ID: 326729Cookbook: browseurl.jbsTime: 23:00:34Date: 03/12/2020Version: 31.0.0 Red Diamond

2

333333333334455666666888

1010101212121213131313134646464646485050515252525252525353

53535353

54

Table of Contents

Table of ContentsAnalysis Report https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029

OverviewGeneral InformationDetectionSignaturesClassification

StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

No static file infoNetwork Behavior

Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 3296 Parent PID: 800GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296GeneralFile ActivitiesRegistry Activities

Disassembly

Copyright null 2020 Page 2 of 54

Analysis Report https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029…

Overview

General Information

Sample URL: https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&...https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029

Analysis ID: 326729

Most interesting Screenshot:

Detection

Score: 1

Range: 0 - 100

Whitelisted: false

Confidence: 80%

Signatures

Found iframes

Found iframes

Found iframes

Found iframes

Found iframes

Found iframes

Found iframesFound iframes

URL contains potential PII (phishing

URL contains potential PII (phishing

URL contains potential PII (phishing

URL contains potential PII (phishing

URL contains potential PII (phishing

URL contains potential PII (phishing

URL contains potential PII (phishingURL contains potential PII (phishing……

Unusual large HTML page

Unusual large HTML page

Unusual large HTML page

Unusual large HTML page

Unusual large HTML page

Unusual large HTML page

Unusual large HTML pageUnusual large HTML page

Classification

Malware Configuration

Yara Overview

Sigma Overview

No Sigma rule has matched

Signature Overview

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

iexplore.exe (PID: 3296 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 1316 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3296 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

No configs have been found

No yara matches

Startup

Copyright null 2020 Page 3 of 54

• Phishing

• Networking

• System Summary

Click to jump to signature section

There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..

Mitre Att&ck Matrix

Initial Access Execution PersistencePrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

CommandandControl

NetworkEffects

RemoteServiceEffects

Drive-byCompromise 1

WindowsManagementInstrumentation

PathInterception

ProcessInjection 1

Masquerading 1 OSCredentialDumping

File andDirectoryDiscovery 1

RemoteServices

Data fromLocalSystem

ExfiltrationOver OtherNetworkMedium

EncryptedChannel 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

ProcessInjection 1

LSASSMemory

ApplicationWindowDiscovery

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

Non-ApplicationLayerProtocol 1

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

DomainAccounts

At (Linux) Logon Script(Windows)

LogonScript(Windows)

Obfuscated Filesor Information

SecurityAccountManager

QueryRegistry

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

ApplicationLayerProtocol 2

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

Behavior Graph

Copyright null 2020 Page 4 of 54

Behavior Graph

ID: 326729

URL: https://accounts.google.com...

Startdate: 03/12/2020

Architecture: WINDOWS

Score: 1

stats.l.doubleclick.net stats.g.doubleclick.net

iexplore.exe

17 54

started

iexplore.exe

10 188

started

googlehosted.l.googleusercontent.com

172.217.16.193, 443, 49757, 49758

GOOGLEUS

United States

pagead46.l.doubleclick.net

172.217.21.226, 443, 49781, 49782

GOOGLEUS

United States

7 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Screenshots

Copyright null 2020 Page 5 of 54

Source Detection Scanner Label Link

https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029

0% Virustotal Browse

https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029

0% Avira URL Cloud safe

No Antivirus matches

No Antivirus matches

No Antivirus matches

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Copyright null 2020 Page 6 of 54

Source Detection Scanner Label Link

www.broofa.com 0% URL Reputation safe

www.broofa.com 0% URL Reputation safe

www.broofa.com 0% URL Reputation safe

www.broofa.com 0% URL Reputation safe

https://translate.google.co.uk/?hl 0% URL Reputation safe

https://translate.google.co.uk/?hl 0% URL Reputation safe

https://translate.google.co.uk/?hl 0% URL Reputation safe

https://translate.google.co.uk/?hl 0% URL Reputation safe

https://books.google.co.uk/?hl 0% Avira URL Cloud safe

https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe

https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe

https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe

https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe

https://www.google.co.uk/webhp?tab 0% URL Reputation safe

https://www.google.co.uk/webhp?tab 0% URL Reputation safe

https://www.google.co.uk/webhp?tab 0% URL Reputation safe

https://www.google.co.uk/webhp?tab 0% URL Reputation safe

https://about.google/intl/en-GB_GB/how-our-business-works 0% Avira URL Cloud safe

https://policies.e.com/privacy?gl=GB&hl=en-GB382296Root 0% Avira URL Cloud safe

https://www.google.co.uk/finance?tab 0% URL Reputation safe

https://www.google.co.uk/finance?tab 0% URL Reputation safe

https://www.google.co.uk/finance?tab 0% URL Reputation safe

https://www.google.co.uk/finance?tab 0% URL Reputation safe

https://policies.Root 0% Avira URL Cloud safe

https://readalong.google/intl/en-GB_GB/privacy 0% Avira URL Cloud safe

https://www.google.co.uk/save 0% URL Reputation safe

https://www.google.co.uk/save 0% URL Reputation safe

https://www.google.co.uk/save 0% URL Reputation safe

https://www.google.co.uk/webhp 0% Avira URL Cloud safe

https://www.google. 0% URL Reputation safe

https://www.google. 0% URL Reputation safe

https://www.google. 0% URL Reputation safe

https://www.google.co.uk/intl/en-GB/about/products 0% Avira URL Cloud safe

https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe

https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe

https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe

https://policies.e.com/terms?gl=GB&hl=en-GB382296Root 0% Avira URL Cloud safe

https://www.gstatic. 0% URL Reputation safe

https://www.gstatic. 0% URL Reputation safe

https://www.gstatic. 0% URL Reputation safe

https://about.google/ 0% URL Reputation safe

https://about.google/ 0% URL Reputation safe

https://about.google/ 0% URL Reputation safe

https://www.google.co.uk/finance 0% Avira URL Cloud safe

https://policies.googl 0% URL Reputation safe

https://policies.googl 0% URL Reputation safe

https://policies.googl 0% URL Reputation safe

https://maps.google.co.uk/maps?hl 0% URL Reputation safe

https://maps.google.co.uk/maps?hl 0% URL Reputation safe

https://maps.google.co.uk/maps?hl 0% URL Reputation safe

https://www.google.co.uk/shopping?hl 0% URL Reputation safe

https://www.google.co.uk/shopping?hl 0% URL Reputation safe

https://www.google.co.uk/shopping?hl 0% URL Reputation safe

https://safety.google?hl=en_GB 0% Avira URL Cloud safe

https://www.google.%/ads/ga-audiences 0% URL Reputation safe

https://www.google.%/ads/ga-audiences 0% URL Reputation safe

https://www.google.%/ads/ga-audiences 0% URL Reputation safe

https://support.google 0% URL Reputation safe

https://support.google 0% URL Reputation safe

https://support.google 0% URL Reputation safe

Copyright null 2020 Page 7 of 54

Name IP Active Malicious Antivirus Detection Reputation

pagead46.l.doubleclick.net 172.217.21.226 true false high

stats.l.doubleclick.net 108.177.15.154 true false high

photos-ugc.l.googleusercontent.com 172.217.23.161 true false high

googlehosted.l.googleusercontent.com 172.217.16.193 true false high

accounts.youtube.com unknown unknown false high

googleads.g.doubleclick.net unknown unknown false high

www.youtube.com unknown unknown false high

lh3.googleusercontent.com unknown unknown false high

lh4.ggpht.com unknown unknown false high

static.doubleclick.net unknown unknown false high

stats.g.doubleclick.net unknown unknown false high

Name Source Malicious Antivirus Detection Reputation

https://staging-realtimesupport-googleapis.sandbox.youtube.com

operatordeferred_bin_base__en[1].js.2.dr

false high

https://schema.org/Thing 2917834[1].htm.2.dr false high

https://www.youtube.com/iframe_api?trustedtypes=1 1DNQE0KW.js.2.dr false high

www.broofa.com rs=AA2YrTuWr-THoJhZf_G0GDWJEiz9fL6BmQ[1].js.2.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://translate.google.co.uk/?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://books.google.co.uk/?hl so[1].htm.2.dr, so[1].htm0.2.dr false Avira URL Cloud: safe unknown

https://www.youtube.com/embed/ 1DNQE0KW.js.2.dr false high

https://www.youtube.com/watch?v=ggoJFaE71W8 ggoJFaE71W8[1].htm.2.dr false high

https://casespartner-pa.youtube.com operatordeferred_bin_base__en[1].js.2.dr

false high

https://www.google.co.uk/intl/en-GB/about/products?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=

privacy[1].htm.2.dr false high

https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr

~DFCCEDEDCC7A547FD5.TMP.1.dr false high

https://www.google.co.uk/webhp?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.youtube.com/feed/history?utm_source=pp&hl=en_GB

privacy[1].htm.2.dr false high

https://about.google/intl/en-GB_GB/how-our-business-works

terms[1].htm.2.dr false Avira URL Cloud: safe unknown

https://signaler-pa.youtube.com operatordeferred_bin_base__en[1].js.2.dr

false high

https://policies.e.com/privacy?gl=GB&hl=en-GB382296Root

{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr

false Avira URL Cloud: safe unknown

https://g.co/recover ServiceLogin[1].htm.2.dr false high

www.youtube.com/watch?v=48l-xdS4pXg 48l-xdS4pXg[1].htm.2.dr false high

https://realtimesupport.youtube.com operatordeferred_bin_base__en[1].js.2.dr

false high

https://www.google.co.uk/finance?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

youtube.com/streaming/otf/durations/112015 base[1].js.2.dr false high

https://policies.Root {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr

false Avira URL Cloud: safe unknown

https://readalong.google/intl/en-GB_GB/privacy privacy[1].htm.2.dr false Avira URL Cloud: safe unknown

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Copyright null 2020 Page 8 of 54

https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr

~DFCCEDEDCC7A547FD5.TMP.1.dr false high

youtube.com/streaming/metadata/segment/102015 base[1].js.2.dr false high

https://www.youtube.com iframe_api[1].js.2.dr, www-widgetapi[1].js.2.dr, player_api[1].js.2.dr

false high

https://youtu.be/ base[1].js.2.dr false high

https://www.google.co.uk/save so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.google.co.uk/webhp so[1].htm0.2.dr false Avira URL Cloud: safe unknown

https://admin.youtube.com base[1].js.2.dr false high

https://www.google. 1DNQE0KW.js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.youtube.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr

~DFCCEDEDCC7A547FD5.TMP.1.dr false high

www.youtube.com/watch?v=ggoJFaE71W8 ggoJFaE71W8[1].htm.2.dr false high

https://www.google.co.uk/intl/en-GB/about/products so[1].htm0.2.dr false Avira URL Cloud: safe unknown

https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high

https://www.blogger.com/?tab so[1].htm.2.dr false high

https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made

terms[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=

privacy[1].htm.2.dr false high

https://policies.e.com/terms?gl=GB&hl=en-GB382296Root

{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr

false Avira URL Cloud: safe unknown

www.apache.org/licenses/LICENSE-2.0 operatordeferred_bin_base__en[1].js.2.dr, accounts[1].htm0.2.dr

false high

https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72

accounts[1].htm0.2.dr false high

https://www.youtube.com/generate_204?cpn= base[1].js.2.dr false high

https://www.gstatic. 1DNQE0KW.js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://youtube.com/api/drm/fps?ek=uninitialized base[1].js.2.dr false high

https://about.google/ terms[1].htm.2.dr, privacy[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://schema.org/BreadcrumbList 2917834[1].htm.2.dr false high

https://www.google.co.uk/finance so[1].htm0.2.dr false Avira URL Cloud: safe unknown

https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html

cb=gapi[2].js.2.dr false high

https://policies.googl {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://maps.google.co.uk/maps?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.google.co.uk/shopping?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://schema.org/ListItem 2917834[1].htm.2.dr false high

https://www.youtube.com/watch?v=ZdEIZNg3epQ ZdEIZNg3epQ[1].htm.2.dr false high

youtube.com/yt/2012/10/10 base[1].js.2.dr false high

https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr

~DFCCEDEDCC7A547FD5.TMP.1.dr false high

https://safety.google?hl=en_GB terms[1].htm.2.dr false Avira URL Cloud: safe unknown

www.youtube.com/watch?v=ZdEIZNg3epQ ZdEIZNg3epQ[1].htm.2.dr false high

https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history

2917834[1].htm.2.dr false high

https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

low

https://www.youtube.com/watch?v=48l-xdS4pXg 48l-xdS4pXg[1].htm.2.dr false high

https://support.google {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

www.youtube.com/videoplayback base[1].js.2.dr false high

Name Source Malicious Antivirus Detection Reputation

Copyright null 2020 Page 9 of 54

General Information

Joe Sandbox Version: 31.0.0 Red Diamond

Analysis ID: 326729

Start date: 03.12.2020

Start time: 23:00:34

Joe Sandbox Product: CloudBasic

https://kids.youtube.com/privacynotice privacy[1].htm.2.dr false high

https://client-channel.youtube.com/client-channel/client operatordeferred_bin_base__en[1].js.2.dr

false high

https://www.youtube.com/?gl so[1].htm.2.dr, so[1].htm0.2.dr false high

https://www.blogger.com/ so[1].htm0.2.dr false high

https://www.youtube.com/feed/history/search_history?utm_source=pp&hl=en_GB

privacy[1].htm.2.dr false high

www.youtube.com/watch?v=YlmVKT3Zvhw YlmVKT3Zvhw[1].htm.2.dr false high

youtube.com/drm/2012/10/10 base[1].js.2.dr false high

https://accounts.youtube.com/accounts/CheckConnection?pmpo

ServiceLogin[1].htm.2.dr false high

https://www.youtube.com/watch?v=YlmVKT3Zvhw YlmVKT3Zvhw[1].htm.2.dr false high

https://staging-casespartner-pa-googleapis.sandbox.youtube.com

operatordeferred_bin_base__en[1].js.2.dr

false high

https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=

privacy[1].htm.2.dr false high

Name Source Malicious Antivirus Detection Reputation

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Domain Country Flag ASN ASN Name Malicious

172.217.21.226 unknown United States 15169 GOOGLEUS false

172.217.16.193 unknown United States 15169 GOOGLEUS false

172.217.23.161 unknown United States 15169 GOOGLEUS false

Contacted IPs

Public

Copyright null 2020 Page 10 of 54

Overall analysis duration: 0h 6m 10s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: browseurl.jbs

Sample URL: https://accounts.google.com/AccountChooser?Email=paul.riethmaier@gmail.com&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed: 15

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: CLEAN

Classification: clean1.win@3/138@7/3

Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://support.google.com/accounts?p=signin_privatebrowsing&amp;hl=en-GBBrowsing link: https://support.google.com/accounts?hl=en-GBBrowsing link: https://accounts.google.com/TOS?loc=GB&amp;hl=en-GB&amp;privacy=trueBrowsing link: https://accounts.google.com/TOS?loc=GB&amp;hl=en-GB

Copyright null 2020 Page 11 of 54

Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exeExcluded IPs from analysis (whitelisted): 104.43.193.48, 168.61.161.212, 104.83.120.32, 172.217.18.13, 216.58.205.227, 216.58.208.36, 172.217.21.227, 172.217.16.142, 216.58.206.46, 40.88.32.150, 216.58.209.46, 172.217.18.99, 216.58.206.42, 51.104.139.180, 216.58.212.174, 172.217.22.106, 172.217.21.234, 172.217.18.110, 172.217.22.110, 142.250.74.206, 172.217.23.174, 172.217.22.78, 172.217.21.238, 216.58.205.238, 172.217.23.142, 172.217.21.206, 216.58.207.46, 216.58.207.78, 172.217.16.206, 172.217.16.174, 172.217.23.110, 152.199.19.161, 216.58.212.134, 52.147.198.201, 92.122.213.194, 92.122.213.247, 20.54.26.129, 92.122.145.220Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, scone-pa.clients6.google.com, ssl.gstatic.com, arc.msn.com.nsatc.net, support.google.com, store-images.s-microsoft.com-c.edgekey.net, ogs.google.com, policies.google.com, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, realtimesupport.clients6.google.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.google-analytics.com, fonts.googleapis.com, accounts.google.com, plus.l.google.com, www-google-analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, static-doubleclick-net.l.google.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, youtube-ui.l.google.com, www3.l.google.com, play.google.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, apis.google.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryAttributesFile calls found.

No simulations

No context

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Copyright null 2020 Page 12 of 54

No context

No context

No context

No context

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BACZYXTY\www.youtube[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 6129

Entropy (8bit): 5.103833315561267

Encrypted: false

SSDEEP: 96:Cjtsrj3GqPuQw5rw59rw5rw57Qrw57Qrw57Qrw57vYrw57vYrw57vYrw57Qrw57O:S6M6ddd9L9L9LNtN8

MD5: 29AE3F3DF2C360741330534E9B7EE520

SHA1: A6DFBF720A2D0B424A2EC7DBF040F43C9585F4BB

SHA-256: 08D6C5CD6EB264918772500CD941EDF032D56B6D26FD48B37932748BEF41231F

SHA-512: A0E28C5E43DEDA7D5474BADE3139D3ED0F52F65CD7ADFE9AE0125012D3EA0BAEAF176CB62FC5B489D9C21080194A366184CA6B0FDFC07208D8784A8B35D3B410

Malicious: false

Reputation: low

Preview:<root></root><root></root><root><item name="__sak" value="1" ltime="3915985168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3929065168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3940905168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3964205168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3975125168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4007245168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4016845168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4054565168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4061925168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4108445168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="41

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\accounts.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Category: dropped

Size (bytes): 174

Entropy (8bit): 4.648115123901125

Encrypted: false

SSDEEP: 3:D90aK1ryRtFwsR0pqqUlB90ohOqSSWFHwbFK1ryRtFwsoIcDAqFf30NT/DOqSSW3:JFK1rUFWcqa/0oYSowbk1rUFxmAq930Q

MD5: 71F0ED89118933817B411107FC0CBA77

SHA1: CAB3B6D3E6ADB2CFB2892D0FC91B7CC153FB677A

SHA-256: 60F0E665FB1AACC990F8FD487FAC63E570CA62035784C74B4D9066FC79B42925

SHA-512: 58C4757CA8F6E90C620D3684467E09541E32063116A6930EB606C7C768F8D19FF51FCDB1188A4AB359E4F0039EF02D9D46CDCEBB11C08639D995BBAB7842B86D

Malicious: false

Reputation: low

Preview:<root></root><root><item name="__sak" value="1" ltime="3639185168" htime="30853567" /></root><root><item name="promo" value="{}" ltime="3639225168" htime="30853567" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\support.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Category: dropped

Size (bytes): 158

Entropy (8bit): 4.281993558887027

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Copyright null 2020 Page 13 of 54

Encrypted: false

SSDEEP: 3:D90aK1r0aK1r0aK1ryRtFwsR9eYHpqqRW+eYHzR3608OqSSWFHwbFK1r0aKb:JFK1rFK1rFK1rUFCYJqqwDYTR36kSow/

MD5: 843F748E49F5C83B081EAC6CFC022F48

SHA1: 7BFDF906858D111E6339DE6CDA259C5CBA9EB496

SHA-256: DCA9CD8B68118DE9BD45E16285920291C1E869E624FF867E8B7B486DC6085C05

SHA-512: 9FDF575B30731EFEA5ED983472BF8F41785395909E8731C75E6C277AB7F13F74F525E6611E2452238D121A13DA248C17F0BAE8FF835E0FA5BDBC5EC47C18ED69

Malicious: false

Reputation: low

Preview:<root></root><root></root><root></root><root><item name="__storage_test__" value="__storage_test__" ltime="3833645168" htime="30853567" /></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\support.google[1].xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13F5DDD4-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 39000

Entropy (8bit): 1.9196532752896864

Encrypted: false

SSDEEP: 192:r9ZWZe62eK39WeKw3teKwphmifeKwprQAJXzMeKwntrKvBeKwnQrFVDeKwnQGrzW:rTSMLUOi3PJv7bd80P

MD5: 4663DC525458C9E7ED609757ED6A815D

SHA1: 31D0345096AF4859AE18E8DC2D60116B8F561359

SHA-256: CE8497491F00D14CEB55A4656B576EA3F34FE03264C6FF6D606784B6A7E8B40C

SHA-512: CFB9E693B9F4F1780E720BD03ED272E357675AE5E711E9F127D6D5C8AF10E167640604F2224B494459D5DCA714E3FEC773192F1DAA0BD15F333419F269917F75

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 123236

Entropy (8bit): 2.9579207529766776

Encrypted: false

SSDEEP: 384:rCJUPQW609hg4sSX0W0Ippo5OGSaS63SDBGSaS63STjpqD2CxZb3f1+qnR/8BagH:m2FwTbVTbus97y

MD5: 27ADFAA588D08690F75B404F94788378

SHA1: B64692851C0C4A003BBD46C193178EE8FF298C93

SHA-256: C642647E5250DAAB362D1FDE5631A6396B3CA7F42853773DCFD737F1189FA360

SHA-512: 80B86EC6AB9C38F23DDD5A43F34A84489E3D286E438C9D51CA7F59D9E3C6DF5817B908C2EC1589301BE2A686A4126AD43ABA0CA5D20F8C010CA2899931220B7A

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD7-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 19032

Entropy (8bit): 1.5857993017940473

Encrypted: false

SSDEEP: 48:IwxGcprsGwpaZG4pQYGrapbS7rGQpKQG7HpRJsTGIpX2DGApm:rHZEQ76mBS7FArTJ4Fmg

MD5: B73272E8B2700C7036CD887B701DBB54

SHA1: AB532C091F0C303CF21EA89E3FBAEAFDD9E69E23

SHA-256: E4053E7009FF04E70098CA3AB74B0D9AF13D53681F99740E7D8717A0498D15D1

SHA-512: A649FD9E69AF360881ECB5E6B66B7C10395F6C206A144B5BE4B82370303475FD8F714FD3D49542AD02E2F975E442E103A62850B2D481F3551420C5E9A32D3BB8

Malicious: false

Reputation: low

Copyright null 2020 Page 14 of 54

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD7-35B3-11EB-90EB-ECF4BBEA1588}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 17000

Entropy (8bit): 3.7530932306991787

Encrypted: false

SSDEEP: 192:YvI6tZPqWceBPGbvI6teL0PqWceBPGALiI6tHqWceBPGs:P62W7Bj6kLpW7B/L56wW7BL

MD5: 21DA0E60A09872AA08F57972774856D2

SHA1: 5F24A1C6F9C775D09F577BE9B3B73AEC1D5156E5

SHA-256: 52739ABEF3B56931FC18863B9F61A1D27B9121920FE6CA2B2720F361CB9C22BE

SHA-512: 6AD4587679A3D9462574D8F5EDA2ACAE11FC388AEAE15C0BA221350189E898E81D2C8075EF5604F7A04A0B5B91B14B2C2E5664AEE1BE41B19F7C77AF2A345B86

Malicious: false

Reputation: low

Preview:".h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\02f8664b95445de6f27ba682f3c5f9ab[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 4026

Entropy (8bit): 5.165425025048119

Encrypted: false

SSDEEP: 96:+O2aTjjawLtBx0tdmK9YYlfBWX5oM4rLEa:DTj+wVeY0S4r7

MD5: 02F8664B95445DE6F27BA682F3C5F9AB

SHA1: EFF0C42E5C642D81EF76995CE6B6C059CB38DCB6

SHA-256: 343B575C37BF08A1FDC972D0D86BCFAFF9C405DE625516C8656B60D37DCBA927

SHA-512: 2F58F0E0D46B9DE2F47CA8EC41B15E4B78A02EF9C7172B7C673CF85A3FD8D8870F00AF04C82768893A86B3F787B64464DF5613C801B6D85F1FC16A614F25CCF6

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/02f8664b95445de6f27ba682f3c5f9ab.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="108" y1="165" x2="180" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="242" y1="149" x2="284" y2="149" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="34" y1="149" x2="76" y2="149" xlink:href=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2917834[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: downloaded

Size (bytes): 705351

Entropy (8bit): 5.624120338572066

Encrypted: false

SSDEEP: 12288:thuqX/x3Nt9pI2xfl7XEMUpT0nvIgPWqkUSg/:thuqXHt9u2h5XEMUpT0nQKWqkUSu

MD5: 609DA94631A9C0082127CB93D181A8E4

SHA1: 6E99249C40252E137D40106F3D2448BA4E5AFE10

SHA-256: FE4F29782C6786013372797C62741E21D8D089BAD7CE1C1BEAA2B8E70839BE10

SHA-512: D12287F1ECAC6363D9A246FA16D39A8EACD773E9390136E963BF60FB409E30C4D3FA6E70FB71D735F38E9739A05A51F01F67D75937500EBD3882FA944024F5FA

Malicious: false

Reputation: low

IE Cache URL: https://support.google.com/accounts/answer/2917834?visit_id=637426297042051008-2032747671&p=signin_privatebrowsing&hl=en-GB&rd=1

Copyright null 2020 Page 15 of 54

Preview:<!doctype html><html class="hcfe" data-page-type="ANSWER" lang="en"><head><title>Sign in on a device that's not yours - Computer - Google Account Help</title><meta content="email=no" name="format-detection"><meta content="nofollow,noindex" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="If you sign in temporarily on a computer, phone, or tablet that doesn't belong to you, use a private browsing window.&#10;For example: A public computer that's available to lots of people, like at a" name="description"><link href="https://support.google.com/accounts/answer/2917834?co=GENIE.Platform%3DDesktop&amp;hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2917834[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2951277d4c35389d7d304ed78d4fb6f6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 3437

Entropy (8bit): 5.159691776325374

Encrypted: false

SSDEEP: 48:+GzHx4GLZ/W1wHxJCXvGUQoHxno+e//Ij0jiO0ijy1uHldlzvgYx:+G2UCv0Ij0jH0P+ldlzvgYx

MD5: 2951277D4C35389D7D304ED78D4FB6F6

SHA1: 936A9062B6E78E198BA1CD7ACDB42DEA29920890

SHA-256: F3E55293686B1A4BCB8095896F8ADA506D3CE3E8BAD1DE89EAB56AFBEF3AD793

SHA-512: 8A9B5F0DAE9DFBD5C1FC7FCBEE51FD9A40302856C2F305FF0343DB2BA46D9C05B5F25A6F90AAE4AAFCEB6ACEFF7813157617773E2147954928B1E9227B581415

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/2951277d4c35389d7d304ed78d4fb6f6.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="24" y1="77" x2="48" y2="77" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="48" y1="80" x2="48" y2="16" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.043" stop-color="#1967d2" stop-opacity="0.942"/>. <stop offset="0.305" stop-color="#1967d2" stop-opacity="0.611"/>. <stop offset="0.54" stop-color="#1967d2" sto

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3394102be0315326fd760e503b31c7b6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 1997

Entropy (8bit): 4.972761923159453

Encrypted: false

SSDEEP: 48:+G0uMHxFi+eeunuGuQmDjuf3XU8MtUPFWl:+3vHxAr8Cn4tgWl

MD5: 3394102BE0315326FD760E503B31C7B6

SHA1: 8D80ABE58002CB8CF2A9C05EC5CE61F6A528AA6C

SHA-256: FD266CACD5FD6FACBA81DEB7274AD226D7916B8883F23480A86F6F9C015913C8

SHA-512: 769DDC47AAA142961A8E00CDE3566DE62A6A6CA28D6EF568D5ECF67A0A5D8EF8806CF2428B653D58B9313E86161B6099D73362E6CEA6097D0B48DF4846253FE8

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/3394102be0315326fd760e503b31c7b6.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <clipPath id="clip-path">. <circle cx="48" cy="48" r="41" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient" x1="51" y1="78" x2="93" y2="78" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6"/>. <stop offset="1" stop-color="#9aa0a6" stop-opacity="0"/>. </linearGradient>. </defs>. <title>site_sec_C_01</title>. <g style="isolation: isolate">. <g id="Content">. <g>. <g>. <g>. <circle cx="48" cy="48" r="41" fill="#e8eaed"/>. <circle cx="48" cy="48" r="41" fill="none"/>. <circle cx="48" cy="48" r="41" fill="none"/>. <g clip-path="url(#clip-path)">. <path d="M89.981,22.441,67.05,68.843c-1.63,3.328-5.58,3.008-7.182-.581L51.8,50.168c-1.613-3.616-5.6-3.907-7.208-.526l-6.8,14.3C36.141,67.408,32.029,67,30.5,63.224L25.63

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOkCnqEu92Fr1Mu51xIIzQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 21528, version 1.1

Category: downloaded

Size (bytes): 21528

Entropy (8bit): 7.973887568128485

Encrypted: false

SSDEEP: 384:uy/NCb8EbjU+Fos6gaUFZ3qR474EAqAG3w/Qpt/uxMsucMgwtDw031F:7/4zb7o6XqR4+3QptcuLg0w031F

MD5: 9680D5A0C32D2FD084E07BBC4C8B2923

SHA1: 8020B21E3DB55FF7A02100FAEBD92C2305E7156E

SHA-256: 2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8

SHA-512: E19A498866F69F3D8136A65A5AB4E92CC047170673ED00B506E325165A84216267B9FEF1E5CFD66458E85ED820C12E9C345CEC9BEE4DE48E1C2E2B1A784F179F

Malicious: false

Copyright null 2020 Page 16 of 54

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff

Preview:wOFF......T.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#gcmap...........L....cvt .......R...R..-.fpgm.......4....s...gasp...<............glyf...H..@...o..Na.hdmx..M....g........head..Mp...6...6...ehhea..M...."...$...{hmtx..M....k.....1<.loca..P8........6...maxp..R.... ... ....name..R4..........:.post..S........ .a.dprep..S$.......D..].x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 19916, version 1.1

Category: downloaded

Size (bytes): 19916

Entropy (8bit): 7.96782347282656

Encrypted: false

SSDEEP: 384:JiNCb8EbT1rG/3rjJmQ8uLc5ZiRE5HWSiPTI45tKVr6+F7gLLdz:k4zbM3rjEQ8uQPiRERWSGIWtKVrWJ

MD5: A1471D1D6431C893582A5F6A250DB3F9

SHA1: FF5673D89E6C2893D24C87BC9786C632290E150E

SHA-256: 3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A

SHA-512: 37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff

Preview:wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`t.#.cmap...........L....cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..:...j...w.hdmx..F....d........head..GD...6...6.Y.ihhea..G|.......$...vhmtx..G....k.....\].loca..J.........g.L.maxp..K.... ... ...\name..L........|..9.post..L........ .m.dprep..L........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 19824, version 1.1

Category: downloaded

Size (bytes): 19824

Entropy (8bit): 7.970306766642997

Encrypted: false

SSDEEP: 384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2

MD5: BAFB105BAEB22D965C70FE52BA6B49D9

SHA1: 934014CC9BBE5883542BE756B3146C05844B254F

SHA-256: 1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED

SHA-512: 85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff

Preview:wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ServiceLogin[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: dropped

Size (bytes): 1524235

Entropy (8bit): 5.820545205992213

Encrypted: false

SSDEEP: 12288:223RkYyvasjT9+LMNsCHrPyfj0b1F7jZ6WBOeVyT4uVk1Ld:r4vasjT9fbz+kbyTTVkv

MD5: 33B6683370615405F1FDDE91E62A6E9C

SHA1: 8770F3D11263267B035F85D8BA51CDF5AA8781B5

SHA-256: FAA190914C195A1BF3AB11CD9242373F187B5D9371EBA75EC8ECDD4EF31AAED1

SHA-512: 88BAA0E9544A232E4258FB3D102AB30924B3E932C4FBC5A9635EF20F555AF033924B25AF6FAC14D9C772F7AA9637AE465352A12981E5E33B67F9B9B9C9AA78C6

Malicious: false

Reputation: low

Copyright null 2020 Page 17 of 54

Preview:<!doctype html><html lang="en-GB" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="e5yBFzB+sF7yDu5flGvsvQ">window.WIZ_global_data = {"Mo6CHc":4676857043780890293,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUXb4ND9OjzhjUHjxDbJdOVKgUr71A:1607032884707\"]\n","Qzxixc":"S771853910:1607032884690823","thykhd":"AKH95ev6f_Tt6-6sgQDIcnFYPYLTGqveqqerEsSplGVDKn6Ss7uvZ1Kv57zsw0zOnAtu5PIvC2sxReZxpgSoN0QF04eM2ptULYjWADh35D01xNZNpggK83Q\u003d","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fsupport.google.com%2Faccounts%2Fanswer%2F98564%3Faneid%3D635484579725699029&amp;rip=1&amp;nojavascript=1"><style nonce="e5yBFzB+sF7yDu5flGvsvQ">body{opacity:0;}</style></noscript><title>Sign in . Googl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ServiceLogin[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\analytics[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 47051

Entropy (8bit): 5.516264124030958

Encrypted: false

SSDEEP: 768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su

MD5: 53EE95B384D866E8692BB1AEF923B763

SHA1: A82812B87B667D32A8E51514C578A5175EDD94B4

SHA-256: E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B

SHA-512: C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD

Malicious: false

Reputation: low

IE Cache URL: https://www.google-analytics.com/analytics.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var l=this||self,m=function(a,b){a=a.split(".");var c=l;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING||[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\b18d13e9ea8a362642b7d25bce665039[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 16764

Entropy (8bit): 5.015659059704473

Encrypted: false

SSDEEP: 96:+7oy39iUOhxSoUhWBIBGNdByrJZeGyHObsjXDRKRpQ7wvkoln1WIGeDNc6ei52Ki:6vQ6JZoRKRa05Z9GImZAJgwEWZBYF

MD5: B18D13E9EA8A362642B7D25BCE665039

SHA1: 928BE33E3ABE8071A068BE98084F406D5F4C07E2

SHA-256: 10F69DBA0842572682B65444464A1F8879BF29B201E730D5F824BB6636536555

SHA-512: 651CB5E1435A1E72392D425E73487413EF0A035574E84F738D775D29668CA7222AFA56C5AE77AB3A0AF15ECF94467C7070727EF10C0F38820545D5C81ABE2255

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/b18d13e9ea8a362642b7d25bce665039.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="180" y1="77.807" x2="144.01" y2="77.807" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.133" stop-color="#1967d2" stop-opacity="0.98"/>. <stop offset="0.271" stop-color="#1967d2" stop-opacity="0.921"/>. <stop offset="0.411" stop-color="#1967d2" stop-opacity="0.822"/>. <stop offset="0.553" stop-color="#1967d2" stop-opacity="0.683"/>. <stop offset="0.696" stop-color="#1967d2" stop-opacity="0.505"/>. <stop offset="0.84" stop-color="#1967d2" stop-opacity="0.287"/>. <stop offset="0.983" stop-color="#1967d2" stop-opacity="0.033"/>. <stop offset="1" stop-color="#1967d2" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="191.997" y1="77.804" x2="168.003" y2="77.804" gradientUnits="userSpac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\c1b97d74dace7e43a9ccb26841a7cae4[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 6217

Entropy (8bit): 5.12197916092655

Encrypted: false

SSDEEP: 96:hmpCgaDaIvQiJgZMDRzvrphOqqzfHm0TCgGT908uB75T:xPuB75T

MD5: C1B97D74DACE7E43A9CCB26841A7CAE4

SHA1: 83F78C8D77BF9499B7E839345BB94C22A89616AF

SHA-256: D9DE9633583A448CAD1268D42FFDF48D0B3C60D2693600B843A7EBE43AD06908

SHA-512: B3986AF15A3FFB3AB35B8E3C120BC9BA8BECD5892CB7C1DE0BA5AD08A83499ACEC288B20708EE834EA43BFE446FD01ADA8CA55E0893EEBE766241913DB11A88B

Malicious: false

Copyright null 2020 Page 18 of 54

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/c1b97d74dace7e43a9ccb26841a7cae4.svg

Preview:<svg id="Content" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="41.178" y1="24.308" x2="41.368" y2="32.801" gradientUnits="userSpaceOnUse">. <stop offset="0.004" stop-color="#cdd0d5"/>. <stop offset="0.466" stop-color="#b1b6bd"/>. <stop offset="1" stop-color="#959ca5"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="29.696" y1="67.461" x2="68.387" y2="28.77" gradientUnits="userSpaceOnUse">. <stop offset="0.001" stop-color="#fff"/>. <stop offset="0.131" stop-color="#fff"/>. <stop offset="1" stop-color="#fff"/>. </linearGradient>. <clipPath id="clip-path">. <circle cx="27.84" cy="50.69" r="6.427" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient-3" x1="50.224" y1="35.554" x2="50.224" y2="31.004" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#cdd0d5"/>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\c1b97d74dace7e43a9ccb26841a7cae4[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 100406

Entropy (8bit): 5.525672610215441

Encrypted: false

SSDEEP: 1536:pIjKdByen4KOw9McPis5wfmYW23KeCTgXYH1mUQIaJmJdQQOJtTY2O2s+od3E0:pxByen4m23sg41mU1mm7POvY2O9d3E0

MD5: F703AA01FA1649D14950B7E4539DF1C2

SHA1: 78314DD487CF0AFD139D085B8873EBE12C3D6E3F

SHA-256: 090B52C2D41BE76825F837CF93B9CEA34F43A43D619B5B5EEBDAD5A0D9BA23CC

SHA-512: 8859F09D9059A36E6A90CA164F7FDD2BBABD7FA8FDABFF38C36F3156EE56C7BBE6627F1FAF9A7EADDE99916DF4220CCBCCB504412501D80FED67B752F5566B54

Malicious: false

Reputation: low

Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,na,ta,xa,Ba,Da,Ia,Ra;_.ea=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};xa=ta(this);Ba=function(a,b){if(b)a:{var c=xa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 211057

Entropy (8bit): 5.518231609941433

Encrypted: false

SSDEEP: 3072:peqgOg7uQlxKsLKKhgXmUGUc5Q732dPNrg7eXBJ5e8EBeokwPVoABNUp+:pezue+72ndq7WJ5e8qewPDBNUp+

MD5: 1AD398FC7AF49E0D86D536ED3C819557

SHA1: 1E1785F9623F21A48CB0D90FADC396074BDC8454

SHA-256: 01C34137C14B7A3C2894A05BC086E8CD11A634FE87FE426E98BCEFB73E8704AE

SHA-512: EA29FB004D089523A59BA55E848D84D6567283271CC661E1F7AB3528A0DD539D254336FFD2DFF8B37976A12FEF0ABF528DE4DD30B3F6DBDE3A1DAF32584A0D89

Malicious: false

Reputation: low

Preview:/* JS */ gapi.loaded_1(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var Ex=function(){};Ex.prototype.NF=null;Ex.prototype.getOptions=function(){var a;(a=this.NF)||(a={},_.Fx(this)&&(a[0]=!0,a[1]=!0),a=this.NF=a);return a};.var Hx;Hx=function(){};_.K(Hx,Ex);_.Fx=function(a){if(!a.JI&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.JI=d}catch(e){}}throw Error("ka");}return a.JI};_.Gx=new Hx;.._.Me=_.Me||{};.(function(){function a(c,d){return String.fromCharCode(d)}var b={0:!1,10:!0,13:!0,34:!0,39:!0,60:!0,62:!0,92:!0,8232:!0,8233:!0,65282:!0,65287:!0,65308:!0,65310:!0,65340:!0};_.Me.escape=function(c,d){if(c){if("string"===typeof c)return _.Me.escapeString(c);if("Array"===typeof c){var e=0;for(d=c.length;e<d;++e)c[e]=_.Me.escape(c[e])}else if("o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 63719

Entropy (8bit): 5.5792036933703235

Encrypted: false

SSDEEP: 1536:pIjKdByen4KOw9McPis5wfmYWG7UIaJtTY2O26q02p:pxByen4mG7UIavY2Okp

MD5: A25830D61E3A5E9C0EE1247711B1A2A6

SHA1: CEB58B5369DBC7CE426C3856BBEC7E99332BE07C

SHA-256: 1320C729BB178D835E39CD1BF83F8C64EA0F8973BBCF69E27F9FAD8D7E2456F7

SHA-512: 9C2009AFA9F59F1077067CCD7D1FD4125DEF8DF44D4B0F4F42072CD9E7709F7622529326B234591A31CFCFA9253049AA136AAE942542BC311F744DB1ECD8DED7

Malicious: false

Copyright null 2020 Page 19 of 54

Reputation: low

IE Cache URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uhBKOtz6fOw.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw/cb=gapi.loaded_0

Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,na,ta,xa,Ba,Da,Ia,Ra;_.ea=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};xa=ta(this);Ba=function(a,b){if(b)a:{var c=xa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[3].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text

Category: dropped

Size (bytes): 613

Entropy (8bit): 5.157298093683682

Encrypted: false

SSDEEP: 12:UJO6940FD7O6ZRoT6pYwEmr37uqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:G9XD7OYs/UrR/iOYsNxDv/iOYN7Nxw

MD5: DC8AE9686BDE8C1517953AAF4C645E68

SHA1: A95E59D8DDFECBE128C05B8C30E14688F135CA03

SHA-256: AC7E61AF97048090E29FE6561A86B5FCD8F7BEF016C399D0C32683B02F059AD6

SHA-512: 5728E987376AE9209E44E677BACFE41F03FBC97B468D5BEE6F43D0CAE95B7F6AF7666DC05094B11C77F7BA72A2C963E4C4CB8C438F0B893B2D0A9C47DCB318D6

Malicious: false

Reputation: low

Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d1b68e2cd423aba52d74f02573df2d2d[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 9849

Entropy (8bit): 4.969315565687199

Encrypted: false

SSDEEP: 96:+d0yV2aITB9sHTzAIyIdeoaqRF+6/wWN7c2RGd8V:CAWyoaqRF+6I8H

MD5: D1B68E2CD423ABA52D74F02573DF2D2D

SHA1: 9FAA2F472EEAA4B61BE00B1A0AE2E1DE3082E407

SHA-256: 2041BF4F141AC095ABE365C86BB814509EF11DC741BA3B7E70FE60766432110E

SHA-512: B1B798397D00943958E8E00CB73243CF40129921EFFF9DB852891B47711F0B32CB616EC1D24A8CCAFF939CED0F24399649FCF9C7614D8F880899C7152D9D525E

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/d1b68e2cd423aba52d74f02573df2d2d.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="338" y1="92" x2="354" y2="92" gradientTransform="translate(-238)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="1" stop-color="#1967d2" stop-opacity="0"/>. </linearGradient>. <clipPath id="clip-path">. <rect x="97" y="107" width="50" height="51" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient-2" x1="126" y1="147.5" x2="156" y2="147.5" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#188038"/>. <stop offset="1" stop-color="#188038" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="254" y1="165" x2="270" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e28714c71f217892f72b2698ea5cefef[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 4134

Entropy (8bit): 5.054285765130248

Encrypted: false

SSDEEP: 48:+GOHx16ZAvHxDg+eJ/eux4tBeLDNdBeLSlBeLLpZdrzTPr+UkVr3H2c:+r1XSDQBe7BeeBeBeUkl2c

MD5: E28714C71F217892F72B2698EA5CEFEF

SHA1: E4257063DB9DF43DCDE90920CC3F34978BAEA51D

SHA-256: 65845E7CECBF4E88691BFF290F72B427B70887E23879F523BBC5B2B032C7609F

SHA-512: C693B70D3EDCB32DAEA8BEC867BDF34AC2ED491F9CBC4A57A5433F462DC6EF2D0F01A0C17D7DFD457064D13D45207659ABF116B09191DFDDF38E706FC72A59BD

Malicious: false

Copyright null 2020 Page 20 of 54

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/e28714c71f217892f72b2698ea5cefef.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="48" y1="71" x2="48" y2="25" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#5f6368"/>. <stop offset="0.232" stop-color="#5f6368" stop-opacity="0.699"/>. <stop offset="0.568" stop-color="#5f6368" stop-opacity="0.32"/>. <stop offset="0.836" stop-color="#5f6368" stop-opacity="0.086"/>. <stop offset="1" stop-color="#5f6368" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="76" y1="48" x2="86" y2="48" gradientTransform="translate(129 -33) rotate(90)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#f29900"/>. <stop offset="1" stop-color="#f29900" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="76" y1="15" x2="86" y2="15" gradientTransform="matrix(1, 0, 0, 1, 0, 0)" xlink:hr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e28714c71f217892f72b2698ea5cefef[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e79ea0ed464fc8952d5b5582f9f9ae53[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 13232

Entropy (8bit): 5.004489515608496

Encrypted: false

SSDEEP: 96:+9luEGZ2aRcZGDTBmQLBnEGRDzQeqzNOo4HFvdRX1ju6RGumD6k9i4AIkwNgFFro:HBBJQeq07fXDIumDf9lAuNgFFrpi

MD5: E79EA0ED464FC8952D5B5582F9F9AE53

SHA1: 7C64CD9D283C3E87EC34160A70688A52D6144766

SHA-256: FC432273DBD2B5233238B2BCA3E167CE7DD6BCB5318B3D06DC664ED15F309637

SHA-512: 3A5DE44AF0E40C6E226E4AACCE0BB7C9F78FE4DFB301B0FAB28586D7112456CC812F399DE163285CB6B79E1316DC87BF04ADA33A20AF9825417E33C122063A0A

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/e79ea0ed464fc8952d5b5582f9f9ae53.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="-56.701" y1="323.063" x2="3.299" y2="323.063" gradientTransform="matrix(0, 1, -1, 0, 614.584, 137.96)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#202124" stop-opacity="0"/>. <stop offset="0.023" stop-color="#202124" stop-opacity="0.079"/>. <stop offset="0.257" stop-color="#202124" stop-opacity="0.751"/>. <stop offset="0.4" stop-color="#202124"/>. <stop offset="0.615" stop-color="#202124" stop-opacity="0.751"/>. <stop offset="0.965" stop-color="#202124" stop-opacity="0.079"/>. <stop offset="1" stop-color="#202124" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="273.911" y1="117.637" x2="297.393" y2="102.387" gradientTransform="translate(333.87 -192.271) rotate(78)" gradientUnits="userSpaceOnUse">. <stop off

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

Category: downloaded

Size (bytes): 5430

Entropy (8bit): 3.6534652184263736

Encrypted: false

SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B

MD5: F3418A443E7D841097C714D69EC4BCB8

SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606

SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770

SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563

Malicious: false

Reputation: low

IE Cache URL: https://support.google.com/favicon.ico

Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

Category: downloaded

Size (bytes): 5430

Entropy (8bit): 3.6534652184263736

Encrypted: false

SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B

MD5: F3418A443E7D841097C714D69EC4BCB8

SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606

SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770

Copyright null 2020 Page 21 of 54

SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/policies/favicon.ico

Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[2].ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 2736

Entropy (8bit): 5.324592035584431

Encrypted: false

SSDEEP: 48:x7uwFt1AfyLaFDsq3jfDKTbjhhUTSLllFQKb2I9X0ALMkTkuS0b:xiM3hhU25QK39XFLMkTkr0b

MD5: 16B2CDC55BE3F9E0EADA57B57473A1AA

SHA1: 6842EA5D5DBB269F625DF6378EE1494884E76C25

SHA-256: AED0FFF6E642D086EA53ED6FE3F18D42535A9079FC983D4A4E0E071C25BFA405

SHA-512: 6E55DE339D9637C49BDB847A8477D981F47DC9830F7883998A11AFFB6ED860115ED17D2622CC5610711CC427FF472DE56F295C10502C73B1AB646EE6399F5817

Malicious: false

Reputation: low

Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("NpD4ec");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("SF3gsd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("YLQSd");._.su(_.sy);.._.m();..}catch(e){_._DumpException(e)}.try{._.k("lCVo3d");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("o02Jie");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("rHjpXd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("pB6Zqd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("QLpTOd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("oWOlDb");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("n73qwf");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("MpJwZc");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("bIf8i");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("omf1Od");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("zbML3c");.................._.m();..}catch(e){_._DumpException(e)}.try{._.k("zy0vNb");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("K0PMbc");.._.m

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=_b,_tp[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 148888

Entropy (8bit): 5.465964474496821

Encrypted: false

SSDEEP: 3072:l1BJIWAALPfzs5w+QPrjmNzZmiWIlMR9Zax:LBBfQ5wNjmmiWuF

MD5: 47D6364CEC58546E9F13B41515492999

SHA1: B61BDAEEB39B36F3D0540730EC79F431C7B92883

SHA-256: F1741C9A5E12A465520F48C8CD1ED05EB96079DD7CDB9A3B7E51777B3E858D24

SHA-512: 1A79BD69A293B03C9FABB5FD45FA815A100D288CAA274E212EC30C6481A0F1A3A0BBA136F84A6BE477C02AC784A46071F69B30A03662A42EA8FFD113CE3D3EBF

Malicious: false

Reputation: low

Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{.var za,Ja,La,Oa,Pa,Sa,Ua,Za,ab,ib,mb,pb,Ob,zb,Sb,aa,Tb,Ub,Vb,Xb,Yb,ac,bc;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){return aa[a]=b};_.da=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.da);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a));this.g=!0};_.ea=function(a){return a[a.length-1]};_.fa=function(a,b,c){for(var d="string"===typeof a?a.split(""):a,e=a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};._.ia=function(a,b,c){b=_.ha(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};_.ha=function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ka=function(a,b){return 0<=(0,_.ja)(a,b)};_.la=function(a){if(!Array.isArray(a))for(var b=a.length-1;0<=b;b--)delete a[b];a.length=0};_.ma=function(a,b){_.ka(a,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=byfTOb,lsjVmc,LEikZe[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 35768

Entropy (8bit): 5.476673262581025

Encrypted: false

SSDEEP: 768:4S8RAJHIJ0FYxye7+PI7goFKukd6TUTrVgFovJNSX6Ps2AhI/B37n:4CJ9wgoFbkEY9Jv5b/BLn

MD5: CAF070856F2919C5462E8AAB9267C9D6

SHA1: 421887707998ECF12016546CB7EBB6BD7C53BCC2

SHA-256: B9146CDEF22A0752186F58CD0A7BE27F36D9FE581160B0D6B3E507ED53BF1023

SHA-512: F5E275DA55727C69EBE1C16351C2FBE91F7405DBCE5074E38EAC55D907E28E676E5DDAF9752690A626B60D96450F962062B8954EA2962CF0F1090227AC46391A

Copyright null 2020 Page 22 of 54

Malicious: false

Reputation: low

Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{._.m("sy2o");.._.n();.._.jx=function(a,b){a.sort(b||_.Ba)};_.kx=function(a,b){return(b||document).getElementsByTagName(String(a))};_.m("syx");./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var rx,tx,Zca,ux,Vca,Uca,Yca,Wca;_.lx=function(a,b){this.j=this.ya=this.o="";this.S=null;this.s=this.i="";this.u=!1;var c;a instanceof _.lx?(this.u=void 0!==b?b:a.u,_.mx(this,a.o),this.ya=a.ya,this.j=a.j,_.nx(this,a.S),this.i=a.i,_.ox(this,px(a.g)),_.qx(this,a.s)):a&&(c=String(a).match(_.Jm))?(this.u=!!b,_.mx(this,c[1]||"",!0),this.ya=rx(c[2]||""),this.j=rx(c[3]||"",!0),_.nx(this,c[4]),this.i=rx(c[5]||"",!0),_.ox(this,c[6]||"",!0),_.qx(this,c[7]||"",!0)):(this.u=!!b,this.g=new _.sx(null,this.u))};._.lx.prototype.toString=function(){var a=[],b=this.o;b&&a.push(tx(b,ux,!0),":");var c=this.j;if(c||"file"==b)a.push("//"),(b=this.ya)&&a.push(tx(b,ux,!0),"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=byfTOb,lsjVmc,LEikZe[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\operatordeferred_bin_base__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 379746

Entropy (8bit): 5.198591864608641

Encrypted: false

SSDEEP: 3072:EW33VDASR+wDi4ZaEGzpbTwul1sXs3SskDPlrysSJQrTAbu9tDu2I2mW4vT7VO2l:R3atOJrysSJQ/Abu7u2I2d6r

MD5: 66178685A67BC68D84E3AF8B9724BB74

SHA1: A120EE28FAA47994F5D8597C99998B4EFFFE0BDC

SHA-256: D5695FE25A447FBD946750A8C0B7638BF412068BB4D452C713BC56BF14C50472

SHA-512: 14FF84DFB395B1BE30951BE44BA7213581FEF004EFAFEDD6F3DD85DCDAC47D91E7C421AC600E7C934681EEDF9DFD0CD43C13056A6C38859DDCA61E686B18AABF

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/support/realtime/operator/1606899676466/operatordeferred_bin_base__en.js

Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var rtsinternal_,rtsinternal_aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},rtsinternal_ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},rtsinternal_ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&.c.Math==Math)return c}throw Error("Cannot find global object");},rtsinternal_da=rtsinternal_ca(this),rtsinternal_a=function(a,b){if(b)a:{var c=rtsinternal_da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&rtsinternal_ba(c,a,{configurable:!0,writable:!0,value:b})}};.rtsinternal_a("Symbol",function(a){if(a)return a;var b=function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\player_api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 810

Entropy (8bit): 5.294743120587862

Encrypted: false

SSDEEP: 24:E1P5OYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1BlPcSAXC5kaJLzwYhQ

MD5: 2368CA0820DAB1350C1B068A1AC12AD9

SHA1: 2F5F6583708AF8402560AA0AE0188C5FBAE9CCF3

SHA-256: 48256943247CCF16AB69F7ED335EA1DA52C209A3571C4E20B86B676308A70AA4

SHA-512: EBC3130A23C1D0AECA41237BAF93D18E5F4474F3AA7472F1D62759DF2AB6EE5CA80A5FB01885BDC46D93F93FFE6848D0CF40C9B797CD25417ABB67FE7725B00E

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/player_api

Preview:var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/408be03a\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce||c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)})()};.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: dropped

Size (bytes): 286943

Entropy (8bit): 5.596807888691317

Encrypted: false

SSDEEP: 1536:1mA3R/nonHAyWHNSBaddT0fWSY4wqnWe9MDX5nlX4BndZNbVDEBNYXfHjcGbkXRR:OgxcfOU0lX4BdZPzsfJcViS2gyT91Oc

MD5: ED6F0A80D776EBCE6AE56ECE0E006CC9

SHA1: 20CDCF242B05B5B79FE59CAB784C6A77CD0AD05B

SHA-256: 2CB08C691CEF7178E73D5A594DF2B468856E6DBB2EDD8E0A5452CAA7CF711093

SHA-512: ECDB914243C1BCA4DB7A7B8222201819477726E88699E3AF091BB8AA3FFBC1BDFC669F9D122A476F19C54315AB9052390455D3D88F7758FC524258267F922158

Malicious: false

Copyright null 2020 Page 23 of 54

Reputation: low

Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://policies.google.com/"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, maximum-scale=5, width=device-width"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Privacy &amp; Terms . Google"><meta name="apple-mobile-web-app-title" content="Privacy &amp; Terms . Google"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="manifest" crossorigin="use-credentials" href="_/IdentityPoliciesUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//ssl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacy[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rs=AA2YrTuWr-THoJhZf_G0GDWJEiz9fL6BmQ[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 116353

Entropy (8bit): 5.546439869725101

Encrypted: false

SSDEEP: 1536:tVCQDEcmwcgwL1Jvb7fcW2C4U7euQYhLHevyvBvNS0Hll+n:JoykvIlUhLLHzBvNS03c

MD5: A1616E21A3FABA4DE15B1EBC6DAAD91A

SHA1: 742CECEE27522BD52772AD6FDBF361AD7FA338E7

SHA-256: A94AA664F7C08A086579458FE69CB2EA7ADF8609B685F4376D52CC12C79DA70C

SHA-512: 587A792F5D8CFA6DCED778FE6A0C4B134CA6A5D24C76B3AEC8D456257F0D4CB458F29C5821AB8E31F1B0395B12B59EE4E76F6B9318FACCEAC1EDC7EB699D12D8

Malicious: false

Reputation: low

Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Oj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Pj=function(){};_.Pj.prototype.o=null;.var Rj;Rj=function(){};_.v(Rj,_.Pj);Rj.prototype.j=function(){var a=Sj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Rj.prototype.B=function(){var a={};Sj(this)&&(a[0]=!0,a[1]=!0);return a};var Sj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("U");}return a.A};._.Qj=new Rj;..}catch(e){_._DumpException(e)}.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Tj=function(a,b,c){a.j||(a.j={});if(!a.j[c]){for(var d=_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\so[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 46821

Entropy (8bit): 5.725682007058534

Encrypted: false

SSDEEP: 768:R5/d9SvRuT2RM0MmSfnoV33D7SaQPFJ/N48j/OkC:5MMTnoFT7SR13rOkC

MD5: F5EFC5C1EDB0D769159EF758ACB96867

SHA1: 323EE648A7162678DAA3DE019C15C1A8B64A00BA

SHA-256: B159D09C5A5EECBB07CF6DDD21FF7AF9F6DE53FECA28A41DA2AA87F051B9D3C3

SHA-512: FA66D9DB1DCB22C778C418386641B35FD738995F356E32F077A007C1248B25180D0D4F4ADA54056BD52EA0B65432D4F55C8CFFC72510000CF4FB0A06BBD4475B

Malicious: false

Reputation: low

IE Cache URL: https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&spid=545&hl=en-GB

Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="mD2Ed/ctvVTWmcMxxBkA6g">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"5681835235032460106","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1607032910499110,173289287,1343140526]\n","ZwjLXe":545,"cfb2h":"boq_onegooglehttpserver_20201129.07_p2","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://policies.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"One

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tos_main_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 10539

Entropy (8bit): 5.17242962527228

Encrypted: false

SSDEEP: 192:M5S4NktFWoBlVtlLT1BtiSV63ubkT+kep5kvxLDPa/7CPLN2B:M51N2FWoBlVtl31BtiW63ub69s5kvxLE

MD5: 828E5AA8F68BC08101BBDB02CFFDC7A0

SHA1: 2D14F36ED408D450911D8D32009597FD0FED2206

SHA-256: 54091F2DE9DF003DC1651B4F43F3D41D6AEBB20EA1669C8CD4B01BB3ED80E582

SHA-512: D21D4B0D9DDE8E1D396F8B4F36598D9CC3AFF2906CA1E788EDD4E8F0C9ABFBAA4085CBD775CD30E48ABCDDC25258D803F144B5F0C39961C1E3922464E6C41101

Copyright null 2020 Page 24 of 54

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/tos_main_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:url(#linear-gradient-2);}.cls-4{fill:url(#linear-gradient-3);}.cls-5{fill:#e8eaed;}.cls-6{fill:#bdc1c6;}.cls-7{opacity:0.2;fill:url(#linear-gradient-4);}.cls-8{fill:url(#linear-gradient-5);}.cls-9{fill:url(#linear-gradient-6);}.cls-10{fill:url(#linear-gradient-7);}.cls-11{fill:#34a853;}.cls-12,.cls-17,.cls-18,.cls-19,.cls-20,.cls-21,.cls-24,.cls-26,.cls-27,.cls-28,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{fill:none;}.cls-12,.cls-19,.cls-35{stroke:#fff;}.cls-12,.cls-17,.cls-18,.cls-19,.cls-21,.cls-24,.cls-26,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{stroke-miterlimit:10;}.cls-13,.cls-34{fill:#4285f4;}.cls-14{fill:#174ea6;}.cls-15{fill:#fff;}.cls-16{fill:#5f6368;}.cls-17,.cls-18{stroke:#dadce0;}.cls-18,.cls-19,.cls-20,.cls-26,.cls-27,.cls-28,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{stroke-linecap:round;}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tos_main_illustration[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\unnamed[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced

Category: downloaded

Size (bytes): 1393

Entropy (8bit): 7.741695342683955

Encrypted: false

SSDEEP: 24:D/6Bm17qS9DbPDQ45Gkds4VbbBYdVATpFxb+hs3xl0Sau164l2kFSWZR2vtUx2lH:D/6BmIG7hdbYdVules3xla+64l9wxVUo

MD5: 0EAA75E84E3B5D76E26B5BDEF873465E

SHA1: 79DAEA62FA0952E79644B23305210D61B6CBB631

SHA-256: D375701BEED766135440CC65BD4CEDE9CC455C0116A362E124C3C2158EDCEFF4

SHA-512: EE117EEF8002ABEF55C7521FDF265C597226994BDD4EDDF9965E22E1FBA4D8526544A6427F847C2BEA3B586B3E4C06BEB6584D1CCEF5A06AD4739CAF837DB7EB

Malicious: false

Reputation: low

IE Cache URL: https://lh3.googleusercontent.com/o9U8AvPuX9gkIYtYfNmH-_wBdTfOJ7jb0VwbLWWbERzml7oTPngODhKv2Br7A64=w64

Preview:.PNG........IHDR...@...@......iq.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[;l.A..;1!@.@......@" ....44|KD.......E..(A"....ih ...@.H..B..)............>{w{...H..n.;;og.vfw..T.YM....^.m`...b.0.....V..^\....`Jo..B.-..}....F...)..wq..<6........5.L.a.a.q.}.."...J...g..*..FZ.....4m.4.*.n..i.g.8............3...w./:..Be....r.T%.0......g5..v.:..X.r.V..?...c_3.J...u ........da....).c.3p(...T.l.E..3....Q.9.R7{...'...MTQ. ..@...R.....j:up....j...w#?...|.n.}E.........Q:.Q.._..n....W.Q...x.:.X...aU.....o;../4MS..P...Z....%...a.V...S...x...B..FfL{g....%'^......kd.C.U..7.;.....@{.|.+K.o.0+;.........\%..,qA...(...@......."Gdd..^..C..c.w..S[.P....`......B^....~.c.'t...4 ...P..I$.....,.-.....Z.^..\M.....d.`...TV.LC.....`..H.....KYYB..,......o.../.|v...d.Y......H.....q..Bq/. 09...7.@....."."n.".d..:'..r...x..F.O......m.i....}.....SS.'g7...|1..d.dA........:T._..>.t....M...A..$....vN[.#..|..7...,.J.."w...D.v4..F2..?}..@.mclf>w+...h.m..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\your_relationship_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 12542

Entropy (8bit): 5.166391118628051

Encrypted: false

SSDEEP: 384:fCTzZ3TpxIgLqTbz0pDlh5t97JIvfG/V+Lk/B5dAg1hoA:fCQzy

MD5: 667D93D9651F9419CF89361977A37D84

SHA1: 9670E1BDBB50F071AF5B565FDA5CE53EE01B1941

SHA-256: 84D0495F9F20BE09F1AA5265D10B910CD967D040EE1B5022E56EF1FE93F1DA22

SHA-512: 2E5181309FA95062157E25489FD1F5945FB16DD1CC171B3AE9D6B10FC6A849427C0496549A174870A050B16C5F4627EA0A41E2626D57B471131005CBF1D41077

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/your_relationship_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 328.36 180"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:#bdc1c6;}.cls-4{fill:#dadce0;}.cls-5{fill:#f8f9fa;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-31,.cls-33,.cls-34,.cls-35,.cls-36,.cls-43,.cls-6,.cls-8{fill:none;}.cls-6{stroke:#dadce0;}.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-6{stroke-miterlimit:10;}.cls-21,.cls-29,.cls-31,.cls-34,.cls-35,.cls-6,.cls-8{stroke-width:2px;}.cls-7{fill:#ea4335;}.cls-11,.cls-12,.cls-36,.cls-8{stroke:#fff;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-31,.cls-34,.cls-35,.cls-36,.cls-8{stroke-linecap:round;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-31,.cls-33,.cls-34,.cls-35,.cls-36,.cls-8{stroke-linejoin:round;}.cls-10,.cls-40,.cls-42,.cls-9{mix-blend-mode:multiply;}.cls-10{opacity:0.5;fill:url(#linear-gradient-2);}.cls-12{stroke-width:1.5px;}.cls-13{fill

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4165cd3aa643abb80fe1953668f67551[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 21529

Entropy (8bit): 5.054443624807617

Encrypted: false

SSDEEP: 192:X60/6I3ppwx5qaqdT0TM2uTQOi4Rsd22Z1CrTqtqj3UGs8GsCv31Y9YUxzfmUY:/3ppwx5ncTBRsd22Z1CrT8u3M3unY

MD5: 4165CD3AA643ABB80FE1953668F67551

SHA1: 5CB99354ADCF5162232CF6947AEA1423426CF12F

SHA-256: F3FF1A6BB6153FA3F31FC17B1A8E57F835BB0DA7A9EB6430CFF660A02DEE7E54

SHA-512: 070292AB655F2879879DF09306E5F57BFFCD075B7CBEA27156DD19D981B6E40F441C5DE05EF40DB0AFDB1D6294B4E02A0C304E5E67C4EC4F9011483C0FF7BD8A

Copyright null 2020 Page 25 of 54

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/4165cd3aa643abb80fe1953668f67551.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="240" y1="94" x2="316" y2="94" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="272" y1="68" x2="272" y2="72" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6"/>. <stop offset="1" stop-color="#bdc1c6" st

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4165cd3aa643abb80fe1953668f67551[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 26180, version 1.1

Category: downloaded

Size (bytes): 26180

Entropy (8bit): 7.9847487601205405

Encrypted: false

SSDEEP: 768:axmLo3N7711ZHlB8N6yt/DvXjXjmDNzv6:bLodN78Ii7jKJv6

MD5: 4F2E00FBE567FA5C5BE4AB02089AE5F7

SHA1: 5EB9054972461D93427ECAB39FA13AE59A2A19D5

SHA-256: 1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7

SHA-512: 775404B50D295DBD9ABC85EDBD43AED4057EF3CF6DFCCA50734B8C4FA2FD05B85CF9E5D6DEB01D0D1F4F1053D80D4200CBCB8247C8B24ACD60DEBF3D739A4CF0

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff

Preview:wOFF......fD................................GDEF.......\.......QGPOS.......#..+...QGSUB.......y......m.OS/2...|...U...`h...cmap...........~n...cvt .......y........fpgm...........uo..gasp................glyf......=...m...5head..Z....6...6..'.hhea..Z.... ...$.0.5hmtx..[...........).loca..]....y.....K.6maxp..`H... ... .=..name..`h.......r.i6Ppost..a..........i]\prep..d....p..... ..x.U....Q.F..=#.0ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z..+..=Z...~.................0.8....r.|...=s&oG....q.Fg...Y...:Wc..>..p..p....)......{.aX..}.?.k... .......N.=.c.Do.....~2.=.i$....0..>..!.'v.....q....>>.....o....30..0.w..|hR&mrf....,.Y..........%<..0.#.~...._a.c......K.z...H1..u.2.Y_..0.9..`.,.:.=(.N~..*.a.<.D=....*.V....\..>./.B.`iE..A9.S.|?.g).Rj..8Q...h.y.G.^.kx.o.....(...#....9...,4I8...7..o.I|@x..1.>'...H.m..$.yp..f..%..F$0.0.I.1...WR...E..8?a..|"................A.(...ZJ.q.K|...S.1..ht.ck....e...T.Zs,W..0..%.i.R...Ku.K.y.....j.RD..~..dpsh.fc.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\51cd09d6239edc9652bc05ad1d149a5c[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 13177

Entropy (8bit): 4.927867691017123

Encrypted: false

SSDEEP: 96:+RHGRrrsHa2aDBUKdU1Q7dXphVsVjVArUaNqvqurfGFDJDfQaUZuZyWF2gSM4wEz:4G6HiNq14FvrUaNqvqiGJJjJUE8wnI

MD5: 51CD09D6239EDC9652BC05AD1D149A5C

SHA1: 6C88C92D1C01A8ADDDA86322DEB1487CDA763C8E

SHA-256: 96B628232FE1459C56ADFC5E7877CE0AEC28E17D3B137408B7A2EC278181BDDF

SHA-512: DA5F756FBFBA4EE0540B651D2DA1A5664A2689E55EC3F7124F284C3B2EC7288E447D7CEB5A54CC372E7E782D8DA0DBCB320E68F71D1A3E675F4085BB88BFB812

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/51cd09d6239edc9652bc05ad1d149a5c.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="293.155" y1="108.155" x2="321.845" y2="79.466" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6"/>. <stop offset="1" stop-color="#bdc1c6" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="46" y1="93" x2="74" y2="93" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <sto

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\546f2b674b407304a2570e71a216e509[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 20864

Entropy (8bit): 4.925372381610842

Encrypted: false

SSDEEP: 192:7HksMYZuvecIQW8rzTLbzDAEIHN8Ssvopa:7HU12wvopa

MD5: 546F2B674B407304A2570E71A216E509

SHA1: 0ADEC43FBC9DFC2AB1587FD3F6A673FE227B625B

SHA-256: 9D42DE0208263D6D6E7F1A627677B426CCB3E492334293B794CC141F9FA0FB3B

Copyright null 2020 Page 26 of 54

SHA-512: D8CDC2C086A94E00D2D14CED3D87CB17235AC9F541CD2C6A28F438FA8CDFD064D832B53E40D58CAD4C4D5044FDDCF777DF2BBC2C2902874C1B23EF3096FE2C05

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/546f2b674b407304a2570e71a216e509.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="13" y1="105" x2="49" y2="105" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <stop offset="1" stop-color="#bdc1c6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="39" y1="166" x2="75" y2="166" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\546f2b674b407304a2570e71a216e509[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\6RYML-AXwgKXIEhuMiV2AYgQkEUD0Ei6B6ms7b7P0Jk[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: downloaded

Size (bytes): 22030

Entropy (8bit): 5.607219130091125

Encrypted: false

SSDEEP: 384:Fxj+RhI3EKo9yStGTtfdv4hnitKGMyInoFK8rPoM:FR+RC3EKokSwui+kFl

MD5: 0E32A494C72100AFA8320DCF728DDE81

SHA1: F59CA0C93AA27387A59CBC8905A89F12F670E7FD

SHA-256: E9160C2FE017C2029720486E322576018810904503D048BA07A9ACEDBECFD099

SHA-512: B3E406AF3FCD50BB9501D2F993886E9D08F55BEE3F5BE778E5AE68B6B65052072158ED11BC98E1707256A88DB868FB48D35238DEA5A15C9C7D40BF37792F58CA

Malicious: false

Reputation: low

IE Cache URL: https://www.google.com/js/bg/6RYML-AXwgKXIEhuMiV2AYgQkEUD0Ei6B6ms7b7P0Jk.js

Preview:(function(){var Q=this||self,r=function(T,W){if(W=(T=null,Q).trustedTypes,!W||!W.createPolicy)return T;try{T=W.createPolicy("bg",{createHTML:K,createScript:K,createScriptURL:K})}catch(O){Q.console&&Q.console.error(O.message)}return T},K=function(T){return T};(0,eval)(function(T){return(T=r())&&1===eval(T.createScript("1"))?function(W){return T.createScript(W)}:function(W){return""+W}}()(Array(7824*Math.random()|0).join("\n")+'(function(){var T0=function(T){return T},t=this||self,q={},U,Wv=function(T,W,K,O,m){for(K=(O=[],0),W=0;K<T.length;K++)m=T.charCodeAt(K),128>m?O[W++]=m:(2048>m?O[W++]=m>>6|192:(55296==(m&64512)&&K+1<T.length&&56320==(T.charCodeAt(K+1)&64512)?(m=65536+((m&1023)<<10)+(T.charCodeAt(++K)&1023),O[W++]=m>>18|240,O[W++]=m>>12&63|128):O[W++]=m>>12|224,O[W++]=m>>6&63|128),O[W++]=m&63|128);return O},f={},QG=function(T,W){return T<W?-1:T>W?1:0},iy,Kh=function(T){return/^[\\s\\xa0]*([\\s\\S]*?)[\\s\\xa0]*$/.exec(T)[1]},OZ=function(T,W){function K(){}T.Xg=((T.prototype=((K.prot

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\891994193-postmessagerelay[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 9830

Entropy (8bit): 5.577356955265671

Encrypted: false

SSDEEP: 192:GNC1QwruoQ7zBzvvWLBiv/SKFIJtjmetyN3kKoo5uBfhIzHuvwot:GNnwruoQ7zBkESUIJ3cVoKmqO4ot

MD5: 4BB2402C1DA73394F2E66D4441A175E2

SHA1: 64EAE6D6CFF2DABE0FC013E56FCAD22BE25647BC

SHA-256: 0DB831F1A9ACBA0CE828CCEBB768C0B4EEABB1BF26187B6810529D95A904BEAF

SHA-512: CE9F04C7C356F6F4FD3DDD037C83F43A8493797BAFDCAA101AD6F63A2F471C11F4D35115EC9D63BDA1E7131A9C26E50B4AACED8FB9210347894985A0C19823E3

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js

Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self,w=function(a,b){a=a.split(".");var c=m;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b},x=function(a,b){function c(){}c.prototype=b.prototype;a.o=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.m=function(d,e,h){for(var l=Array(arguments.length-2),n=2;n<arguments.length;n++)l[n-2]=arguments[n];return b.prototype[e].apply(d,l)}};function y(a){if(Error.captureStackTrace)Error.captureStackTrace(this,y);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}x(y,Error);y.prototype.name="CustomError";var z=function(a,b){a=a.split("%s");for(var c="",d=a.length-1,e=0;e<d;e++)c+=a[e]+(e<b.length?b[e]:"%s");y.call(this,c+a[d])};x(z,y);z.prototype.name="AssertionError";var B=function(a,b,c){if(!a){var d="Assertion failed";if(b){d+=": "+b;var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\900a793eae04f4bddd675f8d95c4a794[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 4391

Entropy (8bit): 5.07432704633403

Encrypted: false

SSDEEP: 48:+GO/YWHx4GLZ/W12HxDWj6V7QlWHxjUW+ev/3jZVV8gFOiawwEMqjJ79oqFCB2IK:+Hp2ShN4Q3ji9w8qj1C/JBWgWV

MD5: 900A793EAE04F4BDDD675F8D95C4A794

Copyright null 2020 Page 27 of 54

SHA1: D79FE87CC4B220245AB72251DCF3AE4C71108544

SHA-256: 166EAB00B3516B5AEB1BB114FA70D57E0F4E021D4C06735C6969B08C5B7E1FDB

SHA-512: E18FC18597424E69987E13E8F4E6E174A56B46C2D1616E203AC9C02EFBEFB47CCABB39ED999B0DF1784CEFC0D7444C19E2DDACA30022F45864554F999587DE13

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/900a793eae04f4bddd675f8d95c4a794.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <clipPath id="clip-path">. <path d="M48,7A41,41,0,1,0,89,48,40.989,40.989,0,0,0,48,7Z" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient" x1="12" y1="68" x2="24" y2="68" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="46" y1="71" x2="46" y2="25" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#f29900"/>. <stop offset="0.138" stop-color="#f29900" stop-opacity="0.81

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\900a793eae04f4bddd675f8d95c4a794[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\CheckConnection[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: dropped

Size (bytes): 31708

Entropy (8bit): 5.429882032069438

Encrypted: false

SSDEEP: 384:ArBSqwWVuEw1MoJbhS+Teq8wk+j1rRoitp582xn1ZFK3MkyYXG50UYHOktoK1Q:AtWn1hJbhVuwkW1rRoh2xnh8VUmOkZQ

MD5: 4E7D0994C72AD6B1EFE0ECECB6405AC8

SHA1: 56ED6BC2238A9D2044ADCF7E69F3D62671793811

SHA-256: 6F1E6853448A8C4CCAF326D95D6C28C1CD56E88F29090406AA44BABAE57562E1

SHA-512: E541332F97C9A76055D62B69EC701EAF5032E7CC2800A316F612FB4E07953E60EC5A577B9F194648CD6E7A41B0412BE53FBF86005ED3994C1E229E42D445ABA5

Malicious: false

Reputation: low

Preview:<html><head><script nonce="p0CT+PtxKwVuGv8lQnvi2A">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,k);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))},aa=function(a,b){a:{for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"===typeof a?a.charAt(b):a[b]},ca=function(a,b){b=ba(a,b);var c;(c=0<=b)&&Array.prototype.splice.call(a,b,1);return c},da=function(a){l(a)},ha=function(){var a={};a.location=document.location.toString();.if(ea())try{a["top.location"]=top.location.toString()}catch(c){a["top.location"]="[external]"}else a["top.location"]="[external]";for(var b in fa)try{a[b]=fa[b].call()}catch(c){a[b]="[error] "+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 19888, version 1.1

Category: downloaded

Size (bytes): 19888

Entropy (8bit): 7.96899630573477

Encrypted: false

SSDEEP: 384:0c6bX9TSzYzCrQH+qXM6C0ouF0xcYye+5x/U3S0X5v+obEgm:0cCV8GuPVyzx/MS0X5v+oI/

MD5: CF6613D1ADF490972C557A8E318E0868

SHA1: B2198C3FC1C72646D372F63E135E70BA2C9FED8E

SHA-256: 468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F

SHA-512: 1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff

Preview:wOFF......M.................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......P...`u.#.cmap...0.......L....cvt .......H...H+~..fpgm...(...3...._...gasp...\............glyf...h..:q..i..+ Ohdmx..F....f........head..GD...6...6...\hhea..G|.......$.&..hmtx..G....d.....E#loca..J.........\s@.maxp..K.... ... ....name..K........~..9.post..L........ .m.dprep..L........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[2].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 20356, version 1.1

Category: downloaded

Size (bytes): 20356

Entropy (8bit): 7.972919215442608

Encrypted: false

SSDEEP: 384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/

MD5: ADCDE98F1D584DE52060AD7B16373DA3

SHA1: 0A9B76D81989A7A45336EBD7B48ED25803F344B9

Copyright null 2020 Page 28 of 54

SHA-256: 806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1

SHA-512: 7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff

Preview:wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[2].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 20268, version 1.1

Category: downloaded

Size (bytes): 20268

Entropy (8bit): 7.970212610239314

Encrypted: false

SSDEEP: 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh

MD5: 60FA3C0614B8FB2F394FA29944C21540

SHA1: 42C8AE79841C592A26633F10EE9A26C75BCF9273

SHA-256: C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684

SHA-512: C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff

Preview:wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\a8e78fa7fa279aa946fe1a9d6a0508f2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 20225

Entropy (8bit): 5.08641328988594

Encrypted: false

SSDEEP: 192:Uzm9EDtDWs9GYb2o0qRn1ZIxdf8x2I+NJCVMZSh8iV11MS9xEWEbXZQOaLvED5:c9p2o0qn1ZIxdEx2zGvm8pLvEN

MD5: A8E78FA7FA279AA946FE1A9D6A0508F2

SHA1: F9F8EB782246A6C7BC79B043B66C1F3B3BF4B42B

SHA-256: 2196B3304BAA87751FD4EF3F62B307566487CD03199284BAA1E674E27E2FFA5E

SHA-512: CE6AD1FFD1E76B916259989F8757B8489A13FDFFE30D37A8C8B6F1F5581D9896EAABD842AF38C8E370D0638AD4BE2963D627D89747EA800D6C1DB1391EC016AB

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/a8e78fa7fa279aa946fe1a9d6a0508f2.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="180" y1="26" x2="180" y2="170" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#e8eaed"/>. <stop offset="0.124" stop-color="#e8eaed" stop-opacity="0.835"/>. <stop offset="0.364" stop-color="#e8eaed" stop-opacity="0.542"/>. <stop offset="0.58" stop-color="#e8eaed" stop-opacity="0.309"/>. <stop offset="0.764" stop-color="#e8eaed" stop-opacity="0.141"/>. <stop offset="0.91" stop-color="#e8eaed" stop-opacity="0.038"/>. <stop offset="1" stop-color="#e8eaed" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="32" y1="165" x2="108" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\acad335ad7ba163209d8c3e671b2c445[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 9346

Entropy (8bit): 4.909678911846309

Encrypted: false

SSDEEP: 96:+12aGkB/pvtjRn5EC9QeOgyCVWV3h4yx2WFt1PMXdDWCkgiQAJ9FnPDbs/A2i:6jt9nGCG4SxMhkyAJfnPD4ti

MD5: ACAD335AD7BA163209D8C3E671B2C445

SHA1: 6FFD6741AE59ED5B7AAA33505EF2F57F86A1D082

Copyright null 2020 Page 29 of 54

SHA-256: BBD9E8EDDB8A9888E40E0CF19EA2E0898D7C2FA534B4E70F3922B7A1A20A584D

SHA-512: C96EAF974A77B8D17723F02F84A4C28DC9B9A34C7DB0867CE7674C51A5772667152EE9057C137EA639DAA1728C23C22917DB05758BE7A56588D10D744A52C991

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/acad335ad7ba163209d8c3e671b2c445.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="119" y1="165" x2="147" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="67" y1="165" x2="115" y2="165" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="107.557" y1="61.557" x2="119.557" y2="49.5

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\acad335ad7ba163209d8c3e671b2c445[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\accounts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: downloaded

Size (bytes): 653881

Entropy (8bit): 5.638329839553784

Encrypted: false

SSDEEP: 6144:zuEopJjbLuqX/xWkLpx3crqtyjx1LBYKWfjeT0rvC7dvlg3d0:whuqX/x3NttIjxMKWfjeT0rvugm

MD5: 9EC12B87E7073748CE7BDE15F2E5B83B

SHA1: 503B9253C3BECDB9FF1110326306FB9A156239F4

SHA-256: DBDF557685BD965588328EF6FEC89BAA2B79BCF0212DC4947B34D745FB2DBB41

SHA-512: 5F291DFD4E544035AB167BC14BC4860182A5A3D56688CB4098445E529B7EDB9DDF6CF70E186D71E70179B15117BD815487104212A1202D860AB32E114D2C6D5B

Malicious: false

Reputation: low

IE Cache URL: https://support.google.com/accounts?hl=en-GB

Preview:<!doctype html><html class="hcfe" data-page-type="HOMEPAGE" lang="en"><head><title>Google Account Help</title><meta content="email=no" name="format-detection"><meta content="nofollow,noindex" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="Official Google Account Help Center where you can find tips and tutorials on using Google Account and other answers to frequently asked questions." name="description"><link href="https://support.google.com/accounts/?hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-we

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\base[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 1532452

Entropy (8bit): 5.574906569816643

Encrypted: false

SSDEEP: 24576:8a5GJVig/rHbzTDbsmFsJ6UPkHkHaSS9uXP:xcig/XzTDbsf6UPkHkHaSdP

MD5: 849E14E4CE93A4498A8B71F5DBADA386

SHA1: 3B389C2A65A9E7AC20A3F5CF971359ED073AED42

SHA-256: 02BCC0C15AA72C3A4E492B15A6EAFD3772497C048ADEEF91C5CA55C98346CC45

SHA-512: 5CCDD856FF4ECA9F7222E1983EFB7E64F821918A58E6C86C786B88C91A169748AA013A6EBDABD66CB50E9FE3BAC8526692FC5FB325AC2ADFB554744F68A84330

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/s/player/408be03a/player_ias.vflset/en_GB/base.js

Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba,da,aaa,ha,ia,ka,oa,qa,ra,sa,ta,ua,va,baa,caa,wa,xa,daa,ya,za,Aa,Ba,Ca,Da,Ea,Ja,Ga,Ma,Na,gaa,haa,Va,Wa,Xa,iaa,jaa,kaa,Za,laa,ab,bb,maa,naa,db,lb,oaa,sb,tb,paa,yb,vb,qaa,wb,raa,saa,taa,Gb,Jb,Kb,Pb,Rb,Sb,$b,bc,ec,fc,ic,jc,waa,kc,lc,nc,wc,xc,zc,Ec,Kc,Lc,Pc,Nc,Aaa,Daa,Eaa,Faa,Tc,Uc,Wc,Vc,Yc,bd,Gaa,Haa,ad,Iaa,hd,id,jd,md,od,pd,Kaa,qd,rd,vd,wd,xd,yd,zd,Ad,Bd,Cd,Ed,Gd,Hd,Jd,Kd,Ld,Maa,Od,Pd,Qd,Rd,Sd,Td,$d,be,fe,je,ke,pe,qe,ve,re,xe,ze,ye,Raa,he,Me,Ke,Le,Oe,Ne,ge,Pe,Qe,Taa,Ue,We,Te,Ye,Ze,$e,af,bf,cf,.df,ef,Uaa,mf,hf,Af,Vaa,Ef,Gf,If,Waa,Jf,Lf,Mf,Nf,Of,Pf,Qf,Rf,Tf,Sf,Uf,Vf,Zaa,aba,bba,dba,$f,ag,cg,eg,fg,eba,gg,fba,hg,gba,ig,lg,rg,sg,vg,hba,yg,xg,zg,iba,Hg,Ig,Jg,jba,Kg,Lg,Mg,Ng,Og,Pg,Qg,kba,Rg,Sg,Tg,lba,mba,Ug,Wg,Vg,Yg,Zg,bh,$g,oba,ah,ch,dh,fh,eh,pba,gh,rba,qba,sba,jh,tba,lh,mh,nh,kh,oh,uba,ph,vba,wba,sh,yba,th,uh,vh,zba,xh,zh,Ch,Ih,Kh,Eh,Dh,Lh,Aba,Mh,Nh,Oh,Ph,Cb

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with no line terminators

Category: dropped

Size (bytes): 15

Entropy (8bit): 3.906890595608518

Encrypted: false

SSDEEP: 3:PouVn:hV

Copyright null 2020 Page 30 of 54

MD5: FE364450E1391215F596D043488F989F

SHA1: D1848AA7B5CFD853609DB178070771AD67D351E9

SHA-256: C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E

SHA-512: 2B11CD287B8FAE7A046F160BEE092E22C6DB19D38B17888AED6F98F5C3E936A46766FB1E947ECC0CC5964548474B7866EB60A71587A04F1AF8F816DF8AFA221E

Malicious: false

Reputation: low

Preview:<!DOCTYPE html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\content_in_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 17527

Entropy (8bit): 5.104312251928596

Encrypted: false

SSDEEP: 384:99wxFFr7jI4qD05eYV47WBy23EdvTRMshisKAsuQvAiz:99yQm4e

MD5: 2DA6339F9692DFCCA8A3773AAC2FCBC3

SHA1: 329A5B0089C26BF9A9E6787A251C16E95375CDA7

SHA-256: 8F2DA0C0E46663B5D3FC84572479CE4A0BF2D1B5A39852D1516F5F9CC2844B2D

SHA-512: E37DC58348E7E9F9BA935BF1C29ED84CE053C6EFE569B54DA4086C88D49D8980B2E738949C4AD2DD9F37B6D7EF4FC341F51A35130DB98B3228D891B4C9793402

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/content_in_services_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28,.cls-39,.cls-8,.cls-9{fill:none;}.cls-2{isolation:isolate;}.cls-13,.cls-3{fill:#e8eaed;}.cls-4{fill:#dadce0;}.cls-5{fill:#9ba0a6;}.cls-6{fill:#fff;}.cls-7{fill:#4285f4;}.cls-8{stroke:#fff;}.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28,.cls-8,.cls-9{stroke-linecap:round;}.cls-16,.cls-17,.cls-28,.cls-8{stroke-linejoin:round;}.cls-9{stroke:#dadce0;}.cls-10,.cls-11,.cls-20,.cls-22,.cls-9{stroke-miterlimit:10;}.cls-10,.cls-28{stroke:#4285f4;}.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28{stroke-width:2px;}.cls-11{stroke:#e9eaed;}.cls-12{fill:url(#linear-gradient);}.cls-13{opacity:0.5;}.cls-13,.cls-25,.cls-27,.cls-32,.cls-34,.cls-36,.cls-38{mix-blend-mode:multiply;}.cls-14{fill:#fbbc04;}.cls-15{fill:silver;}.cls-16{stroke:#ea4335;}.cls-17{stroke:silver;}.cls-18{fill:url(#linear-gradient-2);}.cls

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\disagreements_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 9432

Entropy (8bit): 5.181971507266956

Encrypted: false

SSDEEP: 192:0f5ZHtSvX1GIAqwO6fDOqilE62e5/iW1H9C7xtHGd3Pb:0f5ZNSvX1GjqwpDOq+Qe5/i+QxhGd3Pb

MD5: 5ACC0442F97AB723434692F8D5785061

SHA1: 2E038FDBAF95CA279028A9E593320F221B2A4FD1

SHA-256: C88C0E3CBAB3CD40B8A99D48F6E28714BFE8DAD42D6BF4FC94E8C65D917B97FF

SHA-512: 9D97AFEF24542729E56CC4A4A06D9B2E9415B7DA68A109040DF0B1F4A9DC1254EB00FAE7B0E720AD1BB7E033C3D38E621CA6C0F7BCB5287FB51F4F1A3431851D

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/disagreements_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21,.cls-24,.cls-28,.cls-30,.cls-32{fill:none;}.cls-2{isolation:isolate;}.cls-3{fill:url(#linear-gradient);}.cls-4{fill:url(#linear-gradient-2);}.cls-5{fill:url(#linear-gradient-3);}.cls-6{fill:url(#linear-gradient-4);}.cls-7{fill:#dadce0;}.cls-8{fill:#edf3fd;}.cls-9{clip-path:url(#clip-path);}.cls-10{fill:#34a853;}.cls-11{fill:#f2bf42;}.cls-12{fill:#e9eaed;}.cls-13{stroke:#4285f4;}.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21,.cls-28{stroke-linecap:round;}.cls-13,.cls-14,.cls-20,.cls-28{stroke-linejoin:round;}.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21{stroke-width:2px;}.cls-14,.cls-24{stroke:silver;}.cls-15{fill:url(#linear-gradient-5);}.cls-16{fill:#9ba0a6;}.cls-17{fill:#f8f9fa;}.cls-18{stroke:#f8f9fa;}.cls-18,.cls-19,.cls-21,.cls-24,.cls-30{stroke-miterlimit:10;}.cls-19{stroke:#34a853;}.cls-20{stroke:#fff;}.cl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\e60586c0029adec0bacd3e48470ca6c6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 15934

Entropy (8bit): 5.044031692686615

Encrypted: false

SSDEEP: 96:+5rsHBQMyBNWB85GfnAWlkVzLIV2amGj31zBJqDb5PiStUseyXDhMln9UTfQLUQo:LHEQmGb1wgWX1CGkbjf+LJnx

MD5: E60586C0029ADEC0BACD3E48470CA6C6

SHA1: 2660A543EDC31CC35115F37CFF36CC4DA7B95151

SHA-256: DA83F15D25A23E295CBA8AF285B22F5AEB46394C6B13DFCD29EA3B6415F90DF7

Copyright null 2020 Page 31 of 54

SHA-512: 2FA00B15E609C22D343901BE202D66ED071A5E9989827DE3F3E486DBC33D62CDA296B66BB30875A905AA3BCC97A068F5ECA62FBD4B10EE5CC60CE2C0AFF37A00

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/e60586c0029adec0bacd3e48470ca6c6.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="264" y1="165" x2="328" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <stop offset="1" stop-color="#bdc1c6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="175" x2="199" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="196" y1="165" x2="252" y2="165" gradientUnits="userSpac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\e60586c0029adec0bacd3e48470ca6c6[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fetch-polyfill[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Pascal source, ASCII text, with very long lines

Category: downloaded

Size (bytes): 8543

Entropy (8bit): 5.238064281324506

Encrypted: false

SSDEEP: 192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V

MD5: 04E3CC8A9641B3F9F9C9370F4E9B5BDD

SHA1: 9602A891F583094BB04FD407B253ABCAFFB8C8D0

SHA-256: DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980

SHA-512: 58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/yts/jsbin/fetch-polyfill-vfl6MZH8P/fetch-polyfill.js

Preview:/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\googlelogo_color_74x24dp[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 74 x 24, 8-bit/color RGBA, non-interlaced

Category: downloaded

Size (bytes): 1622

Entropy (8bit): 7.861147443229629

Encrypted: false

SSDEEP: 48:1iZ3jFWCXwymKs5AbKuyp/fvBheQdm+6QmWO:1iZ3ZWKZmKsCb0/fphH6QJO

MD5: DE327BF69212B7255BBB0C8F40F52A3C

SHA1: 8C9E7517E6456E13F3F4640E39743B74F98B8F39

SHA-256: 0793CEFA320C6C622E8B143B35FAFB577BD7584C26796D3B5E1321463494FE76

SHA-512: FDC82955CCBA3E9310CAC694197C43EB289CE9FFCB2A0784CCBAE0F3CEB5ADCF2F72D40C411290BDB6F3311E23321D13D3C2C6D20DC63E733A291A115E254060

Malicious: false

Reputation: low

IE Cache URL: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png

Preview:.PNG........IHDR...J.........].k.....IDATx....t.h...Y.sww?../$p............../.'-....C...K..{?,m...73d.....|z[..U..L./.....Zp.....<...D.......TZ.....^...a`.E......}@'.i.3.s.|&.......2nty...` .r.A.._H..e.p.-..`.'%.....a..31x>>..h....z.~.............(..6........V^..P...@u.........;..y..FY....J.B>+.....p..R.r.X.......@..V...z.M....y..)..@v..Fe..O.-8.5u9..px.. \.k....@..r..[..Y.*-.}.4E...B..l@..3.G6....j..<.of...a{j..d.L.r....7..a.../.*@...Y.`.l......9A....r..u..9.J..1ryC........HOt.U....b.E..{3iC.-....&!X.,9.*......d..!k6......M4...l..#4............*.&|...c..?OS...*.\~..v.q.A......*.....Q..2...@..G..P.x..@.j....d..@....(..........'.....%....._..Y...k...n<wkE .Wk\.............P<...p......\' d.@..X@...$......z..N)?......S., Q.T:...@..BMZ..Z...Y..@.J/X'.....:.P... ...'..X....`....6L?....3..)+...c.K..~)pF..d..s....B0`)......si.#..J.-...cl...s<.....z$'.#./x......%-...0.-.d.........x...+."."....N.b .....7....@EQ..W.ds....;.8J....^..9@.t.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\keyboard_arrow_up_24px[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 147

Entropy (8bit): 4.9621270003690565

Encrypted: false

SSDEEP: 3:tIsqDmJS4RKb5zMcBH8+hHiATcvXjXRHoNcHgDXFUVLUJRVFiAdFUvuIIb:tI9mc4slzXdhC/O4gSVLU9FRF0ulb

MD5: 1F5DC0C5F607EC3BF9E3089FEBD9C373

SHA1: 1D8D1276A56A42B3EA7393767A8674CD45C43439

Copyright null 2020 Page 32 of 54

SHA-256: 00D8F7123BB5EF3F7FAD786905F5407CC5FB8B4C55E1B0511803F6C8C01E3903

SHA-512: 98C5C969A12B196176ADDD9C7DD8234C9D81EC513DE453F116E766DFA32E5B99AD2AEB68609353B349A65F7B26E68166C42337668B2BF1C8513FF4C77200271D

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/images/icons/material/system/svg/keyboard_arrow_up_24px.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\keyboard_arrow_up_24px[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=Wt6vjf,_latency,FCpbqb,WhJNk[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 5612

Entropy (8bit): 5.509232146252694

Encrypted: false

SSDEEP: 96:ty3VU7l1CmOeJDWsO17ZxsUaZvn0EAgL9R9Eb5Y+t0A05pKpG:tqVyJe17ZxWtymX5B

MD5: 332E6511A19397680A8B49CCF1140900

SHA1: 42645530B08D6C817A70B4FDCBF3379CECE7E417

SHA-256: 1CE0D9D0B8803392A3B931A013BA743543438B1E9BEAA6F5D04DF0115E6D1821

SHA-512: BC57B8691EAB55482E7CA545B81E3EEA9F2DC8526A2DCD2756E4B32B4A6B5D71615CE35128963C72CCAD60A34F65ED2664749943E92E4FAEA155E07B442700C8

Malicious: false

Reputation: low

Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{._.m("Wt6vjf");.var QI=function(a){_.B(this,a,"f.bo",-1,null,null)};_.z(QI,_.p);QI.yd="f.bo";QI.prototype.vb=function(){return _.Qh(this,1)};.var RI=function(){_.Oi.call(this)};_.w(RI,_.Oi);RI.prototype.Cb=function(){this.aq=!1;SI(this);_.Oi.prototype.Cb.call(this)};RI.prototype.g=function(){TI(this);if(this.Gj)return UI(this),!1;if(!this.dr)return VI(this),!0;this.Gb("p");if(!this.pq)return VI(this),!0;this.Km?(this.Gb("r"),VI(this)):UI(this);return!1};var WI=function(a){var b=new _.lx(a.ey);null!=a.Uo&&b.g.set("authuser",a.Uo);return b},UI=function(a){a.Gj=!0;var b=WI(a),c="rt=r&f_uid="+_.me(a.pq);_.dn(b,(0,_.x)(a.i,a),"POST",c)};.RI.prototype.i=function(a){a=a.target;TI(this);if(_.ln(a)){this.Ul=0;if(this.Km)this.Gj=!1,this.Gb("r");else if(this.dr)this.Gb("s");else{try{var b=_.mn(a),c=JSON.parse(b.substring(b.indexOf("\n")));var d=(new QI(c[0])).vb()}catch(e){_.Ka(null,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=sy1a,sy1b,sy1c,sy1e,sy1f,sy35,pwd_view[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 14965

Entropy (8bit): 5.594130208489215

Encrypted: false

SSDEEP: 192:uBthJ2wc5jCAWj+VRyKXqEUiKYUl8TeLca5Yhdqy2/DYoBTpVf3zlbwphVzPO1gr:SthJ2EGQiKxMaydqy2/DY2P3OhVG1gr

MD5: 1385E8883E4A4D6EDE3F725369B7ECF0

SHA1: 630AA2C134519BFD1F2B91221A810787EFD69082

SHA-256: F9B364421F3D18F7BD1AE56054D547B5C757A7376CFD646B2C9B7ACE1DEE1714

SHA-512: B247C1B2AF8B434003CCEDCF57F859CB9733641DE568FEF0BCC7223CAF16116A825CF2AD8D586D5B12FB52EE64A4174C8E9940D30B1F13D0752196BA7F6E4E48

Malicious: false

Reputation: low

Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("sy1a");._.vT=function(){return"Try another way"};_.wT=function(){return"Enter code"};.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1b");._.xT=function(){return(0,_.D)("Account recovery")};_.yT=function(){return"Verify that it's you"};.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1c");._.k5a=function(a){a=a||{};return _.j5a(a)};_.j5a=function(a){a=a||{};return _.mt(a.an,1)?"Enter your password":"Enter a password"};_.H("Pb","",0,function(){return"Wrong password. Try again or click Forgot password to reset it."});_.H("Qb","",0,function(){return"Forgot password?"});.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1e");._.zT=function(a,b){a=a.oa&&(a.oa.ha||a.oa);var c=b.locale;b="";var d=c=_.nt(_.lt("en,en-US,"),c+",");d&&(d=a.qb(),d=_.G(null==d?null:d.getGivenName()));!d&&(d=!c)&&(d=a.qb(),d=_.G(null==d?null:d.Oc()));return b=d?b+(c?"Hi "+a.qb().getGivenName():""+a.qb().Oc()):b+"Welcome"};.._.m();..}catch(e){_._D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\postmessageRelay[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 566

Entropy (8bit): 5.18420603530753

Encrypted: false

SSDEEP: 12:haxyErYfhVkrC9sA6AjETrwPEAfJmWmM8ytrI:haJspVkO9sMEw3aSI

MD5: 9380DC1C3E0D80E5EB1447A005EEE720

SHA1: 352F6272FF6B02CF5A71BB0968A1DC1A79ECB1BC

SHA-256: E5C86015DB77D2F79E2174354CECADA60E1CFC8C0344124493DD1A1056722F58

SHA-512: FD4FC7B1D34C6C69F4B81096852D6EABA5583FA5641B978ABC70BC919C93B779DACF77B35969EF50F214FED50DA03EF8C30E0271025CF5EC561A9FD80318596C

Malicious: false

Reputation: low

Copyright null 2020 Page 33 of 54

Preview:<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="siPqY8OD89JdSMapSD+JMg" src='https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js'></script></head><body ><script nonce="siPqY8OD89JdSMapSD+JMg" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\postmessageRelay[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\proxy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Category: downloaded

Size (bytes): 872

Entropy (8bit): 5.326970143693951

Encrypted: false

SSDEEP: 12:hYA0HqJmqGN/o79hLFBkAAqJmPm/esHbJ/P4Nbx4IQEWYA0HqJmqGt79hLFBkAAj:hYPcBe2BvPz7VP4NiYPcBYBvPz7K4NW

MD5: 5CB12030A1C20C85F0F40E4FE608C7D5

SHA1: 11EACC8945F21367177415ADC9D1B7E1B74FDC37

SHA-256: E70C9F4B373A2089F67433389B8BC2E6DB711F9169ECB2CB5B1DEC3569D2E340

SHA-512: 8B7F30BF9AB24136310AB7BF3E574A82A582BF6661B11DC2896912F0A93A535A57B2B2E1AE12BC615229CCCC8A403ED25CB4DBDC42B6A4D10F95F9DEE7F2392E

Malicious: false

Reputation: low

IE Cache URL: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uhBKOtz6fOw.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw%2Fm%3D__features__

Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="21PxJxkKPa3a0RsH0s5o7w==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="21PxJxkKPa3a0RsH0s5o7w=="></script>.</head>.<body>.</body>.</html>.<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="7f1ZlcEdiZuE1G6foxEqbw==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="7f1ZlcEdiZuE1G6foxEqbw=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\related_item_external_avatar[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 80 x 80, 8-bit colormap, non-interlaced

Category: downloaded

Size (bytes): 2577

Entropy (8bit): 7.781446647389294

Encrypted: false

SSDEEP: 48:hIClmS5juJIIPoy8mJgii5Je64GRWEcaGuFAHvUu3olwHCMtToF3PNxXPqoE:hIQj5jLIwXmJIasRXGhPywHo19P5E

MD5: DBB859BB594B6AB827C4A148D9343720

SHA1: BD7E94CCCAEB4B244E0D6A333450013F35FCC817

SHA-256: 679EC39C5CCB27D18357D6E23DE0DFA22D07ED435B09E85F7003FFC3870150D4

SHA-512: 9EA39C37EA3A6395B7E9CD63DA3BAAD1F2585B9BAB598D73B5FEBC7399B8532AC8FE57ED2E77537F9D7E689CE8CC289E20D29060023CD2AAD7ADFF4E03944C71

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/support/content/images/static/related_item_external_avatar.png

Preview:.PNG........IHDR...P...P.............PLTE................F........?.......@..-..2..:..'.............4..............1..5..A.....*...........k..i..[.....I.......*..(..................T..3..9....!.....}.......*...............%........t.......8..v..'..+.........................k.....x........S........S.........E...................................>..5............A..........G..Y.......&...............".....................@..%....................................................>.....(..`..:............C..O..1..9..........s..M........m...........?..V..2..a..e..j..&..$..:.......R..&....................4........(..... ..............B..9.....-.."..-../.....E..\..2..*..7.....0........<..I..<..!........$..*...........D..5........B...................................;.f.....tRNS.@..f....IDATx..eTTi......a...k.....6....( ..H.2 .5...42.H.!.....H.....;.;qa..........y.J<..=..+....)cL@..a-..N..u.w....2..H}..q......WD...<i.W.W_.}&5=...p..Q.....1.....|..T....4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\so[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 47233

Entropy (8bit): 5.731592883642222

Encrypted: false

SSDEEP: 768:Njk/d9SvRuy2QM0fzPfnoV3ZDxObSQPFJ/N4slQkSfdqoA:+6MGnoNtxObJ1gVqoA

MD5: 70D368A59CEB81C6454B887EC24B49EF

SHA1: 02918B5D170AB95EB5845886C9CA5ACCC69059F2

SHA-256: EC267C6B9EBA4148236CC4D28699F7ED0A9B878868BA5505687DBC8204672BAA

SHA-512: 172D0379B4DA117C9A2DD60C9589AD9D2BA888617AB0373B0A951B87B2D50EA589530D5927FFC4A53531584A86523624D0A48C8B19158039F7554A93579A567F

Malicious: false

Reputation: low

IE Cache URL: https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fsupport.google.com&cn=app&pid=117&spid=117&hl=en-GB

Copyright null 2020 Page 34 of 54

Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="/YeeuVqouiFlO7XziSDIUQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"-5446584923233252504","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1607032905623277,173044242,1326019383]\n","ZwjLXe":117,"cfb2h":"boq_onegooglehttpserver_20201129.07_p2","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://support.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"One

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\so[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\software_in_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 10291

Entropy (8bit): 5.108050496178277

Encrypted: false

SSDEEP: 192:Vv1sCCA6ZFAgX0dwqMzKZNa/tmSCC/Knv241ZE6qCCjgs1mUBHbobxj4RQLIMTK1:Vv1eFAO0dwqMzKZNa/tmoKnvn1ZE6LQ3

MD5: 4364830047AFFABB4827ACCA45B30ABB

SHA1: 100113BAF5DBB776D0D3878BF34D7ECDC5B85167

SHA-256: 8BB5C524CB469739FC6868741D81E6337B971A984DB35CD4538BC31DD22CB52D

SHA-512: BE03327CE7E94E5A9184FE6BE51D1F372DA92FDA922B123A77B628B722BAEB5CAA9C2F4125763CB96813867B84985732F451C79DEFFBC4EEA71AE8BDB0C8B46C

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/software_in_services_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-10,.cls-11,.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-35,.cls-8,.cls-9{fill:none;}.cls-2{isolation:isolate;}.cls-13,.cls-3{fill:#e8eaed;}.cls-4{fill:#dadce0;}.cls-5{fill:#9ba0a6;}.cls-6{fill:#fff;}.cls-7{fill:#4285f4;}.cls-24,.cls-33,.cls-8{stroke:#fff;}.cls-10,.cls-11,.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-8,.cls-9{stroke-linecap:round;}.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-8{stroke-linejoin:round;}.cls-9{stroke:#dadce0;}.cls-10,.cls-11,.cls-9{stroke-miterlimit:10;}.cls-10{stroke:#4285f4;}.cls-10,.cls-11{stroke-width:2px;}.cls-11{stroke:#e9eaed;}.cls-12{fill:url(#linear-gradient);}.cls-13,.cls-23{opacity:0.5;}.cls-13,.cls-18,.cls-22,.cls-23,.cls-28,.cls-32{mix-blend-mode:multiply;}.cls-14{fill:#bdc1c6;}.cls-15,.cls-19,.cls-29{stroke:#34a853;}.cls-15{stroke-width:1.3px;}.cls-16{fill:url(#linear-gradient-2);}.cls-17{clip

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\terms[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: dropped

Size (bytes): 245002

Entropy (8bit): 5.643086236991574

Encrypted: false

SSDEEP: 1536:Iht3M1noeHAyWHNS86ddT0fWSYefqnWe9MDX5nlX4BndZNbVDEBNYXfHjcGbFIk9:rgxcAOi5lX4BdZPzdPHjrpjXCQ/8OOc

MD5: 2D5F796AC43322532CE016A597543C5E

SHA1: 211B68BBD5430D67EEB365DC9AB7C3B340E5BC06

SHA-256: B1BCE587776F9CB9C845353BE8D5E6CEB6DA3E71664CC56901BD276B64EA215A

SHA-512: 7ED5FB4BC3AD1079B78FE863BBC74F9AAC3DDAC2CA332592BF1F06B73E6C176A10896B7B6ADCE83D31BE59C79B647AE9297C1ED2CBEB8D584831EE39978664CD

Malicious: false

Reputation: low

Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://policies.google.com/"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, maximum-scale=5, width=device-width"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Privacy &amp; Terms . Google"><meta name="apple-mobile-web-app-title" content="Privacy &amp; Terms . Google"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="manifest" crossorigin="use-credentials" href="_/IdentityPoliciesUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//ssl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\unnamed[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced

Category: downloaded

Size (bytes): 397

Entropy (8bit): 7.208563990444908

Encrypted: false

SSDEEP: 6:6v/lhPi3WgsyAPLhn+55UhKJ2eCdyYQG1ggh86p2PMt0P1945CMMwyB+lVSDbnMJ:6v/7aDQExuVagh8ASPr4sMMwS+PSDb9M

MD5: 4F8DEB97A4E0BB33DDE438BD444B3DC5

SHA1: 4A3297F9364EEE666FF9F39C68177CFE355904BC

SHA-256: 7346FBB4B75591B361B8BDD30DE31BFD66DC4F704445EA43737E82D9FAAF6BCF

SHA-512: 76B5BF1B3D2742C2AC940EC20AD3035E1BB9641807141FAE5EE6D4C0B91AFDAE6B72F3BB51F707E4492B84E04D30E2528BD7CDC95CD68BF3E1D4BA82359BDCFE

Malicious: false

Copyright null 2020 Page 35 of 54

Reputation: low

IE Cache URL: https://lh3.googleusercontent.com/yl0EzS1GixeU9QVLJtHu7hom-4PIHwYylP17hRk9_UasgFCCc6lo6E0-ReGn8R1ny3A=w18-h18

Preview:.PNG........IHDR...............F.....sBIT..U.F....FIDAT(.u.MN.A....n.....0Q...`......#.x.......'...\.....].....W.U..WmHg9f(].@..N.....}..nAQ@../t....}x......{}.L...ofb....p....a..X.J.G.w6...1..u'.....|#..v..c{..1<..p..0..@."]M......7E.f....&.VHf..()..gdd..p.r........W8@..h...f.`..v.9d...N5.Ap=...d....'.h.....t.fb..6%[.F.! x...Ype....5..]8..@..p.".:SNZ.|,.|._...S}$......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\unnamed[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\using_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 15007

Entropy (8bit): 5.175613358784504

Encrypted: false

SSDEEP: 192:0Ph7j5r2wC1E4F3WebaMk7kWAkW+QlnuNtpQkvLp+fwEVj3VjzcPCkGkeY:0Z74wC1Xowa3eVnuNtpzvL8BxuGkeY

MD5: 775157C7758CBB22079A32258DC52661

SHA1: B6D8D7DD691B7571C7B638283AA6564BD35CEC75

SHA-256: 3006F7DAEA1CFDF42961A866D150ECC0CF5DC23B3A708399D66A5C3A1754F754

SHA-512: 1BF095D030F19D06D4A113A845B16FA8C28A4FFF22F48EE456105091E07EAD3C4884097A1DCD1E6C2F69A2EC31C540E8B301BDB008BEFA2CB8655A06208AC8F6

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/using_services_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{fill:#d9dce0;}.cls-14,.cls-17,.cls-2,.cls-22,.cls-23,.cls-39,.cls-40,.cls-45,.cls-49{fill:none;}.cls-3{isolation:isolate;}.cls-4{fill:url(#linear-gradient);}.cls-5{fill:url(#linear-gradient-2);}.cls-6{fill:url(#linear-gradient-3);}.cls-36,.cls-7{fill:#e8eaed;}.cls-21,.cls-38,.cls-42,.cls-43,.cls-47,.cls-7{opacity:0.5;}.cls-8{fill:#fbbc04;}.cls-9{fill:#f57c00;}.cls-10{fill:#dadce0;}.cls-11{fill:#34a853;}.cls-12{fill:#bdc1c6;}.cls-13{clip-path:url(#clip-path);}.cls-14{stroke:#e9eaed;}.cls-14,.cls-17,.cls-22,.cls-23{stroke-miterlimit:10;}.cls-15,.cls-25,.cls-26,.cls-30,.cls-32{opacity:0.3;}.cls-15{fill:url(#linear-gradient-4);}.cls-16{fill:#e9eaed;}.cls-17,.cls-23{stroke:#d9dce0;}.cls-17{stroke-width:5px;}.cls-18{fill:#f9ab00;}.cls-19{fill:#aecbfa;}.cls-20,.cls-21{fill:#4285f4;}.cls-21,.cls-28,.cls-35,.cls-38,.cls-46,.cls-47{mix-blend-mode:multiply;}.cls-22,.cls-45,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-embed-player[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 157015

Entropy (8bit): 5.5696709759929

Encrypted: false

SSDEEP: 3072:sLVHW5e+yW4Qg+Ntc8YL0RfeRcRe2sLnUfY:zehv2c8Yp2sLQY

MD5: D500C8D9D0B0A442F77179F6D05F0721

SHA1: 18FE2BB822968C65FB2A510914E35C66089844F4

SHA-256: E790672ECEF31BEA0ECA728D5CB7B846E12D2F5223F278125A99293A0828CCA1

SHA-512: 7BBD53A87C399D03CA8930AFA49BDC77251AEC79C38498264B9BFF3F79FB0FE3DED9EC80DB9F5857231640092BFFAD4623283B7CC790053980E03554179E7797

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/s/player/408be03a/www-embed-player.vflset/www-embed-player.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-player[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: downloaded

Size (bytes): 342157

Entropy (8bit): 5.235982641944556

Encrypted: false

SSDEEP: 1536:X6u/Cd+RNRDQI03rpHrpY/fn8MZv8M5q4ayPOP5fRrDJciMfByr5G0TwecZecoXE:X6u/n2OXdZPv2Qg0l

MD5: DFDD6193A909FAAA86E2B71B8472E5F0

SHA1: B72D05EC116C90E72DCF0CCBF6352D79BBD77FCE

SHA-256: A7FD60C8B46DEB45300553B4802D967C30513BFB9E8325E76D9073317B1FA775

SHA-512: E82E737E408F70A64DCAC8AD3469D59A4EFE01A61146AA6E2BBDAEF7CD0FE84AC1ED99E9A2B32BE88256F6150EA5B996640F143DD87CC321B1446455BE884BF8

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/s/player/408be03a/www-player.css

Copyright null 2020 Page 36 of 54

Preview:.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-player[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-widgetapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 102767

Entropy (8bit): 5.51457613850721

Encrypted: false

SSDEEP: 1536:5eUaea9Hk2T8zdeUUnn6nM2G2/10F4zbcG19WNqVtS6hi2Y:k9EAFD2ZzZ9W+M

MD5: 5DB3786539DF80EB11CEBE86E040F1CE

SHA1: 4BDAEF4820F30317EE3633ED1F85FB0453DDB74F

SHA-256: AB6EFC55441396E3A9F7FE2ED96D1959E242DFE2184783060864179C6108E00B

SHA-512: 31FE74D342B177DED800294913F018D5B9B0F7583B7D926E3551B6D04D822ABCB6F105E271CD5C467D1F578F8809710B219E4745C7841AF47A1027CCCF462BF2

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/s/player/408be03a/www-widgetapi.vflset/www-widgetapi.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var r;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\0d6da8d8c44e7e3ee95c4d56c19f04e1[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 2705

Entropy (8bit): 5.15375624281808

Encrypted: false

SSDEEP: 48:+GzHx4GLZ/W1wHxJCXvGUQj+ek/Ij0jiO0ijy1uo:+G2UEJIj0jH0PH

MD5: 0D6DA8D8C44E7E3EE95C4D56C19F04E1

SHA1: 9DE1568D596F174CD4646DB5745B58695677B069

SHA-256: FAA35DC181EB792DB0A4BE4E7031EEC86C044E52773CB082652B788D3B838E72

SHA-512: D47689B9681F4D5DFF7FD18B4F76F9FBB372B4EB9ADC3FE7C177ED79D19CF2D912831729C73589C4DA833D3D83746DAD3C593A92A5A81440AAE17874F8DDC70C

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/policies/privacy/0d6da8d8c44e7e3ee95c4d56c19f04e1.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="24" y1="77" x2="48" y2="77" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="48" y1="80" x2="48" y2="16" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.043" stop-color="#1967d2" stop-opacity="0.942"/>. <stop offset="0.305" stop-color="#1967d2" stop-opacity="0.611"/>. <stop offset="0.54" stop-color="#1967d2" sto

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\39b031d352a2e1586cf50ac7f2bbc18b[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 12378

Entropy (8bit): 5.041888208682257

Encrypted: false

SSDEEP: 96:+RoMM2anrsHcxjBBN49qDLj5QeUFUDzi3pnDseedgejR7cestQoumbNvR4VBdwH6:PAHZ9q/j2eUqvi+/QNvOVBMwsV8

MD5: 39B031D352A2E1586CF50AC7F2BBC18B

SHA1: 5F714582443C158EAC42F4A2368E29488A01E365

SHA-256: 9EE03AE2943928AEA61E62DA6BD2338CA4B244C756D78B8888C1693731401A21

SHA-512: 44C3255DAC07BA0D8A5CA849649515A095AA40BAE13BF1710E009F8E9FFE96BF4EE573B073DC4340DE738CA110653FB48A83C5BE1008C61F3EB41A76FD741789

Malicious: false

Reputation: low

Copyright null 2020 Page 37 of 54

IE Cache URL: https://www.gstatic.com/policies/privacy/39b031d352a2e1586cf50ac7f2bbc18b.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="52" y1="49" x2="52" y2="71" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#202124"/>. <stop offset="1" stop-color="#202124" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="52" y1="85" x2="52" y2="157" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#188038"/>. <stop offset="1" stop-color="#188038" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="24" y1="154" x2="44" y2="154" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\39b031d352a2e1586cf50ac7f2bbc18b[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\48l-xdS4pXg[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 44586

Entropy (8bit): 5.917617509324316

Encrypted: false

SSDEEP: 768:p/R7zR6oVfOP2xFDORIDbt/uLOksviyk9psrMwkguHJV6EP/n1B:dpORIDbIKksvcsr6P9B

MD5: 1CBA5B6E1B49590F4D5A55780691F779

SHA1: A902673965B5C912F0869F4B293A5703C6B6CD10

SHA-256: F59C964F1E8E51F914D3509ED0E8BDDB4A2D9EADD0258BB44225F9E36AEE3345

SHA-512: EB96E0F8C157E2D247F6FA2A54EA44F1D4F8F6A0FAFE2C1D913910AF51A2C510F0D02BF87923EE132C084A8AD10012AF7A9C64AA5677EBD114A79DC2E6BA6CAC

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1

Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 26164, version 1.1

Category: downloaded

Size (bytes): 26164

Entropy (8bit): 7.983292364847896

Encrypted: false

SSDEEP: 768:L9QwjnXN11zY7+dePzz5Othh7STtySTygbOg9zp:L9pjz1kCePzQthJSYgbRp

MD5: CCDA7B53E281A638F36ED62514815268

SHA1: CF6D39BAB2A012D008EC9EDF95F4F4BDACF93770

SHA-256: 673F112749C21E5BE0D1338E1709A1D981053E239E98CE09D0BB849BB34FCD98

SHA-512: 20645A09B2FF157E50C71D862AA4FE6729FFD8BE18FB3D390B3714DEEC4F4FFF49FAC16EC509F8D620E476DC1942C67C95A95ABF14A06585F5B504FB4BE89F58

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff

Preview:wOFF......f4.......|........................GDEF.......q.......~GPOS.......#..+...UGSUB.......y......m.OS/2.......U...`j(..cmap...........~n...cvt ............(...fpgm...`.......uo..gasp...(............glyf...4..=...k....head..Z<...6...6.x'.hhea..Zt... ...$....hmtx..Z...........%.loca..] ...y......%.maxp.._.... ... ....name.._........Z.L3.post..`d.........i]\prep..d$........t...x.E......E.}&$a......A.. ....,....`..}....q....+o...9 ....B.J..WS..w2.{...o.D~!X.D:..Muq...[1 ..[.I...]..#-..0...x....+..E.pg....bfffffffff.0.+ef.5..N.0..K..r....Y...@..V.t.~.......[q....h+..y...1s.#.>.%....CX.,@.F..t.H..t..{.q.c.>..\?..J.".J.+.M.L...:l%..I\....<......._....M..-....7.BP.J.d2*.T..,G...*E?.Z.p..].w..=z....9.p{..<._O+*..r._...]U.]..?.r.JoQi..k..P...*.....=.X.:U.....\.....h.....r....L....J..Sn..<9..V..=.x=:x..x..yCr.#e.._..o.>...s.<!M.......!..o....!....j.#$.:A..Bn.2.$..,..E...{...G_.....L............jw..P.]!..wE.R..a..rK4...k.._.W24^...cuh..fTIH.Z.TJ....&.x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TOS[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)

Category: dropped

Size (bytes): 197

Entropy (8bit): 6.748558418265418

Encrypted: false

SSDEEP: 6:XtwM9CG1f8OaC3TVXZc/S28CGWdjV2K+j:XWGWD0TLubxjU9j

MD5: D2637B3A0059D2AA6133D587491FCB76

SHA1: 10B4804ACF823EF874069793C27522D190443F79

SHA-256: 13AE332B053348547D338D24907CAA06EF48342A1074661235715B3CA2742A9D

SHA-512: 02E60F72B132C12C09627EFF30B7DF68092D4954CB940AC3662908AE1CA612B355FC45489E26CFF924AF66985329CAFC178365B88CABED7558C8B8C69B4B71B1

Copyright null 2020 Page 38 of 54

Malicious: false

Reputation: low

Preview:..........m....0...>EH.....F....E(9.G........}5.sYvv...9/..y....w^$aifh..m.P.R-.|..%. ...b.*.G.w..F<y.u=:....mu=....yk.'$..i.....I.`1Mv<.b.............r.... c.Z.P...P...D...n...=..Z..R....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TOS[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\YlmVKT3Zvhw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 44853

Entropy (8bit): 5.922877433829084

Encrypted: false

SSDEEP: 768:p/R7zR6oVfO0ryaFC5YhcGcvbuh/5i63QRe9L0JqT3wkDKp:9ycaGcvRnsN7gki

MD5: 8DE0DAD094753DC6B43B16AC531866BB

SHA1: AC9A249FD264E985C115A36FD1D7E3FC9F50E294

SHA-256: 4A35AAE25355642C42E9E2D6B458E5AA777CB148F326E114EB14F480F295C19D

SHA-512: 6EA18B8E458E97399D34AA35952C6608F3B3DCF7D40DE9EC134698C1DDADDE4FAE180C7F11A2116BF769C6EE7815DB2C7B00E44141866B525A3EF64C017863AA

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1

Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ZdEIZNg3epQ[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 44472

Entropy (8bit): 5.917388757514024

Encrypted: false

SSDEEP: 768:KCn7zR6oVfO5Qh87WT2Ym+iqkRGhj14ybdED8P4iJzC30Z9Rw:387WT2Ym+LFK9D8wf3OY

MD5: 5221FBB761538A47A571F8F014519DF0

SHA1: 3F091DEF5C9668934E789853B624080856132A46

SHA-256: 57AE21FB85EAE02AAE2006B205EAE85D9C5FCF09E14BD3B03D77FB2BD5C6DDF0

SHA-512: F1AFB6BE4D1C0FB74948BA7779BEC18D60B7AADB4926A88E18FBEAE5713E76EA5F0B1644E8B30220F8FBE9D519D3CAD036ADD3F804D809F69F59DB09775A5443

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1

Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\accounts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with CRLF, LF line terminators

Category: dropped

Size (bytes): 337

Entropy (8bit): 5.570600678507566

Encrypted: false

SSDEEP: 6:wRkrQWR0iYBtqWkT2apKHu5BLCRiRtcRulRN33eERhHalZDDe86kToP:ekrY1t6Ks9CRi+ulveE/IZDDesi

MD5: 53DE18E42FA83AF95000C640411AF36E

SHA1: 7DF028BACB288475602A75B7258241CC9F3450A7

SHA-256: E3603A1C5ADA70CC3136145FD84EFEF7210CF1522632DBC907D0D7794ADFA193

SHA-512: 5029C735183629CBF872A51BC60C693C44CA6890E4F59B6AFCBD336AB220DC6413ACF0A101B90491ED59BB5720D044D988D9EC2FCD194D408C61FDA0F43D32F7

Malicious: false

Copyright null 2020 Page 39 of 54

Reputation: low

Preview:<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="https://support.google.com/accounts/answer/2917834?visit_id=637426297042051008-2032747671&amp;p=signin_privatebrowsing&amp;hl=en-GB&amp;rd=1">here</A>...</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\accounts[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ad_status[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text

Category: downloaded

Size (bytes): 29

Entropy (8bit): 4.142295219190901

Encrypted: false

SSDEEP: 3:lZOwFQvn:lQw6n

MD5: 1FA71744DB23D0F8DF9CCE6719DEFCB7

SHA1: E4BE9B7136697942A036F97CF26EBAF703AD2067

SHA-256: EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9

SHA-512: 17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F

Malicious: false

Reputation: low

IE Cache URL: https://static.doubleclick.net/instream/ad_status.js

Preview:window.google_ad_status = 1;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\embed[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 30235

Entropy (8bit): 5.55570368728144

Encrypted: false

SSDEEP: 384:OSneElS7YRgyq+e8yN/h6ieEury3Qs5rr1zuF9zkC9gZjxrEzLDCHTCI+4Ie2CJw:p4+1yNJ6ieSn5rB4pkCcG3QbSGyvf7

MD5: 698BE55EB3E591EF76E545CFE4F56E3F

SHA1: E872ED7C02A80D7D2C4AF85F7D7D628EBB77E053

SHA-256: 96EEE81B33EE086EB0AA15716A2547ECC27A4EB92D9C78DE0860A26F970AE45B

SHA-512: B597A26646DFDFCC03D8415CFDD4BD53FA0BC68F148CEF4F88307F44848E82A89E0E97F840DEAFDB970DFEFAB86728220C9228BB49206BB6BD13BE93078EBED5

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/s/player/408be03a/player_ias.vflset/en_GB/embed.js

Preview:(function(g){var window=this;var w4=function(a,b){g.ff(a.u,8*b+2);var c=a.u.end();a.C.push(c);a.B+=c.length;c.push(a.B);return c},x4=function(a,b){var c=b.pop();.for(c=a.B+a.u.length()-c;127<c;)b.push(c&127|128),c>>>=7,a.B++;b.push(c);a.B++},BGa=function(a,b,c){null!=c&&(g.ff(a.u,8*b+1),a=a.u,b=c>>>0,c=Math.floor((c-b)/4294967296)>>>0,g.tf=b,g.uf=c,g.gf(a,g.tf),g.gf(a,g.uf))},y4=function(a,b,c){null!=c&&(g.ff(a.u,8*b),a.u.u.push(c?1:0))},z4=function(a,b,c){if(null!=c){b=w4(a,b);.for(var d=a.u,e=0;e<c.length;e++){var f=c.charCodeAt(e);if(128>f)d.u.push(f);else if(2048>f)d.u.push(f>>6|192),d.u.push(f&63|128);else if(65536>f)if(55296<=f&&56319>=f&&e+1<c.length){var h=c.charCodeAt(e+1);56320<=h&&57343>=h&&(f=1024*(f-55296)+h-56320+65536,d.u.push(f>>18|240),d.u.push(f>>12&63|128),d.u.push(f>>6&63|128),d.u.push(f&63|128),e++)}else d.u.push(f>>12|224),d.u.push(f>>6&63|128),d.u.push(f&63|128)}x4(a,b)}},A4=function(a,b,c,d){null!=c&&(b=w4(a,b),d(c,a),x4(a,b))},B4=function(a,b,c,d){if(null!=.c)f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

Category: downloaded

Size (bytes): 5430

Entropy (8bit): 3.6534652184263736

Encrypted: false

SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B

MD5: F3418A443E7D841097C714D69EC4BCB8

SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606

SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770

SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563

Malicious: false

Reputation: low

IE Cache URL: https://www.google.com/favicon.ico

Copyright null 2020 Page 40 of 54

Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ggoJFaE71W8[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: downloaded

Size (bytes): 44338

Entropy (8bit): 5.919320193737846

Encrypted: false

SSDEEP: 768:yECozR6oVfONrCtOYuWo7voWLPzoI6KABqAMJFKWQo4t1:ORWQvoWLk0SSG9T

MD5: 3B29377F41E5238E6AB118CAC8607335

SHA1: DAAFF0DB0CBFAF136CB2F3EFE897B8DCDA78DA79

SHA-256: BFCD2F77D3DD1A5CEE4C01BE9D837759237718129649D9F1BBB8EEA4429413E7

SHA-512: 6E9BC5589157228F214CEEA16D28117E9D3F5D4ED2D1EA4D709ED68A885D9A31EE2C724DAC6004563FA648DCFECFB9EC54E92155E95AA01AA9F29C9098258A8B

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1

Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googleapis.proxy[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 12568

Entropy (8bit): 5.462199204297753

Encrypted: false

SSDEEP: 192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sozl1:83pw9dk9JO1UkwmR0+Sox1

MD5: 420CC0CF890102328B59AB6A3C5422F7

SHA1: 1EA4758C053FB8B22EE49E73D207DA66C475902D

SHA-256: DC35401EA3251D6A668E51AC654BCB2DB7065ECA466F71C9DF4739C0DF67A57E

SHA-512: EE0285358764FC6568BD4A752B342DFDED71CEDB883DAAAD748FB27D953731425114583F5FCB30BBA37ACFF7244D38B89119DD41AE7545CD941096DB280B91E8

Malicious: false

Reputation: low

IE Cache URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Preview:var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var g=this||self,h=function(a){return a};/*. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&*/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]||c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].*&|[#])jsh=([^&#]*)/g,d=/([?#].*&|[?#])jsh=([^&#]*)/g;if(a=a&&(c.exec(a)||d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googlelogo_clr_74x24px[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 1660

Entropy (8bit): 4.301517070642596

Encrypted: false

SSDEEP: 48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD

MD5: 554640F465EB3ED903B543DAE0A1BCAC

SHA1: E0E6E2C8939008217EB76A3B3282CA75F3DC401A

SHA-256: 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52

SHA-512: 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0

Malicious: false

Reputation: low

Copyright null 2020 Page 41 of 54

IE Cache URL: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googlelogo_clr_74x24px[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\iframe_api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 1007

Entropy (8bit): 5.300844107992778

Encrypted: false

SSDEEP: 24:E1P5IeJspSQDYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1BLspFcPcSAXC5kaJLzwYhQ

MD5: 9D513BC73E92F4E2CCCC02139CC60E70

SHA1: 42D696DB3A7A8020207724602DB649A4F05E1751

SHA-256: CE05EC794B80CD8C06A55D5E3ACC831B81AC4B42124CCFE7320F972E657EF2D9

SHA-512: 207B54BB77CC028C70CE43D642CF6DF18EE904AB7CAEAE75648F2A8D37F6737C24E2D404823DC6737152AE47891A869BE23A65133689A1FD98F44ADDEFB6B386

Malicious: false

Reputation: low

IE Cache URL: https://www.youtube.com/iframe_api?trustedtypes=1

Preview:var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/408be03a\/www-widgetapi.vflset\/www-widgetapi.js';.try {. var ttPolicy = window.trustedTypes.createPolicy('youtube-widget-api', {createScriptURL: function(x) { return x; }});. scriptUrl = ttPolicy.createScriptURL(scriptUrl);.} catch (e) { }. if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce||c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\lazy.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: downloaded

Size (bytes): 52692

Entropy (8bit): 5.475261482582348

Encrypted: false

SSDEEP: 768:VZQUKnvJw4IZBsiweXJzzJx4uDDphLb6PdEpbYbwhi3/sdS2L/StSX1:7DKu4UweXJzluuDDTuERAkF/7F

MD5: 77DEF50C310EF53A3A4FDD282AEC03D9

SHA1: C6BB371AB6C0F7B2B18E998B8ECD7414F6B75CAD

SHA-256: A3E8D4571EFA52F3376B53F5928504391F40E2487B20778F76AE54C92EE9A949

SHA-512: F61B21CF1CF5552C6E8FF4EEABFBB0359640A0005965269DC3BBD6A3BCC915DAE8C63CDBA764AAF6AF6C485C13BFE897121C7E32260C2D885916D3A697774F2C

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},q=ca(this),t=function(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.t("Symbol",function(a){if(a)return a;var b=function(e,f){this.hb=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=_b,_tp[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 148888

Entropy (8bit): 5.465964474496821

Encrypted: false

SSDEEP: 3072:l1BJIWAALPfzs5w+QPrjmNzZmiWIlMR9Zax:LBBfQ5wNjmmiWuF

MD5: 47D6364CEC58546E9F13B41515492999

SHA1: B61BDAEEB39B36F3D0540730EC79F431C7B92883

SHA-256: F1741C9A5E12A465520F48C8CD1ED05EB96079DD7CDB9A3B7E51777B3E858D24

SHA-512: 1A79BD69A293B03C9FABB5FD45FA815A100D288CAA274E212EC30C6481A0F1A3A0BBA136F84A6BE477C02AC784A46071F69B30A03662A42EA8FFD113CE3D3EBF

Copyright null 2020 Page 42 of 54

Malicious: false

Reputation: low

Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{.var za,Ja,La,Oa,Pa,Sa,Ua,Za,ab,ib,mb,pb,Ob,zb,Sb,aa,Tb,Ub,Vb,Xb,Yb,ac,bc;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){return aa[a]=b};_.da=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.da);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a));this.g=!0};_.ea=function(a){return a[a.length-1]};_.fa=function(a,b,c){for(var d="string"===typeof a?a.split(""):a,e=a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};._.ia=function(a,b,c){b=_.ha(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};_.ha=function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ka=function(a,b){return 0<=(0,_.ja)(a,b)};_.la=function(a){if(!Array.isArray(a))for(var b=a.length-1;0<=b;b--)delete a[b];a.length=0};_.ma=function(a,b){_.ka(a,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=_b,_tp[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=syl,i5dxUd,RAnnUd,syi,syj,uu7UOe,soHxf[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Category: dropped

Size (bytes): 19101

Entropy (8bit): 5.624370489503956

Encrypted: false

SSDEEP: 384:OA3AvAjAKjjFmArK8PHvH3g3l9b4LIJUbi8i5aZGQ9W8:zwYj5fn3g30ji8iaZGQI8

MD5: C9D638F21CA76D9B654B2C01AF74D7BE

SHA1: 54990CC58D8D6F48770A8E7289730520055A28E3

SHA-256: 8B3B65066B572BD0F6FBB18D91DF2A12EF686642749F64B32BC8E555FEB9F313

SHA-512: F413500C947089FC6FD2457E7702A9D4E7E781E22DB2178E9353062D172DEC68E9D8BC6A0925CAE028EA90230A38686494504EB140E0183FDABEBF6E096DF3F1

Malicious: false

Reputation: low

Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("syl");./*.. Copyright 2016 Google Inc... Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. LIABILITY, WHETHER IN AN ACTIO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\permission_to_use_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 12347

Entropy (8bit): 5.139617539052174

Encrypted: false

SSDEEP: 384:B9kl5Dmaakbw67TXndEj6jrwUZ0v5aCJQX:BEI/QX

MD5: F57248C618F74BA96984DC470980EC21

SHA1: 88E6E1AEACF5045C37AA32D9052977E1A1F44FA7

SHA-256: 76B815911DB76B8BB8398A439048983DF21DAB85B06615F4FBBD734D19C9A8ED

SHA-512: F08F9C301A1CEEAA1B151FE9419066D0E6CDC48A399CFB30147933BE66E1398777FFC332989E9BCDBA89A988BBDECC176459188501FEFF753ED6712DF364C14C

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/permission_to_use_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-13,.cls-14,.cls-26,.cls-27,.cls-28,.cls-29,.cls-3,.cls-30,.cls-31,.cls-35,.cls-4,.cls-40,.cls-43{fill:none;}.cls-2{isolation:isolate;}.cls-3{stroke:#f1f3f4;}.cls-13,.cls-14,.cls-26,.cls-27,.cls-28,.cls-29,.cls-3,.cls-30,.cls-31,.cls-33,.cls-35,.cls-4,.cls-40{stroke-linecap:round;}.cls-13,.cls-14,.cls-26,.cls-3,.cls-33,.cls-4{stroke-linejoin:round;}.cls-4{stroke:#5f6368;stroke-dasharray:2 4;}.cls-4,.cls-43{opacity:0.1;}.cls-5{fill:#fbbc04;}.cls-37,.cls-38,.cls-6,.cls-7{mix-blend-mode:multiply;}.cls-6{fill:url(#linear-gradient);}.cls-8{fill:url(#linear-gradient-2);}.cls-9{fill:url(#linear-gradient-3);}.cls-10,.cls-33,.cls-41{fill:#e8eaed;}.cls-11{fill:url(#linear-gradient-4);}.cls-12{fill:#e9eaed;}.cls-13,.cls-27{stroke:#4285f4;}.cls-13,.cls-14{stroke-width:2px;}.cls-14,.cls-26,.cls-35{stroke:silver;}.cls-15{fill:url(#linear-gradient-5);}.cls-16{fill:#dadce0;}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\postmessageRelay[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 566

Entropy (8bit): 5.18967940169703

Encrypted: false

SSDEEP: 12:haxyErYfhVkrC9sA4xETrwPqJmWmM8ytrI:haJspVkO9szxEw0aSI

MD5: D11A94B3A20095FC7FB26B3B751B068A

SHA1: E3D74598F888B66CD54673E6809153C6807AD568

SHA-256: FE0BF2FABDEBF6C92CDA1FBB21A2B573F67751E86F5F0632059DE896DE2DDCC9

SHA-512: 7B13BB53A6557A6B05DF7CE9F4EBB1A0DEF74B72BFEC11D952EB4DAD50C41007E35C0940B6E527203F22E52C4662F8C196A4C01122C5F3A3A9ED8C6C241820D9

Copyright null 2020 Page 43 of 54

Malicious: false

Reputation: low

Preview:<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="r4QUSAXAgx6bIoZnt0UGeQ" src='https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js'></script></head><body ><script nonce="r4QUSAXAgx6bIoZnt0UGeQ" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\postmessageRelay[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\privacy_checkup_icon[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 2183

Entropy (8bit): 4.54347991131289

Encrypted: false

SSDEEP: 48:q8STtLI+xuWwnZ8ct9jmN1dxo9/nFKz2fWTKrfp+t2:qL1U8cf41Ho9/F/02

MD5: C75528C0EE848EDF85766240B68B2E24

SHA1: 77494574B9FF9AA00FF43F8114B694F7F78447BC

SHA-256: 0AB2FFD0160D09C189AF9772353C7853E833759E369B65874A00BED2F76830AD

SHA-512: 16ED48AADDE68DB93887A515BAD101958B247E5B93AD37D1A90B63F3FA6BDDB3E233333AD443B5AC0256225D085FC217CEC6D5C3FE39858C36B06E5675E5D90E

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/privacy_checkup_icon.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" width="53" height="62" viewBox="0 0 70 82" fill="none">. <path d="M 26.8292,75.5938 C 44.7667,67.0521 51.173,51.5917 52.7959,40.4021 53.1376,37.925 53.3084,35.3625 53.3938,32.8 V 14.0084 L 26.9147,5.8938 0.4355,14.0084 V 32.8 c 0.0854,2.5625 0.2562,5.0396 0.5979,7.6021 1.5375,11.1896 7.9438,26.65 25.7958,35.1917 z" fill="#4285f4"/>. <path d="m 12.9917,49.3708 c 0,-3.7583 6.6625,-6.8333 14.0083,-7.0042 7.4313,0.1709 14.0084,3.2459 14.0084,7.0042 v 0.3417 c 5.8083,-7.4313 5.0396,-18.023 -1.8792,-24.5146 -6.8333,-6.4063 -17.5104,-6.4063 -24.3437,0 -6.8334,6.4916 -7.6875,17.0833 -1.7938,24.5146 z" fill="#3362b5"/>. <path d="m 41.0084,49.3709 c 0,-3.7584 -6.6625,-6.8334 -14.0084,-7.0042 -7.3458,0.1708 -14.0083,3.2458 -14.0083,7.0042 v 0.3416 c 6.0646,7.7729 17.2542,9.1396 25.0271,2.9896 1.1104,-0.8542 2.1354,-1.8792 2.9896,-2.9896 z" fill="#ffffff"/>. <path d="m 27,39.2917 c 3.8683,0 7.0042,-3.1741 7.0042,-7.0896 0,-3.9154 -3.1359,-7.0896 -7.0042,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\privacy_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 17329

Entropy (8bit): 5.1099250055903545

Encrypted: false

SSDEEP: 192:xjy/JFxKSYW7g41eXA8rb4Ki/tGHtgpA3TubXWTvUWSuWqiPEMwIj0m0N2jiSixG:ZItY7/rBi1GHtP/OjUIjiO

MD5: 38B85604709A03A6EDED024ACE0658A5

SHA1: DD43720C61B45BC4FEC2E253045C5FAAF69082D0

SHA-256: 26A9A11E723631253C50ED9FCB595861246146C849CA1FBA16E23636A380B7CD

SHA-512: 8A627E64CDC780C5B37A741903E4592DB97212DEDE1E32B4C9DB1ABEB3071EE92F359B0355219F395933D172F1362412457F50CE094266B5E1984CCD292C16FA

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/privacy_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204"><defs><linearGradient id="linear-gradient" x1="25" y1="165" x2="50" y2="165" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/><stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/><stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/><stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/><stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/><stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/><stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/><stop offset="1" stop-color="#9aa0a6"/></linearGradient><linearGradient id="linear-gradient-2" x1="64" y1="139" x2="64" y2="146" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5f6368"/><stop offset="1" stop-color="#5f6368" stop-opacity="0"/></linearGradient><clipPath id="clip-path"><circle cx="64" cy="112" r="28

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Category: dropped

Size (bytes): 436

Entropy (8bit): 5.3455016154064054

Encrypted: false

SSDEEP: 12:hYA0HqJmqGak79hLFBkAAqJmPm/esHbmr4Nbx4IQL:hYPcByBvPz7E4NW

MD5: DDEBA1DE8BD3B2A49CD9B0FB296B58DF

SHA1: C0DD60C4C8349A78CB26E16F22D016642C6056BC

SHA-256: 5B237BD93739A2B3BE9ACA499673E1DBEAE09E62E5D81521B1A1D0FE762CF5A7

SHA-512: 083803EDDE2737526F4C3BC61FBEB0CAD149BFD425ED3CDD701F9FED2DB3BE4EB65803A2CD70BBE6F27DC415F4558C71F9DCE79CFEBD7424238DBB1E58E27CC3

Copyright null 2020 Page 44 of 54

Malicious: false

Reputation: low

Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="3v9NSg7wbMcK0DMfOSWjGw==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="3v9NSg7wbMcK0DMfOSWjGw=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[2].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Category: downloaded

Size (bytes): 436

Entropy (8bit): 5.216535331024667

Encrypted: false

SSDEEP: 12:hYA0HqJmqGFycqy79hLFBkAAqJmPm/esHb5ycqp4Nbx4IQL:hYPcBopBvPz75Y4NW

MD5: F270A32CC64C9640EAF4AE7BBC0D702D

SHA1: 46B26C26DCA4647F8FE33EE0694F00EA377C3A52

SHA-256: 43523758B177383C30F875AFAFABB667439D9A783278133442236B464F464D0D

SHA-512: 1FAF5A90AE9D31C84F676D033CB03ACA6BDCC688866D80833A25668042B64A132E1DFD458D8D6CFD40604CAA45DF65F32DBE54563E0E854B6485AE956DA4BA11

Malicious: false

Reputation: low

IE Cache URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uhBKOtz6fOw.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw%2Fm%3D__features__

Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="Es4qmpGeAxg1BiufemcCsQ==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="Es4qmpGeAxg1BiufemcCsQ=="></script>.</head>.<body>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 40068, version 1.1

Category: downloaded

Size (bytes): 40068

Entropy (8bit): 7.986363416256898

Encrypted: false

SSDEEP: 768:SZjhV5AtCnIR51aT0aCfvoIypmLL5V+VQLwv0JR9D2juelmPrldaC+Qac7:S5r5KRnECf6aL5V+VQLtmk4QaC

MD5: 3ABA54A73723BD3E90CB74D603687CCD

SHA1: 2C3D597CD36CA5856587C8482557B07DD8633329

SHA-256: A94234B7387BC4E9FA7B73DEDD34E5CC1189A28D526F4DADDECD1C9AB7B86840

SHA-512: 78F4E6514CD81CECC898D151B31B691122715D0239A47AB5D53ACA4F45FC1707DDD8464543D523E355DC1C19FF257C14DF4490D0938518D02BA35AECD72482B6

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff

Preview:wOFF..............`.........................GPOS..........<.?..GSUB...........l..ROS/2.......V...`h...cmap...l...<....T.S$cvt .......g...l...wfpgm...........a.A..gasp...............!glyf......Wm.......Nhdmx..i...(...O.....head...p...6...6..N{hhea....... ...$...Uhmtx.......x......+.loca...@...\...\y"..maxp....... ... .J..name...........,+.I.post............]/1.prep..............oNx.d..G.Q.....5.....n. ....d..d..p..o.........Q.....o..y~.....<..0 ....h..'c..d8.;.N'.....@...._.........LC.@.v......:.<.....r~.c....i..&.C.!Gt.x.jF...r....K...R}H@G.la./i.#..C./Q....pl+..\..$..o.....Hm\.*.....Z..t.".S..-....p..W\...*9..a|IH...9..c.s,.<88dI...%&GD.4..$D$D$.w;.=..%.4N6N].R...V>..O...0q.D$.Ow.HP....7!..v..7.%#.#...;...&?a.W..\oS....P..t+T..........+.K...,.V..h.D.'t......qW......,.e1.n.......}.....G...q..b>.(........#.....#Z./?0~FZ.5...O.".d4.'..|.ki..G...G.......Sv.w.@.qs`G@K.&.G..yk.......z.2.zB3.g....Mo.......E9..2lq...~H.B\.H..8...&..../.4.k..*6..]R.;.X..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[2].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 38064, version 1.1

Category: downloaded

Size (bytes): 38064

Entropy (8bit): 7.985282250659124

Encrypted: false

SSDEEP: 768:FmLfShvXTNLstzb6V8QZ3+ibkkftFHdur7Lh9JVIzdMIWRirfqiW5Pm9WmX:FmzSdXOhOOA5uDzHIz3WUrPYtmX

MD5: E7BBF7E9E89975E144CBC167F2293FDE

SHA1: 0CB43D4E0ECF79C8AF6629CA1C386EA23FA02C02

SHA-256: A87A298223B431522629F284F2D237773F8257B2DB427904CA95EC20DFC34CDD

SHA-512: 75AD4EF05603116A2C0D16E9C7F793D47602044611F369A83A6AED4D14279809064C43B6EA3BEA28F889F3CE65199DA67CF0685819A8F0C01F5DFC0C97969A7F

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eI.woff

Copyright null 2020 Page 45 of 54

Static File Info

No static file info

Network Port Distribution

Total Packets: 108

• 53 (DNS)

• 443 (HTTPS)

Preview:wOFF..............G.........................GPOS.......K..:X....GSUB............!?-.OS/2.......Y...`k..cmap...(... ....)9.8cvt ...H...g...l...wfpgm...........a.A..gasp...............!glyf......TD...$...yhdmx..c...'m..Kha`98head...h...6...6..N{hhea....... ...$...Chmtx.......^...l}.*.loca... ...8...8...Pmaxp...X... ... .8..name...x........ P<.post...L...|...{#_.sprep..............oNx.d.%@E1....w*Vpw......]z$S...HT.L&.L.g8.M.....ib....&.......]..${..i..<..A..Y............+.... .[..x...pL.=L.]`.mv...+..x.J.1..G<.$.B&..r..5.zs.q..W..... ?./.1.i.....?...?..uk.&~.I..\YF.6...|<!.:..Jxg.|...0.bb..|..=.=.=G....&!&!CB...Y"............)ij.....*r.....ku.j.9q"....hs...D"._.........X.+02.{*>...";>.....3.([a.'y.L.&."..2.O....*....`..L~.l}....h>x .J...V.8u<..."..Wh......FF"#.8...........=#Q.K..........!.S}...9........bv..V......W.."/....9U}.....5....g.{"..{.....Y.v...T..o..i.s.....|V.Hs..8d..N=..lg..g.HV...E.{;W.w6...R3&.mV..Q"%.<.3tlE.i.3yB62.....>K...l....s.(.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[2].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\respect_others_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Category: downloaded

Size (bytes): 7892

Entropy (8bit): 5.105595014134491

Encrypted: false

SSDEEP: 192:oznx2lzR+1dzVvnPDdRtVNI8Yr/f7Qv722duLJd1on:o92FR+1dzVvnPDdRtVNI8Yr/fcj22deY

MD5: ED3915EFE8B38A139B0F2A7E1C79F84A

SHA1: 18F9898BA648076F911B543B385A89C3C86FC4D3

SHA-256: F32FAFCA22A266777D1F33D49AF37372ACD2E50529D5CA8F4BB6D9E3BA1AEA08

SHA-512: 02C2A3EA804F16590105FBAEA28FE02DE166CEC2934580996413019604F36FE23C8F185788DF5D194941647590EA2AA04DB5819942447DE799AC1FB2BB2D9F6D

Malicious: false

Reputation: low

IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/respect_others_illustration.svg

Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{fill:#fbbc04;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:url(#linear-gradient-2);}.cls-4{fill:url(#linear-gradient-3);}.cls-5{fill:#5f6368;}.cls-6{fill:#f8f9fa;}.cls-10,.cls-11,.cls-12,.cls-17,.cls-18,.cls-22,.cls-7,.cls-9{fill:none;}.cls-7{stroke:#3c4043;}.cls-10,.cls-12,.cls-17,.cls-18,.cls-7,.cls-9{stroke-miterlimit:10;}.cls-8{fill:#e9eaed;}.cls-17,.cls-9{stroke:#bec1c6;}.cls-10,.cls-11,.cls-18,.cls-22,.cls-9{stroke-linecap:round;stroke-width:2px;}.cls-10,.cls-22{stroke:#fff;}.cls-11,.cls-12{stroke:#e9eaed;}.cls-11,.cls-22{stroke-linejoin:round;}.cls-13{fill:#bec1c6;}.cls-14{fill:#4285f4;}.cls-15{fill:url(#linear-gradient-4);}.cls-16{fill:#e8eaed;}.cls-18{stroke:#fbbc04;}.cls-19{fill:url(#linear-gradient-5);}.cls-20{fill:#185abc;}.cls-21{fill:#fff;}.cls-23{fill:#e37400;}.cls-24{fill:url(#linear-gradient-6);}</style><linearGradient id="linear-gradient" x1="

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

Dec 3, 2020 23:01:44.666109085 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.666495085 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.682465076 CET 443 49757 172.217.16.193 192.168.2.4

TCP Packets

Copyright null 2020 Page 46 of 54

Dec 3, 2020 23:01:44.682591915 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.682691097 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.682876110 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.683793068 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.684182882 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.699841976 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.700330973 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.708333969 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.708379030 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.708408117 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.708436966 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.708576918 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.708645105 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.717055082 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.718210936 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.718521118 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.721767902 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.721803904 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.721842051 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.721853971 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.721868992 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.721878052 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.721893072 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.721935987 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.727914095 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.728336096 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.735117912 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.735163927 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.735217094 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.735328913 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.736392021 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.736458063 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.738081932 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.738115072 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.738173962 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.738193035 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.738204002 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.738265991 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.744434118 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.744479895 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.744565010 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.744597912 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.744728088 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.744790077 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.755743980 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.757812977 CET 49757 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.757824898 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:44.774712086 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:44.778623104 CET 443 49757 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:46.600672007 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.618026018 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:46.618083000 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:46.618138075 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.618172884 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.618310928 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:46.618340015 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:46.618380070 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.618393898 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.618683100 CET 49758 443 192.168.2.4 172.217.16.193

Dec 3, 2020 23:01:46.640439034 CET 443 49758 172.217.16.193 192.168.2.4

Dec 3, 2020 23:01:47.476237059 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.486515045 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.492764950 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.492974043 CET 49773 443 192.168.2.4 172.217.23.161

Timestamp Source Port Dest Port Source IP Dest IP

Copyright null 2020 Page 47 of 54

Dec 3, 2020 23:01:47.493977070 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.502964020 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.503056049 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.503952026 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.510257959 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.518723965 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.518768072 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.518805027 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.518822908 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.518842936 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.518857956 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.518889904 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.518925905 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.520514011 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.523535967 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.523961067 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.524244070 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.530456066 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.530498028 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.530520916 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.530544996 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.530549049 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.530586958 CET 443 49774 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.530602932 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.530643940 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.534274101 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.534766912 CET 49774 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.540179014 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.540214062 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.540246964 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.540267944 CET 443 49773 172.217.23.161 192.168.2.4

Dec 3, 2020 23:01:47.540281057 CET 49773 443 192.168.2.4 172.217.23.161

Dec 3, 2020 23:01:47.540323019 CET 49773 443 192.168.2.4 172.217.23.161

Timestamp Source Port Dest Port Source IP Dest IP

Timestamp Source Port Dest Port Source IP Dest IP

Dec 3, 2020 23:01:18.578037977 CET 52991 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:18.613811970 CET 53 52991 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:20.295418978 CET 53700 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:20.322503090 CET 53 53700 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:21.231792927 CET 51726 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:21.269495010 CET 53 51726 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:23.460953951 CET 56794 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:23.498081923 CET 53 56794 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:24.362740993 CET 56534 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:24.390178919 CET 53 56534 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:24.412019014 CET 56627 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:24.455275059 CET 53 56627 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:25.194953918 CET 56621 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:25.230551958 CET 53 56621 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:26.547187090 CET 63116 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:26.582767963 CET 53 63116 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:27.411612034 CET 64078 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:27.438896894 CET 53 64078 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:27.453522921 CET 64801 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:27.488775969 CET 53 64801 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:27.516891003 CET 61721 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:27.562690020 CET 53 61721 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:27.712752104 CET 51255 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:27.748260021 CET 53 51255 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:28.048695087 CET 61522 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:28.075629950 CET 53 61522 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:29.701894999 CET 52337 53 192.168.2.4 8.8.8.8

UDP Packets

Copyright null 2020 Page 48 of 54

Dec 3, 2020 23:01:29.728879929 CET 53 52337 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:42.219114065 CET 55046 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:42.246196032 CET 53 55046 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:44.072222948 CET 49612 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:44.108114004 CET 53 49612 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:44.626117945 CET 49285 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:44.658624887 CET 50601 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:44.664165020 CET 53 49285 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:44.682760000 CET 60875 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:44.702104092 CET 53 50601 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:44.718384981 CET 53 60875 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:44.779213905 CET 56448 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:44.806129932 CET 53 56448 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:45.025576115 CET 59172 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:45.061307907 CET 53 59172 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:45.509529114 CET 62420 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:45.552717924 CET 53 62420 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:45.914016962 CET 60579 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:45.926985025 CET 50183 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:45.957175970 CET 53 60579 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:45.962748051 CET 53 50183 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:47.429977894 CET 61531 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:47.473484993 CET 53 61531 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:47.584242105 CET 49228 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:47.611352921 CET 53 49228 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:49.172059059 CET 59794 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:49.228108883 CET 53 59794 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:53.438999891 CET 55916 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:53.466085911 CET 53 55916 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:54.150007010 CET 52752 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:54.177414894 CET 53 52752 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:54.442436934 CET 55916 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:54.469707012 CET 53 55916 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:55.150535107 CET 52752 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:55.177773952 CET 53 52752 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:55.451864958 CET 55916 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:55.479089022 CET 53 55916 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:56.206840038 CET 52752 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:56.233973026 CET 53 52752 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:57.450608015 CET 55916 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:57.477667093 CET 53 55916 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:58.213547945 CET 52752 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:58.240772963 CET 53 52752 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:58.402993917 CET 60542 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:58.446763992 CET 53 60542 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:58.448806047 CET 60689 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:58.492381096 CET 53 60689 8.8.8.8 192.168.2.4

Dec 3, 2020 23:01:58.516055107 CET 64206 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:01:58.562006950 CET 53 64206 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:01.453423977 CET 55916 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:01.480561018 CET 53 55916 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:02.213629007 CET 52752 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:02.240793943 CET 53 52752 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:18.996398926 CET 50904 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:19.023334980 CET 53 50904 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:19.739459038 CET 57525 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:19.766412973 CET 53 57525 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:25.090692043 CET 53814 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:25.117774010 CET 53 53814 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:25.539654016 CET 53418 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:25.566730976 CET 53 53418 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:25.796471119 CET 62833 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:25.823476076 CET 53 62833 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:26.552046061 CET 59260 53 192.168.2.4 8.8.8.8

Timestamp Source Port Dest Port Source IP Dest IP

Copyright null 2020 Page 49 of 54

Dec 3, 2020 23:02:26.587321043 CET 53 59260 8.8.8.8 192.168.2.4

Dec 3, 2020 23:02:33.651155949 CET 49944 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:02:33.687797070 CET 53 49944 8.8.8.8 192.168.2.4

Dec 3, 2020 23:03:04.914618969 CET 63300 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:03:04.941816092 CET 53 63300 8.8.8.8 192.168.2.4

Dec 3, 2020 23:03:14.232018948 CET 61449 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:03:14.275940895 CET 53 61449 8.8.8.8 192.168.2.4

Dec 3, 2020 23:03:15.618774891 CET 51275 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:03:15.656060934 CET 53 51275 8.8.8.8 192.168.2.4

Dec 3, 2020 23:03:31.411679029 CET 63492 53 192.168.2.4 8.8.8.8

Dec 3, 2020 23:03:31.447315931 CET 53 63492 8.8.8.8 192.168.2.4

Timestamp Source Port Dest Port Source IP Dest IP

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Dec 3, 2020 23:01:27.516891003 CET 192.168.2.4 8.8.8.8 0xc0dc Standard query (0)

accounts.youtube.com

A (IP address) IN (0x0001)

Dec 3, 2020 23:01:44.626117945 CET 192.168.2.4 8.8.8.8 0x4f4 Standard query (0)

lh3.googleusercontent.com

A (IP address) IN (0x0001)

Dec 3, 2020 23:01:47.429977894 CET 192.168.2.4 8.8.8.8 0x535 Standard query (0)

lh4.ggpht.com A (IP address) IN (0x0001)

Dec 3, 2020 23:01:47.584242105 CET 192.168.2.4 8.8.8.8 0x5df6 Standard query (0)

www.youtube.com

A (IP address) IN (0x0001)

Dec 3, 2020 23:01:58.448806047 CET 192.168.2.4 8.8.8.8 0xcb84 Standard query (0)

googleads.g.doubleclick.net

A (IP address) IN (0x0001)

Dec 3, 2020 23:01:58.516055107 CET 192.168.2.4 8.8.8.8 0xb892 Standard query (0)

static.doubleclick.net

A (IP address) IN (0x0001)

Dec 3, 2020 23:03:31.411679029 CET 192.168.2.4 8.8.8.8 0x2359 Standard query (0)

stats.g.doubleclick.net

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Dec 3, 2020 23:01:27.562690020 CET

8.8.8.8 192.168.2.4 0xc0dc No error (0) accounts.youtube.com

www3.l.google.com CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:01:44.664165020 CET

8.8.8.8 192.168.2.4 0x4f4 No error (0) lh3.googleusercontent.com

googlehosted.l.googleusercontent.com

CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:01:44.664165020 CET

8.8.8.8 192.168.2.4 0x4f4 No error (0) googlehosted.l.googleusercontent.com

172.217.16.193 A (IP address) IN (0x0001)

Dec 3, 2020 23:01:47.473484993 CET

8.8.8.8 192.168.2.4 0x535 No error (0) lh4.ggpht.com photos-ugc.l.googleusercontent.com

CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:01:47.473484993 CET

8.8.8.8 192.168.2.4 0x535 No error (0) photos-ugc.l.googleusercontent.com

172.217.23.161 A (IP address) IN (0x0001)

Dec 3, 2020 23:01:47.611352921 CET

8.8.8.8 192.168.2.4 0x5df6 No error (0) www.youtube.com

youtube-ui.l.google.com CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:01:58.492381096 CET

8.8.8.8 192.168.2.4 0xcb84 No error (0) googleads.g.doubleclick.net

pagead46.l.doubleclick.net

CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:01:58.492381096 CET

8.8.8.8 192.168.2.4 0xcb84 No error (0) pagead46.l.doubleclick.net

172.217.21.226 A (IP address) IN (0x0001)

Dec 3, 2020 23:01:58.562006950 CET

8.8.8.8 192.168.2.4 0xb892 No error (0) static.doubleclick.net

static-doubleclick-net.l.google.com

CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:03:31.447315931 CET

8.8.8.8 192.168.2.4 0x2359 No error (0) stats.g.doubleclick.net

stats.l.doubleclick.net CNAME (Canonical name)

IN (0x0001)

Dec 3, 2020 23:03:31.447315931 CET

8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net

108.177.15.154 A (IP address) IN (0x0001)

Dec 3, 2020 23:03:31.447315931 CET

8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net

108.177.15.156 A (IP address) IN (0x0001)

Dec 3, 2020 23:03:31.447315931 CET

8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net

108.177.15.157 A (IP address) IN (0x0001)

DNS Queries

DNS Answers

Copyright null 2020 Page 50 of 54

Dec 3, 2020 23:03:31.447315931 CET

8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net

108.177.15.155 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Dec 3, 2020 23:01:44.708436966 CET

172.217.16.193 443 192.168.2.4 49758 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Dec 3, 2020 23:01:44.721878052 CET

172.217.16.193 443 192.168.2.4 49757 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Dec 3, 2020 23:01:47.518842936 CET

172.217.23.161 443 192.168.2.4 49773 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Dec 3, 2020 23:01:47.530586958 CET

172.217.23.161 443 192.168.2.4 49774 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Dec 3, 2020 23:01:58.612243891 CET

172.217.21.226 443 192.168.2.4 49781 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

HTTPS Packets

Copyright null 2020 Page 51 of 54

Code Manipulations

Statistics

Behavior

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

Dec 3, 2020 23:01:58.613171101 CET

172.217.21.226 443 192.168.2.4 49782 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Dec 3, 2020 23:01:58.628298044 CET

172.217.21.226 443 192.168.2.4 49785 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017

Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Analysis Process: iexplore.exe PID: 3296 Parent PID: 800Analysis Process: iexplore.exe PID: 3296 Parent PID: 800

General

Copyright null 2020 Page 52 of 54

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

Start time: 23:01:22

Start date: 03/12/2020

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff744e40000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

Start time: 23:01:22

Start date: 03/12/2020

Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3296 CREDAT:17410 /prefetch:2

Imagebase: 0x390000

File size: 822536 bytes

MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296

General

Copyright null 2020 Page 53 of 54

Disassembly

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

Copyright null 2020 Page 54 of 54