Table of Contents - Joe Sandbox
-
Upload
khangminh22 -
Category
Documents
-
view
1 -
download
0
Transcript of Table of Contents - Joe Sandbox
2
333333333334455666666888
1010101212121213131313134646464646485050515252525252525353
53535353
54
Table of Contents
Table of ContentsAnalysis Report https://accounts.google.com/[email protected]&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 3296 Parent PID: 800GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright null 2020 Page 2 of 54
Analysis Report https://accounts.google.com/[email protected]&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029…
Overview
General Information
Sample URL: https://accounts.google.com/[email protected]&...https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029
Analysis ID: 326729
Most interesting Screenshot:
Detection
Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
Found iframes
Found iframes
Found iframes
Found iframes
Found iframes
Found iframes
Found iframesFound iframes
URL contains potential PII (phishing
URL contains potential PII (phishing
URL contains potential PII (phishing
URL contains potential PII (phishing
URL contains potential PII (phishing
URL contains potential PII (phishing
URL contains potential PII (phishingURL contains potential PII (phishing……
Unusual large HTML page
Unusual large HTML page
Unusual large HTML page
Unusual large HTML page
Unusual large HTML page
Unusual large HTML page
Unusual large HTML pageUnusual large HTML page
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Signature Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 3296 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 1316 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3296 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2020 Page 3 of 54
• Phishing
• Networking
• System Summary
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects
Drive-byCompromise 1
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
ApplicationWindowDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 1
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 2
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Behavior Graph
Copyright null 2020 Page 4 of 54
Behavior Graph
ID: 326729
URL: https://accounts.google.com...
Startdate: 03/12/2020
Architecture: WINDOWS
Score: 1
stats.l.doubleclick.net stats.g.doubleclick.net
iexplore.exe
17 54
started
iexplore.exe
10 188
started
googlehosted.l.googleusercontent.com
172.217.16.193, 443, 49757, 49758
GOOGLEUS
United States
pagead46.l.doubleclick.net
172.217.21.226, 443, 49781, 49782
GOOGLEUS
United States
7 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright null 2020 Page 5 of 54
Source Detection Scanner Label Link
https://accounts.google.com/[email protected]&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029
0% Virustotal Browse
https://accounts.google.com/[email protected]&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029
0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
No Antivirus matches
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright null 2020 Page 6 of 54
Source Detection Scanner Label Link
www.broofa.com 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
https://translate.google.co.uk/?hl 0% URL Reputation safe
https://translate.google.co.uk/?hl 0% URL Reputation safe
https://translate.google.co.uk/?hl 0% URL Reputation safe
https://translate.google.co.uk/?hl 0% URL Reputation safe
https://books.google.co.uk/?hl 0% Avira URL Cloud safe
https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe
https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe
https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe
https://www.google.co.uk/intl/en-GB/about/products?tab 0% URL Reputation safe
https://www.google.co.uk/webhp?tab 0% URL Reputation safe
https://www.google.co.uk/webhp?tab 0% URL Reputation safe
https://www.google.co.uk/webhp?tab 0% URL Reputation safe
https://www.google.co.uk/webhp?tab 0% URL Reputation safe
https://about.google/intl/en-GB_GB/how-our-business-works 0% Avira URL Cloud safe
https://policies.e.com/privacy?gl=GB&hl=en-GB382296Root 0% Avira URL Cloud safe
https://www.google.co.uk/finance?tab 0% URL Reputation safe
https://www.google.co.uk/finance?tab 0% URL Reputation safe
https://www.google.co.uk/finance?tab 0% URL Reputation safe
https://www.google.co.uk/finance?tab 0% URL Reputation safe
https://policies.Root 0% Avira URL Cloud safe
https://readalong.google/intl/en-GB_GB/privacy 0% Avira URL Cloud safe
https://www.google.co.uk/save 0% URL Reputation safe
https://www.google.co.uk/save 0% URL Reputation safe
https://www.google.co.uk/save 0% URL Reputation safe
https://www.google.co.uk/webhp 0% Avira URL Cloud safe
https://www.google. 0% URL Reputation safe
https://www.google. 0% URL Reputation safe
https://www.google. 0% URL Reputation safe
https://www.google.co.uk/intl/en-GB/about/products 0% Avira URL Cloud safe
https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe
https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe
https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made 0% URL Reputation safe
https://policies.e.com/terms?gl=GB&hl=en-GB382296Root 0% Avira URL Cloud safe
https://www.gstatic. 0% URL Reputation safe
https://www.gstatic. 0% URL Reputation safe
https://www.gstatic. 0% URL Reputation safe
https://about.google/ 0% URL Reputation safe
https://about.google/ 0% URL Reputation safe
https://about.google/ 0% URL Reputation safe
https://www.google.co.uk/finance 0% Avira URL Cloud safe
https://policies.googl 0% URL Reputation safe
https://policies.googl 0% URL Reputation safe
https://policies.googl 0% URL Reputation safe
https://maps.google.co.uk/maps?hl 0% URL Reputation safe
https://maps.google.co.uk/maps?hl 0% URL Reputation safe
https://maps.google.co.uk/maps?hl 0% URL Reputation safe
https://www.google.co.uk/shopping?hl 0% URL Reputation safe
https://www.google.co.uk/shopping?hl 0% URL Reputation safe
https://www.google.co.uk/shopping?hl 0% URL Reputation safe
https://safety.google?hl=en_GB 0% Avira URL Cloud safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://support.google 0% URL Reputation safe
https://support.google 0% URL Reputation safe
https://support.google 0% URL Reputation safe
Copyright null 2020 Page 7 of 54
Name IP Active Malicious Antivirus Detection Reputation
pagead46.l.doubleclick.net 172.217.21.226 true false high
stats.l.doubleclick.net 108.177.15.154 true false high
photos-ugc.l.googleusercontent.com 172.217.23.161 true false high
googlehosted.l.googleusercontent.com 172.217.16.193 true false high
accounts.youtube.com unknown unknown false high
googleads.g.doubleclick.net unknown unknown false high
www.youtube.com unknown unknown false high
lh3.googleusercontent.com unknown unknown false high
lh4.ggpht.com unknown unknown false high
static.doubleclick.net unknown unknown false high
stats.g.doubleclick.net unknown unknown false high
Name Source Malicious Antivirus Detection Reputation
https://staging-realtimesupport-googleapis.sandbox.youtube.com
operatordeferred_bin_base__en[1].js.2.dr
false high
https://schema.org/Thing 2917834[1].htm.2.dr false high
https://www.youtube.com/iframe_api?trustedtypes=1 1DNQE0KW.js.2.dr false high
www.broofa.com rs=AA2YrTuWr-THoJhZf_G0GDWJEiz9fL6BmQ[1].js.2.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://translate.google.co.uk/?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://books.google.co.uk/?hl so[1].htm.2.dr, so[1].htm0.2.dr false Avira URL Cloud: safe unknown
https://www.youtube.com/embed/ 1DNQE0KW.js.2.dr false high
https://www.youtube.com/watch?v=ggoJFaE71W8 ggoJFaE71W8[1].htm.2.dr false high
https://casespartner-pa.youtube.com operatordeferred_bin_base__en[1].js.2.dr
false high
https://www.google.co.uk/intl/en-GB/about/products?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=
privacy[1].htm.2.dr false high
https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr
~DFCCEDEDCC7A547FD5.TMP.1.dr false high
https://www.google.co.uk/webhp?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/feed/history?utm_source=pp&hl=en_GB
privacy[1].htm.2.dr false high
https://about.google/intl/en-GB_GB/how-our-business-works
terms[1].htm.2.dr false Avira URL Cloud: safe unknown
https://signaler-pa.youtube.com operatordeferred_bin_base__en[1].js.2.dr
false high
https://policies.e.com/privacy?gl=GB&hl=en-GB382296Root
{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://g.co/recover ServiceLogin[1].htm.2.dr false high
www.youtube.com/watch?v=48l-xdS4pXg 48l-xdS4pXg[1].htm.2.dr false high
https://realtimesupport.youtube.com operatordeferred_bin_base__en[1].js.2.dr
false high
https://www.google.co.uk/finance?tab so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
youtube.com/streaming/otf/durations/112015 base[1].js.2.dr false high
https://policies.Root {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://readalong.google/intl/en-GB_GB/privacy privacy[1].htm.2.dr false Avira URL Cloud: safe unknown
Domains and IPs
Contacted Domains
URLs from Memory and Binaries
Copyright null 2020 Page 8 of 54
https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr
~DFCCEDEDCC7A547FD5.TMP.1.dr false high
youtube.com/streaming/metadata/segment/102015 base[1].js.2.dr false high
https://www.youtube.com iframe_api[1].js.2.dr, www-widgetapi[1].js.2.dr, player_api[1].js.2.dr
false high
https://youtu.be/ base[1].js.2.dr false high
https://www.google.co.uk/save so[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.google.co.uk/webhp so[1].htm0.2.dr false Avira URL Cloud: safe unknown
https://admin.youtube.com base[1].js.2.dr false high
https://www.google. 1DNQE0KW.js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr
~DFCCEDEDCC7A547FD5.TMP.1.dr false high
www.youtube.com/watch?v=ggoJFaE71W8 ggoJFaE71W8[1].htm.2.dr false high
https://www.google.co.uk/intl/en-GB/about/products so[1].htm0.2.dr false Avira URL Cloud: safe unknown
https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high
https://www.blogger.com/?tab so[1].htm.2.dr false high
https://www.legislation.gov.uk/uksi/2013/3134/regulation/4/made
terms[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=
privacy[1].htm.2.dr false high
https://policies.e.com/terms?gl=GB&hl=en-GB382296Root
{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
www.apache.org/licenses/LICENSE-2.0 operatordeferred_bin_base__en[1].js.2.dr, accounts[1].htm0.2.dr
false high
https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
accounts[1].htm0.2.dr false high
https://www.youtube.com/generate_204?cpn= base[1].js.2.dr false high
https://www.gstatic. 1DNQE0KW.js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://youtube.com/api/drm/fps?ek=uninitialized base[1].js.2.dr false high
https://about.google/ terms[1].htm.2.dr, privacy[1].htm.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://schema.org/BreadcrumbList 2917834[1].htm.2.dr false high
https://www.google.co.uk/finance so[1].htm0.2.dr false Avira URL Cloud: safe unknown
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
cb=gapi[2].js.2.dr false high
https://policies.googl {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://maps.google.co.uk/maps?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.google.co.uk/shopping?hl so[1].htm.2.dr, so[1].htm0.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://schema.org/ListItem 2917834[1].htm.2.dr false high
https://www.youtube.com/watch?v=ZdEIZNg3epQ ZdEIZNg3epQ[1].htm.2.dr false high
youtube.com/yt/2012/10/10 base[1].js.2.dr false high
https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pr
~DFCCEDEDCC7A547FD5.TMP.1.dr false high
https://safety.google?hl=en_GB terms[1].htm.2.dr false Avira URL Cloud: safe unknown
www.youtube.com/watch?v=ZdEIZNg3epQ ZdEIZNg3epQ[1].htm.2.dr false high
https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history
2917834[1].htm.2.dr false high
https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
low
https://www.youtube.com/watch?v=48l-xdS4pXg 48l-xdS4pXg[1].htm.2.dr false high
https://support.google {13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.youtube.com/videoplayback base[1].js.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright null 2020 Page 9 of 54
General Information
Joe Sandbox Version: 31.0.0 Red Diamond
Analysis ID: 326729
Start date: 03.12.2020
Start time: 23:00:34
Joe Sandbox Product: CloudBasic
https://kids.youtube.com/privacynotice privacy[1].htm.2.dr false high
https://client-channel.youtube.com/client-channel/client operatordeferred_bin_base__en[1].js.2.dr
false high
https://www.youtube.com/?gl so[1].htm.2.dr, so[1].htm0.2.dr false high
https://www.blogger.com/ so[1].htm0.2.dr false high
https://www.youtube.com/feed/history/search_history?utm_source=pp&hl=en_GB
privacy[1].htm.2.dr false high
www.youtube.com/watch?v=YlmVKT3Zvhw YlmVKT3Zvhw[1].htm.2.dr false high
youtube.com/drm/2012/10/10 base[1].js.2.dr false high
https://accounts.youtube.com/accounts/CheckConnection?pmpo
ServiceLogin[1].htm.2.dr false high
https://www.youtube.com/watch?v=YlmVKT3Zvhw YlmVKT3Zvhw[1].htm.2.dr false high
https://staging-casespartner-pa-googleapis.sandbox.youtube.com
operatordeferred_bin_base__en[1].js.2.dr
false high
https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=
privacy[1].htm.2.dr false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Domain Country Flag ASN ASN Name Malicious
172.217.21.226 unknown United States 15169 GOOGLEUS false
172.217.16.193 unknown United States 15169 GOOGLEUS false
172.217.23.161 unknown United States 15169 GOOGLEUS false
Contacted IPs
Public
Copyright null 2020 Page 10 of 54
Overall analysis duration: 0h 6m 10s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: https://accounts.google.com/[email protected]&continue=https://support.google.com/accounts/answer/98564?aneid%3D635484579725699029
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 15
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean1.win@3/138@7/3
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://support.google.com/accounts?p=signin_privatebrowsing&hl=en-GBBrowsing link: https://support.google.com/accounts?hl=en-GBBrowsing link: https://accounts.google.com/TOS?loc=GB&hl=en-GB&privacy=trueBrowsing link: https://accounts.google.com/TOS?loc=GB&hl=en-GB
Copyright null 2020 Page 11 of 54
Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exeExcluded IPs from analysis (whitelisted): 104.43.193.48, 168.61.161.212, 104.83.120.32, 172.217.18.13, 216.58.205.227, 216.58.208.36, 172.217.21.227, 172.217.16.142, 216.58.206.46, 40.88.32.150, 216.58.209.46, 172.217.18.99, 216.58.206.42, 51.104.139.180, 216.58.212.174, 172.217.22.106, 172.217.21.234, 172.217.18.110, 172.217.22.110, 142.250.74.206, 172.217.23.174, 172.217.22.78, 172.217.21.238, 216.58.205.238, 172.217.23.142, 172.217.21.206, 216.58.207.46, 216.58.207.78, 172.217.16.206, 172.217.16.174, 172.217.23.110, 152.199.19.161, 216.58.212.134, 52.147.198.201, 92.122.213.194, 92.122.213.247, 20.54.26.129, 92.122.145.220Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, scone-pa.clients6.google.com, ssl.gstatic.com, arc.msn.com.nsatc.net, support.google.com, store-images.s-microsoft.com-c.edgekey.net, ogs.google.com, policies.google.com, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, realtimesupport.clients6.google.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.google-analytics.com, fonts.googleapis.com, accounts.google.com, plus.l.google.com, www-google-analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, static-doubleclick-net.l.google.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, youtube-ui.l.google.com, www3.l.google.com, play.google.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, apis.google.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryAttributesFile calls found.
No simulations
No context
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Copyright null 2020 Page 12 of 54
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BACZYXTY\www.youtube[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 6129
Entropy (8bit): 5.103833315561267
Encrypted: false
SSDEEP: 96:Cjtsrj3GqPuQw5rw59rw5rw57Qrw57Qrw57Qrw57vYrw57vYrw57vYrw57Qrw57O:S6M6ddd9L9L9LNtN8
MD5: 29AE3F3DF2C360741330534E9B7EE520
SHA1: A6DFBF720A2D0B424A2EC7DBF040F43C9585F4BB
SHA-256: 08D6C5CD6EB264918772500CD941EDF032D56B6D26FD48B37932748BEF41231F
SHA-512: A0E28C5E43DEDA7D5474BADE3139D3ED0F52F65CD7ADFE9AE0125012D3EA0BAEAF176CB62FC5B489D9C21080194A366184CA6B0FDFC07208D8784A8B35D3B410
Malicious: false
Reputation: low
Preview:<root></root><root></root><root><item name="__sak" value="1" ltime="3915985168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3929065168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3940905168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3964205168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="3975125168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4007245168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4016845168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4054565168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4061925168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="4108445168" htime="30853567" /></root><root></root><root><item name="__sak" value="1" ltime="41
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\accounts.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 174
Entropy (8bit): 4.648115123901125
Encrypted: false
SSDEEP: 3:D90aK1ryRtFwsR0pqqUlB90ohOqSSWFHwbFK1ryRtFwsoIcDAqFf30NT/DOqSSW3:JFK1rUFWcqa/0oYSowbk1rUFxmAq930Q
MD5: 71F0ED89118933817B411107FC0CBA77
SHA1: CAB3B6D3E6ADB2CFB2892D0FC91B7CC153FB677A
SHA-256: 60F0E665FB1AACC990F8FD487FAC63E570CA62035784C74B4D9066FC79B42925
SHA-512: 58C4757CA8F6E90C620D3684467E09541E32063116A6930EB606C7C768F8D19FF51FCDB1188A4AB359E4F0039EF02D9D46CDCEBB11C08639D995BBAB7842B86D
Malicious: false
Reputation: low
Preview:<root></root><root><item name="__sak" value="1" ltime="3639185168" htime="30853567" /></root><root><item name="promo" value="{}" ltime="3639225168" htime="30853567" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\support.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 158
Entropy (8bit): 4.281993558887027
Domains
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright null 2020 Page 13 of 54
Encrypted: false
SSDEEP: 3:D90aK1r0aK1r0aK1ryRtFwsR9eYHpqqRW+eYHzR3608OqSSWFHwbFK1r0aKb:JFK1rFK1rFK1rUFCYJqqwDYTR36kSow/
MD5: 843F748E49F5C83B081EAC6CFC022F48
SHA1: 7BFDF906858D111E6339DE6CDA259C5CBA9EB496
SHA-256: DCA9CD8B68118DE9BD45E16285920291C1E869E624FF867E8B7B486DC6085C05
SHA-512: 9FDF575B30731EFEA5ED983472BF8F41785395909E8731C75E6C277AB7F13F74F525E6611E2452238D121A13DA248C17F0BAE8FF835E0FA5BDBC5EC47C18ED69
Malicious: false
Reputation: low
Preview:<root></root><root></root><root></root><root><item name="__storage_test__" value="__storage_test__" ltime="3833645168" htime="30853567" /></root><root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\support.google[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13F5DDD4-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 39000
Entropy (8bit): 1.9196532752896864
Encrypted: false
SSDEEP: 192:r9ZWZe62eK39WeKw3teKwphmifeKwprQAJXzMeKwntrKvBeKwnQrFVDeKwnQGrzW:rTSMLUOi3PJv7bd80P
MD5: 4663DC525458C9E7ED609757ED6A815D
SHA1: 31D0345096AF4859AE18E8DC2D60116B8F561359
SHA-256: CE8497491F00D14CEB55A4656B576EA3F34FE03264C6FF6D606784B6A7E8B40C
SHA-512: CFB9E693B9F4F1780E720BD03ED272E357675AE5E711E9F127D6D5C8AF10E167640604F2224B494459D5DCA714E3FEC773192F1DAA0BD15F333419F269917F75
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD6-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 123236
Entropy (8bit): 2.9579207529766776
Encrypted: false
SSDEEP: 384:rCJUPQW609hg4sSX0W0Ippo5OGSaS63SDBGSaS63STjpqD2CxZb3f1+qnR/8BagH:m2FwTbVTbus97y
MD5: 27ADFAA588D08690F75B404F94788378
SHA1: B64692851C0C4A003BBD46C193178EE8FF298C93
SHA-256: C642647E5250DAAB362D1FDE5631A6396B3CA7F42853773DCFD737F1189FA360
SHA-512: 80B86EC6AB9C38F23DDD5A43F34A84489E3D286E438C9D51CA7F59D9E3C6DF5817B908C2EC1589301BE2A686A4126AD43ABA0CA5D20F8C010CA2899931220B7A
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD7-35B3-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 19032
Entropy (8bit): 1.5857993017940473
Encrypted: false
SSDEEP: 48:IwxGcprsGwpaZG4pQYGrapbS7rGQpKQG7HpRJsTGIpX2DGApm:rHZEQ76mBS7FArTJ4Fmg
MD5: B73272E8B2700C7036CD887B701DBB54
SHA1: AB532C091F0C303CF21EA89E3FBAEAFDD9E69E23
SHA-256: E4053E7009FF04E70098CA3AB74B0D9AF13D53681F99740E7D8717A0498D15D1
SHA-512: A649FD9E69AF360881ECB5E6B66B7C10395F6C206A144B5BE4B82370303475FD8F714FD3D49542AD02E2F975E442E103A62850B2D481F3551420C5E9A32D3BB8
Malicious: false
Reputation: low
Copyright null 2020 Page 14 of 54
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13F5DDD7-35B3-11EB-90EB-ECF4BBEA1588}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 17000
Entropy (8bit): 3.7530932306991787
Encrypted: false
SSDEEP: 192:YvI6tZPqWceBPGbvI6teL0PqWceBPGALiI6tHqWceBPGs:P62W7Bj6kLpW7B/L56wW7BL
MD5: 21DA0E60A09872AA08F57972774856D2
SHA1: 5F24A1C6F9C775D09F577BE9B3B73AEC1D5156E5
SHA-256: 52739ABEF3B56931FC18863B9F61A1D27B9121920FE6CA2B2720F361CB9C22BE
SHA-512: 6AD4587679A3D9462574D8F5EDA2ACAE11FC388AEAE15C0BA221350189E898E81D2C8075EF5604F7A04A0B5B91B14B2C2E5664AEE1BE41B19F7C77AF2A345B86
Malicious: false
Reputation: low
Preview:".h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\02f8664b95445de6f27ba682f3c5f9ab[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 4026
Entropy (8bit): 5.165425025048119
Encrypted: false
SSDEEP: 96:+O2aTjjawLtBx0tdmK9YYlfBWX5oM4rLEa:DTj+wVeY0S4r7
MD5: 02F8664B95445DE6F27BA682F3C5F9AB
SHA1: EFF0C42E5C642D81EF76995CE6B6C059CB38DCB6
SHA-256: 343B575C37BF08A1FDC972D0D86BCFAFF9C405DE625516C8656B60D37DCBA927
SHA-512: 2F58F0E0D46B9DE2F47CA8EC41B15E4B78A02EF9C7172B7C673CF85A3FD8D8870F00AF04C82768893A86B3F787B64464DF5613C801B6D85F1FC16A614F25CCF6
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/02f8664b95445de6f27ba682f3c5f9ab.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="108" y1="165" x2="180" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="242" y1="149" x2="284" y2="149" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="34" y1="149" x2="76" y2="149" xlink:href=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2917834[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 705351
Entropy (8bit): 5.624120338572066
Encrypted: false
SSDEEP: 12288:thuqX/x3Nt9pI2xfl7XEMUpT0nvIgPWqkUSg/:thuqXHt9u2h5XEMUpT0nQKWqkUSu
MD5: 609DA94631A9C0082127CB93D181A8E4
SHA1: 6E99249C40252E137D40106F3D2448BA4E5AFE10
SHA-256: FE4F29782C6786013372797C62741E21D8D089BAD7CE1C1BEAA2B8E70839BE10
SHA-512: D12287F1ECAC6363D9A246FA16D39A8EACD773E9390136E963BF60FB409E30C4D3FA6E70FB71D735F38E9739A05A51F01F67D75937500EBD3882FA944024F5FA
Malicious: false
Reputation: low
IE Cache URL: https://support.google.com/accounts/answer/2917834?visit_id=637426297042051008-2032747671&p=signin_privatebrowsing&hl=en-GB&rd=1
Copyright null 2020 Page 15 of 54
Preview:<!doctype html><html class="hcfe" data-page-type="ANSWER" lang="en"><head><title>Sign in on a device that's not yours - Computer - Google Account Help</title><meta content="email=no" name="format-detection"><meta content="nofollow,noindex" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="If you sign in temporarily on a computer, phone, or tablet that doesn't belong to you, use a private browsing window. For example: A public computer that's available to lots of people, like at a" name="description"><link href="https://support.google.com/accounts/answer/2917834?co=GENIE.Platform%3DDesktop&hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2917834[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2951277d4c35389d7d304ed78d4fb6f6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 3437
Entropy (8bit): 5.159691776325374
Encrypted: false
SSDEEP: 48:+GzHx4GLZ/W1wHxJCXvGUQoHxno+e//Ij0jiO0ijy1uHldlzvgYx:+G2UCv0Ij0jH0P+ldlzvgYx
MD5: 2951277D4C35389D7D304ED78D4FB6F6
SHA1: 936A9062B6E78E198BA1CD7ACDB42DEA29920890
SHA-256: F3E55293686B1A4BCB8095896F8ADA506D3CE3E8BAD1DE89EAB56AFBEF3AD793
SHA-512: 8A9B5F0DAE9DFBD5C1FC7FCBEE51FD9A40302856C2F305FF0343DB2BA46D9C05B5F25A6F90AAE4AAFCEB6ACEFF7813157617773E2147954928B1E9227B581415
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/2951277d4c35389d7d304ed78d4fb6f6.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="24" y1="77" x2="48" y2="77" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="48" y1="80" x2="48" y2="16" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.043" stop-color="#1967d2" stop-opacity="0.942"/>. <stop offset="0.305" stop-color="#1967d2" stop-opacity="0.611"/>. <stop offset="0.54" stop-color="#1967d2" sto
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\3394102be0315326fd760e503b31c7b6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1997
Entropy (8bit): 4.972761923159453
Encrypted: false
SSDEEP: 48:+G0uMHxFi+eeunuGuQmDjuf3XU8MtUPFWl:+3vHxAr8Cn4tgWl
MD5: 3394102BE0315326FD760E503B31C7B6
SHA1: 8D80ABE58002CB8CF2A9C05EC5CE61F6A528AA6C
SHA-256: FD266CACD5FD6FACBA81DEB7274AD226D7916B8883F23480A86F6F9C015913C8
SHA-512: 769DDC47AAA142961A8E00CDE3566DE62A6A6CA28D6EF568D5ECF67A0A5D8EF8806CF2428B653D58B9313E86161B6099D73362E6CEA6097D0B48DF4846253FE8
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/3394102be0315326fd760e503b31c7b6.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <clipPath id="clip-path">. <circle cx="48" cy="48" r="41" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient" x1="51" y1="78" x2="93" y2="78" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6"/>. <stop offset="1" stop-color="#9aa0a6" stop-opacity="0"/>. </linearGradient>. </defs>. <title>site_sec_C_01</title>. <g style="isolation: isolate">. <g id="Content">. <g>. <g>. <g>. <circle cx="48" cy="48" r="41" fill="#e8eaed"/>. <circle cx="48" cy="48" r="41" fill="none"/>. <circle cx="48" cy="48" r="41" fill="none"/>. <g clip-path="url(#clip-path)">. <path d="M89.981,22.441,67.05,68.843c-1.63,3.328-5.58,3.008-7.182-.581L51.8,50.168c-1.613-3.616-5.6-3.907-7.208-.526l-6.8,14.3C36.141,67.408,32.029,67,30.5,63.224L25.63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOkCnqEu92Fr1Mu51xIIzQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 21528, version 1.1
Category: downloaded
Size (bytes): 21528
Entropy (8bit): 7.973887568128485
Encrypted: false
SSDEEP: 384:uy/NCb8EbjU+Fos6gaUFZ3qR474EAqAG3w/Qpt/uxMsucMgwtDw031F:7/4zb7o6XqR4+3QptcuLg0w031F
MD5: 9680D5A0C32D2FD084E07BBC4C8B2923
SHA1: 8020B21E3DB55FF7A02100FAEBD92C2305E7156E
SHA-256: 2CFE69657C55133DAC6EA017B4452EFFF2131422ABD9E90500A072DF7CA5A9C8
SHA-512: E19A498866F69F3D8136A65A5AB4E92CC047170673ED00B506E325165A84216267B9FEF1E5CFD66458E85ED820C12E9C345CEC9BEE4DE48E1C2E2B1A784F179F
Malicious: false
Copyright null 2020 Page 16 of 54
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff
Preview:wOFF......T.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#gcmap...........L....cvt .......R...R..-.fpgm.......4....s...gasp...<............glyf...H..@...o..Na.hdmx..M....g........head..Mp...6...6...ehhea..M...."...$...{hmtx..M....k.....1<.loca..P8........6...maxp..R.... ... ....name..R4..........:.post..S........ .a.dprep..S$.......D..][email protected])..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19916, version 1.1
Category: downloaded
Size (bytes): 19916
Entropy (8bit): 7.96782347282656
Encrypted: false
SSDEEP: 384:JiNCb8EbT1rG/3rjJmQ8uLc5ZiRE5HWSiPTI45tKVr6+F7gLLdz:k4zbM3rjEQ8uQPiRERWSGIWtKVrWJ
MD5: A1471D1D6431C893582A5F6A250DB3F9
SHA1: FF5673D89E6C2893D24C87BC9786C632290E150E
SHA-256: 3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
SHA-512: 37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`t.#.cmap...........L....cvt .......X...X/...fpgm.......4......"[email protected]..:...j...w.hdmx..F....d........head..GD...6...6.Y.ihhea..G|.......$...vhmtx..G....k.....\].loca..J.........g.L.maxp..K.... ... ...\name..L........|..9.post..L........ .m.dprep..L........:z/[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19824, version 1.1
Category: downloaded
Size (bytes): 19824
Entropy (8bit): 7.970306766642997
Encrypted: false
SSDEEP: 384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
MD5: BAFB105BAEB22D965C70FE52BA6B49D9
SHA1: 934014CC9BBE5883542BE756B3146C05844B254F
SHA-256: 1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512: 85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`[email protected]..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ServiceLogin[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 1524235
Entropy (8bit): 5.820545205992213
Encrypted: false
SSDEEP: 12288:223RkYyvasjT9+LMNsCHrPyfj0b1F7jZ6WBOeVyT4uVk1Ld:r4vasjT9fbz+kbyTTVkv
MD5: 33B6683370615405F1FDDE91E62A6E9C
SHA1: 8770F3D11263267B035F85D8BA51CDF5AA8781B5
SHA-256: FAA190914C195A1BF3AB11CD9242373F187B5D9371EBA75EC8ECDD4EF31AAED1
SHA-512: 88BAA0E9544A232E4258FB3D102AB30924B3E932C4FBC5A9635EF20F555AF033924B25AF6FAC14D9C772F7AA9637AE465352A12981E5E33B67F9B9B9C9AA78C6
Malicious: false
Reputation: low
Copyright null 2020 Page 17 of 54
Preview:<!doctype html><html lang="en-GB" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="e5yBFzB+sF7yDu5flGvsvQ">window.WIZ_global_data = {"Mo6CHc":4676857043780890293,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUXb4ND9OjzhjUHjxDbJdOVKgUr71A:1607032884707\"]\n","Qzxixc":"S771853910:1607032884690823","thykhd":"AKH95ev6f_Tt6-6sgQDIcnFYPYLTGqveqqerEsSplGVDKn6Ss7uvZ1Kv57zsw0zOnAtu5PIvC2sxReZxpgSoN0QF04eM2ptULYjWADh35D01xNZNpggK83Q\u003d","w2btAe":"%[email protected],null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fsupport.google.com%2Faccounts%2Fanswer%2F98564%3Faneid%3D635484579725699029&rip=1&nojavascript=1"><style nonce="e5yBFzB+sF7yDu5flGvsvQ">body{opacity:0;}</style></noscript><title>Sign in . Googl
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ServiceLogin[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\analytics[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 47051
Entropy (8bit): 5.516264124030958
Encrypted: false
SSDEEP: 768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5: 53EE95B384D866E8692BB1AEF923B763
SHA1: A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256: E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512: C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious: false
Reputation: low
IE Cache URL: https://www.google-analytics.com/analytics.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var l=this||self,m=function(a,b){a=a.split(".");var c=l;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING||[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\b18d13e9ea8a362642b7d25bce665039[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 16764
Entropy (8bit): 5.015659059704473
Encrypted: false
SSDEEP: 96:+7oy39iUOhxSoUhWBIBGNdByrJZeGyHObsjXDRKRpQ7wvkoln1WIGeDNc6ei52Ki:6vQ6JZoRKRa05Z9GImZAJgwEWZBYF
MD5: B18D13E9EA8A362642B7D25BCE665039
SHA1: 928BE33E3ABE8071A068BE98084F406D5F4C07E2
SHA-256: 10F69DBA0842572682B65444464A1F8879BF29B201E730D5F824BB6636536555
SHA-512: 651CB5E1435A1E72392D425E73487413EF0A035574E84F738D775D29668CA7222AFA56C5AE77AB3A0AF15ECF94467C7070727EF10C0F38820545D5C81ABE2255
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/b18d13e9ea8a362642b7d25bce665039.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="180" y1="77.807" x2="144.01" y2="77.807" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.133" stop-color="#1967d2" stop-opacity="0.98"/>. <stop offset="0.271" stop-color="#1967d2" stop-opacity="0.921"/>. <stop offset="0.411" stop-color="#1967d2" stop-opacity="0.822"/>. <stop offset="0.553" stop-color="#1967d2" stop-opacity="0.683"/>. <stop offset="0.696" stop-color="#1967d2" stop-opacity="0.505"/>. <stop offset="0.84" stop-color="#1967d2" stop-opacity="0.287"/>. <stop offset="0.983" stop-color="#1967d2" stop-opacity="0.033"/>. <stop offset="1" stop-color="#1967d2" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="191.997" y1="77.804" x2="168.003" y2="77.804" gradientUnits="userSpac
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\c1b97d74dace7e43a9ccb26841a7cae4[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 6217
Entropy (8bit): 5.12197916092655
Encrypted: false
SSDEEP: 96:hmpCgaDaIvQiJgZMDRzvrphOqqzfHm0TCgGT908uB75T:xPuB75T
MD5: C1B97D74DACE7E43A9CCB26841A7CAE4
SHA1: 83F78C8D77BF9499B7E839345BB94C22A89616AF
SHA-256: D9DE9633583A448CAD1268D42FFDF48D0B3C60D2693600B843A7EBE43AD06908
SHA-512: B3986AF15A3FFB3AB35B8E3C120BC9BA8BECD5892CB7C1DE0BA5AD08A83499ACEC288B20708EE834EA43BFE446FD01ADA8CA55E0893EEBE766241913DB11A88B
Malicious: false
Copyright null 2020 Page 18 of 54
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/c1b97d74dace7e43a9ccb26841a7cae4.svg
Preview:<svg id="Content" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="41.178" y1="24.308" x2="41.368" y2="32.801" gradientUnits="userSpaceOnUse">. <stop offset="0.004" stop-color="#cdd0d5"/>. <stop offset="0.466" stop-color="#b1b6bd"/>. <stop offset="1" stop-color="#959ca5"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="29.696" y1="67.461" x2="68.387" y2="28.77" gradientUnits="userSpaceOnUse">. <stop offset="0.001" stop-color="#fff"/>. <stop offset="0.131" stop-color="#fff"/>. <stop offset="1" stop-color="#fff"/>. </linearGradient>. <clipPath id="clip-path">. <circle cx="27.84" cy="50.69" r="6.427" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient-3" x1="50.224" y1="35.554" x2="50.224" y2="31.004" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#cdd0d5"/>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\c1b97d74dace7e43a9ccb26841a7cae4[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 100406
Entropy (8bit): 5.525672610215441
Encrypted: false
SSDEEP: 1536:pIjKdByen4KOw9McPis5wfmYW23KeCTgXYH1mUQIaJmJdQQOJtTY2O2s+od3E0:pxByen4m23sg41mU1mm7POvY2O9d3E0
MD5: F703AA01FA1649D14950B7E4539DF1C2
SHA1: 78314DD487CF0AFD139D085B8873EBE12C3D6E3F
SHA-256: 090B52C2D41BE76825F837CF93B9CEA34F43A43D619B5B5EEBDAD5A0D9BA23CC
SHA-512: 8859F09D9059A36E6A90CA164F7FDD2BBABD7FA8FDABFF38C36F3156EE56C7BBE6627F1FAF9A7EADDE99916DF4220CCBCCB504412501D80FED67B752F5566B54
Malicious: false
Reputation: low
Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,na,ta,xa,Ba,Da,Ia,Ra;_.ea=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};xa=ta(this);Ba=function(a,b){if(b)a:{var c=xa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 211057
Entropy (8bit): 5.518231609941433
Encrypted: false
SSDEEP: 3072:peqgOg7uQlxKsLKKhgXmUGUc5Q732dPNrg7eXBJ5e8EBeokwPVoABNUp+:pezue+72ndq7WJ5e8qewPDBNUp+
MD5: 1AD398FC7AF49E0D86D536ED3C819557
SHA1: 1E1785F9623F21A48CB0D90FADC396074BDC8454
SHA-256: 01C34137C14B7A3C2894A05BC086E8CD11A634FE87FE426E98BCEFB73E8704AE
SHA-512: EA29FB004D089523A59BA55E848D84D6567283271CC661E1F7AB3528A0DD539D254336FFD2DFF8B37976A12FEF0ABF528DE4DD30B3F6DBDE3A1DAF32584A0D89
Malicious: false
Reputation: low
Preview:/* JS */ gapi.loaded_1(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var Ex=function(){};Ex.prototype.NF=null;Ex.prototype.getOptions=function(){var a;(a=this.NF)||(a={},_.Fx(this)&&(a[0]=!0,a[1]=!0),a=this.NF=a);return a};.var Hx;Hx=function(){};_.K(Hx,Ex);_.Fx=function(a){if(!a.JI&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.JI=d}catch(e){}}throw Error("ka");}return a.JI};_.Gx=new Hx;.._.Me=_.Me||{};.(function(){function a(c,d){return String.fromCharCode(d)}var b={0:!1,10:!0,13:!0,34:!0,39:!0,60:!0,62:!0,92:!0,8232:!0,8233:!0,65282:!0,65287:!0,65308:!0,65310:!0,65340:!0};_.Me.escape=function(c,d){if(c){if("string"===typeof c)return _.Me.escapeString(c);if("Array"===typeof c){var e=0;for(d=c.length;e<d;++e)c[e]=_.Me.escape(c[e])}else if("o
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 63719
Entropy (8bit): 5.5792036933703235
Encrypted: false
SSDEEP: 1536:pIjKdByen4KOw9McPis5wfmYWG7UIaJtTY2O26q02p:pxByen4mG7UIavY2Okp
MD5: A25830D61E3A5E9C0EE1247711B1A2A6
SHA1: CEB58B5369DBC7CE426C3856BBEC7E99332BE07C
SHA-256: 1320C729BB178D835E39CD1BF83F8C64EA0F8973BBCF69E27F9FAD8D7E2456F7
SHA-512: 9C2009AFA9F59F1077067CCD7D1FD4125DEF8DF44D4B0F4F42072CD9E7709F7622529326B234591A31CFCFA9253049AA136AAE942542BC311F744DB1ECD8DED7
Malicious: false
Copyright null 2020 Page 19 of 54
Reputation: low
IE Cache URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uhBKOtz6fOw.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw/cb=gapi.loaded_0
Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,na,ta,xa,Ba,Da,Ia,Ra;_.ea=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};xa=ta(this);Ba=function(a,b){if(b)a:{var c=xa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cb=gapi[3].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: dropped
Size (bytes): 613
Entropy (8bit): 5.157298093683682
Encrypted: false
SSDEEP: 12:UJO6940FD7O6ZRoT6pYwEmr37uqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:G9XD7OYs/UrR/iOYsNxDv/iOYN7Nxw
MD5: DC8AE9686BDE8C1517953AAF4C645E68
SHA1: A95E59D8DDFECBE128C05B8C30E14688F135CA03
SHA-256: AC7E61AF97048090E29FE6561A86B5FCD8F7BEF016C399D0C32683B02F059AD6
SHA-512: 5728E987376AE9209E44E677BACFE41F03FBC97B468D5BEE6F43D0CAE95B7F6AF7666DC05094B11C77F7BA72A2C963E4C4CB8C438F0B893B2D0A9C47DCB318D6
Malicious: false
Reputation: low
Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\d1b68e2cd423aba52d74f02573df2d2d[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 9849
Entropy (8bit): 4.969315565687199
Encrypted: false
SSDEEP: 96:+d0yV2aITB9sHTzAIyIdeoaqRF+6/wWN7c2RGd8V:CAWyoaqRF+6I8H
MD5: D1B68E2CD423ABA52D74F02573DF2D2D
SHA1: 9FAA2F472EEAA4B61BE00B1A0AE2E1DE3082E407
SHA-256: 2041BF4F141AC095ABE365C86BB814509EF11DC741BA3B7E70FE60766432110E
SHA-512: B1B798397D00943958E8E00CB73243CF40129921EFFF9DB852891B47711F0B32CB616EC1D24A8CCAFF939CED0F24399649FCF9C7614D8F880899C7152D9D525E
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/d1b68e2cd423aba52d74f02573df2d2d.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="338" y1="92" x2="354" y2="92" gradientTransform="translate(-238)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="1" stop-color="#1967d2" stop-opacity="0"/>. </linearGradient>. <clipPath id="clip-path">. <rect x="97" y="107" width="50" height="51" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient-2" x1="126" y1="147.5" x2="156" y2="147.5" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#188038"/>. <stop offset="1" stop-color="#188038" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="254" y1="165" x2="270" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opac
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e28714c71f217892f72b2698ea5cefef[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 4134
Entropy (8bit): 5.054285765130248
Encrypted: false
SSDEEP: 48:+GOHx16ZAvHxDg+eJ/eux4tBeLDNdBeLSlBeLLpZdrzTPr+UkVr3H2c:+r1XSDQBe7BeeBeBeUkl2c
MD5: E28714C71F217892F72B2698EA5CEFEF
SHA1: E4257063DB9DF43DCDE90920CC3F34978BAEA51D
SHA-256: 65845E7CECBF4E88691BFF290F72B427B70887E23879F523BBC5B2B032C7609F
SHA-512: C693B70D3EDCB32DAEA8BEC867BDF34AC2ED491F9CBC4A57A5433F462DC6EF2D0F01A0C17D7DFD457064D13D45207659ABF116B09191DFDDF38E706FC72A59BD
Malicious: false
Copyright null 2020 Page 20 of 54
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/e28714c71f217892f72b2698ea5cefef.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="48" y1="71" x2="48" y2="25" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#5f6368"/>. <stop offset="0.232" stop-color="#5f6368" stop-opacity="0.699"/>. <stop offset="0.568" stop-color="#5f6368" stop-opacity="0.32"/>. <stop offset="0.836" stop-color="#5f6368" stop-opacity="0.086"/>. <stop offset="1" stop-color="#5f6368" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="76" y1="48" x2="86" y2="48" gradientTransform="translate(129 -33) rotate(90)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#f29900"/>. <stop offset="1" stop-color="#f29900" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="76" y1="15" x2="86" y2="15" gradientTransform="matrix(1, 0, 0, 1, 0, 0)" xlink:hr
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e28714c71f217892f72b2698ea5cefef[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e79ea0ed464fc8952d5b5582f9f9ae53[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 13232
Entropy (8bit): 5.004489515608496
Encrypted: false
SSDEEP: 96:+9luEGZ2aRcZGDTBmQLBnEGRDzQeqzNOo4HFvdRX1ju6RGumD6k9i4AIkwNgFFro:HBBJQeq07fXDIumDf9lAuNgFFrpi
MD5: E79EA0ED464FC8952D5B5582F9F9AE53
SHA1: 7C64CD9D283C3E87EC34160A70688A52D6144766
SHA-256: FC432273DBD2B5233238B2BCA3E167CE7DD6BCB5318B3D06DC664ED15F309637
SHA-512: 3A5DE44AF0E40C6E226E4AACCE0BB7C9F78FE4DFB301B0FAB28586D7112456CC812F399DE163285CB6B79E1316DC87BF04ADA33A20AF9825417E33C122063A0A
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/e79ea0ed464fc8952d5b5582f9f9ae53.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="-56.701" y1="323.063" x2="3.299" y2="323.063" gradientTransform="matrix(0, 1, -1, 0, 614.584, 137.96)" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#202124" stop-opacity="0"/>. <stop offset="0.023" stop-color="#202124" stop-opacity="0.079"/>. <stop offset="0.257" stop-color="#202124" stop-opacity="0.751"/>. <stop offset="0.4" stop-color="#202124"/>. <stop offset="0.615" stop-color="#202124" stop-opacity="0.751"/>. <stop offset="0.965" stop-color="#202124" stop-opacity="0.079"/>. <stop offset="1" stop-color="#202124" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="273.911" y1="117.637" x2="297.393" y2="102.387" gradientTransform="translate(333.87 -192.271) rotate(78)" gradientUnits="userSpaceOnUse">. <stop off
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category: downloaded
Size (bytes): 5430
Entropy (8bit): 3.6534652184263736
Encrypted: false
SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5: F3418A443E7D841097C714D69EC4BCB8
SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious: false
Reputation: low
IE Cache URL: https://support.google.com/favicon.ico
Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category: downloaded
Size (bytes): 5430
Entropy (8bit): 3.6534652184263736
Encrypted: false
SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5: F3418A443E7D841097C714D69EC4BCB8
SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
Copyright null 2020 Page 21 of 54
SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/policies/favicon.ico
Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[2].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=NpD4ec,SF3gsd,YLQSd,lCVo3d,o02Jie,rHjpXd,pB6Zqd,QLpTOd,oWOlDb,n73qwf,MpJwZc,bIf8i,omf1Od,zbML3c,zy0vNb,K0PMbc,otPmVb,rlNAl[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 2736
Entropy (8bit): 5.324592035584431
Encrypted: false
SSDEEP: 48:x7uwFt1AfyLaFDsq3jfDKTbjhhUTSLllFQKb2I9X0ALMkTkuS0b:xiM3hhU25QK39XFLMkTkr0b
MD5: 16B2CDC55BE3F9E0EADA57B57473A1AA
SHA1: 6842EA5D5DBB269F625DF6378EE1494884E76C25
SHA-256: AED0FFF6E642D086EA53ED6FE3F18D42535A9079FC983D4A4E0E071C25BFA405
SHA-512: 6E55DE339D9637C49BDB847A8477D981F47DC9830F7883998A11AFFB6ED860115ED17D2622CC5610711CC427FF472DE56F295C10502C73B1AB646EE6399F5817
Malicious: false
Reputation: low
Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("NpD4ec");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("SF3gsd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("YLQSd");._.su(_.sy);.._.m();..}catch(e){_._DumpException(e)}.try{._.k("lCVo3d");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("o02Jie");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("rHjpXd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("pB6Zqd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("QLpTOd");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("oWOlDb");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("n73qwf");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("MpJwZc");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("bIf8i");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("omf1Od");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("zbML3c");.................._.m();..}catch(e){_._DumpException(e)}.try{._.k("zy0vNb");.._.m();..}catch(e){_._DumpException(e)}.try{._.k("K0PMbc");.._.m
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=_b,_tp[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 148888
Entropy (8bit): 5.465964474496821
Encrypted: false
SSDEEP: 3072:l1BJIWAALPfzs5w+QPrjmNzZmiWIlMR9Zax:LBBfQ5wNjmmiWuF
MD5: 47D6364CEC58546E9F13B41515492999
SHA1: B61BDAEEB39B36F3D0540730EC79F431C7B92883
SHA-256: F1741C9A5E12A465520F48C8CD1ED05EB96079DD7CDB9A3B7E51777B3E858D24
SHA-512: 1A79BD69A293B03C9FABB5FD45FA815A100D288CAA274E212EC30C6481A0F1A3A0BBA136F84A6BE477C02AC784A46071F69B30A03662A42EA8FFD113CE3D3EBF
Malicious: false
Reputation: low
Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{.var za,Ja,La,Oa,Pa,Sa,Ua,Za,ab,ib,mb,pb,Ob,zb,Sb,aa,Tb,Ub,Vb,Xb,Yb,ac,bc;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){return aa[a]=b};_.da=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.da);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a));this.g=!0};_.ea=function(a){return a[a.length-1]};_.fa=function(a,b,c){for(var d="string"===typeof a?a.split(""):a,e=a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};._.ia=function(a,b,c){b=_.ha(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};_.ha=function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ka=function(a,b){return 0<=(0,_.ja)(a,b)};_.la=function(a){if(!Array.isArray(a))for(var b=a.length-1;0<=b;b--)delete a[b];a.length=0};_.ma=function(a,b){_.ka(a,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=byfTOb,lsjVmc,LEikZe[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 35768
Entropy (8bit): 5.476673262581025
Encrypted: false
SSDEEP: 768:4S8RAJHIJ0FYxye7+PI7goFKukd6TUTrVgFovJNSX6Ps2AhI/B37n:4CJ9wgoFbkEY9Jv5b/BLn
MD5: CAF070856F2919C5462E8AAB9267C9D6
SHA1: 421887707998ECF12016546CB7EBB6BD7C53BCC2
SHA-256: B9146CDEF22A0752186F58CD0A7BE27F36D9FE581160B0D6B3E507ED53BF1023
SHA-512: F5E275DA55727C69EBE1C16351C2FBE91F7405DBCE5074E38EAC55D907E28E676E5DDAF9752690A626B60D96450F962062B8954EA2962CF0F1090227AC46391A
Copyright null 2020 Page 22 of 54
Malicious: false
Reputation: low
Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{._.m("sy2o");.._.n();.._.jx=function(a,b){a.sort(b||_.Ba)};_.kx=function(a,b){return(b||document).getElementsByTagName(String(a))};_.m("syx");./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var rx,tx,Zca,ux,Vca,Uca,Yca,Wca;_.lx=function(a,b){this.j=this.ya=this.o="";this.S=null;this.s=this.i="";this.u=!1;var c;a instanceof _.lx?(this.u=void 0!==b?b:a.u,_.mx(this,a.o),this.ya=a.ya,this.j=a.j,_.nx(this,a.S),this.i=a.i,_.ox(this,px(a.g)),_.qx(this,a.s)):a&&(c=String(a).match(_.Jm))?(this.u=!!b,_.mx(this,c[1]||"",!0),this.ya=rx(c[2]||""),this.j=rx(c[3]||"",!0),_.nx(this,c[4]),this.i=rx(c[5]||"",!0),_.ox(this,c[6]||"",!0),_.qx(this,c[7]||"",!0)):(this.u=!!b,this.g=new _.sx(null,this.u))};._.lx.prototype.toString=function(){var a=[],b=this.o;b&&a.push(tx(b,ux,!0),":");var c=this.j;if(c||"file"==b)a.push("//"),(b=this.ya)&&a.push(tx(b,ux,!0),"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\m=byfTOb,lsjVmc,LEikZe[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\operatordeferred_bin_base__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 379746
Entropy (8bit): 5.198591864608641
Encrypted: false
SSDEEP: 3072:EW33VDASR+wDi4ZaEGzpbTwul1sXs3SskDPlrysSJQrTAbu9tDu2I2mW4vT7VO2l:R3atOJrysSJQ/Abu7u2I2d6r
MD5: 66178685A67BC68D84E3AF8B9724BB74
SHA1: A120EE28FAA47994F5D8597C99998B4EFFFE0BDC
SHA-256: D5695FE25A447FBD946750A8C0B7638BF412068BB4D452C713BC56BF14C50472
SHA-512: 14FF84DFB395B1BE30951BE44BA7213581FEF004EFAFEDD6F3DD85DCDAC47D91E7C421AC600E7C934681EEDF9DFD0CD43C13056A6C38859DDCA61E686B18AABF
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/support/realtime/operator/1606899676466/operatordeferred_bin_base__en.js
Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var rtsinternal_,rtsinternal_aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},rtsinternal_ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},rtsinternal_ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&.c.Math==Math)return c}throw Error("Cannot find global object");},rtsinternal_da=rtsinternal_ca(this),rtsinternal_a=function(a,b){if(b)a:{var c=rtsinternal_da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&rtsinternal_ba(c,a,{configurable:!0,writable:!0,value:b})}};.rtsinternal_a("Symbol",function(a){if(a)return a;var b=function
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\player_api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 810
Entropy (8bit): 5.294743120587862
Encrypted: false
SSDEEP: 24:E1P5OYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1BlPcSAXC5kaJLzwYhQ
MD5: 2368CA0820DAB1350C1B068A1AC12AD9
SHA1: 2F5F6583708AF8402560AA0AE0188C5FBAE9CCF3
SHA-256: 48256943247CCF16AB69F7ED335EA1DA52C209A3571C4E20B86B676308A70AA4
SHA-512: EBC3130A23C1D0AECA41237BAF93D18E5F4474F3AA7472F1D62759DF2AB6EE5CA80A5FB01885BDC46D93F93FFE6848D0CF40C9B797CD25417ABB67FE7725B00E
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/player_api
Preview:var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/408be03a\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce||c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)})()};.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 286943
Entropy (8bit): 5.596807888691317
Encrypted: false
SSDEEP: 1536:1mA3R/nonHAyWHNSBaddT0fWSY4wqnWe9MDX5nlX4BndZNbVDEBNYXfHjcGbkXRR:OgxcfOU0lX4BdZPzsfJcViS2gyT91Oc
MD5: ED6F0A80D776EBCE6AE56ECE0E006CC9
SHA1: 20CDCF242B05B5B79FE59CAB784C6A77CD0AD05B
SHA-256: 2CB08C691CEF7178E73D5A594DF2B468856E6DBB2EDD8E0A5452CAA7CF711093
SHA-512: ECDB914243C1BCA4DB7A7B8222201819477726E88699E3AF091BB8AA3FFBC1BDFC669F9D122A476F19C54315AB9052390455D3D88F7758FC524258267F922158
Malicious: false
Copyright null 2020 Page 23 of 54
Reputation: low
Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://policies.google.com/"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, maximum-scale=5, width=device-width"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-title" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="manifest" crossorigin="use-credentials" href="_/IdentityPoliciesUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//ssl
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacy[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rs=AA2YrTuWr-THoJhZf_G0GDWJEiz9fL6BmQ[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 116353
Entropy (8bit): 5.546439869725101
Encrypted: false
SSDEEP: 1536:tVCQDEcmwcgwL1Jvb7fcW2C4U7euQYhLHevyvBvNS0Hll+n:JoykvIlUhLLHzBvNS03c
MD5: A1616E21A3FABA4DE15B1EBC6DAAD91A
SHA1: 742CECEE27522BD52772AD6FDBF361AD7FA338E7
SHA-256: A94AA664F7C08A086579458FE69CB2EA7ADF8609B685F4376D52CC12C79DA70C
SHA-512: 587A792F5D8CFA6DCED778FE6A0C4B134CA6A5D24C76B3AEC8D456257F0D4CB458F29C5821AB8E31F1B0395B12B59EE4E76F6B9318FACCEAC1EDC7EB699D12D8
Malicious: false
Reputation: low
Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Oj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Pj=function(){};_.Pj.prototype.o=null;.var Rj;Rj=function(){};_.v(Rj,_.Pj);Rj.prototype.j=function(){var a=Sj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Rj.prototype.B=function(){var a={};Sj(this)&&(a[0]=!0,a[1]=!0);return a};var Sj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("U");}return a.A};._.Qj=new Rj;..}catch(e){_._DumpException(e)}.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Tj=function(a,b,c){a.j||(a.j={});if(!a.j[c]){for(var d=_.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\so[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 46821
Entropy (8bit): 5.725682007058534
Encrypted: false
SSDEEP: 768:R5/d9SvRuT2RM0MmSfnoV33D7SaQPFJ/N48j/OkC:5MMTnoFT7SR13rOkC
MD5: F5EFC5C1EDB0D769159EF758ACB96867
SHA1: 323EE648A7162678DAA3DE019C15C1A8B64A00BA
SHA-256: B159D09C5A5EECBB07CF6DDD21FF7AF9F6DE53FECA28A41DA2AA87F051B9D3C3
SHA-512: FA66D9DB1DCB22C778C418386641B35FD738995F356E32F077A007C1248B25180D0D4F4ADA54056BD52EA0B65432D4F55C8CFFC72510000CF4FB0A06BBD4475B
Malicious: false
Reputation: low
IE Cache URL: https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fpolicies.google.com&cn=app&pid=269&spid=545&hl=en-GB
Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="mD2Ed/ctvVTWmcMxxBkA6g">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"5681835235032460106","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%[email protected],173289287,1343140526]\n","ZwjLXe":545,"cfb2h":"boq_onegooglehttpserver_20201129.07_p2","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://policies.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"One
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tos_main_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 10539
Entropy (8bit): 5.17242962527228
Encrypted: false
SSDEEP: 192:M5S4NktFWoBlVtlLT1BtiSV63ubkT+kep5kvxLDPa/7CPLN2B:M51N2FWoBlVtl31BtiW63ub69s5kvxLE
MD5: 828E5AA8F68BC08101BBDB02CFFDC7A0
SHA1: 2D14F36ED408D450911D8D32009597FD0FED2206
SHA-256: 54091F2DE9DF003DC1651B4F43F3D41D6AEBB20EA1669C8CD4B01BB3ED80E582
SHA-512: D21D4B0D9DDE8E1D396F8B4F36598D9CC3AFF2906CA1E788EDD4E8F0C9ABFBAA4085CBD775CD30E48ABCDDC25258D803F144B5F0C39961C1E3922464E6C41101
Copyright null 2020 Page 24 of 54
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/tos_main_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:url(#linear-gradient-2);}.cls-4{fill:url(#linear-gradient-3);}.cls-5{fill:#e8eaed;}.cls-6{fill:#bdc1c6;}.cls-7{opacity:0.2;fill:url(#linear-gradient-4);}.cls-8{fill:url(#linear-gradient-5);}.cls-9{fill:url(#linear-gradient-6);}.cls-10{fill:url(#linear-gradient-7);}.cls-11{fill:#34a853;}.cls-12,.cls-17,.cls-18,.cls-19,.cls-20,.cls-21,.cls-24,.cls-26,.cls-27,.cls-28,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{fill:none;}.cls-12,.cls-19,.cls-35{stroke:#fff;}.cls-12,.cls-17,.cls-18,.cls-19,.cls-21,.cls-24,.cls-26,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{stroke-miterlimit:10;}.cls-13,.cls-34{fill:#4285f4;}.cls-14{fill:#174ea6;}.cls-15{fill:#fff;}.cls-16{fill:#5f6368;}.cls-17,.cls-18{stroke:#dadce0;}.cls-18,.cls-19,.cls-20,.cls-26,.cls-27,.cls-28,.cls-29,.cls-30,.cls-31,.cls-32,.cls-35{stroke-linecap:round;}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tos_main_illustration[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\unnamed[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 1393
Entropy (8bit): 7.741695342683955
Encrypted: false
SSDEEP: 24:D/6Bm17qS9DbPDQ45Gkds4VbbBYdVATpFxb+hs3xl0Sau164l2kFSWZR2vtUx2lH:D/6BmIG7hdbYdVules3xla+64l9wxVUo
MD5: 0EAA75E84E3B5D76E26B5BDEF873465E
SHA1: 79DAEA62FA0952E79644B23305210D61B6CBB631
SHA-256: D375701BEED766135440CC65BD4CEDE9CC455C0116A362E124C3C2158EDCEFF4
SHA-512: EE117EEF8002ABEF55C7521FDF265C597226994BDD4EDDF9965E22E1FBA4D8526544A6427F847C2BEA3B586B3E4C06BEB6584D1CCEF5A06AD4739CAF837DB7EB
Malicious: false
Reputation: low
IE Cache URL: https://lh3.googleusercontent.com/o9U8AvPuX9gkIYtYfNmH-_wBdTfOJ7jb0VwbLWWbERzml7oTPngODhKv2Br7A64=w64
Preview:.PNG........IHDR...@[email protected] ImageReadyq.e<....IDATx..[;l.A..;1!@.@......@" ....44|KD.......E..(A"....ih [email protected]..)............>{w{...H..n.;;og.vfw..T.YM....^.m`...b.0.....V..^\....`Jo..B.-..}....F...)..wq..<6........5.L.a.a.q.}.."...J...g..*..FZ.....4m.4.*.n..i.g.8............3...w./:..Be....r.T%.0......g5..v.:..X.r.V..?...c_3.J...u ........da....).c.3p(...T.l.E..3....Q.9.R7{...'...MTQ. [email protected]:up....j...w#?...|.n.}E.........Q:.Q.._..n....W.Q...x.:.X...aU.....o;../4MS..P...Z....%...a.V...S...x...B..FfL{g....%'^......kd.C.U..7.;.....@{.|.+K.o.0+;.........\%..,qA...(...@......."Gdd..^..C..c.w..S[.P....`......B^....~.c.'t...4 ...P..I$.....,.-.....Z.^..\M.....d.`...TV.LC.....`..H.....KYYB..,......o.../.|v...d.Y......H.....q..Bq/. 09...7.@....."."n.".d..:'..r...x..F.O......m.i....}.....SS.'g7...|1..d.dA........:T._..>.t....M...A..$....vN[.#..|..7...,.J.."w...D.v4..F2..?}[email protected]>w+...h.m..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\your_relationship_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 12542
Entropy (8bit): 5.166391118628051
Encrypted: false
SSDEEP: 384:fCTzZ3TpxIgLqTbz0pDlh5t97JIvfG/V+Lk/B5dAg1hoA:fCQzy
MD5: 667D93D9651F9419CF89361977A37D84
SHA1: 9670E1BDBB50F071AF5B565FDA5CE53EE01B1941
SHA-256: 84D0495F9F20BE09F1AA5265D10B910CD967D040EE1B5022E56EF1FE93F1DA22
SHA-512: 2E5181309FA95062157E25489FD1F5945FB16DD1CC171B3AE9D6B10FC6A849427C0496549A174870A050B16C5F4627EA0A41E2626D57B471131005CBF1D41077
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/your_relationship_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 328.36 180"><defs><style>.cls-1{isolation:isolate;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:#bdc1c6;}.cls-4{fill:#dadce0;}.cls-5{fill:#f8f9fa;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-31,.cls-33,.cls-34,.cls-35,.cls-36,.cls-43,.cls-6,.cls-8{fill:none;}.cls-6{stroke:#dadce0;}.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-6{stroke-miterlimit:10;}.cls-21,.cls-29,.cls-31,.cls-34,.cls-35,.cls-6,.cls-8{stroke-width:2px;}.cls-7{fill:#ea4335;}.cls-11,.cls-12,.cls-36,.cls-8{stroke:#fff;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-23,.cls-24,.cls-25,.cls-26,.cls-29,.cls-31,.cls-34,.cls-35,.cls-36,.cls-8{stroke-linecap:round;}.cls-11,.cls-12,.cls-21,.cls-22,.cls-31,.cls-33,.cls-34,.cls-35,.cls-36,.cls-8{stroke-linejoin:round;}.cls-10,.cls-40,.cls-42,.cls-9{mix-blend-mode:multiply;}.cls-10{opacity:0.5;fill:url(#linear-gradient-2);}.cls-12{stroke-width:1.5px;}.cls-13{fill
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4165cd3aa643abb80fe1953668f67551[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 21529
Entropy (8bit): 5.054443624807617
Encrypted: false
SSDEEP: 192:X60/6I3ppwx5qaqdT0TM2uTQOi4Rsd22Z1CrTqtqj3UGs8GsCv31Y9YUxzfmUY:/3ppwx5ncTBRsd22Z1CrT8u3M3unY
MD5: 4165CD3AA643ABB80FE1953668F67551
SHA1: 5CB99354ADCF5162232CF6947AEA1423426CF12F
SHA-256: F3FF1A6BB6153FA3F31FC17B1A8E57F835BB0DA7A9EB6430CFF660A02DEE7E54
SHA-512: 070292AB655F2879879DF09306E5F57BFFCD075B7CBEA27156DD19D981B6E40F441C5DE05EF40DB0AFDB1D6294B4E02A0C304E5E67C4EC4F9011483C0FF7BD8A
Copyright null 2020 Page 25 of 54
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/4165cd3aa643abb80fe1953668f67551.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="240" y1="94" x2="316" y2="94" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="272" y1="68" x2="272" y2="72" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6"/>. <stop offset="1" stop-color="#bdc1c6" st
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4165cd3aa643abb80fe1953668f67551[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 26180, version 1.1
Category: downloaded
Size (bytes): 26180
Entropy (8bit): 7.9847487601205405
Encrypted: false
SSDEEP: 768:axmLo3N7711ZHlB8N6yt/DvXjXjmDNzv6:bLodN78Ii7jKJv6
MD5: 4F2E00FBE567FA5C5BE4AB02089AE5F7
SHA1: 5EB9054972461D93427ECAB39FA13AE59A2A19D5
SHA-256: 1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
SHA-512: 775404B50D295DBD9ABC85EDBD43AED4057EF3CF6DFCCA50734B8C4FA2FD05B85CF9E5D6DEB01D0D1F4F1053D80D4200CBCB8247C8B24ACD60DEBF3D739A4CF0
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:wOFF......fD................................GDEF.......\.......QGPOS.......#..+...QGSUB.......y......m.OS/2...|...U...`h...cmap...........~n...cvt .......y........fpgm...........uo..gasp................glyf......=...m...5head..Z....6...6..'.hhea..Z.... ...$.0.5hmtx..[...........).loca..]....y.....K.6maxp..`H... ... .=..name..`h.......r.i6Ppost..a..........i]\prep..d....p..... ..x.U....Q.F..=#.0ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z..+..=Z...~.................0.8....r.|...=s&oG....q.Fg...Y...:Wc..>..p..p....)......{.aX..}.?.k... .......N.=.c.Do.....~2.=.i$....0..>..!.'v.....q....>>.....o....30..0.w..|hR&mrf....,.Y..........%<..0.#.~...._a.c......K.z...H1..u.2.Y_..0.9..`.,.:.=(.N~..*.a.<.D=....*.V....\..>./.B.`iE..A9.S.|?.g).Rj..8Q...h.y.G.^.kx.o.....(...#....9...,4I8...7..o.I|@x..1.>'...H.m..$.yp..f..%..F$0.0.I.1...WR...E..8?a..|"................A.(...ZJ.q.K|...S.1..ht.ck....e...T.Zs,W..0..%.i.R...Ku.K.y.....j.RD..~..dpsh.fc.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\51cd09d6239edc9652bc05ad1d149a5c[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 13177
Entropy (8bit): 4.927867691017123
Encrypted: false
SSDEEP: 96:+RHGRrrsHa2aDBUKdU1Q7dXphVsVjVArUaNqvqurfGFDJDfQaUZuZyWF2gSM4wEz:4G6HiNq14FvrUaNqvqiGJJjJUE8wnI
MD5: 51CD09D6239EDC9652BC05AD1D149A5C
SHA1: 6C88C92D1C01A8ADDDA86322DEB1487CDA763C8E
SHA-256: 96B628232FE1459C56ADFC5E7877CE0AEC28E17D3B137408B7A2EC278181BDDF
SHA-512: DA5F756FBFBA4EE0540B651D2DA1A5664A2689E55EC3F7124F284C3B2EC7288E447D7CEB5A54CC372E7E782D8DA0DBCB320E68F71D1A3E675F4085BB88BFB812
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/51cd09d6239edc9652bc05ad1d149a5c.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="293.155" y1="108.155" x2="321.845" y2="79.466" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6"/>. <stop offset="1" stop-color="#bdc1c6" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="46" y1="93" x2="74" y2="93" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <sto
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\546f2b674b407304a2570e71a216e509[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 20864
Entropy (8bit): 4.925372381610842
Encrypted: false
SSDEEP: 192:7HksMYZuvecIQW8rzTLbzDAEIHN8Ssvopa:7HU12wvopa
MD5: 546F2B674B407304A2570E71A216E509
SHA1: 0ADEC43FBC9DFC2AB1587FD3F6A673FE227B625B
SHA-256: 9D42DE0208263D6D6E7F1A627677B426CCB3E492334293B794CC141F9FA0FB3B
Copyright null 2020 Page 26 of 54
SHA-512: D8CDC2C086A94E00D2D14CED3D87CB17235AC9F541CD2C6A28F438FA8CDFD064D832B53E40D58CAD4C4D5044FDDCF777DF2BBC2C2902874C1B23EF3096FE2C05
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/546f2b674b407304a2570e71a216e509.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="13" y1="105" x2="49" y2="105" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <stop offset="1" stop-color="#bdc1c6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="39" y1="166" x2="75" y2="166" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\546f2b674b407304a2570e71a216e509[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\6RYML-AXwgKXIEhuMiV2AYgQkEUD0Ei6B6ms7b7P0Jk[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 22030
Entropy (8bit): 5.607219130091125
Encrypted: false
SSDEEP: 384:Fxj+RhI3EKo9yStGTtfdv4hnitKGMyInoFK8rPoM:FR+RC3EKokSwui+kFl
MD5: 0E32A494C72100AFA8320DCF728DDE81
SHA1: F59CA0C93AA27387A59CBC8905A89F12F670E7FD
SHA-256: E9160C2FE017C2029720486E322576018810904503D048BA07A9ACEDBECFD099
SHA-512: B3E406AF3FCD50BB9501D2F993886E9D08F55BEE3F5BE778E5AE68B6B65052072158ED11BC98E1707256A88DB868FB48D35238DEA5A15C9C7D40BF37792F58CA
Malicious: false
Reputation: low
IE Cache URL: https://www.google.com/js/bg/6RYML-AXwgKXIEhuMiV2AYgQkEUD0Ei6B6ms7b7P0Jk.js
Preview:(function(){var Q=this||self,r=function(T,W){if(W=(T=null,Q).trustedTypes,!W||!W.createPolicy)return T;try{T=W.createPolicy("bg",{createHTML:K,createScript:K,createScriptURL:K})}catch(O){Q.console&&Q.console.error(O.message)}return T},K=function(T){return T};(0,eval)(function(T){return(T=r())&&1===eval(T.createScript("1"))?function(W){return T.createScript(W)}:function(W){return""+W}}()(Array(7824*Math.random()|0).join("\n")+'(function(){var T0=function(T){return T},t=this||self,q={},U,Wv=function(T,W,K,O,m){for(K=(O=[],0),W=0;K<T.length;K++)m=T.charCodeAt(K),128>m?O[W++]=m:(2048>m?O[W++]=m>>6|192:(55296==(m&64512)&&K+1<T.length&&56320==(T.charCodeAt(K+1)&64512)?(m=65536+((m&1023)<<10)+(T.charCodeAt(++K)&1023),O[W++]=m>>18|240,O[W++]=m>>12&63|128):O[W++]=m>>12|224,O[W++]=m>>6&63|128),O[W++]=m&63|128);return O},f={},QG=function(T,W){return T<W?-1:T>W?1:0},iy,Kh=function(T){return/^[\\s\\xa0]*([\\s\\S]*?)[\\s\\xa0]*$/.exec(T)[1]},OZ=function(T,W){function K(){}T.Xg=((T.prototype=((K.prot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\891994193-postmessagerelay[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 9830
Entropy (8bit): 5.577356955265671
Encrypted: false
SSDEEP: 192:GNC1QwruoQ7zBzvvWLBiv/SKFIJtjmetyN3kKoo5uBfhIzHuvwot:GNnwruoQ7zBkESUIJ3cVoKmqO4ot
MD5: 4BB2402C1DA73394F2E66D4441A175E2
SHA1: 64EAE6D6CFF2DABE0FC013E56FCAD22BE25647BC
SHA-256: 0DB831F1A9ACBA0CE828CCEBB768C0B4EEABB1BF26187B6810529D95A904BEAF
SHA-512: CE9F04C7C356F6F4FD3DDD037C83F43A8493797BAFDCAA101AD6F63A2F471C11F4D35115EC9D63BDA1E7131A9C26E50B4AACED8FB9210347894985A0C19823E3
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js
Preview:/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self,w=function(a,b){a=a.split(".");var c=m;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b},x=function(a,b){function c(){}c.prototype=b.prototype;a.o=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.m=function(d,e,h){for(var l=Array(arguments.length-2),n=2;n<arguments.length;n++)l[n-2]=arguments[n];return b.prototype[e].apply(d,l)}};function y(a){if(Error.captureStackTrace)Error.captureStackTrace(this,y);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}x(y,Error);y.prototype.name="CustomError";var z=function(a,b){a=a.split("%s");for(var c="",d=a.length-1,e=0;e<d;e++)c+=a[e]+(e<b.length?b[e]:"%s");y.call(this,c+a[d])};x(z,y);z.prototype.name="AssertionError";var B=function(a,b,c){if(!a){var d="Assertion failed";if(b){d+=": "+b;var
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\900a793eae04f4bddd675f8d95c4a794[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 4391
Entropy (8bit): 5.07432704633403
Encrypted: false
SSDEEP: 48:+GO/YWHx4GLZ/W12HxDWj6V7QlWHxjUW+ev/3jZVV8gFOiawwEMqjJ79oqFCB2IK:+Hp2ShN4Q3ji9w8qj1C/JBWgWV
MD5: 900A793EAE04F4BDDD675F8D95C4A794
Copyright null 2020 Page 27 of 54
SHA1: D79FE87CC4B220245AB72251DCF3AE4C71108544
SHA-256: 166EAB00B3516B5AEB1BB114FA70D57E0F4E021D4C06735C6969B08C5B7E1FDB
SHA-512: E18FC18597424E69987E13E8F4E6E174A56B46C2D1616E203AC9C02EFBEFB47CCABB39ED999B0DF1784CEFC0D7444C19E2DDACA30022F45864554F999587DE13
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/900a793eae04f4bddd675f8d95c4a794.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <clipPath id="clip-path">. <path d="M48,7A41,41,0,1,0,89,48,40.989,40.989,0,0,0,48,7Z" fill="none"/>. </clipPath>. <linearGradient id="linear-gradient" x1="12" y1="68" x2="24" y2="68" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="46" y1="71" x2="46" y2="25" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#f29900"/>. <stop offset="0.138" stop-color="#f29900" stop-opacity="0.81
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\900a793eae04f4bddd675f8d95c4a794[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\CheckConnection[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: dropped
Size (bytes): 31708
Entropy (8bit): 5.429882032069438
Encrypted: false
SSDEEP: 384:ArBSqwWVuEw1MoJbhS+Teq8wk+j1rRoitp582xn1ZFK3MkyYXG50UYHOktoK1Q:AtWn1hJbhVuwkW1rRoh2xnh8VUmOkZQ
MD5: 4E7D0994C72AD6B1EFE0ECECB6405AC8
SHA1: 56ED6BC2238A9D2044ADCF7E69F3D62671793811
SHA-256: 6F1E6853448A8C4CCAF326D95D6C28C1CD56E88F29090406AA44BABAE57562E1
SHA-512: E541332F97C9A76055D62B69EC701EAF5032E7CC2800A316F612FB4E07953E60EC5A577B9F194648CD6E7A41B0412BE53FBF86005ED3994C1E229E42D445ABA5
Malicious: false
Reputation: low
Preview:<html><head><script nonce="p0CT+PtxKwVuGv8lQnvi2A">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,k);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))},aa=function(a,b){a:{for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"===typeof a?a.charAt(b):a[b]},ca=function(a,b){b=ba(a,b);var c;(c=0<=b)&&Array.prototype.splice.call(a,b,1);return c},da=function(a){l(a)},ha=function(){var a={};a.location=document.location.toString();.if(ea())try{a["top.location"]=top.location.toString()}catch(c){a["top.location"]="[external]"}else a["top.location"]="[external]";for(var b in fa)try{a[b]=fa[b].call()}catch(c){a[b]="[error] "+
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19888, version 1.1
Category: downloaded
Size (bytes): 19888
Entropy (8bit): 7.96899630573477
Encrypted: false
SSDEEP: 384:0c6bX9TSzYzCrQH+qXM6C0ouF0xcYye+5x/U3S0X5v+obEgm:0cCV8GuPVyzx/MS0X5v+oI/
MD5: CF6613D1ADF490972C557A8E318E0868
SHA1: B2198C3FC1C72646D372F63E135E70BA2C9FED8E
SHA-256: 468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
SHA-512: 1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:wOFF......M.................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......P...`u.#.cmap...0.......L....cvt .......H...H+~..fpgm...(...3...._...gasp...\............glyf...h..:q..i..+ Ohdmx..F....f........head..GD...6...6...\hhea..G|.......$.&..hmtx..G....d.....E#loca..J.........\[email protected].... ... ....name..K........~..9.post..L........ .m.dprep..L........)*[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[2].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20356, version 1.1
Category: downloaded
Size (bytes): 20356
Entropy (8bit): 7.972919215442608
Encrypted: false
SSDEEP: 384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
MD5: ADCDE98F1D584DE52060AD7B16373DA3
SHA1: 0A9B76D81989A7A45336EBD7B48ED25803F344B9
Copyright null 2020 Page 28 of 54
SHA-256: 806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
SHA-512: 7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)*[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOlCnqEu92Fr1MmWUlfBBc-[2].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20268, version 1.1
Category: downloaded
Size (bytes): 20268
Entropy (8bit): 7.970212610239314
Encrypted: false
SSDEEP: 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
MD5: 60FA3C0614B8FB2F394FA29944C21540
SHA1: 42C8AE79841C592A26633F10EE9A26C75BCF9273
SHA-256: C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
SHA-512: C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|[email protected]..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>[email protected]../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\a8e78fa7fa279aa946fe1a9d6a0508f2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 20225
Entropy (8bit): 5.08641328988594
Encrypted: false
SSDEEP: 192:Uzm9EDtDWs9GYb2o0qRn1ZIxdf8x2I+NJCVMZSh8iV11MS9xEWEbXZQOaLvED5:c9p2o0qn1ZIxdEx2zGvm8pLvEN
MD5: A8E78FA7FA279AA946FE1A9D6A0508F2
SHA1: F9F8EB782246A6C7BC79B043B66C1F3B3BF4B42B
SHA-256: 2196B3304BAA87751FD4EF3F62B307566487CD03199284BAA1E674E27E2FFA5E
SHA-512: CE6AD1FFD1E76B916259989F8757B8489A13FDFFE30D37A8C8B6F1F5581D9896EAABD842AF38C8E370D0638AD4BE2963D627D89747EA800D6C1DB1391EC016AB
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/a8e78fa7fa279aa946fe1a9d6a0508f2.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="180" y1="26" x2="180" y2="170" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#e8eaed"/>. <stop offset="0.124" stop-color="#e8eaed" stop-opacity="0.835"/>. <stop offset="0.364" stop-color="#e8eaed" stop-opacity="0.542"/>. <stop offset="0.58" stop-color="#e8eaed" stop-opacity="0.309"/>. <stop offset="0.764" stop-color="#e8eaed" stop-opacity="0.141"/>. <stop offset="0.91" stop-color="#e8eaed" stop-opacity="0.038"/>. <stop offset="1" stop-color="#e8eaed" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="32" y1="165" x2="108" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\acad335ad7ba163209d8c3e671b2c445[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 9346
Entropy (8bit): 4.909678911846309
Encrypted: false
SSDEEP: 96:+12aGkB/pvtjRn5EC9QeOgyCVWV3h4yx2WFt1PMXdDWCkgiQAJ9FnPDbs/A2i:6jt9nGCG4SxMhkyAJfnPD4ti
MD5: ACAD335AD7BA163209D8C3E671B2C445
SHA1: 6FFD6741AE59ED5B7AAA33505EF2F57F86A1D082
Copyright null 2020 Page 29 of 54
SHA-256: BBD9E8EDDB8A9888E40E0CF19EA2E0898D7C2FA534B4E70F3922B7A1A20A584D
SHA-512: C96EAF974A77B8D17723F02F84A4C28DC9B9A34C7DB0867CE7674C51A5772667152EE9057C137EA639DAA1728C23C22917DB05758BE7A56588D10D744A52C991
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/acad335ad7ba163209d8c3e671b2c445.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="119" y1="165" x2="147" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>. <stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/>. <stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/>. <stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="67" y1="165" x2="115" y2="165" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="107.557" y1="61.557" x2="119.557" y2="49.5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\acad335ad7ba163209d8c3e671b2c445[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\accounts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 653881
Entropy (8bit): 5.638329839553784
Encrypted: false
SSDEEP: 6144:zuEopJjbLuqX/xWkLpx3crqtyjx1LBYKWfjeT0rvC7dvlg3d0:whuqX/x3NttIjxMKWfjeT0rvugm
MD5: 9EC12B87E7073748CE7BDE15F2E5B83B
SHA1: 503B9253C3BECDB9FF1110326306FB9A156239F4
SHA-256: DBDF557685BD965588328EF6FEC89BAA2B79BCF0212DC4947B34D745FB2DBB41
SHA-512: 5F291DFD4E544035AB167BC14BC4860182A5A3D56688CB4098445E529B7EDB9DDF6CF70E186D71E70179B15117BD815487104212A1202D860AB32E114D2C6D5B
Malicious: false
Reputation: low
IE Cache URL: https://support.google.com/accounts?hl=en-GB
Preview:<!doctype html><html class="hcfe" data-page-type="HOMEPAGE" lang="en"><head><title>Google Account Help</title><meta content="email=no" name="format-detection"><meta content="nofollow,noindex" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="Official Google Account Help Center where you can find tips and tutorials on using Google Account and other answers to frequently asked questions." name="description"><link href="https://support.google.com/accounts/?hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-we
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\base[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 1532452
Entropy (8bit): 5.574906569816643
Encrypted: false
SSDEEP: 24576:8a5GJVig/rHbzTDbsmFsJ6UPkHkHaSS9uXP:xcig/XzTDbsf6UPkHkHaSdP
MD5: 849E14E4CE93A4498A8B71F5DBADA386
SHA1: 3B389C2A65A9E7AC20A3F5CF971359ED073AED42
SHA-256: 02BCC0C15AA72C3A4E492B15A6EAFD3772497C048ADEEF91C5CA55C98346CC45
SHA-512: 5CCDD856FF4ECA9F7222E1983EFB7E64F821918A58E6C86C786B88C91A169748AA013A6EBDABD66CB50E9FE3BAC8526692FC5FB325AC2ADFB554744F68A84330
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/408be03a/player_ias.vflset/en_GB/base.js
Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba,da,aaa,ha,ia,ka,oa,qa,ra,sa,ta,ua,va,baa,caa,wa,xa,daa,ya,za,Aa,Ba,Ca,Da,Ea,Ja,Ga,Ma,Na,gaa,haa,Va,Wa,Xa,iaa,jaa,kaa,Za,laa,ab,bb,maa,naa,db,lb,oaa,sb,tb,paa,yb,vb,qaa,wb,raa,saa,taa,Gb,Jb,Kb,Pb,Rb,Sb,$b,bc,ec,fc,ic,jc,waa,kc,lc,nc,wc,xc,zc,Ec,Kc,Lc,Pc,Nc,Aaa,Daa,Eaa,Faa,Tc,Uc,Wc,Vc,Yc,bd,Gaa,Haa,ad,Iaa,hd,id,jd,md,od,pd,Kaa,qd,rd,vd,wd,xd,yd,zd,Ad,Bd,Cd,Ed,Gd,Hd,Jd,Kd,Ld,Maa,Od,Pd,Qd,Rd,Sd,Td,$d,be,fe,je,ke,pe,qe,ve,re,xe,ze,ye,Raa,he,Me,Ke,Le,Oe,Ne,ge,Pe,Qe,Taa,Ue,We,Te,Ye,Ze,$e,af,bf,cf,.df,ef,Uaa,mf,hf,Af,Vaa,Ef,Gf,If,Waa,Jf,Lf,Mf,Nf,Of,Pf,Qf,Rf,Tf,Sf,Uf,Vf,Zaa,aba,bba,dba,$f,ag,cg,eg,fg,eba,gg,fba,hg,gba,ig,lg,rg,sg,vg,hba,yg,xg,zg,iba,Hg,Ig,Jg,jba,Kg,Lg,Mg,Ng,Og,Pg,Qg,kba,Rg,Sg,Tg,lba,mba,Ug,Wg,Vg,Yg,Zg,bh,$g,oba,ah,ch,dh,fh,eh,pba,gh,rba,qba,sba,jh,tba,lh,mh,nh,kh,oh,uba,ph,vba,wba,sh,yba,th,uh,vh,zba,xh,zh,Ch,Ih,Kh,Eh,Dh,Lh,Aba,Mh,Nh,Oh,Ph,Cb
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with no line terminators
Category: dropped
Size (bytes): 15
Entropy (8bit): 3.906890595608518
Encrypted: false
SSDEEP: 3:PouVn:hV
Copyright null 2020 Page 30 of 54
MD5: FE364450E1391215F596D043488F989F
SHA1: D1848AA7B5CFD853609DB178070771AD67D351E9
SHA-256: C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E
SHA-512: 2B11CD287B8FAE7A046F160BEE092E22C6DB19D38B17888AED6F98F5C3E936A46766FB1E947ECC0CC5964548474B7866EB60A71587A04F1AF8F816DF8AFA221E
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bscframe[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\content_in_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 17527
Entropy (8bit): 5.104312251928596
Encrypted: false
SSDEEP: 384:99wxFFr7jI4qD05eYV47WBy23EdvTRMshisKAsuQvAiz:99yQm4e
MD5: 2DA6339F9692DFCCA8A3773AAC2FCBC3
SHA1: 329A5B0089C26BF9A9E6787A251C16E95375CDA7
SHA-256: 8F2DA0C0E46663B5D3FC84572479CE4A0BF2D1B5A39852D1516F5F9CC2844B2D
SHA-512: E37DC58348E7E9F9BA935BF1C29ED84CE053C6EFE569B54DA4086C88D49D8980B2E738949C4AD2DD9F37B6D7EF4FC341F51A35130DB98B3228D891B4C9793402
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/content_in_services_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28,.cls-39,.cls-8,.cls-9{fill:none;}.cls-2{isolation:isolate;}.cls-13,.cls-3{fill:#e8eaed;}.cls-4{fill:#dadce0;}.cls-5{fill:#9ba0a6;}.cls-6{fill:#fff;}.cls-7{fill:#4285f4;}.cls-8{stroke:#fff;}.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28,.cls-8,.cls-9{stroke-linecap:round;}.cls-16,.cls-17,.cls-28,.cls-8{stroke-linejoin:round;}.cls-9{stroke:#dadce0;}.cls-10,.cls-11,.cls-20,.cls-22,.cls-9{stroke-miterlimit:10;}.cls-10,.cls-28{stroke:#4285f4;}.cls-10,.cls-11,.cls-16,.cls-17,.cls-20,.cls-22,.cls-28{stroke-width:2px;}.cls-11{stroke:#e9eaed;}.cls-12{fill:url(#linear-gradient);}.cls-13{opacity:0.5;}.cls-13,.cls-25,.cls-27,.cls-32,.cls-34,.cls-36,.cls-38{mix-blend-mode:multiply;}.cls-14{fill:#fbbc04;}.cls-15{fill:silver;}.cls-16{stroke:#ea4335;}.cls-17{stroke:silver;}.cls-18{fill:url(#linear-gradient-2);}.cls
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\disagreements_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 9432
Entropy (8bit): 5.181971507266956
Encrypted: false
SSDEEP: 192:0f5ZHtSvX1GIAqwO6fDOqilE62e5/iW1H9C7xtHGd3Pb:0f5ZNSvX1GjqwpDOq+Qe5/i+QxhGd3Pb
MD5: 5ACC0442F97AB723434692F8D5785061
SHA1: 2E038FDBAF95CA279028A9E593320F221B2A4FD1
SHA-256: C88C0E3CBAB3CD40B8A99D48F6E28714BFE8DAD42D6BF4FC94E8C65D917B97FF
SHA-512: 9D97AFEF24542729E56CC4A4A06D9B2E9415B7DA68A109040DF0B1F4A9DC1254EB00FAE7B0E720AD1BB7E033C3D38E621CA6C0F7BCB5287FB51F4F1A3431851D
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/disagreements_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21,.cls-24,.cls-28,.cls-30,.cls-32{fill:none;}.cls-2{isolation:isolate;}.cls-3{fill:url(#linear-gradient);}.cls-4{fill:url(#linear-gradient-2);}.cls-5{fill:url(#linear-gradient-3);}.cls-6{fill:url(#linear-gradient-4);}.cls-7{fill:#dadce0;}.cls-8{fill:#edf3fd;}.cls-9{clip-path:url(#clip-path);}.cls-10{fill:#34a853;}.cls-11{fill:#f2bf42;}.cls-12{fill:#e9eaed;}.cls-13{stroke:#4285f4;}.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21,.cls-28{stroke-linecap:round;}.cls-13,.cls-14,.cls-20,.cls-28{stroke-linejoin:round;}.cls-13,.cls-14,.cls-18,.cls-19,.cls-20,.cls-21{stroke-width:2px;}.cls-14,.cls-24{stroke:silver;}.cls-15{fill:url(#linear-gradient-5);}.cls-16{fill:#9ba0a6;}.cls-17{fill:#f8f9fa;}.cls-18{stroke:#f8f9fa;}.cls-18,.cls-19,.cls-21,.cls-24,.cls-30{stroke-miterlimit:10;}.cls-19{stroke:#34a853;}.cls-20{stroke:#fff;}.cl
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\e60586c0029adec0bacd3e48470ca6c6[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 15934
Entropy (8bit): 5.044031692686615
Encrypted: false
SSDEEP: 96:+5rsHBQMyBNWB85GfnAWlkVzLIV2amGj31zBJqDb5PiStUseyXDhMln9UTfQLUQo:LHEQmGb1wgWX1CGkbjf+LJnx
MD5: E60586C0029ADEC0BACD3E48470CA6C6
SHA1: 2660A543EDC31CC35115F37CFF36CC4DA7B95151
SHA-256: DA83F15D25A23E295CBA8AF285B22F5AEB46394C6B13DFCD29EA3B6415F90DF7
Copyright null 2020 Page 31 of 54
SHA-512: 2FA00B15E609C22D343901BE202D66ED071A5E9989827DE3F3E486DBC33D62CDA296B66BB30875A905AA3BCC97A068F5ECA62FBD4B10EE5CC60CE2C0AFF37A00
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/e60586c0029adec0bacd3e48470ca6c6.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="264" y1="165" x2="328" y2="165" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#bdc1c6" stop-opacity="0"/>. <stop offset="0.137" stop-color="#bdc1c6" stop-opacity="0.021"/>. <stop offset="0.279" stop-color="#bdc1c6" stop-opacity="0.084"/>. <stop offset="0.424" stop-color="#bdc1c6" stop-opacity="0.189"/>. <stop offset="0.57" stop-color="#bdc1c6" stop-opacity="0.336"/>. <stop offset="0.718" stop-color="#bdc1c6" stop-opacity="0.525"/>. <stop offset="0.864" stop-color="#bdc1c6" stop-opacity="0.753"/>. <stop offset="1" stop-color="#bdc1c6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="175" x2="199" xlink:href="#linear-gradient"/>. <linearGradient id="linear-gradient-3" x1="196" y1="165" x2="252" y2="165" gradientUnits="userSpac
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\e60586c0029adec0bacd3e48470ca6c6[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fetch-polyfill[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Pascal source, ASCII text, with very long lines
Category: downloaded
Size (bytes): 8543
Entropy (8bit): 5.238064281324506
Encrypted: false
SSDEEP: 192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
MD5: 04E3CC8A9641B3F9F9C9370F4E9B5BDD
SHA1: 9602A891F583094BB04FD407B253ABCAFFB8C8D0
SHA-256: DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
SHA-512: 58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/yts/jsbin/fetch-polyfill-vfl6MZH8P/fetch-polyfill.js
Preview:/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\googlelogo_color_74x24dp[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 74 x 24, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 1622
Entropy (8bit): 7.861147443229629
Encrypted: false
SSDEEP: 48:1iZ3jFWCXwymKs5AbKuyp/fvBheQdm+6QmWO:1iZ3ZWKZmKsCb0/fphH6QJO
MD5: DE327BF69212B7255BBB0C8F40F52A3C
SHA1: 8C9E7517E6456E13F3F4640E39743B74F98B8F39
SHA-256: 0793CEFA320C6C622E8B143B35FAFB577BD7584C26796D3B5E1321463494FE76
SHA-512: FDC82955CCBA3E9310CAC694197C43EB289CE9FFCB2A0784CCBAE0F3CEB5ADCF2F72D40C411290BDB6F3311E23321D13D3C2C6D20DC63E733A291A115E254060
Malicious: false
Reputation: low
IE Cache URL: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_74x24dp.png
Preview:.PNG........IHDR...J.........].k.....IDATx....t.h...Y.sww?../$p............../.'-....C...K..{?,m...73d.....|z[..U..L./.....Zp.....<...D.......TZ.....^...a`.E......}@'.i.3.s.|&.......2nty...` .r.A.._H..e.p.-..`.'%.....a..31x>>..h....z.~.............(..6........V^..P...@u.........;..y..FY....J.B>[email protected]..)[email protected].. \[email protected]..[..Y.*-.}[email protected]..<.of...a{j..d.L.r....7..a.../.*@...Y.`.l......9A....r..u..9.J..1ryC........HOt.U....b.E..{3iC.-....&!X.,9.*......d..!k6......M4...l..#4............*.&|...c..?OS...*.\~..v.q.A......*[email protected][email protected]..@....(..........'.....%....._..Y...k...n<wkE .Wk\.............P<...p......\' [email protected]@...$......z..N)?......S., Q.T:[email protected][email protected]/X'.....:.P... ...'..X....`....6L?....3..)+...c.K..~)pF..d..s....B0`)......si.#..J.-...cl...s<.....z$'.#./x......%-...0.-.d.........x...+."."....N.b [email protected]....;.8J....^[email protected].
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\keyboard_arrow_up_24px[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 147
Entropy (8bit): 4.9621270003690565
Encrypted: false
SSDEEP: 3:tIsqDmJS4RKb5zMcBH8+hHiATcvXjXRHoNcHgDXFUVLUJRVFiAdFUvuIIb:tI9mc4slzXdhC/O4gSVLU9FRF0ulb
MD5: 1F5DC0C5F607EC3BF9E3089FEBD9C373
SHA1: 1D8D1276A56A42B3EA7393767A8674CD45C43439
Copyright null 2020 Page 32 of 54
SHA-256: 00D8F7123BB5EF3F7FAD786905F5407CC5FB8B4C55E1B0511803F6C8C01E3903
SHA-512: 98C5C969A12B196176ADDD9C7DD8234C9D81EC513DE453F116E766DFA32E5B99AD2AEB68609353B349A65F7B26E68166C42337668B2BF1C8513FF4C77200271D
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/images/icons/material/system/svg/keyboard_arrow_up_24px.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"/></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\keyboard_arrow_up_24px[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=Wt6vjf,_latency,FCpbqb,WhJNk[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 5612
Entropy (8bit): 5.509232146252694
Encrypted: false
SSDEEP: 96:ty3VU7l1CmOeJDWsO17ZxsUaZvn0EAgL9R9Eb5Y+t0A05pKpG:tqVyJe17ZxWtymX5B
MD5: 332E6511A19397680A8B49CCF1140900
SHA1: 42645530B08D6C817A70B4FDCBF3379CECE7E417
SHA-256: 1CE0D9D0B8803392A3B931A013BA743543438B1E9BEAA6F5D04DF0115E6D1821
SHA-512: BC57B8691EAB55482E7CA545B81E3EEA9F2DC8526A2DCD2756E4B32B4A6B5D71615CE35128963C72CCAD60A34F65ED2664749943E92E4FAEA155E07B442700C8
Malicious: false
Reputation: low
Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{._.m("Wt6vjf");.var QI=function(a){_.B(this,a,"f.bo",-1,null,null)};_.z(QI,_.p);QI.yd="f.bo";QI.prototype.vb=function(){return _.Qh(this,1)};.var RI=function(){_.Oi.call(this)};_.w(RI,_.Oi);RI.prototype.Cb=function(){this.aq=!1;SI(this);_.Oi.prototype.Cb.call(this)};RI.prototype.g=function(){TI(this);if(this.Gj)return UI(this),!1;if(!this.dr)return VI(this),!0;this.Gb("p");if(!this.pq)return VI(this),!0;this.Km?(this.Gb("r"),VI(this)):UI(this);return!1};var WI=function(a){var b=new _.lx(a.ey);null!=a.Uo&&b.g.set("authuser",a.Uo);return b},UI=function(a){a.Gj=!0;var b=WI(a),c="rt=r&f_uid="+_.me(a.pq);_.dn(b,(0,_.x)(a.i,a),"POST",c)};.RI.prototype.i=function(a){a=a.target;TI(this);if(_.ln(a)){this.Ul=0;if(this.Km)this.Gj=!1,this.Gb("r");else if(this.dr)this.Gb("s");else{try{var b=_.mn(a),c=JSON.parse(b.substring(b.indexOf("\n")));var d=(new QI(c[0])).vb()}catch(e){_.Ka(null,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\m=sy1a,sy1b,sy1c,sy1e,sy1f,sy35,pwd_view[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 14965
Entropy (8bit): 5.594130208489215
Encrypted: false
SSDEEP: 192:uBthJ2wc5jCAWj+VRyKXqEUiKYUl8TeLca5Yhdqy2/DYoBTpVf3zlbwphVzPO1gr:SthJ2EGQiKxMaydqy2/DY2P3OhVG1gr
MD5: 1385E8883E4A4D6EDE3F725369B7ECF0
SHA1: 630AA2C134519BFD1F2B91221A810787EFD69082
SHA-256: F9B364421F3D18F7BD1AE56054D547B5C757A7376CFD646B2C9B7ACE1DEE1714
SHA-512: B247C1B2AF8B434003CCEDCF57F859CB9733641DE568FEF0BCC7223CAF16116A825CF2AD8D586D5B12FB52EE64A4174C8E9940D30B1F13D0752196BA7F6E4E48
Malicious: false
Reputation: low
Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("sy1a");._.vT=function(){return"Try another way"};_.wT=function(){return"Enter code"};.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1b");._.xT=function(){return(0,_.D)("Account recovery")};_.yT=function(){return"Verify that it's you"};.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1c");._.k5a=function(a){a=a||{};return _.j5a(a)};_.j5a=function(a){a=a||{};return _.mt(a.an,1)?"Enter your password":"Enter a password"};_.H("Pb","",0,function(){return"Wrong password. Try again or click Forgot password to reset it."});_.H("Qb","",0,function(){return"Forgot password?"});.._.m();..}catch(e){_._DumpException(e)}.try{._.k("sy1e");._.zT=function(a,b){a=a.oa&&(a.oa.ha||a.oa);var c=b.locale;b="";var d=c=_.nt(_.lt("en,en-US,"),c+",");d&&(d=a.qb(),d=_.G(null==d?null:d.getGivenName()));!d&&(d=!c)&&(d=a.qb(),d=_.G(null==d?null:d.Oc()));return b=d?b+(c?"Hi "+a.qb().getGivenName():""+a.qb().Oc()):b+"Welcome"};.._.m();..}catch(e){_._D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\postmessageRelay[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 566
Entropy (8bit): 5.18420603530753
Encrypted: false
SSDEEP: 12:haxyErYfhVkrC9sA6AjETrwPEAfJmWmM8ytrI:haJspVkO9sMEw3aSI
MD5: 9380DC1C3E0D80E5EB1447A005EEE720
SHA1: 352F6272FF6B02CF5A71BB0968A1DC1A79ECB1BC
SHA-256: E5C86015DB77D2F79E2174354CECADA60E1CFC8C0344124493DD1A1056722F58
SHA-512: FD4FC7B1D34C6C69F4B81096852D6EABA5583FA5641B978ABC70BC919C93B779DACF77B35969EF50F214FED50DA03EF8C30E0271025CF5EC561A9FD80318596C
Malicious: false
Reputation: low
Copyright null 2020 Page 33 of 54
Preview:<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="siPqY8OD89JdSMapSD+JMg" src='https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js'></script></head><body ><script nonce="siPqY8OD89JdSMapSD+JMg" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\postmessageRelay[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\proxy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: downloaded
Size (bytes): 872
Entropy (8bit): 5.326970143693951
Encrypted: false
SSDEEP: 12:hYA0HqJmqGN/o79hLFBkAAqJmPm/esHbJ/P4Nbx4IQEWYA0HqJmqGt79hLFBkAAj:hYPcBe2BvPz7VP4NiYPcBYBvPz7K4NW
MD5: 5CB12030A1C20C85F0F40E4FE608C7D5
SHA1: 11EACC8945F21367177415ADC9D1B7E1B74FDC37
SHA-256: E70C9F4B373A2089F67433389B8BC2E6DB711F9169ECB2CB5B1DEC3569D2E340
SHA-512: 8B7F30BF9AB24136310AB7BF3E574A82A582BF6661B11DC2896912F0A93A535A57B2B2E1AE12BC615229CCCC8A403ED25CB4DBDC42B6A4D10F95F9DEE7F2392E
Malicious: false
Reputation: low
IE Cache URL: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uhBKOtz6fOw.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw%2Fm%3D__features__
Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="21PxJxkKPa3a0RsH0s5o7w==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="21PxJxkKPa3a0RsH0s5o7w=="></script>.</head>.<body>.</body>.</html>.<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="7f1ZlcEdiZuE1G6foxEqbw==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="7f1ZlcEdiZuE1G6foxEqbw=="></script>.</head>.<body>.</body>.</html>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\related_item_external_avatar[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 80 x 80, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2577
Entropy (8bit): 7.781446647389294
Encrypted: false
SSDEEP: 48:hIClmS5juJIIPoy8mJgii5Je64GRWEcaGuFAHvUu3olwHCMtToF3PNxXPqoE:hIQj5jLIwXmJIasRXGhPywHo19P5E
MD5: DBB859BB594B6AB827C4A148D9343720
SHA1: BD7E94CCCAEB4B244E0D6A333450013F35FCC817
SHA-256: 679EC39C5CCB27D18357D6E23DE0DFA22D07ED435B09E85F7003FFC3870150D4
SHA-512: 9EA39C37EA3A6395B7E9CD63DA3BAAD1F2585B9BAB598D73B5FEBC7399B8532AC8FE57ED2E77537F9D7E689CE8CC289E20D29060023CD2AAD7ADFF4E03944C71
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/support/content/images/static/related_item_external_avatar.png
Preview:.PNG........IHDR...P...P.............PLTE................F........?.......@..-..2..:..'.............4..............1..5..A.....*...........k..i..[.....I.......*..(..................T..3..9....!.....}.......*...............%........t.......8..v..'..+.........................k.....x........S........S.........E...................................>..5............A..........G..Y.......&...............".....................@..%....................................................>.....(..`..:............C..O..1..9..........s..M........m...........?..V..2..a..e..j..&..$..:.......R..&....................4........(..... ..............B..9.....-.."..-../.....E..\..2..*..7.....0........<..I..<..!........$..*...........D..5........B...................................;[email protected]....( ..H.2 .5...42.H.!.....H.....;.;qa..........y.J<..=..+....)[email protected]}..q......WD...<i.W.W_.}&5=...p..Q.....1.....|..T....4.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\so[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 47233
Entropy (8bit): 5.731592883642222
Encrypted: false
SSDEEP: 768:Njk/d9SvRuy2QM0fzPfnoV3ZDxObSQPFJ/N4slQkSfdqoA:+6MGnoNtxObJ1gVqoA
MD5: 70D368A59CEB81C6454B887EC24B49EF
SHA1: 02918B5D170AB95EB5845886C9CA5ACCC69059F2
SHA-256: EC267C6B9EBA4148236CC4D28699F7ED0A9B878868BA5505687DBC8204672BAA
SHA-512: 172D0379B4DA117C9A2DD60C9589AD9D2BA888617AB0373B0A951B87B2D50EA589530D5927FFC4A53531584A86523624D0A48C8B19158039F7554A93579A567F
Malicious: false
Reputation: low
IE Cache URL: https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fsupport.google.com&cn=app&pid=117&spid=117&hl=en-GB
Copyright null 2020 Page 34 of 54
Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="/YeeuVqouiFlO7XziSDIUQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"-5446584923233252504","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%[email protected],173044242,1326019383]\n","ZwjLXe":117,"cfb2h":"boq_onegooglehttpserver_20201129.07_p2","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://support.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"One
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\so[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\software_in_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 10291
Entropy (8bit): 5.108050496178277
Encrypted: false
SSDEEP: 192:Vv1sCCA6ZFAgX0dwqMzKZNa/tmSCC/Knv241ZE6qCCjgs1mUBHbobxj4RQLIMTK1:Vv1eFAO0dwqMzKZNa/tmoKnvn1ZE6LQ3
MD5: 4364830047AFFABB4827ACCA45B30ABB
SHA1: 100113BAF5DBB776D0D3878BF34D7ECDC5B85167
SHA-256: 8BB5C524CB469739FC6868741D81E6337B971A984DB35CD4538BC31DD22CB52D
SHA-512: BE03327CE7E94E5A9184FE6BE51D1F372DA92FDA922B123A77B628B722BAEB5CAA9C2F4125763CB96813867B84985732F451C79DEFFBC4EEA71AE8BDB0C8B46C
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/software_in_services_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-10,.cls-11,.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-35,.cls-8,.cls-9{fill:none;}.cls-2{isolation:isolate;}.cls-13,.cls-3{fill:#e8eaed;}.cls-4{fill:#dadce0;}.cls-5{fill:#9ba0a6;}.cls-6{fill:#fff;}.cls-7{fill:#4285f4;}.cls-24,.cls-33,.cls-8{stroke:#fff;}.cls-10,.cls-11,.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-8,.cls-9{stroke-linecap:round;}.cls-15,.cls-19,.cls-24,.cls-27,.cls-29,.cls-33,.cls-8{stroke-linejoin:round;}.cls-9{stroke:#dadce0;}.cls-10,.cls-11,.cls-9{stroke-miterlimit:10;}.cls-10{stroke:#4285f4;}.cls-10,.cls-11{stroke-width:2px;}.cls-11{stroke:#e9eaed;}.cls-12{fill:url(#linear-gradient);}.cls-13,.cls-23{opacity:0.5;}.cls-13,.cls-18,.cls-22,.cls-23,.cls-28,.cls-32{mix-blend-mode:multiply;}.cls-14{fill:#bdc1c6;}.cls-15,.cls-19,.cls-29{stroke:#34a853;}.cls-15{stroke-width:1.3px;}.cls-16{fill:url(#linear-gradient-2);}.cls-17{clip
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\terms[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 245002
Entropy (8bit): 5.643086236991574
Encrypted: false
SSDEEP: 1536:Iht3M1noeHAyWHNS86ddT0fWSYefqnWe9MDX5nlX4BndZNbVDEBNYXfHjcGbFIk9:rgxcAOi5lX4BdZPzdPHjrpjXCQ/8OOc
MD5: 2D5F796AC43322532CE016A597543C5E
SHA1: 211B68BBD5430D67EEB365DC9AB7C3B340E5BC06
SHA-256: B1BCE587776F9CB9C845353BE8D5E6CEB6DA3E71664CC56901BD276B64EA215A
SHA-512: 7ED5FB4BC3AD1079B78FE863BBC74F9AAC3DDAC2CA332592BF1F06B73E6C176A10896B7B6ADCE83D31BE59C79B647AE9297C1ED2CBEB8D584831EE39978664CD
Malicious: false
Reputation: low
Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://policies.google.com/"><meta name="referrer" content="origin"><meta name="viewport" content="initial-scale=1, maximum-scale=5, width=device-width"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="application-name" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-title" content="Privacy & Terms . Google"><meta name="apple-mobile-web-app-status-bar-style" content="black"><meta name="msapplication-tap-highlight" content="no"><link rel="manifest" crossorigin="use-credentials" href="_/IdentityPoliciesUi/manifest.json"><link rel="home" href="/?lfhs=2"><link rel="msapplication-starturl" href="/?lfhs=2"><link rel="icon" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="apple-touch-icon-precomposed" href="//ssl.gstatic.com/policies/favicon.ico" sizes="32x32"><link rel="msapplication-square32x32logo" href="//ssl
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\unnamed[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 18 x 18, 8-bit gray+alpha, non-interlaced
Category: downloaded
Size (bytes): 397
Entropy (8bit): 7.208563990444908
Encrypted: false
SSDEEP: 6:6v/lhPi3WgsyAPLhn+55UhKJ2eCdyYQG1ggh86p2PMt0P1945CMMwyB+lVSDbnMJ:6v/7aDQExuVagh8ASPr4sMMwS+PSDb9M
MD5: 4F8DEB97A4E0BB33DDE438BD444B3DC5
SHA1: 4A3297F9364EEE666FF9F39C68177CFE355904BC
SHA-256: 7346FBB4B75591B361B8BDD30DE31BFD66DC4F704445EA43737E82D9FAAF6BCF
SHA-512: 76B5BF1B3D2742C2AC940EC20AD3035E1BB9641807141FAE5EE6D4C0B91AFDAE6B72F3BB51F707E4492B84E04D30E2528BD7CDC95CD68BF3E1D4BA82359BDCFE
Malicious: false
Copyright null 2020 Page 35 of 54
Reputation: low
IE Cache URL: https://lh3.googleusercontent.com/yl0EzS1GixeU9QVLJtHu7hom-4PIHwYylP17hRk9_UasgFCCc6lo6E0-ReGn8R1ny3A=w18-h18
Preview:.PNG........IHDR...............F.....sBIT..U.F....FIDAT(.u.MN.A....n.....0Q...`......#.x.......'...\.....].....W.U..WmHg9f(][email protected].....}..nAQ@../t....}x......{}.L...ofb....p....a..X.J.G.w6...1..u'.....|#..v..c{..1<..p..0..@."]M......7E.f....&.VHf..()[email protected].`..v.9d...N5.Ap=...d....'.h.....t.fb..6%[.F.! x...Ype....5..][email protected].".:SNZ.|,.|._...S}$......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\unnamed[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\using_services_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 15007
Entropy (8bit): 5.175613358784504
Encrypted: false
SSDEEP: 192:0Ph7j5r2wC1E4F3WebaMk7kWAkW+QlnuNtpQkvLp+fwEVj3VjzcPCkGkeY:0Z74wC1Xowa3eVnuNtpzvL8BxuGkeY
MD5: 775157C7758CBB22079A32258DC52661
SHA1: B6D8D7DD691B7571C7B638283AA6564BD35CEC75
SHA-256: 3006F7DAEA1CFDF42961A866D150ECC0CF5DC23B3A708399D66A5C3A1754F754
SHA-512: 1BF095D030F19D06D4A113A845B16FA8C28A4FFF22F48EE456105091E07EAD3C4884097A1DCD1E6C2F69A2EC31C540E8B301BDB008BEFA2CB8655A06208AC8F6
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/using_services_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{fill:#d9dce0;}.cls-14,.cls-17,.cls-2,.cls-22,.cls-23,.cls-39,.cls-40,.cls-45,.cls-49{fill:none;}.cls-3{isolation:isolate;}.cls-4{fill:url(#linear-gradient);}.cls-5{fill:url(#linear-gradient-2);}.cls-6{fill:url(#linear-gradient-3);}.cls-36,.cls-7{fill:#e8eaed;}.cls-21,.cls-38,.cls-42,.cls-43,.cls-47,.cls-7{opacity:0.5;}.cls-8{fill:#fbbc04;}.cls-9{fill:#f57c00;}.cls-10{fill:#dadce0;}.cls-11{fill:#34a853;}.cls-12{fill:#bdc1c6;}.cls-13{clip-path:url(#clip-path);}.cls-14{stroke:#e9eaed;}.cls-14,.cls-17,.cls-22,.cls-23{stroke-miterlimit:10;}.cls-15,.cls-25,.cls-26,.cls-30,.cls-32{opacity:0.3;}.cls-15{fill:url(#linear-gradient-4);}.cls-16{fill:#e9eaed;}.cls-17,.cls-23{stroke:#d9dce0;}.cls-17{stroke-width:5px;}.cls-18{fill:#f9ab00;}.cls-19{fill:#aecbfa;}.cls-20,.cls-21{fill:#4285f4;}.cls-21,.cls-28,.cls-35,.cls-38,.cls-46,.cls-47{mix-blend-mode:multiply;}.cls-22,.cls-45,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-embed-player[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 157015
Entropy (8bit): 5.5696709759929
Encrypted: false
SSDEEP: 3072:sLVHW5e+yW4Qg+Ntc8YL0RfeRcRe2sLnUfY:zehv2c8Yp2sLQY
MD5: D500C8D9D0B0A442F77179F6D05F0721
SHA1: 18FE2BB822968C65FB2A510914E35C66089844F4
SHA-256: E790672ECEF31BEA0ECA728D5CB7B846E12D2F5223F278125A99293A0828CCA1
SHA-512: 7BBD53A87C399D03CA8930AFA49BDC77251AEC79C38498264B9BFF3F79FB0FE3DED9EC80DB9F5857231640092BFFAD4623283B7CC790053980E03554179E7797
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/408be03a/www-embed-player.vflset/www-embed-player.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-player[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 342157
Entropy (8bit): 5.235982641944556
Encrypted: false
SSDEEP: 1536:X6u/Cd+RNRDQI03rpHrpY/fn8MZv8M5q4ayPOP5fRrDJciMfByr5G0TwecZecoXE:X6u/n2OXdZPv2Qg0l
MD5: DFDD6193A909FAAA86E2B71B8472E5F0
SHA1: B72D05EC116C90E72DCF0CCBF6352D79BBD77FCE
SHA-256: A7FD60C8B46DEB45300553B4802D967C30513BFB9E8325E76D9073317B1FA775
SHA-512: E82E737E408F70A64DCAC8AD3469D59A4EFE01A61146AA6E2BBDAEF7CD0FE84AC1ED99E9A2B32BE88256F6150EA5B996640F143DD87CC321B1446455BE884BF8
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/408be03a/www-player.css
Copyright null 2020 Page 36 of 54
Preview:.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-player[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\www-widgetapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 102767
Entropy (8bit): 5.51457613850721
Encrypted: false
SSDEEP: 1536:5eUaea9Hk2T8zdeUUnn6nM2G2/10F4zbcG19WNqVtS6hi2Y:k9EAFD2ZzZ9W+M
MD5: 5DB3786539DF80EB11CEBE86E040F1CE
SHA1: 4BDAEF4820F30317EE3633ED1F85FB0453DDB74F
SHA-256: AB6EFC55441396E3A9F7FE2ED96D1959E242DFE2184783060864179C6108E00B
SHA-512: 31FE74D342B177DED800294913F018D5B9B0F7583B7D926E3551B6D04D822ABCB6F105E271CD5C467D1F578F8809710B219E4745C7841AF47A1027CCCF462BF2
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/408be03a/www-widgetapi.vflset/www-widgetapi.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var r;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\0d6da8d8c44e7e3ee95c4d56c19f04e1[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 2705
Entropy (8bit): 5.15375624281808
Encrypted: false
SSDEEP: 48:+GzHx4GLZ/W1wHxJCXvGUQj+ek/Ij0jiO0ijy1uo:+G2UEJIj0jH0PH
MD5: 0D6DA8D8C44E7E3EE95C4D56C19F04E1
SHA1: 9DE1568D596F174CD4646DB5745B58695677B069
SHA-256: FAA35DC181EB792DB0A4BE4E7031EEC86C044E52773CB082652B788D3B838E72
SHA-512: D47689B9681F4D5DFF7FD18B4F76F9FBB372B4EB9ADC3FE7C177ED79D19CF2D912831729C73589C4DA833D3D83746DAD3C593A92A5A81440AAE17874F8DDC70C
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/policies/privacy/0d6da8d8c44e7e3ee95c4d56c19f04e1.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="96" height="96" viewBox="0 0 96 96">. <defs>. <linearGradient id="linear-gradient" x1="24" y1="77" x2="48" y2="77" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.116" stop-color="#9aa0a6" stop-opacity="0.054"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.201"/>. <stop offset="0.546" stop-color="#9aa0a6" stop-opacity="0.44"/>. <stop offset="0.823" stop-color="#9aa0a6" stop-opacity="0.768"/>. <stop offset="1" stop-color="#9aa0a6"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="48" y1="80" x2="48" y2="16" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#1967d2"/>. <stop offset="0.043" stop-color="#1967d2" stop-opacity="0.942"/>. <stop offset="0.305" stop-color="#1967d2" stop-opacity="0.611"/>. <stop offset="0.54" stop-color="#1967d2" sto
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\39b031d352a2e1586cf50ac7f2bbc18b[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 12378
Entropy (8bit): 5.041888208682257
Encrypted: false
SSDEEP: 96:+RoMM2anrsHcxjBBN49qDLj5QeUFUDzi3pnDseedgejR7cestQoumbNvR4VBdwH6:PAHZ9q/j2eUqvi+/QNvOVBMwsV8
MD5: 39B031D352A2E1586CF50AC7F2BBC18B
SHA1: 5F714582443C158EAC42F4A2368E29488A01E365
SHA-256: 9EE03AE2943928AEA61E62DA6BD2338CA4B244C756D78B8888C1693731401A21
SHA-512: 44C3255DAC07BA0D8A5CA849649515A095AA40BAE13BF1710E009F8E9FFE96BF4EE573B073DC4340DE738CA110653FB48A83C5BE1008C61F3EB41A76FD741789
Malicious: false
Reputation: low
Copyright null 2020 Page 37 of 54
IE Cache URL: https://www.gstatic.com/policies/privacy/39b031d352a2e1586cf50ac7f2bbc18b.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204">. <defs>. <linearGradient id="linear-gradient" x1="52" y1="49" x2="52" y2="71" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#202124"/>. <stop offset="1" stop-color="#202124" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-2" x1="52" y1="85" x2="52" y2="157" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#188038"/>. <stop offset="1" stop-color="#188038" stop-opacity="0"/>. </linearGradient>. <linearGradient id="linear-gradient-3" x1="24" y1="154" x2="44" y2="154" gradientUnits="userSpaceOnUse">. <stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/>. <stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/>. <stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/>. <stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\39b031d352a2e1586cf50ac7f2bbc18b[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\48l-xdS4pXg[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 44586
Entropy (8bit): 5.917617509324316
Encrypted: false
SSDEEP: 768:p/R7zR6oVfOP2xFDORIDbt/uLOksviyk9psrMwkguHJV6EP/n1B:dpORIDbIKksvcsr6P9B
MD5: 1CBA5B6E1B49590F4D5A55780691F779
SHA1: A902673965B5C912F0869F4B293A5703C6B6CD10
SHA-256: F59C964F1E8E51F914D3509ED0E8BDDB4A2D9EADD0258BB44225F9E36AEE3345
SHA-512: EB96E0F8C157E2D247F6FA2A54EA44F1D4F8F6A0FAFE2C1D913910AF51A2C510F0D02BF87923EE132C084A8AD10012AF7A9C64AA5677EBD114A79DC2E6BA6CAC
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/embed/48l-xdS4pXg?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1
Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 26164, version 1.1
Category: downloaded
Size (bytes): 26164
Entropy (8bit): 7.983292364847896
Encrypted: false
SSDEEP: 768:L9QwjnXN11zY7+dePzz5Othh7STtySTygbOg9zp:L9pjz1kCePzQthJSYgbRp
MD5: CCDA7B53E281A638F36ED62514815268
SHA1: CF6D39BAB2A012D008EC9EDF95F4F4BDACF93770
SHA-256: 673F112749C21E5BE0D1338E1709A1D981053E239E98CE09D0BB849BB34FCD98
SHA-512: 20645A09B2FF157E50C71D862AA4FE6729FFD8BE18FB3D390B3714DEEC4F4FFF49FAC16EC509F8D620E476DC1942C67C95A95ABF14A06585F5B504FB4BE89F58
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff
Preview:wOFF......f4.......|........................GDEF.......q.......~GPOS.......#..+...UGSUB.......y......m.OS/2.......U...`j(..cmap...........~n...cvt ............(...fpgm...`.......uo..gasp...(............glyf...4..=...k....head..Z<...6...6.x'.hhea..Zt... ...$....hmtx..Z...........%.loca..] ...y......%.maxp.._.... ... ....name.._........Z.L3.post..`d.........i]\prep..d$........t...x.E......E.}&$a......A.. ....,....`..}....q....+o...9 ....B.J..WS..w2.{...o.D~!X.D:..Muq...[1 ..[.I...]..#-..0...x....+..E.pg....bfffffffff.0.+ef.5..N.0..K..r....Y...@..V.t.~.......[q....h+..y...1s.#.>.%....CX.,@.F..t.H..t..{.q.c.>..\?..J.".J.+.M.L...:l%..I\....<......._....M..-....7.BP.J.d2*.T..,G...*E?.Z.p..].w..=z....9.p{..<._O+*..r._...]U.]..?.r.JoQi..k..P...*.....=.X.:U.....\.....h.....r....L....J..Sn..<9..V..=.x=:x..x..yCr.#e.._..o.>...s.<!M.......!..o....!....j.#$.:A..Bn.2.$..,..E...{...G_.....L............jw..P.]!..wE.R..a..rK4...k.._.W24^...cuh..fTIH.Z.TJ....&.x
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TOS[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category: dropped
Size (bytes): 197
Entropy (8bit): 6.748558418265418
Encrypted: false
SSDEEP: 6:XtwM9CG1f8OaC3TVXZc/S28CGWdjV2K+j:XWGWD0TLubxjU9j
MD5: D2637B3A0059D2AA6133D587491FCB76
SHA1: 10B4804ACF823EF874069793C27522D190443F79
SHA-256: 13AE332B053348547D338D24907CAA06EF48342A1074661235715B3CA2742A9D
SHA-512: 02E60F72B132C12C09627EFF30B7DF68092D4954CB940AC3662908AE1CA612B355FC45489E26CFF924AF66985329CAFC178365B88CABED7558C8B8C69B4B71B1
Copyright null 2020 Page 38 of 54
Malicious: false
Reputation: low
Preview:..........m....0...>EH.....F....E(9.G........}5.sYvv...9/..y....w^$aifh..m.P.R-.|..%. ...b.*.G.w..F<y.u=:....mu=....yk.'$..i.....I.`1Mv<.b.............r.... c.Z.P...P...D...n...=..Z..R....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\TOS[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\YlmVKT3Zvhw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 44853
Entropy (8bit): 5.922877433829084
Encrypted: false
SSDEEP: 768:p/R7zR6oVfO0ryaFC5YhcGcvbuh/5i63QRe9L0JqT3wkDKp:9ycaGcvRnsN7gki
MD5: 8DE0DAD094753DC6B43B16AC531866BB
SHA1: AC9A249FD264E985C115A36FD1D7E3FC9F50E294
SHA-256: 4A35AAE25355642C42E9E2D6B458E5AA777CB148F326E114EB14F480F295C19D
SHA-512: 6EA18B8E458E97399D34AA35952C6608F3B3DCF7D40DE9EC134698C1DDADDE4FAE180C7F11A2116BF769C6EE7815DB2C7B00E44141866B525A3EF64C017863AA
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/embed/YlmVKT3Zvhw?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1
Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ZdEIZNg3epQ[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 44472
Entropy (8bit): 5.917388757514024
Encrypted: false
SSDEEP: 768:KCn7zR6oVfO5Qh87WT2Ym+iqkRGhj14ybdED8P4iJzC30Z9Rw:387WT2Ym+LFK9D8wf3OY
MD5: 5221FBB761538A47A571F8F014519DF0
SHA1: 3F091DEF5C9668934E789853B624080856132A46
SHA-256: 57AE21FB85EAE02AAE2006B205EAE85D9C5FCF09E14BD3B03D77FB2BD5C6DDF0
SHA-512: F1AFB6BE4D1C0FB74948BA7779BEC18D60B7AADB4926A88E18FBEAE5713E76EA5F0B1644E8B30220F8FBE9D519D3CAD036ADD3F804D809F69F59DB09775A5443
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/embed/ZdEIZNg3epQ?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1
Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\accounts[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF, LF line terminators
Category: dropped
Size (bytes): 337
Entropy (8bit): 5.570600678507566
Encrypted: false
SSDEEP: 6:wRkrQWR0iYBtqWkT2apKHu5BLCRiRtcRulRN33eERhHalZDDe86kToP:ekrY1t6Ks9CRi+ulveE/IZDDesi
MD5: 53DE18E42FA83AF95000C640411AF36E
SHA1: 7DF028BACB288475602A75B7258241CC9F3450A7
SHA-256: E3603A1C5ADA70CC3136145FD84EFEF7210CF1522632DBC907D0D7794ADFA193
SHA-512: 5029C735183629CBF872A51BC60C693C44CA6890E4F59B6AFCBD336AB220DC6413ACF0A101B90491ED59BB5720D044D988D9EC2FCD194D408C61FDA0F43D32F7
Malicious: false
Copyright null 2020 Page 39 of 54
Reputation: low
Preview:<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="https://support.google.com/accounts/answer/2917834?visit_id=637426297042051008-2032747671&p=signin_privatebrowsing&hl=en-GB&rd=1">here</A>...</BODY></HTML>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\accounts[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ad_status[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 29
Entropy (8bit): 4.142295219190901
Encrypted: false
SSDEEP: 3:lZOwFQvn:lQw6n
MD5: 1FA71744DB23D0F8DF9CCE6719DEFCB7
SHA1: E4BE9B7136697942A036F97CF26EBAF703AD2067
SHA-256: EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
SHA-512: 17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
Malicious: false
Reputation: low
IE Cache URL: https://static.doubleclick.net/instream/ad_status.js
Preview:window.google_ad_status = 1;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\embed[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 30235
Entropy (8bit): 5.55570368728144
Encrypted: false
SSDEEP: 384:OSneElS7YRgyq+e8yN/h6ieEury3Qs5rr1zuF9zkC9gZjxrEzLDCHTCI+4Ie2CJw:p4+1yNJ6ieSn5rB4pkCcG3QbSGyvf7
MD5: 698BE55EB3E591EF76E545CFE4F56E3F
SHA1: E872ED7C02A80D7D2C4AF85F7D7D628EBB77E053
SHA-256: 96EEE81B33EE086EB0AA15716A2547ECC27A4EB92D9C78DE0860A26F970AE45B
SHA-512: B597A26646DFDFCC03D8415CFDD4BD53FA0BC68F148CEF4F88307F44848E82A89E0E97F840DEAFDB970DFEFAB86728220C9228BB49206BB6BD13BE93078EBED5
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/408be03a/player_ias.vflset/en_GB/embed.js
Preview:(function(g){var window=this;var w4=function(a,b){g.ff(a.u,8*b+2);var c=a.u.end();a.C.push(c);a.B+=c.length;c.push(a.B);return c},x4=function(a,b){var c=b.pop();.for(c=a.B+a.u.length()-c;127<c;)b.push(c&127|128),c>>>=7,a.B++;b.push(c);a.B++},BGa=function(a,b,c){null!=c&&(g.ff(a.u,8*b+1),a=a.u,b=c>>>0,c=Math.floor((c-b)/4294967296)>>>0,g.tf=b,g.uf=c,g.gf(a,g.tf),g.gf(a,g.uf))},y4=function(a,b,c){null!=c&&(g.ff(a.u,8*b),a.u.u.push(c?1:0))},z4=function(a,b,c){if(null!=c){b=w4(a,b);.for(var d=a.u,e=0;e<c.length;e++){var f=c.charCodeAt(e);if(128>f)d.u.push(f);else if(2048>f)d.u.push(f>>6|192),d.u.push(f&63|128);else if(65536>f)if(55296<=f&&56319>=f&&e+1<c.length){var h=c.charCodeAt(e+1);56320<=h&&57343>=h&&(f=1024*(f-55296)+h-56320+65536,d.u.push(f>>18|240),d.u.push(f>>12&63|128),d.u.push(f>>6&63|128),d.u.push(f&63|128),e++)}else d.u.push(f>>12|224),d.u.push(f>>6&63|128),d.u.push(f&63|128)}x4(a,b)}},A4=function(a,b,c,d){null!=c&&(b=w4(a,b),d(c,a),x4(a,b))},B4=function(a,b,c,d){if(null!=.c)f
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category: downloaded
Size (bytes): 5430
Entropy (8bit): 3.6534652184263736
Encrypted: false
SSDEEP: 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5: F3418A443E7D841097C714D69EC4BCB8
SHA1: 49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256: 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512: 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious: false
Reputation: low
IE Cache URL: https://www.google.com/favicon.ico
Copyright null 2020 Page 40 of 54
Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ggoJFaE71W8[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 44338
Entropy (8bit): 5.919320193737846
Encrypted: false
SSDEEP: 768:yECozR6oVfONrCtOYuWo7voWLPzoI6KABqAMJFKWQo4t1:ORWQvoWLk0SSG9T
MD5: 3B29377F41E5238E6AB118CAC8607335
SHA1: DAAFF0DB0CBFAF136CB2F3EFE897B8DCDA78DA79
SHA-256: BFCD2F77D3DD1A5CEE4C01BE9D837759237718129649D9F1BBB8EEA4429413E7
SHA-512: 6E9BC5589157228F214CEEA16D28117E9D3F5D4ED2D1EA4D709ED68A885D9A31EE2C724DAC6004563FA648DCFECFB9EC54E92155E95AA01AA9F29C9098258A8B
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/embed/ggoJFaE71W8?rel=0&showinfo=0&theme=light&version=3&hl=en-GB&cc_lang_pref=en-GB&cc_load_policy=1&enablejsapi=1
Preview:<!DOCTYPE html> <html lang="en-GB" dir="ltr" data-cast-api-enabled="true">.<head><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="robots" content="noindex"><style name="www-roboto" >@font-face{font-family:'Roboto';font-style:italic;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:italic;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzQ.woff)format('woff');}</style><script name="www-roboto" >if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "");document.fonts.load("500 10pt Roboto", "");}</script>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googleapis.proxy[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 12568
Entropy (8bit): 5.462199204297753
Encrypted: false
SSDEEP: 192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sozl1:83pw9dk9JO1UkwmR0+Sox1
MD5: 420CC0CF890102328B59AB6A3C5422F7
SHA1: 1EA4758C053FB8B22EE49E73D207DA66C475902D
SHA-256: DC35401EA3251D6A668E51AC654BCB2DB7065ECA466F71C9DF4739C0DF67A57E
SHA-512: EE0285358764FC6568BD4A752B342DFDED71CEDB883DAAAD748FB27D953731425114583F5FCB30BBA37ACFF7244D38B89119DD41AE7545CD941096DB280B91E8
Malicious: false
Reputation: low
IE Cache URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Preview:var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var g=this||self,h=function(a){return a};/*. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&*/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]||c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].*&|[#])jsh=([^&#]*)/g,d=/([?#].*&|[?#])jsh=([^&#]*)/g;if(a=a&&(c.exec(a)||d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googlelogo_clr_74x24px[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1660
Entropy (8bit): 4.301517070642596
Encrypted: false
SSDEEP: 48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5: 554640F465EB3ED903B543DAE0A1BCAC
SHA1: E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256: 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512: 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious: false
Reputation: low
Copyright null 2020 Page 41 of 54
IE Cache URL: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googlelogo_clr_74x24px[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\iframe_api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 1007
Entropy (8bit): 5.300844107992778
Encrypted: false
SSDEEP: 24:E1P5IeJspSQDYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1BLspFcPcSAXC5kaJLzwYhQ
MD5: 9D513BC73E92F4E2CCCC02139CC60E70
SHA1: 42D696DB3A7A8020207724602DB649A4F05E1751
SHA-256: CE05EC794B80CD8C06A55D5E3ACC831B81AC4B42124CCFE7320F972E657EF2D9
SHA-512: 207B54BB77CC028C70CE43D642CF6DF18EE904AB7CAEAE75648F2A8D37F6737C24E2D404823DC6737152AE47891A869BE23A65133689A1FD98F44ADDEFB6B386
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/iframe_api?trustedtypes=1
Preview:var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/408be03a\/www-widgetapi.vflset\/www-widgetapi.js';.try {. var ttPolicy = window.trustedTypes.createPolicy('youtube-widget-api', {createScriptURL: function(x) { return x; }});. scriptUrl = ttPolicy.createScriptURL(scriptUrl);.} catch (e) { }. if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce||c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\lazy.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 52692
Entropy (8bit): 5.475261482582348
Encrypted: false
SSDEEP: 768:VZQUKnvJw4IZBsiweXJzzJx4uDDphLb6PdEpbYbwhi3/sdS2L/StSX1:7DKu4UweXJzluuDDTuERAkF/7F
MD5: 77DEF50C310EF53A3A4FDD282AEC03D9
SHA1: C6BB371AB6C0F7B2B18E998B8ECD7414F6B75CAD
SHA-256: A3E8D4571EFA52F3376B53F5928504391F40E2487B20778F76AE54C92EE9A949
SHA-512: F61B21CF1CF5552C6E8FF4EEABFBB0359640A0005965269DC3BBD6A3BCC915DAE8C63CDBA764AAF6AF6C485C13BFE897121C7E32260C2D885916D3A697774F2C
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},q=ca(this),t=function(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.t("Symbol",function(a){if(a)return a;var b=function(e,f){this.hb=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function()
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=_b,_tp[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 148888
Entropy (8bit): 5.465964474496821
Encrypted: false
SSDEEP: 3072:l1BJIWAALPfzs5w+QPrjmNzZmiWIlMR9Zax:LBBfQ5wNjmmiWuF
MD5: 47D6364CEC58546E9F13B41515492999
SHA1: B61BDAEEB39B36F3D0540730EC79F431C7B92883
SHA-256: F1741C9A5E12A465520F48C8CD1ED05EB96079DD7CDB9A3B7E51777B3E858D24
SHA-512: 1A79BD69A293B03C9FABB5FD45FA815A100D288CAA274E212EC30C6481A0F1A3A0BBA136F84A6BE477C02AC784A46071F69B30A03662A42EA8FFD113CE3D3EBF
Copyright null 2020 Page 42 of 54
Malicious: false
Reputation: low
Preview:"use strict";this.default_IdentityPoliciesUi=this.default_IdentityPoliciesUi||{};(function(_){var window=this;.try{.var za,Ja,La,Oa,Pa,Sa,Ua,Za,ab,ib,mb,pb,Ob,zb,Sb,aa,Tb,Ub,Vb,Xb,Yb,ac,bc;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){return aa[a]=b};_.da=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,_.da);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a));this.g=!0};_.ea=function(a){return a[a.length-1]};_.fa=function(a,b,c){for(var d="string"===typeof a?a.split(""):a,e=a.length-1;0<=e;--e)e in d&&b.call(c,d[e],e,a)};._.ia=function(a,b,c){b=_.ha(a,b,c);return 0>b?null:"string"===typeof a?a.charAt(b):a[b]};_.ha=function(a,b,c){for(var d=a.length,e="string"===typeof a?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ka=function(a,b){return 0<=(0,_.ja)(a,b)};_.la=function(a){if(!Array.isArray(a))for(var b=a.length-1;0<=b;b--)delete a[b];a.length=0};_.ma=function(a,b){_.ka(a,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=_b,_tp[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\m=syl,i5dxUd,RAnnUd,syi,syj,uu7UOe,soHxf[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 19101
Entropy (8bit): 5.624370489503956
Encrypted: false
SSDEEP: 384:OA3AvAjAKjjFmArK8PHvH3g3l9b4LIJUbi8i5aZGQ9W8:zwYj5fn3g30ji8iaZGQI8
MD5: C9D638F21CA76D9B654B2C01AF74D7BE
SHA1: 54990CC58D8D6F48770A8E7289730520055A28E3
SHA-256: 8B3B65066B572BD0F6FBB18D91DF2A12EF686642749F64B32BC8E555FEB9F313
SHA-512: F413500C947089FC6FD2457E7702A9D4E7E781E22DB2178E9353062D172DEC68E9D8BC6A0925CAE028EA90230A38686494504EB140E0183FDABEBF6E096DF3F1
Malicious: false
Reputation: low
Preview:this._G=this._G||{};(function(_){var window=this;.try{._.k("syl");./*.. Copyright 2016 Google Inc... Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. LIABILITY, WHETHER IN AN ACTIO
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\permission_to_use_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 12347
Entropy (8bit): 5.139617539052174
Encrypted: false
SSDEEP: 384:B9kl5Dmaakbw67TXndEj6jrwUZ0v5aCJQX:BEI/QX
MD5: F57248C618F74BA96984DC470980EC21
SHA1: 88E6E1AEACF5045C37AA32D9052977E1A1F44FA7
SHA-256: 76B815911DB76B8BB8398A439048983DF21DAB85B06615F4FBBD734D19C9A8ED
SHA-512: F08F9C301A1CEEAA1B151FE9419066D0E6CDC48A399CFB30147933BE66E1398777FFC332989E9BCDBA89A988BBDECC176459188501FEFF753ED6712DF364C14C
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/permission_to_use_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1,.cls-13,.cls-14,.cls-26,.cls-27,.cls-28,.cls-29,.cls-3,.cls-30,.cls-31,.cls-35,.cls-4,.cls-40,.cls-43{fill:none;}.cls-2{isolation:isolate;}.cls-3{stroke:#f1f3f4;}.cls-13,.cls-14,.cls-26,.cls-27,.cls-28,.cls-29,.cls-3,.cls-30,.cls-31,.cls-33,.cls-35,.cls-4,.cls-40{stroke-linecap:round;}.cls-13,.cls-14,.cls-26,.cls-3,.cls-33,.cls-4{stroke-linejoin:round;}.cls-4{stroke:#5f6368;stroke-dasharray:2 4;}.cls-4,.cls-43{opacity:0.1;}.cls-5{fill:#fbbc04;}.cls-37,.cls-38,.cls-6,.cls-7{mix-blend-mode:multiply;}.cls-6{fill:url(#linear-gradient);}.cls-8{fill:url(#linear-gradient-2);}.cls-9{fill:url(#linear-gradient-3);}.cls-10,.cls-33,.cls-41{fill:#e8eaed;}.cls-11{fill:url(#linear-gradient-4);}.cls-12{fill:#e9eaed;}.cls-13,.cls-27{stroke:#4285f4;}.cls-13,.cls-14{stroke-width:2px;}.cls-14,.cls-26,.cls-35{stroke:silver;}.cls-15{fill:url(#linear-gradient-5);}.cls-16{fill:#dadce0;}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\postmessageRelay[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 566
Entropy (8bit): 5.18967940169703
Encrypted: false
SSDEEP: 12:haxyErYfhVkrC9sA4xETrwPqJmWmM8ytrI:haJspVkO9szxEw0aSI
MD5: D11A94B3A20095FC7FB26B3B751B068A
SHA1: E3D74598F888B66CD54673E6809153C6807AD568
SHA-256: FE0BF2FABDEBF6C92CDA1FBB21A2B573F67751E86F5F0632059DE896DE2DDCC9
SHA-512: 7B13BB53A6557A6B05DF7CE9F4EBB1A0DEF74B72BFEC11D952EB4DAD50C41007E35C0940B6E527203F22E52C4662F8C196A4C01122C5F3A3A9ED8C6C241820D9
Copyright null 2020 Page 43 of 54
Malicious: false
Reputation: low
Preview:<!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="r4QUSAXAgx6bIoZnt0UGeQ" src='https://ssl.gstatic.com/accounts/o/891994193-postmessagerelay.js'></script></head><body ><script nonce="r4QUSAXAgx6bIoZnt0UGeQ" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\postmessageRelay[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\privacy_checkup_icon[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 2183
Entropy (8bit): 4.54347991131289
Encrypted: false
SSDEEP: 48:q8STtLI+xuWwnZ8ct9jmN1dxo9/nFKz2fWTKrfp+t2:qL1U8cf41Ho9/F/02
MD5: C75528C0EE848EDF85766240B68B2E24
SHA1: 77494574B9FF9AA00FF43F8114B694F7F78447BC
SHA-256: 0AB2FFD0160D09C189AF9772353C7853E833759E369B65874A00BED2F76830AD
SHA-512: 16ED48AADDE68DB93887A515BAD101958B247E5B93AD37D1A90B63F3FA6BDDB3E233333AD443B5AC0256225D085FC217CEC6D5C3FE39858C36B06E5675E5D90E
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/privacy_checkup_icon.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="53" height="62" viewBox="0 0 70 82" fill="none">. <path d="M 26.8292,75.5938 C 44.7667,67.0521 51.173,51.5917 52.7959,40.4021 53.1376,37.925 53.3084,35.3625 53.3938,32.8 V 14.0084 L 26.9147,5.8938 0.4355,14.0084 V 32.8 c 0.0854,2.5625 0.2562,5.0396 0.5979,7.6021 1.5375,11.1896 7.9438,26.65 25.7958,35.1917 z" fill="#4285f4"/>. <path d="m 12.9917,49.3708 c 0,-3.7583 6.6625,-6.8333 14.0083,-7.0042 7.4313,0.1709 14.0084,3.2459 14.0084,7.0042 v 0.3417 c 5.8083,-7.4313 5.0396,-18.023 -1.8792,-24.5146 -6.8333,-6.4063 -17.5104,-6.4063 -24.3437,0 -6.8334,6.4916 -7.6875,17.0833 -1.7938,24.5146 z" fill="#3362b5"/>. <path d="m 41.0084,49.3709 c 0,-3.7584 -6.6625,-6.8334 -14.0084,-7.0042 -7.3458,0.1708 -14.0083,3.2458 -14.0083,7.0042 v 0.3416 c 6.0646,7.7729 17.2542,9.1396 25.0271,2.9896 1.1104,-0.8542 2.1354,-1.8792 2.9896,-2.9896 z" fill="#ffffff"/>. <path d="m 27,39.2917 c 3.8683,0 7.0042,-3.1741 7.0042,-7.0896 0,-3.9154 -3.1359,-7.0896 -7.0042,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\privacy_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 17329
Entropy (8bit): 5.1099250055903545
Encrypted: false
SSDEEP: 192:xjy/JFxKSYW7g41eXA8rb4Ki/tGHtgpA3TubXWTvUWSuWqiPEMwIj0m0N2jiSixG:ZItY7/rBi1GHtP/OjUIjiO
MD5: 38B85604709A03A6EDED024ACE0658A5
SHA1: DD43720C61B45BC4FEC2E253045C5FAAF69082D0
SHA-256: 26A9A11E723631253C50ED9FCB595861246146C849CA1FBA16E23636A380B7CD
SHA-512: 8A627E64CDC780C5B37A741903E4592DB97212DEDE1E32B4C9DB1ABEB3071EE92F359B0355219F395933D172F1362412457F50CE094266B5E1984CCD292C16FA
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/privacy_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="360" height="204" viewBox="0 0 360 204"><defs><linearGradient id="linear-gradient" x1="25" y1="165" x2="50" y2="165" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#9aa0a6" stop-opacity="0"/><stop offset="0.15" stop-color="#9aa0a6" stop-opacity="0.025"/><stop offset="0.306" stop-color="#9aa0a6" stop-opacity="0.1"/><stop offset="0.464" stop-color="#9aa0a6" stop-opacity="0.225"/><stop offset="0.624" stop-color="#9aa0a6" stop-opacity="0.4"/><stop offset="0.786" stop-color="#9aa0a6" stop-opacity="0.626"/><stop offset="0.946" stop-color="#9aa0a6" stop-opacity="0.898"/><stop offset="1" stop-color="#9aa0a6"/></linearGradient><linearGradient id="linear-gradient-2" x1="64" y1="139" x2="64" y2="146" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#5f6368"/><stop offset="1" stop-color="#5f6368" stop-opacity="0"/></linearGradient><clipPath id="clip-path"><circle cx="64" cy="112" r="28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: dropped
Size (bytes): 436
Entropy (8bit): 5.3455016154064054
Encrypted: false
SSDEEP: 12:hYA0HqJmqGak79hLFBkAAqJmPm/esHbmr4Nbx4IQL:hYPcByBvPz7E4NW
MD5: DDEBA1DE8BD3B2A49CD9B0FB296B58DF
SHA1: C0DD60C4C8349A78CB26E16F22D016642C6056BC
SHA-256: 5B237BD93739A2B3BE9ACA499673E1DBEAE09E62E5D81521B1A1D0FE762CF5A7
SHA-512: 083803EDDE2737526F4C3BC61FBEB0CAD149BFD425ED3CDD701F9FED2DB3BE4EB65803A2CD70BBE6F27DC415F4558C71F9DCE79CFEBD7424238DBB1E58E27CC3
Copyright null 2020 Page 44 of 54
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="3v9NSg7wbMcK0DMfOSWjGw==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="3v9NSg7wbMcK0DMfOSWjGw=="></script>.</head>.<body>.</body>.</html>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\proxy[2].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: downloaded
Size (bytes): 436
Entropy (8bit): 5.216535331024667
Encrypted: false
SSDEEP: 12:hYA0HqJmqGFycqy79hLFBkAAqJmPm/esHb5ycqp4Nbx4IQL:hYPcBopBvPz75Y4NW
MD5: F270A32CC64C9640EAF4AE7BBC0D702D
SHA1: 46B26C26DCA4647F8FE33EE0694F00EA377C3A52
SHA-256: 43523758B177383C30F875AFAFABB667439D9A783278133442236B464F464D0D
SHA-512: 1FAF5A90AE9D31C84F676D033CB03ACA6BDCC688866D80833A25668042B64A132E1DFD458D8D6CFD40604CAA45DF65F32DBE54563E0E854B6485AE956DA4BA11
Malicious: false
Reputation: low
IE Cache URL: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.uhBKOtz6fOw.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8GZHNTtpcfighnqAH0uUZTALLzrw%2Fm%3D__features__
Preview:<!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="Es4qmpGeAxg1BiufemcCsQ==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="Es4qmpGeAxg1BiufemcCsQ=="></script>.</head>.<body>.</body>.</html>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 40068, version 1.1
Category: downloaded
Size (bytes): 40068
Entropy (8bit): 7.986363416256898
Encrypted: false
SSDEEP: 768:SZjhV5AtCnIR51aT0aCfvoIypmLL5V+VQLwv0JR9D2juelmPrldaC+Qac7:S5r5KRnECf6aL5V+VQLtmk4QaC
MD5: 3ABA54A73723BD3E90CB74D603687CCD
SHA1: 2C3D597CD36CA5856587C8482557B07DD8633329
SHA-256: A94234B7387BC4E9FA7B73DEDD34E5CC1189A28D526F4DADDECD1C9AB7B86840
SHA-512: 78F4E6514CD81CECC898D151B31B691122715D0239A47AB5D53ACA4F45FC1707DDD8464543D523E355DC1C19FF257C14DF4490D0938518D02BA35AECD72482B6
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
Preview:wOFF..............`.........................GPOS..........<.?..GSUB...........l..ROS/2.......V...`h...cmap...l...<....T.S$cvt .......g...l...wfpgm...........a.A..gasp...............!glyf......Wm.......Nhdmx..i...(...O.....head...p...6...6..N{hhea....... ...$...Uhmtx.......x......+.loca...@...\...\y"..maxp....... ... .J..name...........,+.I.post............]/1.prep..............oNx.d..G.Q.....5.....n. ....d..d..p..o.........Q.....o..y~.....<..0 ....h..'c..d8.;.N'.....@[email protected]......:.<.....r~.c....i..&.C.!Gt.x.jF...r....K...R}[email protected]./i.#..C./Q....pl+..\..$..o.....Hm\.*.....Z..t.".S..-....p..W\...*9..a|IH...9..c.s,.<88dI...%&GD.4..$D$D$.w;.=..%.4N6N].R...V>..O...0q.D$.Ow.HP....7!..v..7.%#.#...;...&?a.W..\oS....P..t+T..........+.K...,.V..h.D.'t......qW......,.e1.n.......}.....G...q..b>.(........#.....#Z./?0~FZ.5...O.".d4.'..|[email protected]`G@K.&.G..yk.......z.2.zB3.g....Mo.......E9..2lq...~H.B\.H..8...&..../.4.k..*6..]R.;.X..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[2].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 38064, version 1.1
Category: downloaded
Size (bytes): 38064
Entropy (8bit): 7.985282250659124
Encrypted: false
SSDEEP: 768:FmLfShvXTNLstzb6V8QZ3+ibkkftFHdur7Lh9JVIzdMIWRirfqiW5Pm9WmX:FmzSdXOhOOA5uDzHIz3WUrPYtmX
MD5: E7BBF7E9E89975E144CBC167F2293FDE
SHA1: 0CB43D4E0ECF79C8AF6629CA1C386EA23FA02C02
SHA-256: A87A298223B431522629F284F2D237773F8257B2DB427904CA95EC20DFC34CDD
SHA-512: 75AD4EF05603116A2C0D16E9C7F793D47602044611F369A83A6AED4D14279809064C43B6EA3BEA28F889F3CE65199DA67CF0685819A8F0C01F5DFC0C97969A7F
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/productsans/v9/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
Copyright null 2020 Page 45 of 54
Static File Info
No static file info
Network Port Distribution
Total Packets: 108
• 53 (DNS)
• 443 (HTTPS)
Preview:wOFF..............G.........................GPOS.......K..:X....GSUB............!?-.OS/2.......Y...`k..cmap...(... ....)9.8cvt ...H...g...l...wfpgm...........a.A..gasp...............!glyf......TD...$...yhdmx..c...'m..Kha`98head...h...6...6..N{hhea....... ...$...Chmtx.......^...l}.*.loca... ...8...8...Pmaxp...X... ... .8..name...x........ P<.post...L...|...{#_.sprep..............oNx.d.%@E1....w*Vpw......]z$S...HT.L&.L.g8.M.....ib....&.......]..${..i..<..A..Y............+.... .[..x...pL.=L.]`.mv...+..x.J.1..G<.$.B&..r..5.zs.q..W..... ?./.1.i.....?...?..uk.&~.I..\YF.6...|<!.:..Jxg.|...0.bb..|..=.=.=G....&!&!CB...Y"............)ij.....*r.....ku.j.9q"....hs...D"._.........X.+02.{*>...";>.....3.([a.'y.L.&."..2.O....*....`..L~.l}....h>x .J...V.8u<..."..Wh......FF"#.8...........=#Q.K..........!.S}...9........bv..V......W.."/....9U}.....5....g.{"..{.....Y.v...T..o..i.s.....|V.Hs..8d..N=..lg..g.HV...E.{;W.w6...R3&.mV..Q"%.<.3tlE.i.3yB62.....>K...l....s.(.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pxiDypQkot1TnFhsFMOfGShVF9eI[2].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\respect_others_illustration[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 7892
Entropy (8bit): 5.105595014134491
Encrypted: false
SSDEEP: 192:oznx2lzR+1dzVvnPDdRtVNI8Yr/f7Qv722duLJd1on:o92FR+1dzVvnPDdRtVNI8Yr/fcj22deY
MD5: ED3915EFE8B38A139B0F2A7E1C79F84A
SHA1: 18F9898BA648076F911B543B385A89C3C86FC4D3
SHA-256: F32FAFCA22A266777D1F33D49AF37372ACD2E50529D5CA8F4BB6D9E3BA1AEA08
SHA-512: 02C2A3EA804F16590105FBAEA28FE02DE166CEC2934580996413019604F36FE23C8F185788DF5D194941647590EA2AA04DB5819942447DE799AC1FB2BB2D9F6D
Malicious: false
Reputation: low
IE Cache URL: https://www.gstatic.com/identity/boq/policies/privacy/respect_others_illustration.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 320 180"><defs><style>.cls-1{fill:#fbbc04;}.cls-2{fill:url(#linear-gradient);}.cls-3{fill:url(#linear-gradient-2);}.cls-4{fill:url(#linear-gradient-3);}.cls-5{fill:#5f6368;}.cls-6{fill:#f8f9fa;}.cls-10,.cls-11,.cls-12,.cls-17,.cls-18,.cls-22,.cls-7,.cls-9{fill:none;}.cls-7{stroke:#3c4043;}.cls-10,.cls-12,.cls-17,.cls-18,.cls-7,.cls-9{stroke-miterlimit:10;}.cls-8{fill:#e9eaed;}.cls-17,.cls-9{stroke:#bec1c6;}.cls-10,.cls-11,.cls-18,.cls-22,.cls-9{stroke-linecap:round;stroke-width:2px;}.cls-10,.cls-22{stroke:#fff;}.cls-11,.cls-12{stroke:#e9eaed;}.cls-11,.cls-22{stroke-linejoin:round;}.cls-13{fill:#bec1c6;}.cls-14{fill:#4285f4;}.cls-15{fill:url(#linear-gradient-4);}.cls-16{fill:#e8eaed;}.cls-18{stroke:#fbbc04;}.cls-19{fill:url(#linear-gradient-5);}.cls-20{fill:#185abc;}.cls-21{fill:#fff;}.cls-23{fill:#e37400;}.cls-24{fill:url(#linear-gradient-6);}</style><linearGradient id="linear-gradient" x1="
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Dec 3, 2020 23:01:44.666109085 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.666495085 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.682465076 CET 443 49757 172.217.16.193 192.168.2.4
TCP Packets
Copyright null 2020 Page 46 of 54
Dec 3, 2020 23:01:44.682591915 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.682691097 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.682876110 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.683793068 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.684182882 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.699841976 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.700330973 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.708333969 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.708379030 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.708408117 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.708436966 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.708576918 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.708645105 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.717055082 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.718210936 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.718521118 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.721767902 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.721803904 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.721842051 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.721853971 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.721868992 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.721878052 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.721893072 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.721935987 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.727914095 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.728336096 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.735117912 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.735163927 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.735217094 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.735328913 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.736392021 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.736458063 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.738081932 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.738115072 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.738173962 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.738193035 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.738204002 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.738265991 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.744434118 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.744479895 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.744565010 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.744597912 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.744728088 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.744790077 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.755743980 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.757812977 CET 49757 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.757824898 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:44.774712086 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:44.778623104 CET 443 49757 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:46.600672007 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.618026018 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:46.618083000 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:46.618138075 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.618172884 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.618310928 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:46.618340015 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:46.618380070 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.618393898 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.618683100 CET 49758 443 192.168.2.4 172.217.16.193
Dec 3, 2020 23:01:46.640439034 CET 443 49758 172.217.16.193 192.168.2.4
Dec 3, 2020 23:01:47.476237059 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.486515045 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.492764950 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.492974043 CET 49773 443 192.168.2.4 172.217.23.161
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2020 Page 47 of 54
Dec 3, 2020 23:01:47.493977070 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.502964020 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.503056049 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.503952026 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.510257959 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.518723965 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.518768072 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.518805027 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.518822908 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.518842936 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.518857956 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.518889904 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.518925905 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.520514011 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.523535967 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.523961067 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.524244070 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.530456066 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.530498028 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.530520916 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.530544996 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.530549049 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.530586958 CET 443 49774 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.530602932 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.530643940 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.534274101 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.534766912 CET 49774 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.540179014 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.540214062 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.540246964 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.540267944 CET 443 49773 172.217.23.161 192.168.2.4
Dec 3, 2020 23:01:47.540281057 CET 49773 443 192.168.2.4 172.217.23.161
Dec 3, 2020 23:01:47.540323019 CET 49773 443 192.168.2.4 172.217.23.161
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Dec 3, 2020 23:01:18.578037977 CET 52991 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:18.613811970 CET 53 52991 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:20.295418978 CET 53700 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:20.322503090 CET 53 53700 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:21.231792927 CET 51726 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:21.269495010 CET 53 51726 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:23.460953951 CET 56794 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:23.498081923 CET 53 56794 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:24.362740993 CET 56534 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:24.390178919 CET 53 56534 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:24.412019014 CET 56627 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:24.455275059 CET 53 56627 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:25.194953918 CET 56621 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:25.230551958 CET 53 56621 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:26.547187090 CET 63116 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:26.582767963 CET 53 63116 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:27.411612034 CET 64078 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:27.438896894 CET 53 64078 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:27.453522921 CET 64801 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:27.488775969 CET 53 64801 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:27.516891003 CET 61721 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:27.562690020 CET 53 61721 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:27.712752104 CET 51255 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:27.748260021 CET 53 51255 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:28.048695087 CET 61522 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:28.075629950 CET 53 61522 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:29.701894999 CET 52337 53 192.168.2.4 8.8.8.8
UDP Packets
Copyright null 2020 Page 48 of 54
Dec 3, 2020 23:01:29.728879929 CET 53 52337 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:42.219114065 CET 55046 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:42.246196032 CET 53 55046 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:44.072222948 CET 49612 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:44.108114004 CET 53 49612 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:44.626117945 CET 49285 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:44.658624887 CET 50601 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:44.664165020 CET 53 49285 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:44.682760000 CET 60875 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:44.702104092 CET 53 50601 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:44.718384981 CET 53 60875 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:44.779213905 CET 56448 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:44.806129932 CET 53 56448 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:45.025576115 CET 59172 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:45.061307907 CET 53 59172 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:45.509529114 CET 62420 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:45.552717924 CET 53 62420 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:45.914016962 CET 60579 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:45.926985025 CET 50183 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:45.957175970 CET 53 60579 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:45.962748051 CET 53 50183 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:47.429977894 CET 61531 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:47.473484993 CET 53 61531 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:47.584242105 CET 49228 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:47.611352921 CET 53 49228 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:49.172059059 CET 59794 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:49.228108883 CET 53 59794 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:53.438999891 CET 55916 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:53.466085911 CET 53 55916 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:54.150007010 CET 52752 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:54.177414894 CET 53 52752 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:54.442436934 CET 55916 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:54.469707012 CET 53 55916 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:55.150535107 CET 52752 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:55.177773952 CET 53 52752 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:55.451864958 CET 55916 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:55.479089022 CET 53 55916 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:56.206840038 CET 52752 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:56.233973026 CET 53 52752 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:57.450608015 CET 55916 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:57.477667093 CET 53 55916 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:58.213547945 CET 52752 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:58.240772963 CET 53 52752 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:58.402993917 CET 60542 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:58.446763992 CET 53 60542 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:58.448806047 CET 60689 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:58.492381096 CET 53 60689 8.8.8.8 192.168.2.4
Dec 3, 2020 23:01:58.516055107 CET 64206 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:01:58.562006950 CET 53 64206 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:01.453423977 CET 55916 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:01.480561018 CET 53 55916 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:02.213629007 CET 52752 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:02.240793943 CET 53 52752 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:18.996398926 CET 50904 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:19.023334980 CET 53 50904 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:19.739459038 CET 57525 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:19.766412973 CET 53 57525 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:25.090692043 CET 53814 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:25.117774010 CET 53 53814 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:25.539654016 CET 53418 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:25.566730976 CET 53 53418 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:25.796471119 CET 62833 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:25.823476076 CET 53 62833 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:26.552046061 CET 59260 53 192.168.2.4 8.8.8.8
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2020 Page 49 of 54
Dec 3, 2020 23:02:26.587321043 CET 53 59260 8.8.8.8 192.168.2.4
Dec 3, 2020 23:02:33.651155949 CET 49944 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:02:33.687797070 CET 53 49944 8.8.8.8 192.168.2.4
Dec 3, 2020 23:03:04.914618969 CET 63300 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:03:04.941816092 CET 53 63300 8.8.8.8 192.168.2.4
Dec 3, 2020 23:03:14.232018948 CET 61449 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:03:14.275940895 CET 53 61449 8.8.8.8 192.168.2.4
Dec 3, 2020 23:03:15.618774891 CET 51275 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:03:15.656060934 CET 53 51275 8.8.8.8 192.168.2.4
Dec 3, 2020 23:03:31.411679029 CET 63492 53 192.168.2.4 8.8.8.8
Dec 3, 2020 23:03:31.447315931 CET 53 63492 8.8.8.8 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Dec 3, 2020 23:01:27.516891003 CET 192.168.2.4 8.8.8.8 0xc0dc Standard query (0)
accounts.youtube.com
A (IP address) IN (0x0001)
Dec 3, 2020 23:01:44.626117945 CET 192.168.2.4 8.8.8.8 0x4f4 Standard query (0)
lh3.googleusercontent.com
A (IP address) IN (0x0001)
Dec 3, 2020 23:01:47.429977894 CET 192.168.2.4 8.8.8.8 0x535 Standard query (0)
lh4.ggpht.com A (IP address) IN (0x0001)
Dec 3, 2020 23:01:47.584242105 CET 192.168.2.4 8.8.8.8 0x5df6 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
Dec 3, 2020 23:01:58.448806047 CET 192.168.2.4 8.8.8.8 0xcb84 Standard query (0)
googleads.g.doubleclick.net
A (IP address) IN (0x0001)
Dec 3, 2020 23:01:58.516055107 CET 192.168.2.4 8.8.8.8 0xb892 Standard query (0)
static.doubleclick.net
A (IP address) IN (0x0001)
Dec 3, 2020 23:03:31.411679029 CET 192.168.2.4 8.8.8.8 0x2359 Standard query (0)
stats.g.doubleclick.net
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Dec 3, 2020 23:01:27.562690020 CET
8.8.8.8 192.168.2.4 0xc0dc No error (0) accounts.youtube.com
www3.l.google.com CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:01:44.664165020 CET
8.8.8.8 192.168.2.4 0x4f4 No error (0) lh3.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:01:44.664165020 CET
8.8.8.8 192.168.2.4 0x4f4 No error (0) googlehosted.l.googleusercontent.com
172.217.16.193 A (IP address) IN (0x0001)
Dec 3, 2020 23:01:47.473484993 CET
8.8.8.8 192.168.2.4 0x535 No error (0) lh4.ggpht.com photos-ugc.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:01:47.473484993 CET
8.8.8.8 192.168.2.4 0x535 No error (0) photos-ugc.l.googleusercontent.com
172.217.23.161 A (IP address) IN (0x0001)
Dec 3, 2020 23:01:47.611352921 CET
8.8.8.8 192.168.2.4 0x5df6 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:01:58.492381096 CET
8.8.8.8 192.168.2.4 0xcb84 No error (0) googleads.g.doubleclick.net
pagead46.l.doubleclick.net
CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:01:58.492381096 CET
8.8.8.8 192.168.2.4 0xcb84 No error (0) pagead46.l.doubleclick.net
172.217.21.226 A (IP address) IN (0x0001)
Dec 3, 2020 23:01:58.562006950 CET
8.8.8.8 192.168.2.4 0xb892 No error (0) static.doubleclick.net
static-doubleclick-net.l.google.com
CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:03:31.447315931 CET
8.8.8.8 192.168.2.4 0x2359 No error (0) stats.g.doubleclick.net
stats.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
Dec 3, 2020 23:03:31.447315931 CET
8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net
108.177.15.154 A (IP address) IN (0x0001)
Dec 3, 2020 23:03:31.447315931 CET
8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net
108.177.15.156 A (IP address) IN (0x0001)
Dec 3, 2020 23:03:31.447315931 CET
8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net
108.177.15.157 A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright null 2020 Page 50 of 54
Dec 3, 2020 23:03:31.447315931 CET
8.8.8.8 192.168.2.4 0x2359 No error (0) stats.l.doubleclick.net
108.177.15.155 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Dec 3, 2020 23:01:44.708436966 CET
172.217.16.193 443 192.168.2.4 49758 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Dec 3, 2020 23:01:44.721878052 CET
172.217.16.193 443 192.168.2.4 49757 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Dec 3, 2020 23:01:47.518842936 CET
172.217.23.161 443 192.168.2.4 49773 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Dec 3, 2020 23:01:47.530586958 CET
172.217.23.161 443 192.168.2.4 49774 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:37:44 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:37:44 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Dec 3, 2020 23:01:58.612243891 CET
172.217.21.226 443 192.168.2.4 49781 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
HTTPS Packets
Copyright null 2020 Page 51 of 54
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
Dec 3, 2020 23:01:58.613171101 CET
172.217.21.226 443 192.168.2.4 49782 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Dec 3, 2020 23:01:58.628298044 CET
172.217.21.226 443 192.168.2.4 49785 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Analysis Process: iexplore.exe PID: 3296 Parent PID: 800Analysis Process: iexplore.exe PID: 3296 Parent PID: 800
General
Copyright null 2020 Page 52 of 54
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 23:01:22
Start date: 03/12/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff744e40000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 23:01:22
Start date: 03/12/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3296 CREDAT:17410 /prefetch:2
Imagebase: 0x390000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296Analysis Process: iexplore.exe PID: 1316 Parent PID: 3296
General
Copyright null 2020 Page 53 of 54