168.2.3	0x4c76	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jul 19, 2021 15:56:02.556775093 CEST	8.8.8.8	192.168.2.3	0x4c76	No error (0)	stats.l.doubleclick.net		74.125.140.154	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:02.556775093 CEST	8.8.8.8	192.168.2.3	0x4c76	No error (0)	stats.l.doubleclick.net		74.125.140.156	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:02.556775093 CEST	8.8.8.8	192.168.2.3	0x4c76	No error (0)	stats.l.doubleclick.net		74.125.140.157	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:02.556775093 CEST	8.8.8.8	192.168.2.3	0x4c76	No error (0)	stats.l.doubleclick.net		74.125.140.155	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:03.176537991 CEST	8.8.8.8	192.168.2.3	0x45f0	No error (0)	www.google.ch		142.250.185.99	A (IP address)	IN (0x0001)
Jul 19, 2021 15:56:03.214140892 CEST	8.8.8.8	192.168.2.3	0xca1e	No error (0)	adservice.google.ch	pagead46.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Jul 19, 2021 15:56:03.214140892 CEST	8.8.8.8	192.168.2.3	0xca1e	No error (0)	pagead46.l.doubleclick.net		172.217.23.98	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 19, 2021 15:56:01.477807045 CEST	142.250.186.102	443	192.168.2.3	49728	CN=*.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 15:33:28 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 15:33:27 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:01.482728004 CEST	142.250.186.102	443	192.168.2.3	49727	CN=*.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 15:33:28 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 15:33:27 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:02.684600115 CEST	74.125.140.154	443	192.168.2.3	49736	CN=*.g.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 15:35:26 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 15:35:25 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:02.684963942 CEST	74.125.140.154	443	192.168.2.3	49735	CN=*.g.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 15:35:26 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 15:35:25 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:03.285157919 CEST	142.250.185.99	443	192.168.2.3	49737	CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:03.291197062 CEST	142.250.185.99	443	192.168.2.3	49738	CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:03.307539940 CEST	172.217.23.98	443	192.168.2.3	49740	CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028
Jul 19, 2021 15:56:03.308615923 CEST	172.217.23.98	443	192.168.2.3	49739	CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020	Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=GTS CA 1C3, O=Google Trust Services LLC, C=US	CN=GTS Root R1, O=Google Trust Services LLC, C=US	Thu Aug 13 02:00:42 CEST 2020	Thu Sep 30 02:00:42 CEST 2027
					CN=GTS Root R1, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Fri Jun 19 02:00:42 CEST 2020	Fri Jan 28 01:00:42 CET 2028

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4688 Parent PID: 792

Function Logs

General

Start time:	15:55:55
Start date:	19/07/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7f06b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 4572 Parent PID: 4688

Function Logs

General

Start time:	15:55:56
Start date:	19/07/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4688 CREDAT:17410 /prefetch:2
Imagebase:	0xaf0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

Network Activities

Show Windows behavior

Process Token Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report http://edgedl.me.gvt1.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4688 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Registry Activities

Key Opened

Key Created

Key Value Created

Key Value Modified