Loading ...

Play interactive tourEdit tour

Analysis Report http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/

Overview

General Information

Sample URL:http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Analysis ID:341762

Most interesting Screenshot:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on logo template match)
Form action URLs do not match main URL
Found iframes
HTML body contains low number of good links
HTML title does not match URL
Invalid links found
None HTTPS page querying sensitive user data (password, username or email)
Suspicious form URL found
Unusual large HTML page

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5908 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 3560 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on logo template match)Show sources
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/Matcher: Template: google matched
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Form action: http://0.0.0.0/post.php azure 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Form action: http://0.0.0.0/post.php azure 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-190951695&timestamp=1611113064220
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=150297626&timestamp=1611113085267
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: /_/bscframe
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-190951695&timestamp=1611113064220
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=150297626&timestamp=1611113085267
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Iframe src: /_/bscframe
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Number of links: 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Number of links: 0
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Title: Sign in - Google Accounts does not match URL
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Title: Sign in - Google Accounts does not match URL
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Invalid link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&continue=https_%7C%7Caccounts.google.com%7Co%7Coauth2%7Cauth_zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ_E2_88_99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX.html
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Invalid link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Has password / email / username input fields
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Has password / email / username input fields
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Form action: http://0.0.0.0/post.php
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: Form action: http://0.0.0.0/post.php
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Total size: 1586286
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: Total size: 1586286
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="author".. found
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: No <meta name="author".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="author".. found
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="copyright".. found
Source: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/HTTP Parser: No <meta name="copyright".. found
Source: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&flowName=GlifWebSignIn&flowEntry=ServiceLoginHTTP Parser: No <meta name="copyright".. found

Compliance:

barindex
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: so[1].htm.2.drString found in binary or memory: ,[36,"YouTube","0 -2829px","https://www.youtube.com/?gl\u003dGB\u0026tab\u003du1","_blank",false,null,""] equals www.youtube.com (Youtube)
Source: www-widgetapi[1].js.2.drString found in binary or memory: ;var zh=new Set,Ah=0,Bh=0,Ch=["PhantomJS","Googlebot","TO STOP THIS SECURITY SCAN go/scan"];function Y(a,b,c){this.o=this.h=this.i=null;this.m=Ca(this);this.j=0;this.u=!1;this.s=[];this.l=null;this.F=c;this.H={};c=document;if(a="string"===typeof a?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Pb(a.src):"https://www.youtube.com"),this.i=new bf(b),c||(b=Dh(this,a),this.o=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.h=a,this.h.id||(this.h.id="widget"+Ca(this.h)),We[this.h.id]=this,window.postMessage){this.l=new O;Eh(this);b=Q(this.i,"events");for(var d in b)b.hasOwnProperty(d)&& equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: </script> <script nonce="iNNFkoUv5F+aQxJjOB5g">window['sc_initLightbox']();</script> <script data-id="video" nonce="iNNFkoUv5F+aQxJjOB5g">var Maa=Dc(qc(rc("//www.youtube.com/player_api"))),qO=[],rO=!1;function sO(){if(!rO){window.onYouTubeIframeAPIReady=Naa;var a=oh("SCRIPT");ce(a,Maa);document.head.appendChild(a);rO=!0}} equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: b.open("GET","https://www.googleapis.com/youtube/v3/videos?part=snippet%2C+id&key=AIzaSyD-4tE5aKFZYIS_IrfpCDRsgQZbv5VCJZM&id="+a.ka);b.send()} equals www.youtube.com (Youtube)
Source: accounts[1].htm0.2.drString found in binary or memory: function Iea(a){if(Eg())2==sg().rs?window.YT&&window.YT.Player?SW(a,a.o):(qO.push(function(f){SW(this,f)}.bind(a,a.o)),sO()):Ig("//www.youtube.com/embed/"+a.ka+"/?rel=0&cc_load_policy=1&autoplay=1&hl="+window.sc_pageModel.lang); equals www.youtube.com (Youtube)
Source: player_api[1].js.2.drString found in binary or memory: var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/9f996d3e\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"}; equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: accounts.youtube.com
Source: KT0S08Y7.htm.2.drString found in binary or memory: http://0.0.0.0/ServiceLoginAuth
Source: KT0S08Y7.htm.2.drString found in binary or memory: http://0.0.0.0/post.php
Source: operatordeferred_bin_base__en[1].js.2.dr, cb=gapi[1].js0.2.drString found in binary or memory: http://csi.gstatic.com/csi
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-se
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=U
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537.com/accounts/?hl=en#topic=3382296Root
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537.com/accounts/?hl=en45f939.eastus.cloudapp.azure.com/TOS-loc=U
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/2Sign
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/Root
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&cont
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html$H
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.htmlin
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A
Source: RecoverAccount[1].htm.2.dr, operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: http://www.broofa.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: http://www.google.com/help/chatsupport/loading.html
Source: KT0S08Y7.htm.2.drString found in binary or memory: http://www.google.com/support/accounts?hl=en
Source: accounts[1].htm0.2.drString found in binary or memory: http://www.google.com/support/websearch/bin/answer.py?hl=
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://accounts.googl
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://accounts.googl-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://accounts.google.com/
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.drString found in binary or memory: https://accounts.google.com/Logout
Source: KT0S08Y7.htm.2.dr, ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.google.com/RecoverAccount?service=lso&continue=https://accounts.google.com/o/oauth2
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=GB&amp;hl=en-GB
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://accounts.google.com/TOS?loc=GB&amp;hl=en-GB&amp;privacy=true
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: KT0S08Y7.htm.2.dr, ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQ
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: cb=gapi[2].js.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fsupport.google.com&jsh=m%
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://accounts.google.com/signin/recovery?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://accounts.google.com/signin/v2/recoveryideRoot
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.google.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A%2F%2Faccounts
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://accounts.google.com/signin/v2/recoveryideqD7Hbfz38w8kxnaNouLcRiD3YTjX.html
Source: RecoverAccount[1].htm.2.dr, KT0S08Y7.htm.2.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-1909
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=15029
Source: so[1].htm.2.drString found in binary or memory: https://ads.google.com/home/?subid
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: googleapis.proxy[1].js.2.dr, rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr, cb=gapi[2].js.2.dr, so[1].htm.2.drString found in binary or memory: https://apis.google.com
Source: so[1].htm.2.drString found in binary or memory: https://apis.google.com/js/api.js
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://apis.google.com/js/base.js
Source: lazy.min[1].js.2.drString found in binary or memory: https://apis.google.com/js/client.js
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://apis.google.com/js/client.js?onload=%
Source: proxy[2].htm.2.drString found in binary or memory: https://apis.google.com/js/googleapis.proxy.js?onload=startup
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
Source: postmessageRelay[1].htm.2.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Source: so[1].htm.2.drString found in binary or memory: https://artsandculture.google.com/?hl
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://autopush-moltron-pa-googleapis.sandbox.google.com
Source: so[1].htm.2.drString found in binary or memory: https://books.google.co.uk/?hl
Source: so[1].htm.2.drString found in binary or memory: https://calendar.google.com/calendar?tab
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://casespartner-pa.clients6.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://casespartner-pa.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://client-channel.google.com/client-channel/client
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://client-channel.youtube.com/client-channel/client
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://clients4.google.com/invalidation/lcs/client
Source: lazy.min[1].js.2.dr, accounts[1].htm0.2.dr, cb=gapi[2].js.2.dr, cb=gapi[1].js0.2.drString found in binary or memory: https://clients6.google.com
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://console.developers.google.com/
Source: so[1].htm.2.drString found in binary or memory: https://contacts.google.com/?hl
Source: operatordeferred_bin_base__en[1].js.2.dr, lazy.min[1].js.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://content-googleapis-staging.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.dr, lazy.min[1].js.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://content-googleapis-test.sandbox.google.com
Source: cb=gapi[2].js.2.dr, cb=gapi[1].js0.2.drString found in binary or memory: https://content.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.dr, cb=gapi[1].js0.2.drString found in binary or memory: https://csi.gstatic.com/csi
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://dev-externalultron-pa-googleapis.sandbox.google.com
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://developers.google.com/
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://developers.google.com/api-client-library/javascript/reference/referencedocs
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://developers.google.com/youtube/iframe_api_reference#Events
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/document/?usp
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/presentation/?usp
Source: so[1].htm.2.drString found in binary or memory: https://docs.google.com/spreadsheets/?usp
Source: cb=gapi[2].js.2.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: so[1].htm.2.drString found in binary or memory: https://drive.google.com/?tab
Source: so[1].htm.2.drString found in binary or memory: https://duo.google.com/?usp
Source: so[1].htm.2.drString found in binary or memory: https://earth.google.com/web/
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://externalultron-pa.clients6.google.com
Source: css[1].css0.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)format(
Source: accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)format(
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff)
Source: accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format(
Source: accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)format(
Source: accounts[1].htm0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format(
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://g.co/recover
Source: lazy.min[1].js.2.drString found in binary or memory: https://gstatic.com/support/content/resources/
Source: lazy.min[1].js.2.drString found in binary or memory: https://gstatic.com/support/content/resources/%
Source: so[1].htm.2.drString found in binary or memory: https://hangouts.google.com/
Source: so[1].htm.2.drString found in binary or memory: https://jamboard.google.com/?usp
Source: so[1].htm.2.drString found in binary or memory: https://keep.google.com
Source: accounts[1].htm0.2.drString found in binary or memory: https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
Source: so[1].htm.2.drString found in binary or memory: https://mail.google.com/mail/?tab
Source: so[1].htm.2.drString found in binary or memory: https://maps.google.co.uk/maps?hl
Source: so[1].htm.2.drString found in binary or memory: https://meet.google.com?hs
Source: so[1].htm.2.drString found in binary or memory: https://myaccount.google.com/?utm_source
Source: so[1].htm.2.drString found in binary or memory: https://news.google.com/?tab
Source: so[1].htm.2.drString found in binary or memory: https://ogs.google.com/
Source: so[1].htm.2.drString found in binary or memory: https://ogs.google.com/widget/app/so
Source: so[1].htm.2.drString found in binary or memory: https://photos.google.com/?tab
Source: so[1].htm.2.drString found in binary or memory: https://play.google.com/?hl
Source: accounts[1].htm0.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
Source: cb=gapi[2].js.2.drString found in binary or memory: https://plus.google.com
Source: cb=gapi[2].js.2.drString found in binary or memory: https://plus.googleapis.com
Source: so[1].htm.2.drString found in binary or memory: https://podcasts.google.com/
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://punctual-dev.corp.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://realtimesupport.clients6.google.com
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-sta
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://realtimesupport.youtube.com
Source: lazy.min[1].js.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://scone-pa.clients6.google.com
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://signaler-pa.clients6.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://signaler-pa.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://signaler-pa.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://signaler-staging.sandbox.google.com
Source: so[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidprofileupgrade_all_set.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_accounts.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_familylink.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_privacy.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_two_bikes.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: postmessageRelay[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/account.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/family.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/personal.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/privacy.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/safe.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify-email.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/signup/glif/verify.svg
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=KwAAdmADmPAAQ
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/avatar_2x.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/logo_2x.png
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: so[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/gb/images/p1_cfd8cf40.png
Source: so[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/gb/images/p2_136ed2e0.png
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://ssl.gstatic.com/gb/js/
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png
Source: lazy.min[1].js.2.drString found in binary or memory: https://ssl.gstatic.com/inproduct_help/guidedhelp/guide_inproduct.js
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://ssl.gstatic.com/support/realtime
Source: accounts[1].htm0.2.drString found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/
Source: operatorParams[1].json.2.drString found in binary or memory: https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base.js
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://ssl.gstatic.com/ui/v1/activityindicator/loading.svg
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/ui/v1/icons/common/x_8px.png
Source: KT0S08Y7.htm.2.drString found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark.png
Source: so[1].htm.2.drString found in binary or memory: https://stadia.google.com/
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://staging-casespartner-pa-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://staging-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://staging-realtimesupport-googleapis.sandbox.youtube.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://staging-supportcases-pa-googleapis.corp.google.com
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.corp.google.com
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://support.google
Source: accounts[1].htm0.2.dr, so[1].htm.2.drString found in binary or memory: https://support.google.com
Source: {FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: https://support.google.com/acco
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.google.com/accounts/
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://support.google.com/accounts/?hl=en
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://support.google.com/accounts/?hl=en#topic=3382296
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://support.google.com/accounts/?hl=en#topic=3382296cloudapp.azure.com/TOS-loc=US&hl=en.htmlinue
Source: ~DF647CF66800DC8527.TMP.1.drString found in binary or memory: https://support.google.com/accounts/?hl=en45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.htmlinue
Source: m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js.2.drString found in binary or memory: https://support.google.com/accounts/answer/7162782
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?hl=
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?hl=en-GB
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=existing-account
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/accounts?p=signin_privatebrowsing
Source: operatorParams[1].json.2.drString found in binary or memory: https://support.google.com/chat-upload/support-cases/resumable
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/chrome/answer/6130773
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/chromebook/?p=familylink_accounts?hl=
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/families/answer/7101025
Source: imagestore.dat.2.drString found in binary or memory: https://support.google.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://support.google.com/favicon.ico~
Source: accounts[1].htm0.2.drString found in binary or memory: https://support.google.com/inapp/rts_frame
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://supportcases-pa-googleapis.corp.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://test-casespartner-pa.sandbox.googleapis.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://test-externalultron-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://test-realtimesupport-googleapis.sandbox.google.com
Source: lazy.min[1].js.2.drString found in binary or memory: https://test-scone-pa-googleapis.sandbox.google.com
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://test-supportcases-pa-googleapis.corp.google.com
Source: so[1].htm.2.drString found in binary or memory: https://translate.google.co.uk/?hl
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: cb=gapi[2].js.2.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: so[1].htm.2.drString found in binary or memory: https://www.blogger.com/?tab
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: so[1].htm.2.drString found in binary or memory: https://www.google.co.uk/finance?tab
Source: so[1].htm.2.drString found in binary or memory: https://www.google.co.uk/intl/en/about/products?tab
Source: so[1].htm.2.drString found in binary or memory: https://www.google.co.uk/save
Source: so[1].htm.2.drString found in binary or memory: https://www.google.co.uk/shopping?hl
Source: so[1].htm.2.drString found in binary or memory: https://www.google.co.uk/webhp?tab
Source: RecoverAccount[1].htm.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://www.google.com
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.drString found in binary or memory: https://www.google.com/_/og/promos/
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/accounts/TOS
Source: so[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/?brand
Source: so[1].htm.2.drString found in binary or memory: https://www.google.com/enterprise/marketplace
Source: imagestore.dat.2.drString found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://www.google.com/favicon.ico~
Source: RecoverAccount[1].htm.2.dr, rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.dr, accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/recaptcha/api.js?onload=%
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.google.com/search?q=
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.google.com/settings/hatsv2
Source: operatordeferred_bin_base__en[1].js.2.drString found in binary or memory: https://www.googleapis.com
Source: cb=gapi[1].js0.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.login
Source: cb=gapi[2].js.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: cb=gapi[2].js.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.googleapis.com/youtube/v3/videos?part=snippet%2C
Source: analytics[1].js.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: so[1].htm.2.drString found in binary or memory: https://www.gstatic.com
Source: so[1].htm.2.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.re6vWKa2bgc.
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: RecoverAccount[1].htm.2.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: accounts[1].htm0.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png
Source: lazy.min[1].js.2.drString found in binary or memory: https://www.gstatic.com/support/content/resources/
Source: lazy.min[1].js.2.drString found in binary or memory: https://www.gstatic.com/support/content/resources/%
Source: lazy.min[1].js.2.drString found in binary or memory: https://www.gstatic.com/support/help/staging/main_frame/help_panel_staging_binary.js
Source: www-widgetapi[1].js.2.dr, player_api[1].js.2.drString found in binary or memory: https://www.youtube.com
Source: so[1].htm.2.drString found in binary or memory: https://www.youtube.com/?gl
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.212.129:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.206.33:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.win@3/88@5/2
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFC2B9C593EF906210.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Drive-by Compromise1Windows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/0%Avira URL Cloudsafe
http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/100%SlashNextFake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.google.co.uk/intl/en/about/products?tab0%URL Reputationsafe
https://www.google.co.uk/intl/en/about/products?tab0%URL Reputationsafe
https://www.google.co.uk/intl/en/about/products?tab0%URL Reputationsafe
https://www.google.co.uk/intl/en/about/products?tab0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
https://accounts.googl0%URL Reputationsafe
https://accounts.googl0%URL Reputationsafe
https://accounts.googl0%URL Reputationsafe
https://accounts.googl0%URL Reputationsafe
https://translate.google.co.uk/?hl0%URL Reputationsafe
https://translate.google.co.uk/?hl0%URL Reputationsafe
https://translate.google.co.uk/?hl0%URL Reputationsafe
https://translate.google.co.uk/?hl0%URL Reputationsafe
https://books.google.co.uk/?hl0%URL Reputationsafe
https://books.google.co.uk/?hl0%URL Reputationsafe
https://books.google.co.uk/?hl0%URL Reputationsafe
https://books.google.co.uk/?hl0%URL Reputationsafe
https://www.google.co.uk/webhp?tab0%URL Reputationsafe
https://www.google.co.uk/webhp?tab0%URL Reputationsafe
https://www.google.co.uk/webhp?tab0%URL Reputationsafe
https://www.google.co.uk/webhp?tab0%URL Reputationsafe
http://router-537.com/accounts/?hl=en#topic=3382296Root0%Avira URL Cloudsafe
https://www.google.co.uk/finance?tab0%URL Reputationsafe
https://www.google.co.uk/finance?tab0%URL Reputationsafe
https://www.google.co.uk/finance?tab0%URL Reputationsafe
https://www.google.co.uk/finance?tab0%URL Reputationsafe
http://0.0.0.0/post.php0%Avira URL Cloudsafe
https://maps.google.co.uk/maps?hl0%URL Reputationsafe
https://maps.google.co.uk/maps?hl0%URL Reputationsafe
https://maps.google.co.uk/maps?hl0%URL Reputationsafe
https://maps.google.co.uk/maps?hl0%URL Reputationsafe
https://www.google.co.uk/shopping?hl0%URL Reputationsafe
https://www.google.co.uk/shopping?hl0%URL Reputationsafe
https://www.google.co.uk/shopping?hl0%URL Reputationsafe
https://www.google.co.uk/shopping?hl0%URL Reputationsafe
https://www.google.co.uk/save0%URL Reputationsafe
https://www.google.co.uk/save0%URL Reputationsafe
https://www.google.co.uk/save0%URL Reputationsafe
https://www.google.co.uk/save0%URL Reputationsafe
http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A0%Avira URL Cloudsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://www.google.%/ads/ga-audiences0%URL Reputationsafe
https://support.google0%URL Reputationsafe
https://support.google0%URL Reputationsafe
https://support.google0%URL Reputationsafe
https://support.google0%URL Reputationsafe
http://0.0.0.0/ServiceLoginAuth0%Avira URL Cloudsafe
http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
photos-ugc.l.googleusercontent.com
216.58.206.33
truefalse
    high
    googlehosted.l.googleusercontent.com
    216.58.212.129
    truefalse
      high
      accounts.youtube.com
      unknown
      unknownfalse
        high
        favicon.ico
        unknown
        unknownfalse
          unknown
          www.youtube.com
          unknown
          unknownfalse
            high
            lh3.googleusercontent.com
            unknown
            unknownfalse
              high
              lh4.ggpht.com
              unknown
              unknownfalse
                high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://staging-realtimesupport-googleapis.sandbox.youtube.comoperatordeferred_bin_base__en[1].js.2.drfalse
                  high
                  http://www.apache.org/licenses/LICENSE-2.0RecoverAccount[1].htm.2.dr, operatordeferred_bin_base__en[1].js.2.drfalse
                    high
                    https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72accounts[1].htm0.2.drfalse
                      high
                      https://www.google.co.uk/intl/en/about/products?tabso[1].htm.2.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      http://www.broofa.comoperatordeferred_bin_base__en[1].js.2.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://accounts.googl{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://translate.google.co.uk/?hlso[1].htm.2.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://books.google.co.uk/?hlso[1].htm.2.drfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      unknown
                      https://casespartner-pa.youtube.comoperatordeferred_bin_base__en[1].js.2.drfalse
                        high
                        https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.htmlcb=gapi[1].js0.2.drfalse
                          high
                          https://www.google.co.uk/webhp?tabso[1].htm.2.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://router-537.com/accounts/?hl=en#topic=3382296Root{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://signaler-pa.youtube.comoperatordeferred_bin_base__en[1].js.2.drfalse
                            high
                            https://g.co/recoverRecoverAccount[1].htm.2.drfalse
                              high
                              https://realtimesupport.youtube.comoperatordeferred_bin_base__en[1].js.2.drfalse
                                high
                                https://www.google.co.uk/finance?tabso[1].htm.2.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://0.0.0.0/post.phpKT0S08Y7.htm.2.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://maps.google.co.uk/maps?hlso[1].htm.2.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://www.google.co.uk/shopping?hlso[1].htm.2.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://www.youtube.comwww-widgetapi[1].js.2.dr, player_api[1].js.2.drfalse
                                  high
                                  https://www.google.co.uk/saveso[1].htm.2.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://router-537e.com/signin/v2/recoveryidentifier?service=lso&continue=https%3A{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.google.%/ads/ga-audiencesanalytics[1].js.2.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  low
                                  https://support.google{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  https://client-channel.youtube.com/client-channel/clientoperatordeferred_bin_base__en[1].js.2.drfalse
                                    high
                                    https://www.youtube.com/?glso[1].htm.2.drfalse
                                      high
                                      http://0.0.0.0/ServiceLoginAuthKT0S08Y7.htm.2.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://router-537e.com/RecoverAccount?service=lso&continue=https://accounts.googl{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://stats.g.doubleclick.net/j/collectanalytics[1].js.2.drfalse
                                        high
                                        https://www.blogger.com/?tabso[1].htm.2.drfalse
                                          high
                                          https://accounts.youtube.com/accounts/CheckConnection?pmpoRecoverAccount[1].htm.2.dr, KT0S08Y7.htm.2.drfalse
                                            high
                                            https://staging-casespartner-pa-googleapis.sandbox.youtube.comoperatordeferred_bin_base__en[1].js.2.drfalse
                                              high

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              216.58.206.33
                                              unknownUnited States
                                              15169GOOGLEUSfalse
                                              216.58.212.129
                                              unknownUnited States
                                              15169GOOGLEUSfalse

                                              General Information

                                              Joe Sandbox Version:31.0.0 Red Diamond
                                              Analysis ID:341762
                                              Start date:19.01.2021
                                              Start time:19:23:37
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 4m 10s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:browseurl.jbs
                                              Sample URL:http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:8
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal52.phis.win@3/88@5/2
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Browsing link: https://accounts.google.com/RecoverAccount?service=lso&continue=https://accounts.google.com/o/oauth2/auth?zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX
                                              • Browsing link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/SignUp-service=lso&continue=https_%7C%7Caccounts.google.com%7Co%7Coauth2%7Cauth_zt=ChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ_E2_88_99APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX.html
                                              • Browsing link: http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/TOS-loc=US&hl=en.html
                                              • Browsing link: http://www.google.com/support/accounts?hl=en
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 88.221.62.148, 13.82.197.115, 142.250.180.106, 216.58.206.35, 142.250.180.110, 216.58.208.131, 52.147.198.201, 168.61.161.212, 216.58.198.13, 142.250.180.68, 216.58.209.46, 40.88.32.150, 51.104.139.180, 142.250.180.78, 216.58.212.142, 142.250.180.131, 216.58.206.78, 216.58.208.174, 142.250.180.142, 142.250.180.174, 216.58.205.74, 216.58.208.170, 152.199.19.161, 2.18.68.82, 104.42.151.234, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209
                                              • Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, scone-pa.clients6.google.com, au.download.windowsupdate.com.edgesuite.net, ssl.gstatic.com, arc.msn.com.nsatc.net, support.google.com, ogs.google.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com, audownload.windowsupdate.nsatc.net, realtimesupport.clients6.google.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, www-google-analytics.l.google.com, plus.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, youtube-ui.l.google.com, www3.l.google.com, play.google.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, apis.google.com, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASN

                                              No context

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\B3WIOZ18\support.google[1].xml
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):39
                                              Entropy (8bit):2.469670487371862
                                              Encrypted:false
                                              SSDEEP:3:D90aK1r0aK1r0aKb:JFK1rFK1rFKb
                                              MD5:B9C5EB570521110110BB7DFF12AF780D
                                              SHA1:27F5BEBC2200FD8D0B51A93D1357EA954BE44079
                                              SHA-256:90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
                                              SHA-512:BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355
                                              Malicious:false
                                              Reputation:low
                                              Preview: <root></root><root></root><root></root>
                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\XFJKAGBC\accounts.google[1].xml
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):94
                                              Entropy (8bit):4.499718652390524
                                              Encrypted:false
                                              SSDEEP:3:D90aK1ryRtFwsoIcDAqFf32W/GXROqSRgbFKb:JFK1rUFxmAq932W/YIwkb
                                              MD5:12C8D76485E737D7016BE1E2F6ECBC0F
                                              SHA1:DDE8ADBEE77FE2264FC589002FF2B0833130A511
                                              SHA-256:FE6B4801BD7B61AE19CDEE9A909167CA3B33F980F8FACF53C1A7B928C913F6E7
                                              SHA-512:C204F15F9BB8EF63EAA3079B8730FE55DE5A44A98025D8A9793C8BE7472D059007C69B26D7A0C757AAD2D29A39D8884B9B8A8ABE2A39797389661570D85700E3
                                              Malicious:false
                                              Reputation:low
                                              Preview: <root></root><root><item name="promo" value="{}" ltime="3434543168" htime="30863067" /></root>
                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC898B7F-5ACE-11EB-90E4-ECF4BB862DED}.dat
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:Microsoft Word Document
                                              Category:dropped
                                              Size (bytes):30296
                                              Entropy (8bit):1.8611317900083342
                                              Encrypted:false
                                              SSDEEP:48:IwBGcpr4GwpLVG/ap8drGIpcSq3GvnZpvSq/GoYgqp9Sq0Go4kbopmSbGWYucK9V:r3ZgZx2d9WShtSRfSshMSRSdS/fSXsX
                                              MD5:01138F8A88F8EE808CEF259D542CF3E1
                                              SHA1:B646033F5807235DEF5F8754048A6498B8E5F541
                                              SHA-256:B404E676E82E2885BB0116CF64337BFF726AC056151B1D6FBA1C4737156A96A2
                                              SHA-512:820EBFB10F2175A61AEDB5B31BD6F3E7C1B29FEEA8AA3D3FBF3B87800A6BCAE55ABC2F5465FE5ABA80AD4CDF24C4E1638B96027DE980D7B4C3D364037A4CABA0
                                              Malicious:false
                                              Reputation:low
                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC898B81-5ACE-11EB-90E4-ECF4BB862DED}.dat
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:Microsoft Word Document
                                              Category:dropped
                                              Size (bytes):141358
                                              Entropy (8bit):3.0263014290103265
                                              Encrypted:false
                                              SSDEEP:1536:jZ5K+5ItX+QuVWhPsM3YYWVj+azRPFvmiFv6dACANAhAF41FvZf0ASAYS3KeAFn1:jZ5X5m3rq+iFcdCKR1FxMhii
                                              MD5:F9E7FBC5294C56E98BCEB1AF5CB065A4
                                              SHA1:6F5F50E50AB21895C0AF45DBB1CDEEAB0880D989
                                              SHA-256:8967DF79F9E000B936BC4F03D56DAFF0F0A109F2D7D8855B284D596423F998E5
                                              SHA-512:BB4AC6A229C9EFB7D7CA4DCC060BDA49D35CE723A947A8E3313CA5B805BEF548EBA1614A781C9C29F4AA2E9C9C0FC26B661D4E5308A8BA13E7529AC0D69E9358
                                              Malicious:false
                                              Reputation:low
                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC898B82-5ACE-11EB-90E4-ECF4BB862DED}.dat
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:Microsoft Word Document
                                              Category:dropped
                                              Size (bytes):16984
                                              Entropy (8bit):1.5668284606624958
                                              Encrypted:false
                                              SSDEEP:48:IweGcprLGwpa1G4pQhGrapbSQrGQpKjG7HpRjsTGIpG:rCZFQn6xBSQFAyTj4A
                                              MD5:9CA0AC6E796B080D3553E0C88F3BD817
                                              SHA1:790AE2C06C962BEB49BF34D8A1293A02809D950F
                                              SHA-256:15410CB4227B116104C790FD1D379FFFA330FBADC7A7BEEF7901280D8D6702D2
                                              SHA-512:AFE88DA7F4B22A01E4DDB2683BF3FD28D843F04801107D1498CE627288D50870A518407D7BE3165DA7214706BFADFCF6EE78C15FF23904D407D9A7BFD349D49C
                                              Malicious:false
                                              Reputation:low
                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):11312
                                              Entropy (8bit):3.747525404305158
                                              Encrypted:false
                                              SSDEEP:96:YvIJct+kP47v+rcqlBPG9RHvIJct+cHP47v+rcqlBPG96:YvI6tdPqWceBPG3vI6ttPqWceBPGo
                                              MD5:9BAAAEFB759F42BE96358DBEDA269A74
                                              SHA1:9B0C11AFF19654099C20DE2E6A8B0D2EBAECCFEB
                                              SHA-256:0ABEC99EBC0E38897BF9828CE04D3FD3932F4E1314FFBB07259A0A0600CEA0D7
                                              SHA-512:CEEBFFEF0AB0DC9D1DD294AAB3B8EF6432EAB96EBB5EE411705F44314CFD8163350F6455A34FE929FE7A1B9BF00B5F7272FA8BF87566FE5B2E5D39A58A1EF020
                                              Malicious:false
                                              Reputation:low
                                              Preview: ".h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 19888, version 1.1
                                              Category:downloaded
                                              Size (bytes):19888
                                              Entropy (8bit):7.96899630573477
                                              Encrypted:false
                                              SSDEEP:384:0c6bX9TSzYzCrQH+qXM6C0ouF0xcYye+5x/U3S0X5v+obEgm:0cCV8GuPVyzx/MS0X5v+oI/
                                              MD5:CF6613D1ADF490972C557A8E318E0868
                                              SHA1:B2198C3FC1C72646D372F63E135E70BA2C9FED8E
                                              SHA-256:468E579FE1210FA55525B1C470ED2D1958404512A2DD4FB972CAC5CE0FF00B1F
                                              SHA-512:1866D890987B1E56E1337EC1E975906EE8202FCC517620C30E9D3BE0A9E8EAF3105147B178DEB81FA0604745DFE3FB79B3B20D5F2FF2912B66856C38A28C07EE
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff
                                              Preview: wOFF......M.................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......P...`u.#.cmap...0.......L....cvt .......H...H+~..fpgm...(...3...._...gasp...\............glyf...h..:q..i..+ Ohdmx..F....f........head..GD...6...6...\hhea..G|.......$.&..hmtx..G....d.....E#loca..J.........\s@.maxp..K.... ... ....name..K........~..9.post..L........ .m.dprep..L........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[2].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 20356, version 1.1
                                              Category:downloaded
                                              Size (bytes):20356
                                              Entropy (8bit):7.972919215442608
                                              Encrypted:false
                                              SSDEEP:384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
                                              MD5:ADCDE98F1D584DE52060AD7B16373DA3
                                              SHA1:0A9B76D81989A7A45336EBD7B48ED25803F344B9
                                              SHA-256:806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
                                              SHA-512:7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
                                              Preview: wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOmCnqEu92Fr1Mu4mxM[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 20268, version 1.1
                                              Category:downloaded
                                              Size (bytes):20268
                                              Entropy (8bit):7.970212610239314
                                              Encrypted:false
                                              SSDEEP:384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
                                              MD5:60FA3C0614B8FB2F394FA29944C21540
                                              SHA1:42C8AE79841C592A26633F10EE9A26C75BCF9273
                                              SHA-256:C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
                                              SHA-512:C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
                                              Preview: wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\LDZ5E2H9.js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):3177
                                              Entropy (8bit):5.039135441491122
                                              Encrypted:false
                                              SSDEEP:48:x7aE6E0EMEogE5ElEtEEEfEXEWEzEeE9EAEJE3LEvoESEYELEi6ERE0EtEcEcEhz:xYg4ICyKY
                                              MD5:35FFA9557825DBC0735CC5E9C57DA77A
                                              SHA1:A4148AF1D62B70F397490FBCEE9BBCBCA8F20AD3
                                              SHA-256:7F7C8679DE8FE0C9042FD4E0E50CDFB3A3EDE62A1ABAACEB51BAF121C13A3CFB
                                              SHA-512:08CA4C900C377C742C685D317994785895AD83DAFB189EAEF259265532745066AD8C4C892CBCB8B7042959BCD94AF0872057E0B614885395E1D5EDACD0C53389
                                              Malicious:false
                                              Reputation:low
                                              Preview: this._G=this._G||{};(function(_){var window=this;.try{._.k("xUdipf");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("NpD4ec");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("SF3gsd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("qfNSff");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("NwH0H");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("YLQSd");._.zu(_.ty);.._.l();..}catch(e){_._DumpException(e)}.try{._.k("lCVo3d");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("o02Jie");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("rHjpXd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("pB6Zqd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("MB66Qc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("QLpTOd");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("oWOlDb");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("n73qwf");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("MpJwZc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("zf3eV");.._.l();..}catch(e){_.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background_gradient[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                              Category:dropped
                                              Size (bytes):453
                                              Entropy (8bit):5.019973044227213
                                              Encrypted:false
                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                              Malicious:false
                                              Reputation:low
                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bullet[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):447
                                              Entropy (8bit):7.304718288205936
                                              Encrypted:false
                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                              Malicious:false
                                              Reputation:low
                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cb=gapi[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):51432
                                              Entropy (8bit):5.555402766212286
                                              Encrypted:false
                                              SSDEEP:1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WwXRF1OVxK4X:pK4ye0RkwXR+X
                                              MD5:380373FCD08CB642C251152059997DB6
                                              SHA1:12773E4A16BF1B1D37967CEF5FBA90666E93ABBB
                                              SHA-256:98C669FC51080B27E219227634C7054D28012A063D8E58FCDA823D3688A8A458
                                              SHA-512:8B2C0AEA25A3C5A50DBE4354307F9FFF03D13966F1557D59156347E06C443897DA2A764F806A95779D34F72BA387F079F9BFD0FCEE5C59B0503C5E547D93C571
                                              Malicious:false
                                              Reputation:low
                                              Preview: /* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\chatsupport[1].css
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines, with no line terminators
                                              Category:downloaded
                                              Size (bytes):7598
                                              Entropy (8bit):5.238477683745263
                                              Encrypted:false
                                              SSDEEP:192:+d36+swcre98YZwXO1JHq6PrLJRLwMKaSkZkF:Sz8Yjq6DLJ8aTZm
                                              MD5:81F4E76B75BC005C6C7C42E935F12BE1
                                              SHA1:1957A432A56569F9072DC082941222ECF58EE426
                                              SHA-256:EC79CAA8A2B64067631B65AFB295851C8C9F47CCA34B8AB53D341B32EA0C51E6
                                              SHA-512:79E2138BDDFEF6A632F38282CDF960CC86427A69EDE126159C47500152AEBFA5C5727D408F61D9A191A113382913FFB9CD1F1714B7AF5B6D91F7720345B0B012
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/support/realtime/operator/1610960497650/chatsupport.css
                                              Preview: #topSection{width:100%;height:4px;overflow:hidden}#bottomSection{width:100%;height:calc(100% - 4px);overflow:hidden;box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 2px 6px 2px rgba(60,64,67,.15)}.chatsupport_a{width:12px;height:100%}.chatsupport_b{width:calc(100% - 32px);height:100%}.chatsupport_c{width:4px;height:100%}.chatsupport_d{width:calc(100% - 8px);height:100%;box-shadow:0px 0px 5px #888}.chatsupport_e{width:100%;height:8px}.chatsupport_f{width:100%;height:calc(100% - 8px)}.chatsupport_g{overflow:hidden;display:block;z-index:10000001;bottom:0px;position:fixed}.chatsupport_h{top:4px;position:relative;left:4px}.chatsupport_i{top:4px;position:relative;right:4px}.chatsupport_j{width:100%;height:100%;background:none;vertical-align:bottom;visibility:visible;opacity:1}.chatsupport_k{display:inline-block;vertical-align:top}.chatsupport_l-m.chatsupport_n-m{box-sizing:content-box;font-family:Arial,sans-serif;font-size:13px;position:fixed;width:400px;z-index:10000001}.chatsupport_o .cha
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):372
                                              Entropy (8bit):5.148489744650841
                                              Encrypted:false
                                              SSDEEP:6:0IFFm15+56Zzhizlpd0celB69JNijFFm15+56ZRWHTizlpd0aFlcLFNin:jFMO6ZN6p4aJqFMO6ZRoT6pIFY
                                              MD5:B961EAC5D8155FF9FB42F9E3DF486FF1
                                              SHA1:7C0B50C477EC1EB6C26C0E12ECC41B6188CB95C7
                                              SHA-256:206D20C2C6E6FE38C42FBCB417EA706E41C340B54E09F46A2DD879FDF83A9663
                                              SHA-512:395433D298B9B66BF1201CF5C97F316E14B9590240A900C37689129C52E8A8DCC8844728B06F4B8462CAD054188BE1C1D1F38DDD5EEB78AEEFDF7FF93B6F9083
                                              Malicious:false
                                              Reputation:low
                                              Preview: @font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                              Category:downloaded
                                              Size (bytes):748
                                              Entropy (8bit):7.249606135668305
                                              Encrypted:false
                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/down.png
                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4720
                                              Entropy (8bit):5.164796203267696
                                              Encrypted:false
                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                              Malicious:false
                                              Reputation:low
                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                              Category:downloaded
                                              Size (bytes):5430
                                              Entropy (8bit):3.6534652184263736
                                              Encrypted:false
                                              SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                              MD5:F3418A443E7D841097C714D69EC4BCB8
                                              SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                              SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                              SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://support.google.com/favicon.ico
                                              Preview: ............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\forbidframing[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):2882
                                              Entropy (8bit):4.101264567053427
                                              Encrypted:false
                                              SSDEEP:48:upYP3V4V1UXvCavVbQdZKUqVtLQI7I6FQ3:u1qlW8rJId3
                                              MD5:5CD4CA3D0F819A2F671983A0692C6DDD
                                              SHA1:BBD2807010E5BA10F26DA2BFA0123944D9521C53
                                              SHA-256:916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B
                                              SHA-512:4420B522CBE8931BBA82B4B6F7E78737F3BB98FC61496826ACB69CFFF266D1AC911B84CB0AEEADD05BD893A5D85D52D51777ED3F62512C4786593689BF2DF7F0
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/forbidframing.htm
                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="LTR">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>Framing Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onload="initUnframeContent();">.... <table width="450" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="red_x.png" id="infoIcon" alt="Info icon">.. </td>.. <td id="unableDisplayAlign" valign="middle" align=
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):12105
                                              Entropy (8bit):5.451485481468043
                                              Encrypted:false
                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                              MD5:9234071287E637F85D721463C488704C
                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                              Malicious:false
                                              Reputation:low
                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http_404[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):6495
                                              Entropy (8bit):3.8998802417135856
                                              Encrypted:false
                                              SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                              MD5:F65C729DC2D457B7A1093813F1253192
                                              SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                              SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                              SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/http_404.htm
                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\info_48[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):4113
                                              Entropy (8bit):7.9370830126943375
                                              Encrypted:false
                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/info_48.png
                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\m=recovery_view[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):205
                                              Entropy (8bit):5.131693631338828
                                              Encrypted:false
                                              SSDEEP:3:YvCKwZfnvM8vvLNzIJvTSHObSLT8qjSvBHcMMaYTgNNw63G+NpbMNYWLCAZXCn:YvlwxVv5zZtL3ccMMaQINw6JpsLCA0
                                              MD5:BFB95698F98DCCDA907BAB5882BB73A1
                                              SHA1:15171EB4B9CD0D3461BD091B574F03CA329C975C
                                              SHA-256:225175BEE3FFF861CC2E90867219EC730FE97595D1BF4FCCA2743293435B5243
                                              SHA-512:D53837F9F8A95E80B3C70FFA18A330A6ABF946AA276E07F6A1E645E1D0DC2FF8B325AAB90802B1C5934AE16C04D54500711B796CE6ACFA5B520F39B56ECA4214
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/accounts/static/_/js/k=gaia.gaiafe_glif.en_GB.8oRFEnI-z7E.O/am=KwAAdmADmPAAQIAJAAAAAAAAADCAbCjLSPW1wvuX/d=0/ct=zgms/rs=ABkqax0Z2ibrr_OufeCY6h90Xt5HBhB6ng/m=recovery_view
                                              Preview: this._G=this._G||{};(function(_){var window=this;.try{._.k("recovery_view");._.sDa.$({template:_.h1a,Wa:_.Z({Sa:_.PP}),title:"ignore"});.._.l();..}catch(e){_._DumpException(e)}.})(this._G);.// Google Inc..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\postmessageRelay[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text, with very long lines, with no line terminators
                                              Category:dropped
                                              Size (bytes):567
                                              Entropy (8bit):5.1546229191485455
                                              Encrypted:false
                                              SSDEEP:6:haxUpErQWR0NNEXW0YBVk3bVfAbplMIzZIT1ZQKpA8GhWEdCivwyYuB96iGhMJmF:haxyErYfhVkrC9sAsERwPMJmWmM8ytrI
                                              MD5:6A5B89E71255FEA93C7786DD8ACC1E6D
                                              SHA1:E9D1A96D0395751DD823B1E3CBA1627A677DFDBE
                                              SHA-256:DF84286F6D12CAB74F750FF9415EE29BB53416FE56E068E9F89355054591400D
                                              SHA-512:E876D82F51D8FFF0A7695914583050A62A798EB42B464A50FE7FE0214F842D365D05B0DE9F3E1478E9D3C81C08E5518B1DC148ED72C9AF33B8A1BFE1C2C175DB
                                              Malicious:false
                                              Reputation:low
                                              Preview: <!DOCTYPE html><html><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=0"><script nonce="/oxTFruIl0y2161GihhDxw" src='https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js'></script></head><body ><script nonce="/oxTFruIl0y2161GihhDxw" type="text/javascript" src="https://apis.google.com/js/rpc:shindig_random.js?onload=init"></script></body></html>
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rs=AA2YrTsHV_6QDwsxjHdOvXnpgoeLwIRQsg[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):114964
                                              Entropy (8bit):5.537656093441219
                                              Encrypted:false
                                              SSDEEP:1536:rhCYftnkNKwf1W0bNO35jPbCnDChlHtyqvHPGzYlwYrCJRCWg2jyK:xJkM0arb+TqvH3wWCJRCWg4
                                              MD5:EA34E25D6FB9F3D4377462934E5107EA
                                              SHA1:811B29961900F6CE526EB9D13C509D476FBA1A1A
                                              SHA-256:489074445207E8CCE04EDDFFA0224CF4C92F3B8ACA98FA935C2BE111E0A787D3
                                              SHA-512:51E8323F03BA746F2722B3A9045544616E9F56661B11010CC70FBCAEA4F6FA979A79E62EFC4914C94442A77BEF5DD6C583CB1195AA1FF79A3C7697C9D50BB6C3
                                              Malicious:false
                                              Reputation:low
                                              Preview: this.gbar_=this.gbar_||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Pj=function(a){switch(a){case 200:case 201:case 202:case 204:case 206:case 304:case 1223:return!0;default:return!1}};._.Qj=function(){};_.Qj.prototype.o=null;.var Sj;Sj=function(){};_.v(Sj,_.Qj);Sj.prototype.j=function(){var a=Tj(this);return a?new ActiveXObject(a):new XMLHttpRequest};Sj.prototype.B=function(){var a={};Tj(this)&&(a[0]=!0,a[1]=!0);return a};var Tj=function(a){if(!a.A&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.A=d}catch(e){}}throw Error("U");}return a.A};._.Rj=new Sj;..}catch(e){_._DumpException(e)}.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/._.Uj=function(a,b,c){a.j||(a.j={});if(!a.j[c]){for(var d=_.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rs=AA2YrTuznPbGtxvpTQcK7pdhZKCAEtCeOg[1].css
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines, with no line terminators
                                              Category:dropped
                                              Size (bytes):301
                                              Entropy (8bit):5.192037061010406
                                              Encrypted:false
                                              SSDEEP:6:6ZwTcqcA2n6gt9VvKcZWbnRVIM6RoeSjIUVY29g+7s8agMNDzY/:6ZfqcA26gAcZWfp6SVY/soY/
                                              MD5:5E1BA7773FBAB75FDF7B3E74BD4AB2F1
                                              SHA1:C0EFB23EA4A186B9936A9D441C3DC4907C507D2A
                                              SHA-256:EB4D490B39F02AE67360FB75D13BEAAE29BBE932C08034A688890A28692C8E1E
                                              SHA-512:CC62BFDE42DE77EE97AB514DF29155A7A6D3992B1C2E30DC3EA97C364CDF073F46F9937DDFD027274E2F1F6A6C6836ACB75046ED0C06DDCEA0EA64175921A822
                                              Malicious:false
                                              Reputation:low
                                              Preview: .gb_Se{background:rgba(60,64,67,0.90);border-radius:4px;color:#ffffff;font:500 12px 'Roboto',arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000}.gb_Jc .gb_Ec{overflow:hidden}.gb_Jc .gb_Ec:hover{overflow-y:auto}sentinel{}
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-widgetapi[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):104641
                                              Entropy (8bit):5.509008180524544
                                              Encrypted:false
                                              SSDEEP:1536:4WYCtaFqtKp3isv7UBXXeFIRSaYsCfcthfo19eYofRCt/H2J/z8xuPbV+vkY6hi4:2FgekXuO1Dqxtkl
                                              MD5:9BB96F192FEA45F2988AA6C66AAEBE60
                                              SHA1:D8033CAC6E43CED2855CC50DC38428A7D2B29215
                                              SHA-256:45411434D7D8FE258124F2E19CBBC37F0379F0882A64EC263840AB3B5C702A9D
                                              SHA-512:1B6736B8D34364B8E3E84BE55113A3F89A5E5E28920AD723152E1EB2E6EB238802F4AFCC12468DA6EEE2910DA1D14B345E90BBCA6AEA7DB7E2499134AEAD220E
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://www.youtube.com/s/player/9f996d3e/www-widgetapi.vflset/www-widgetapi.js
                                              Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var r;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function t(a,b){if(b)a:{for(var c=da,d=a.split("."),e=0;e<d.length-1;e++){var f=d[e];if(!(f in c))break a;c=c[f]}d=d[d.length-1];e=c[d];f=b(e);f!=e&&null!=f&&ba(c,d,{configurable:!0,writable:!0,value:f})}}.t("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 26412, version 1.1
                                              Category:downloaded
                                              Size (bytes):26412
                                              Entropy (8bit):7.982191465892414
                                              Encrypted:false
                                              SSDEEP:768:BXFxTA19K8CdHMT6KHQO8LWhHCWN1ekhzLS:9f29ZYMTwO8qh1nm
                                              MD5:142CAD8531B3C073B7A3CA9C5D6A1422
                                              SHA1:A33B906ECF28D62EFE4941521FDA567C2B417E4E
                                              SHA-256:F8F2046A2847F22383616CF8A53620E6CECDD29CF2B6044A72688C11370B2FF8
                                              SHA-512:ED9C3EEBE1807447529B7E45B4ACE3F0890C45695BA04CCCB8A83C3063C033B4B52FA62B0621C06EA781BBEA20BC004E83D82C42F04BB68FD6314945339DF24A
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
                                              Preview: wOFF......g,................................GDEF.......q........GPOS.......%..+...RGSUB.......y......m.OS/2.......U...`i`..cmap...........~n...cvt ................fpgm...@.......uo..gasp................glyf......>F..m>Q..head..[\...6...6..'.hhea..[.... ...$...3hmtx..[..........<'3loca..^l...{...._.{.maxp..`.... ... ....name..a........V..4.post..a..........i]\prep..et.......^....x.D...Q...3..IX=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....g...x.....6.E..8..........affff.0.B..&.L...B.Nzy..n.T.t~w&..%[.dYzzz.Oe" ..lE.........m..7[s}...[l..)..)...(H.A.@q.57..S.@.._..].*.j.-^N.R...'...]v.0..2n.6...~....X..xN.DN.T..b..*Q5.E.).,QI.....M....6.P."..|..*.tI5.......t..r.(...{M..T}..@.kbNP.I*.9-...=E.U'.{.....p|.t..qJE.9...'...*...z...L./.....rnXQ.6.|.....n.V.....K.?.G...<..<..Q.....C..K(s.PR.x\(..P@.P..z.DL.1.$*../.8A.8Q.r.Pr[e.Rt+~.}9.)E.'.U..z.G..G..OH/H...L.../..{S...EP.%........o.................uN...'.}%..9.F
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2168
                                              Entropy (8bit):5.207912016937144
                                              Encrypted:false
                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                              Malicious:false
                                              Reputation:low
                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 20012, version 1.1
                                              Category:downloaded
                                              Size (bytes):20012
                                              Entropy (8bit):7.966842359681559
                                              Encrypted:false
                                              SSDEEP:384:Yc6bX9TagDCXKqs4+W5XVgaflKHjsGdZtlh3K/qzWz/scZpuB:YcCVaeCaF4ea9KHYQZtlh3Kgy4B
                                              MD5:DE8B7431B74642E830AF4D4F4B513EC9
                                              SHA1:F549F1FE8A0B86EF3FBDCB8D508440AFF84C385C
                                              SHA-256:3BFE46BB1CA35B205306C5EC664E99E4A816F48A417B6B42E77A1F43F0BC4E7A
                                              SHA-512:57D3D4DE3816307ED954B796C13BFA34AF22A46A2FEA310DF90E966301350AE8ADAC62BCD2ABF7D7768E6BDCBB3DFC5069378A728436173D07ABFA483C1025AC
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff
                                              Preview: wOFF......N,................................GDEF.......G...d....GPOS................GSUB............7b..OS/2.......R...`t.#.cmap...4.......L....cvt .......\...\1..Kfpgm...@...2......$.gasp...t............glyf......:...j.'..hdmx..G,...f........head..G....6...6...rhhea..G........$....hmtx..G....a......MOloca..JP........\v@zmaxp..L,... ... ....name..LL..........:.post..M(....... .m.dprep..M<.......S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x...pfK.G...1.c>..`9..m<+;..m.x...bg.M.T...O............l...XU.../{.[_..W....c.._..72.. ." z.+..F.......&.&...`e..T].....K=..K2S....q..d...xf.$~i..$?.d..dU.....@R-/LMO-J6...[]..Z..O.C_."If..d....fS....$d.G>eL`....Tf1.......9.c>..`1.TR..x./d-........q.........7....{...v.....!.....1.QG=.4.D3-..F;=..1'.'q.rw...9..e!.....Q....f......qV.n.h.V.Z]..B..C.[B...V.......v...o.w.{...w..zRO.i=..._.....-.m....].=...[...(1.(.#.....O0/.0?..04rL.G.9.....i6..l..|.(o.....|$,..{|&|....YJ...x.e8B.#..t;R8.{+....\=.....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):47051
                                              Entropy (8bit):5.516264124030958
                                              Encrypted:false
                                              SSDEEP:768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
                                              MD5:53EE95B384D866E8692BB1AEF923B763
                                              SHA1:A82812B87B667D32A8E51514C578A5175EDD94B4
                                              SHA-256:E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
                                              SHA-512:C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://www.google-analytics.com/analytics.js
                                              Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var l=this||self,m=function(a,b){a=a.split(".");var c=l;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING||[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\avatar_2x[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 192 x 192, 8-bit grayscale, non-interlaced
                                              Category:downloaded
                                              Size (bytes):626
                                              Entropy (8bit):6.804758765204737
                                              Encrypted:false
                                              SSDEEP:12:6v/7GeuxDolr/82EgWEV+lvL+aLZyckWKFANZntDG9SkiWsc:3eCDe8XaKadnANl4cWsc
                                              MD5:51116D3ED346AA1A00B4A9393DFE117E
                                              SHA1:2B2394121D8E3E6526F1B6F686E49D61023A0C3F
                                              SHA-256:CDCC6D6DCDA827A694DCE8BFA9A1AB41113B629EF1CC11F886866AF9194C81D0
                                              SHA-512:7D3F2C0F499013BB54D239C770F4BDF910F0D0D6AA8D5BF7D3858FE5767EE1004FAB44A8644A0EF9E8CD2C6C8EB7079805A0A1D6AE414B2F5E6F6987633C30DC
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/accounts/ui/avatar_2x.png
                                              Preview: .PNG........IHDR.............w.3....9IDATx...... .F...O?...H....H.J.<..x....s...|....`.......................................>...`.N?...*.#y.2..W.$...y@..c...,.k.a@...M.*`w...n..;.~....[.....D...L:.d...d.-@..)...%@RC...pj..f.IM%3........6#.....Sc..`Ws.....V.....@Ps..@........K.@{|..S.?...s.?4..R..J..Pb..p..x....../..f.}.e..m...X9c.}..WV.m...........T......&}S.sJ....9..?.C.M@.K.?..\M.j.^'.1W..m.j./.h.....1my.<}.C3.&.n.To..Y....<.|. {]..7......:...z%`u.<.^.8.n).....M.r. ..r.@......}..no...4....p..;..f.i..(.T....T....V..X5... hX...iX..@...8^.P........................................x..|....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\background_gradient[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                              Category:downloaded
                                              Size (bytes):453
                                              Entropy (8bit):5.019973044227213
                                              Encrypted:false
                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/background_gradient.jpg
                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bscframe[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):15
                                              Entropy (8bit):3.906890595608518
                                              Encrypted:false
                                              SSDEEP:3:PouVn:hV
                                              MD5:FE364450E1391215F596D043488F989F
                                              SHA1:D1848AA7B5CFD853609DB178070771AD67D351E9
                                              SHA-256:C77E5168DFFDA66B8DC13F1425B4D3630A6656A3E5ACF707F4393277BA3C8B5E
                                              SHA-512:2B11CD287B8FAE7A046F160BEE092E22C6DB19D38B17888AED6F98F5C3E936A46766FB1E947ECC0CC5964548474B7866EB60A71587A04F1AF8F816DF8AFA221E
                                              Malicious:false
                                              Reputation:low
                                              Preview: <!DOCTYPE html>
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bullet[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):447
                                              Entropy (8bit):7.304718288205936
                                              Encrypted:false
                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                              Malicious:false
                                              Reputation:low
                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cb=gapi[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):100884
                                              Entropy (8bit):5.524623565937768
                                              Encrypted:false
                                              SSDEEP:1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WCjfyQUEZPpIJYoDpA1/HNpHWNXRRF1OVxK4c:pK4ye0RkCjiE3IJTpoHNpHkR+4roC
                                              MD5:9534D32DE45A6E13B5E87DC9FCBF2B14
                                              SHA1:D299559588546F555EFE81E77BE17A7C10F82CD1
                                              SHA-256:79F21D811C42ACBDED1B2A1B86D7E9BB45D58A1F477E6ACF86B5CEC33EFE46C6
                                              SHA-512:EA05BD5432EFDA0655A27AB00649E5B6902215AC042BF3CEF2E8D0107A4DA64803EEF58684B0558B5CC8509F3347BFE7757567A05AC6EDF0036AFBAF9988899A
                                              Malicious:false
                                              Reputation:low
                                              Preview: /* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):613
                                              Entropy (8bit):5.157298093683682
                                              Encrypted:false
                                              SSDEEP:12:UJO6940FD7O6ZRoT6pYwEmr37uqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:G9XD7OYs/UrR/iOYsNxDv/iOYN7Nxw
                                              MD5:DC8AE9686BDE8C1517953AAF4C645E68
                                              SHA1:A95E59D8DDFECBE128C05B8C30E14688F135CA03
                                              SHA-256:AC7E61AF97048090E29FE6561A86B5FCD8F7BEF016C399D0C32683B02F059AD6
                                              SHA-512:5728E987376AE9209E44E677BACFE41F03FBC97B468D5BEE6F43D0CAE95B7F6AF7666DC05094B11C77F7BA72A2C963E4C4CB8C438F0B893B2D0A9C47DCB318D6
                                              Malicious:false
                                              Reputation:low
                                              Preview: /*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Product Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                              Category:dropped
                                              Size (bytes):748
                                              Entropy (8bit):7.249606135668305
                                              Encrypted:false
                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                              Malicious:false
                                              Reputation:low
                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):4720
                                              Entropy (8bit):5.164796203267696
                                              Encrypted:false
                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/errorPageStrings.js
                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo_2x[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 232 x 76, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):5274
                                              Entropy (8bit):7.940636569964172
                                              Encrypted:false
                                              SSDEEP:96:7SIhOGx5zQZ6lsDgVWxxWQa6AmBbbpoFkrkRd4i6Rk7/BO3GXSD+pMI:7SU1xBQZAVeQQa6Am9poF9R96RY/gHD0
                                              MD5:DB5FC480AD614FF46BBA7B3D74E2E5ED
                                              SHA1:5D7830B172CB2A231C6E4539E202B78563BE2139
                                              SHA-256:749ECB257B4DABD6C2D346578FCBE63A96BF94C1F2366496409296167F03B7A7
                                              SHA-512:FC84CF03FE4887492AF460C8105552B222DD4873F919BEB81D19521064F10DBDDBB4BB89613C205123CED4B43A8118A5847790C33A1D6531B38B8753C243C27D
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/accounts/ui/logo_2x.png
                                              Preview: .PNG........IHDR.......L.....g$......bKGD..............pHYs.................tIME......6.(....'IDATx..].t.......Z......R.BB2.1i.<.....K..Z..m.BY{.{".NB.....NY...B.......ao.&.%!XV.{4...z....,..3.3r.....-.~4s.{.....x...-._o..?Q...j4ug0...F.7.#.b|]..R...}5./........c....i...@,up0.ji.io.#Z..........@T?T~..U`.feF....jT[d....^...L...W~...o.....[Qn......f(.....JG.Y4($.8..n%.=i\.}...|s&g..&/....`T....K...@.......4..b..j;...j..ph.jL.HzSi........ci..Y.?.?..Z>..5@.......T...y..#.Gi......(.l.U..i.......L...NhlN...........O..o.._6^o.....Q.....a....c.g......Xy.@S.k........(..GQ..(........DL....O.....'...>W.S..h...i.6FR:....Q...\Pk.#k....4...a..o~p.7Oi..9.`L_.}.7...6l.....{M..<.......|%8..[."Lm."..5.=O...4.PW=..._h......$@]4...GZ.C.zi..n{O4Os.i..pC...K..u.B..$..v....$@]6x.G....K..u... ..,ex.-.&..vx.r.....p.....'C.S.!...!.s.A....1.=..~G.I...V.9f.F....=.7.yC..\o[...%....=.l^o...}q..#.p{~D.1D........G$.q..1.....`,.3PLw.R...rP]R..v.}M.A...!.x&.v....!.....o..f
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\m=bIf8i,omf1Od,zy0vNb,K0PMbc,otPmVb,rlNAl[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):2005
                                              Entropy (8bit):5.29625798374753
                                              Encrypted:false
                                              SSDEEP:48:x7DoEuEfErE+FD7B8oSBUeH2dEUAAkzktkGl:xmD7aNb0AAcktkG
                                              MD5:0F4BF0CD480FFF5EAB08C24A884A14EA
                                              SHA1:098CE4E33F7B38603C3703CA3B08836F8DE79DA3
                                              SHA-256:5C8AEAF501D03A00ECF3831F6B2AD86F6CBF939354737F69A80D810409306A21
                                              SHA-512:53D1C1A593699344497B6E65C7D6C7BA3FF38CBD4604BF4A91ADD15CB43CD05040A04D6AA65E17B8127A207CE42DCDE043ABEBA797574613BADE6C5C24C8A42A
                                              Malicious:false
                                              Reputation:low
                                              Preview: this._G=this._G||{};(function(_){var window=this;.try{._.k("bIf8i");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("omf1Od");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("zy0vNb");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("K0PMbc");.._.l();..}catch(e){_._DumpException(e)}.try{._.k("otPmVb");._.g9=function(a){_.bE.call(this,a.Aa)};_.u(_.g9,_.bE);_.g9.ta=_.bE.ta;_.Vw(_.oua,_.g9);.._.l();..}catch(e){_._DumpException(e)}.try{.var Zzb=function(a){_.x(this,a,0,-1,null,null)};_.v(Zzb,_.q);Zzb.prototype.Ib=function(){return _.r(this,7)};var $zb=function(a,b,c,d,e){var f=_.ce(a.$.location.href);_.xua(a.da,a.$.location.href).then(function(g){var m="accounts.google.com"==f.ea?1:100;var p=new Zzb;p=_.n(p,1,b);p=_.n(p,7,c);m=_.n(p,6,m);g=_.n(m,3,g);g=_.n(g,4,d);m=_.n(g,5,e);g=new _.PD;m=_.uva(a,void 0,m);g=_.n(g,8,m);_.vva(a,g)})};_.k("rlNAl");.var aAb=function(a,b){this.$=a;this.aa=b},dAb=function(){var a=Date.now(),b=bAb(),c=cAb();this.$=[];this.da=a;this.aa=b;this.ea=c},h9=functi
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\operatordeferred_bin_base__en[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):382331
                                              Entropy (8bit):5.1995078791633
                                              Encrypted:false
                                              SSDEEP:3072:CuJ4InXTx9szxt/EuJ22upMwqtl9hyG9szSoeVe7pBeb2fjrLaLtrnRp8n+t2Q7u:1c4Tsy/Neb2fjrLalX8+t2ZWhq
                                              MD5:3027156BE4E85D96A9FE29285C6E72F2
                                              SHA1:C300D325414F7056690D418DF3AD0A8F2812F2E6
                                              SHA-256:25EA0C18658CBD918FA066AEA907232E939BE5E98782A9A61BF40BEA9E38509C
                                              SHA-512:A8755B37800EC108AEBE3F6A0B1A3B56A1C01568EF3DA6EB75A26ACA40F3478FC9570021D9BBCD17FF7B7C8381820D471FE8B6BB765FCDB4E7D71861379B3686
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base__en.js
                                              Preview: /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var rtsinternal_,rtsinternal_aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},rtsinternal_ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},rtsinternal_ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&.c.Math==Math)return c}throw Error("Cannot find global object");},rtsinternal_da=rtsinternal_ca(this),rtsinternal_a=function(a,b){if(b)a:{var c=rtsinternal_da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&rtsinternal_ba(c,a,{configurable:!0,writable:!0,value:b})}};.rtsinternal_a("Symbol",function(a){if(a)return a;var b=function
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\player_api[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):810
                                              Entropy (8bit):5.297143102456936
                                              Encrypted:false
                                              SSDEEP:24:E1QYtpqAK/HJ2TAXC5vuHM8aJLtdRWZ4FhQ:E1LPcSAXC5kaJLzwYhQ
                                              MD5:21EC4121D8A6690BD447028A94170F5D
                                              SHA1:62189FBF9B884D0711836A7BCA97E8E7A345153F
                                              SHA-256:A29AD79A8AA3C011F165BF0040B910BCF591C2F1533C5477B866770508128782
                                              SHA-512:3A2710BA1A002FC3C0B4521E1C96B0339397A2B188CC5CFF7FCAD46935B0DE29500222F0F1406AAF70BC000FB5271E5AC8C1AD4190F5FDFACE35309B4B7F87B8
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://www.youtube.com/player_api
                                              Preview: var scriptUrl = 'https:\/\/www.youtube.com\/s\/player\/9f996d3e\/www-widgetapi.vflset\/www-widgetapi.js';if(!window["YT"])var YT={loading:0,loaded:0};if(!window["YTConfig"])var YTConfig={"host":"https://www.youtube.com"};.if(!YT.loading){YT.loading=1;(function(){var l=[];YT.ready=function(f){if(YT.loaded)f();else l.push(f)};window.onYTReady=function(){YT.loaded=1;for(var i=0;i<l.length;i++)try{l[i]()}catch(e){}};YT.setConfig=function(c){for(var k in c)if(c.hasOwnProperty(k))YTConfig[k]=c[k]};var a=document.createElement("script");a.type="text/javascript";a.id="www-widgetapi-script";a.src=scriptUrl;a.async=true;var c=document.currentScript;if(c){var n=c.nonce||c.getAttribute("nonce");if(n)a.setAttribute("nonce",n)}var b=.document.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,b)})()};.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proxy[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text
                                              Category:downloaded
                                              Size (bytes):436
                                              Entropy (8bit):5.283061814304958
                                              Encrypted:false
                                              SSDEEP:12:hYA0HqJmqGrrsQo79hLFBkAAqJmPm/esHb3rsQP4Nbx4IQL:hYPcBjBvPz754NW
                                              MD5:3844A2C312757A710D5400994F8FEB39
                                              SHA1:DDA6E396DD675FA7715CE2468D696A6D01D358FB
                                              SHA-256:93D227DCDA37F6C4C8778CE15B23B6727E6C123BB8BF78EC196D9D7DFA942EF9
                                              SHA-512:3FC64B6C8001047111E7F96469ED48E27CF06B98F40B2FD2254418411434851D787D431AC1141CBA7C1D18C2B0B8CB666A89C252F53F3C12456A9469A94AE066
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://scone-pa.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.L7mys-cL6BM.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg%2Fm%3D__features__
                                              Preview: <!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="PHZDcWTvQxap4H/RgmX/5A==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="PHZDcWTvQxap4H/RgmX/5A=="></script>.</head>.<body>.</body>.</html>.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\proxy[2].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text
                                              Category:downloaded
                                              Size (bytes):436
                                              Entropy (8bit):5.285297548270222
                                              Encrypted:false
                                              SSDEEP:12:hYA0HqJmqGUZ79hLFBkAAqJmPm/esHbAK4Nbx4IQL:hYPcBr3BvPz7AK4NW
                                              MD5:BC9C7D598FEA19B9F84155CE6B0C4634
                                              SHA1:006B2F923A5ADC68398028D53BCDCCCD29328D5A
                                              SHA-256:83852B48FAB8A85B00B7DB99B7FCB4E4F2FE7A62D6FC4B29E8BD0A7DBE6EC360
                                              SHA-512:DFE42CE000925EF5E531FA840B3F93FDBDFDE7EE62E265D6CEC8B6E452379F069F8459539C87B0EF5D497E2AEAFD547E4F09383A18149FCF18BABDC08194EF90
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://realtimesupport.clients6.google.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.L7mys-cL6BM.O%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg%2Fm%3D__features__
                                              Preview: <!DOCTYPE html>.<html>.<head>.<title></title>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<script type="text/javascript" nonce="q5awX+XTsuC/SLMyDhk8ng==">. window['startup'] = function() {. googleapis.server.init();. };.</script>.<script type="text/javascript". src="https://apis.google.com/js/googleapis.proxy.js?onload=startup" async. defer nonce="q5awX+XTsuC/SLMyDhk8ng=="></script>.</head>.<body>.</body>.</html>.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\universal_language_settings-21[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):199
                                              Entropy (8bit):6.654189393031599
                                              Encrypted:false
                                              SSDEEP:3:yionv//thPlplWKQuwnloatUBhddF+GKEWEkSpwJOOQfcr5cBluSqS22ZFSGcLMh:6v/lhPbEK7etyB/dF+GKCwGE1V2hD2Ap
                                              MD5:4A2D1168A691747DAF4D22E0DC483958
                                              SHA1:E556FED18AFF83A117F173960C66D42D57CBC4B4
                                              SHA-256:59404AF2D92C53AD1EE9E21B252C07C77DCBA810B248A79D6AE989B1FF63C7D6
                                              SHA-512:B9AE29A74F4711EA3E49D40F823E00487394B288C0A787FED78B6BCFC769DB4123E2B3A0C7C7E8EE5BDBF8BA304DE666DA3BE797A2ABCA1A9E828DB6799C4715
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/images/icons/ui/common/universal_language_settings-21.png
                                              Preview: .PNG........IHDR.....................IDAT8.........b4....F1..^=.DUS..K^.._........Mr.X..A..!....{.b.....c.....d[r=.#.]a+...R.S\......[...+.v...C.r...J.(....47..J.,p.. Y.g..*...2...iQ.....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\unnamed[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):1393
                                              Entropy (8bit):7.741695342683955
                                              Encrypted:false
                                              SSDEEP:24:D/6Bm17qS9DbPDQ45Gkds4VbbBYdVATpFxb+hs3xl0Sau164l2kFSWZR2vtUx2lH:D/6BmIG7hdbYdVules3xla+64l9wxVUo
                                              MD5:0EAA75E84E3B5D76E26B5BDEF873465E
                                              SHA1:79DAEA62FA0952E79644B23305210D61B6CBB631
                                              SHA-256:D375701BEED766135440CC65BD4CEDE9CC455C0116A362E124C3C2158EDCEFF4
                                              SHA-512:EE117EEF8002ABEF55C7521FDF265C597226994BDD4EDDF9965E22E1FBA4D8526544A6427F847C2BEA3B586B3E4C06BEB6584D1CCEF5A06AD4739CAF837DB7EB
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://lh3.googleusercontent.com/o9U8AvPuX9gkIYtYfNmH-_wBdTfOJ7jb0VwbLWWbERzml7oTPngODhKv2Br7A64=w64
                                              Preview: .PNG........IHDR...@...@......iq.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[;l.A..;1!@.@......@" ....44|KD.......E..(A"....ih ...@.H..B..)............>{w{...H..n.;;og.vfw..T.YM....^.m`...b.0.....V..^\....`Jo..B.-..}....F...)..wq..<6........5.L.a.a.q.}.."...J...g..*..FZ.....4m.4.*.n..i.g.8............3...w./:..Be....r.T%.0......g5..v.:..X.r.V..?...c_3.J...u ........da....).c.3p(...T.l.E..3....Q.9.R7{...'...MTQ. ..@...R.....j:up....j...w#?...|.n.}E.........Q:.Q.._..n....W.Q...x.:.X...aU.....o;../4MS..P...Z....%...a.V...S...x...B..FfL{g....%'^......kd.C.U..7.;.....@{.|.+K.o.0+;.........\%..,qA...(...@......."Gdd..^..C..c.w..S[.P....`......B^....~.c.'t...4 ...P..I$.....,.-.....Z.^..\M.....d.`...TV.LC.....`..H.....KYYB..,......o.../.|v...d.Y......H.....q..Bq/. 09...7.@....."."n.".d..:'..r...x..F.O......m.i....}.....SS.'g7...|1..d.dA........:T._..>.t....M...A..$....vN[.#..|..7...,.J.."w...D.v4..F2..?}..@.mclf>w+...h.m..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 26180, version 1.1
                                              Category:downloaded
                                              Size (bytes):26180
                                              Entropy (8bit):7.9847487601205405
                                              Encrypted:false
                                              SSDEEP:768:axmLo3N7711ZHlB8N6yt/DvXjXjmDNzv6:bLodN78Ii7jKJv6
                                              MD5:4F2E00FBE567FA5C5BE4AB02089AE5F7
                                              SHA1:5EB9054972461D93427ECAB39FA13AE59A2A19D5
                                              SHA-256:1F75065DFB36706BA3DC0019397FCA1A3A435C9A0437DB038DAAADD3459335D7
                                              SHA-512:775404B50D295DBD9ABC85EDBD43AED4057EF3CF6DFCCA50734B8C4FA2FD05B85CF9E5D6DEB01D0D1F4F1053D80D4200CBCB8247C8B24ACD60DEBF3D739A4CF0
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
                                              Preview: wOFF......fD................................GDEF.......\.......QGPOS.......#..+...QGSUB.......y......m.OS/2...|...U...`h...cmap...........~n...cvt .......y........fpgm...........uo..gasp................glyf......=...m...5head..Z....6...6..'.hhea..Z.... ...$.0.5hmtx..[...........).loca..]....y.....K.6maxp..`H... ... .=..name..`h.......r.i6Ppost..a..........i]\prep..d....p..... ..x.U....Q.F..=#.0ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z..+..=Z...~.................0.8....r.|...=s&oG....q.Fg...Y...:Wc..>..p..p....)......{.aX..}.?.k... .......N.=.c.Do.....~2.=.i$....0..>..!.'v.....q....>>.....o....30..0.w..|hR&mrf....,.Y..........%<..0.#.~...._a.c......K.z...H1..u.2.Y_..0.9..`.,.:.=(.N~..*.a.<.D=....*.V....\..>./.B.`iE..A9.S.|?.g).Rj..8Q...h.y.G.^.kx.o.....(...#....9...,4I8...7..o.I|@x..1.>'...H.m..$.yp..f..%..F$0.0.I.1...WR...E..8?a..|"................A.(...ZJ.q.K|...S.1..ht.ck....e...T.Zs,W..0..%.i.R...Ku.K.y.....j.RD..~..dpsh.fc.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4UaGrENHsxJlGDuGo1OIlL3Owpg[2].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 26228, version 1.1
                                              Category:downloaded
                                              Size (bytes):26228
                                              Entropy (8bit):7.98323449413518
                                              Encrypted:false
                                              SSDEEP:768:DBOEuz6T0146JY/J6unqhOYK0GJenzOoyo6:DBHuea4j/vnqo304enzUo6
                                              MD5:6DD4AD69D53830BDF5232A13482BD50D
                                              SHA1:6FFF1079D7E5D02A2259CB5D7833E790239E01CF
                                              SHA-256:5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
                                              SHA-512:FC91E8C4EAE384D38667E330C5A5E4BF82EBAC9A23AB88439D7C22CCDD125DE7F1371DD953F18DEE60EF68B680DF49A32F684157D90F20E1DAC3BFFC9DF84118
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
                                              Preview: wOFF......ft.......`........................GDEF.......\.......RGPOS.......#..+..P.LGSUB................OS/2.......U...`h...cmap...........~n..cvt .......y........fpgm...$.......uo..gasp................glyf......=...m..N..head..Z....6...6..'.hhea..[.... ...$.0.6hmtx..[<.........})9loca..]....z.....&..maxp..`p... ... .>..name..`........r.i6Ppost..a<........O...prep..e....p..... ..x.U....Q.F..=#.`ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z.......%......033333333...e....r......U..u.r.....sV..Z..^..c..>v..p7.x...w.i...Y.....X...N<.k...0...kc];.u......4.j...@....y."......,....#.;..........9...1....q..b..c...{....i2.H..g..:.....du.FX.].w3...{y...G....E.....~..RdX.|.\..U.^.x!....e.|.:.RX.Wxg.*...&.5....2n.Q...5.{..2....Ia.Vb%....:.Yn..QI.Z...x..Z.6..?........G..W.*^#.e..#|l2p.S+.?'.<E..<....M.H..".>..d....>n%.(..."....<"........U/z.%..=...Le.cL3.4..4..znxgX!JD%.....s....&.a..z1._....O+..g.dm.?.9Vj.1...B...8..S........ ._.E.... .[#_..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ErrorPageTemplate[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2168
                                              Entropy (8bit):5.207912016937144
                                              Encrypted:false
                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                              Malicious:false
                                              Reputation:low
                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 19936, version 1.1
                                              Category:downloaded
                                              Size (bytes):19936
                                              Entropy (8bit):7.969635209849544
                                              Encrypted:false
                                              SSDEEP:384:mvNCb8Eb+tS9nAIRMeC4J4h4Il7xtUOTCBGt+GXn/TUnOPgdGRhBg9r:Y4zbwTiMedJNIhkGbXn/TUnS+2hS9r
                                              MD5:E9DBBE8A693DD275C16D32FEB101F1C1
                                              SHA1:B99D87E2F031FB4E6986A747E36679CB9BC6BD01
                                              SHA-256:48433679240732ED1A9B98E195A75785607795037757E3571FF91878A20A93B2
                                              SHA-512:D1403EF7D11C1BA08F1AE58B96579F175F8DD6A99045B1E8DB51999FB6060E0794CFDE16BFE4F73155339375AB126269BC3A835CC6788EA4C1516012B1465E75
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1MmgVxIIzQ.woff
                                              Preview: wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`s.#.cmap...........L....cvt .......H...H.2..fpgm.......3...._...gasp...0............glyf...<..;...n..e..hdmx..G<...i........head..G....6...6.G..hhea..G........$...`hmtx..H....M.....Wd^loca..JP............maxp..L,... ... ....name..LL.......x..9.post..M ....... .m.dprep..M4........+6.x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RecoverAccount[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode text, with very long lines
                                              Category:dropped
                                              Size (bytes):1584501
                                              Entropy (8bit):5.830638861743387
                                              Encrypted:false
                                              SSDEEP:12288:lB23RmovafgjTE+L6d5hVN06G+ZpHlAL30lmdSFwzO6xr:lqFva4jTED5hB8k4YSy4
                                              MD5:196DCE1443E7845967984405F0E01800
                                              SHA1:617BCFA6941AA66ADE3F6D5302236C1B9455B3E8
                                              SHA-256:D379B68DDA250C18B43CF00E8EEC7C0FD5B5514B95A9BF296722FEF8A4787149
                                              SHA-512:B101CD460873DEB42E64E2BA6A77118195F800A990C3087D1AC0E75E4C4089BA925FE14BF9E8FD14DB64CA6E6F7A9362025095C9906A673F7360EE3DABBF3725
                                              Malicious:false
                                              Reputation:low
                                              Preview: <!doctype html><html lang="en-GB" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="iUk5JhDXTA8lD3MKgsGxBw">window.WIZ_global_data = {"Mo6CHc":-3529726924201059679,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUWNLPHms65l9IGkBL_Vfhg9bCadFw:1611080682645\"]\n","Qzxixc":"S436361241:1611080682628966","thykhd":"AKH95et3tcwk-kDT8CSA-6krWAqDOdAuHpEPdt31riqt74D3u6B8a7r5VWedmQsrTtDkBtp2D6L7uOjieMeYFgi80SCLQJgkl6qkbzqKyD2KxjLIgA930RM\u003d","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/signin/recovery?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fzt%3DChRsWFBwd2JmV1hIcDhtUFdldzBENhIfVWsxSTdNLW9MdThibW1TMFQzVUZFc1BBaURuWmlRSQ%25E2%2588%2599APsBz4gAAAAAUy4_qD7Hbfz38w8kxnaNouLcRiD3YTjX&amp;service=lso&am
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\accounts[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                              Category:dropped
                                              Size (bytes):239
                                              Entropy (8bit):5.232747732712163
                                              Encrypted:false
                                              SSDEEP:3:IskN20EFNjJ8S/7A+KWRIJiYEUFLZxs4bSl02rBsSZ7NE7uR0Lq9DGCBLCRvisQf:wRkrQWR0iYBtqWt2aSyu5BLCRiRav3oP
                                              MD5:1E8D7E0C04B462F1E22CA8FB6890A164
                                              SHA1:EF1049F34658F54C829451C860C74322987C7970
                                              SHA-256:5A97BF668A1C1916C2528CD3CF3AA78655427F153667554CB551C52CEF5B5DA9
                                              SHA-512:4BEAB0D6B6CF243CE19F440E66B74650DFC3301D7C18693AE213F4988634CA8DC581F4E7FA0EC49055C1BE46EF269CE107B9F09BA8B024C7BA59407CA0B6EEDF
                                              Malicious:false
                                              Reputation:low
                                              Preview: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://support.google.com/accounts/?hl=en">here</A>...</BODY></HTML>..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\background_gradient[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                              Category:dropped
                                              Size (bytes):453
                                              Entropy (8bit):5.019973044227213
                                              Encrypted:false
                                              SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                              MD5:20F0110ED5E4E0D5384A496E4880139B
                                              SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                              SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                              SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                              Malicious:false
                                              Reputation:low
                                              Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bullet[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                              Category:downloaded
                                              Size (bytes):447
                                              Entropy (8bit):7.304718288205936
                                              Encrypted:false
                                              SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                              MD5:26F971D87CA00E23BD2D064524AEF838
                                              SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                              SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                              SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/bullet.png
                                              Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4720
                                              Entropy (8bit):5.164796203267696
                                              Encrypted:false
                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                              Malicious:false
                                              Reputation:low
                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\googleapis.proxy[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):12541
                                              Entropy (8bit):5.459023740910877
                                              Encrypted:false
                                              SSDEEP:192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sczlq:83pw9dk9JO1UkwmR0+Scxq
                                              MD5:EAD66A4F95FC1DFBD7EE3CE7A9910671
                                              SHA1:CCE744DB65F2ADAE41E5D78455B05A25F36E8A91
                                              SHA-256:312491CFD953CACD6AEECE884F3FB5CE07A3F607F22EB1A22321A83D1C7D8D77
                                              SHA-512:872FC6A547BFEC2B3746409D46C1C77D62BB6855C40E0E9CA8B86EE0FF893E9E7283170F0B24EE46822DD3BF7D93F148E20A76F79D2A9ABEDADE180E689DB4A6
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://apis.google.com/js/googleapis.proxy.js?onload=startup
                                              Preview: var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var g=this||self,h=function(a){return a};/*. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&*/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]||c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].*&|[#])jsh=([^&#]*)/g,d=/([?#].*&|[?#])jsh=([^&#]*)/g;if(a=a&&(c.exec(a)||d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\homepage_header_background_v2[1].svg
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):60408
                                              Entropy (8bit):4.746090328799968
                                              Encrypted:false
                                              SSDEEP:768:fctDxhgZqb0HZb0HEuZ5V2KKCICtvlc54WA+Vw4G4Fw0RToTQTQDbx4r/MT4gohL:fesZvo2KKVmp29bFhTOG2T4go+9nK8Hm
                                              MD5:A371D1ADD8D95D9A5AC0222DBFC707DA
                                              SHA1:B273236FC088B58AEC5BE2E7CD642E290C31CBF3
                                              SHA-256:0A11003900B5593A71CFAB463C2A5E7D2588B251F697EAE8B64946F4D178FE54
                                              SHA-512:1C4FC0A64E927A073713435830F9D3044894FFDAF30E6966B28D1F3757D564D6E9124F632EB0B61EA41947973FCB28C82F98696E021A8A827FB96E2FF0D27ACD
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/support/content/images/static/homepage_header_background_v2.svg
                                              Preview: <svg width="1280" height="307" viewBox="0 0 1280 307" fill="none" xmlns="http://www.w3.org/2000/svg">.<circle cx="1121.01" cy="217.239" r="27.6618" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.58 204.281V292.049" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.58 223.588L1130.88 213.286" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.39 233.491L1113.06 226.163" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1120.39 217.429L1113.06 210.102" stroke="#D4E1F3" stroke-linecap="round"/>.<circle cx="1132.29" cy="223.588" r="1.69704" stroke="#D4E1F3" stroke-linecap="round"/>.<circle cx="1104.71" cy="210.101" r="1.69704" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1101.26 297.3C1104.15 291.738 1110.46 288.868 1116.55 290.35C1122.63 291.832 1126.92 297.283 1126.93 303.549" stroke="#D4E1F3" stroke-linecap="round"/>.<path d="M1087.8 303.549C1087.7 300.666 1089.18 297.957 1091.66 296.486C1094.14 295.014 1097.23 295.014 1099.71 296.486C1102.19 297.957 1103
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):24210
                                              Entropy (8bit):5.451485481468043
                                              Encrypted:false
                                              SSDEEP:384:xPini/i+1Btvjy815ZVUwiki3ayimi5eqBG1fm304Pini/i+1Btvjy815ZVUwik5:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y8d
                                              MD5:7B6C8BD51E49F7F56E2B21311D0EA59B
                                              SHA1:EDB0F7D21BCEC6C48DEDC14E9ED41383740BAE37
                                              SHA-256:620BD33A4E0358498D9429FE2DBA00F85A86D6059FA796B482E2A9F6B0794F2D
                                              SHA-512:DD1D524872EE165D230BE5B3872DEE108B806AB684AACFA955F07B7A87C1ACA63FA3B59210442E1E3C9A2D33409583E0AC3B1A6A0D4EB91BBEEF62D311FD1BC4
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\info_48[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):4113
                                              Entropy (8bit):7.9370830126943375
                                              Encrypted:false
                                              SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                              MD5:5565250FCC163AA3A79F0B746416CE69
                                              SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                              SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                              SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                              Malicious:false
                                              Reputation:low
                                              Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\lazy.min[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):71698
                                              Entropy (8bit):5.465668355673036
                                              Encrypted:false
                                              SSDEEP:1536:i2lEN2Jg7EIeoBEm/ql4kA2frXYGmuEFGF:+NdrDCrK8
                                              MD5:9D9AC0AD1B3B38591CCE6E8DFD896BBC
                                              SHA1:E95072A3D641C9F6A911D9D8EAC0ECAE61D78CCD
                                              SHA-256:FA21FA76AC81D9A1343FEB798EE495A9F5A346A2FAE52EB5FDEC18F0A91D4A9F
                                              SHA-512:2B00674B335C65717A619D5127EB4FC89599387DDA0D8C39706BD2D78CB5632DDBC42CB0A3869A9CB9EE377E3B631B87EC7098991312C93B9454A4624695BC22
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
                                              Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},p=ca(this),t=function(a,b){if(b)a:{var c=p;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.t("Symbol",function(a){if(a)return a;var b=function(e,f){this.Ub=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function()
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo_strip_2x[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 420 x 32, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):10297
                                              Entropy (8bit):7.959803431515787
                                              Encrypted:false
                                              SSDEEP:192:Jc3vJuA6bFGLfQpJqq8vFCMF3CDpb9b44NYvCad/AseacXV3Hq/:S3vJufDp89Chbk44/LexV3y
                                              MD5:F5C7A81C8350C4DB461888DDF32C47C8
                                              SHA1:933B27BF5B46743ACCFA60C84EC7F22A2AFDF45D
                                              SHA-256:B2D3305551055E5D28AEA38F218EE6FF6006AFB8C80CC4F206A206BCB758DF7C
                                              SHA-512:B7871F81BAA92FEE2B9B614CB2B455E8A4772CF3D0184E600A8074CAEFD309B0BCF0238A84EB1542EA3F7A1DA7325AF39E6E56B12D81CAA72FEBDEEDCEAF8A44
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/accounts/ui/logo_strip_2x.png
                                              Preview: .PNG........IHDR....... .....]..O..(.IDATx....d...y...}....>.K.x..@...q.d......_<A.wY....ap....i.........>...dv"]d..o.s.n3C..s..w\.{.cX...!..."D..T.2.M.P!... T..VR].!.T(....x.O..o..7n?3U..r......a.Xl..-H.}9[..r.w...[...u.,u...X......E...f.h....Z...A...E..k..1I......N`.p./...s0S..jA.E.p..Fk..U..5sE..~.jl.:UP..9....K.{?@7o....=.....x..}..C.....P,8.-...WR..NC.4...x.:..........C........h.........}..&.....)p..h....e..P.GU..U...P.t...F..E..JL....=.._...g.....$v.........a.{...Gs9@.....8.:e.....cc.o..hs..U..H..".......y...?..0.....X...(....(.ZU.T./..q.3./?.........\...P...kI.......5.O......^.).-.Bf....J..........g%$8'.....V...H..T.t.v....@u..pN....".A..Q&...Qk...b.....i..P.*..e4.;...>......u7.p4...z[...@q...2...1..!..y..I..B...}.^.T..h..@<.....(&...%........H.=.k.o.M......o....-..$..j+Q@.h$.P.*%.J.....:z.Hg..q.1.*.#..V-.*..|U.....\r.3kN.vR....47.....Xk`q..R....S.5.]....Z.?=ew...:.~"....:..`H...0....0F....>.P._J.d.I....R~.y...ld....S.M..0.P.w'...?.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=sy1a,sy1b,sy1c,sy1e,sy1f,sy2z,pwd_view[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):14968
                                              Entropy (8bit):5.587314380291293
                                              Encrypted:false
                                              SSDEEP:192:zpTmjh9lX7GTIiRxBWPd8hQjTGYXW+1mcYhdoydID766RdI/azhAtezTURI1l4jb:zpTmjpIMThrmvdoydID26HqEg8y7kQ
                                              MD5:45BA773E21E145A5690F896365BDF5A2
                                              SHA1:703532E80D79F42CB9D8145E27DC3380CBCFF5A7
                                              SHA-256:4F26A5B7DB1D42F54F15B2A14D373C9CE1C50E5AB73D40D27B362654639671FD
                                              SHA-512:52006BC0476E2CB13A5D02756971D03147288D8058AE89412834C1B8629FA29D9A53B4BED8951996485FC139FB8460EAB21457C8687A0093A9BD73DAC8564CCD
                                              Malicious:false
                                              Reputation:low
                                              Preview: this._G=this._G||{};(function(_){var window=this;.try{._.k("sy1a");._.pS=function(){return"Try another way"};_.qS=function(){return"Enter code"};.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1b");._.rS=function(){return(0,_.D)("Account recovery")};_.sS=function(){return"Verify that it's you"};.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1c");._.T5a=function(a){a=a||{};return _.S5a(a)};_.S5a=function(a){a=a||{};return _.wt(a.qn,1)?"Enter your password":"Enter a password"};_.H("Db","",0,function(){return"Wrong password. Try again or click Forgot password to reset it."});_.H("Eb","",0,function(){return"Forgot password?"});.._.l();..}catch(e){_._DumpException(e)}.try{._.k("sy1e");._.tS=function(a,b){a=a.oa&&(a.oa.ha||a.oa);var c=b.locale;b="";var d=c=_.xt(_.vt("en,en-US,"),c+",");d&&(d=a.tb(),d=_.G(null==d?null:d.getGivenName()));!d&&(d=!c)&&(d=a.tb(),d=_.G(null==d?null:d.Qc()));return b=d?b+(c?"Hi "+a.tb().getGivenName():""+a.tb().Qc()):b+"Welcome"};.._.l();..}catch(e){_._D
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\m=sym,i5dxUd,RAnnUd,syj,syk,uu7UOe,soHxf[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):19178
                                              Entropy (8bit):5.634813585677532
                                              Encrypted:false
                                              SSDEEP:384:7AiAvATOgNHm05h919g1iL/URBo6v27KuBzSkM9vjZ4IBcWkm:8vYagDo0/LIvjZ4IBDt
                                              MD5:D51A77322325229021AE01E2CE29BBA3
                                              SHA1:E4C27F5DB83F934609B1A03AA70894482F93BEF1
                                              SHA-256:CEB964DEF8E3425D83AC4C8ADBD5306A90BE75341D67D48DB8F96D013E0FE2C7
                                              SHA-512:5A3A4EF4B92565B30B246EDEA81C5691F99D97CF2051331D391BF1348B6DE39D850190F95E2A38A78FAAA05274C6D5E6EEADC7D716C9052679EB1142BD7D233F
                                              Malicious:false
                                              Reputation:low
                                              Preview: this._G=this._G||{};(function(_){var window=this;.try{._.k("sym");./*.. Copyright 2016 Google Inc... Permission is hereby granted, free of charge, to any person obtaining a copy. of this software and associated documentation files (the "Software"), to deal. in the Software without restriction, including without limitation the rights. to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. copies of the Software, and to permit persons to whom the Software is. furnished to do so, subject to the following conditions:.. The above copyright notice and this permission notice shall be included in. all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. LIABILITY, WHETHER IN AN ACTIO
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\operatorParams[1].json
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text
                                              Category:downloaded
                                              Size (bytes):1367
                                              Entropy (8bit):4.84532271755884
                                              Encrypted:false
                                              SSDEEP:24:D76bBS1FvVdG4xp9kfW/rgk4oV4oRCSRv/4QBEwrlcKmlQFHMhfY0ypgkvVvR7RB:H8cNA4xpKi8Pe4aCA34EE6cfAsG42pRZ
                                              MD5:629608E48B4375F47870FC82BE667C3E
                                              SHA1:48227C3C637CB47B5C7B87390532DAACAB1641E3
                                              SHA-256:7F3EED13058A7CA4BB171775597C22873053C53A3888DF1926CA4F27388B07C6
                                              SHA-512:F23BC768AE8109BA8CEF773A8F99889899DDFB85553C9812F7242DEA6CC333D8615C91F21F39CA6F006CDEFCB02F0842A5A8204BE8754D99A8480AC2C38A273A
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/support/realtime/operatorParams
                                              Preview: {. "operatorDeferredUrl": "https://ssl.gstatic.com/support/realtime/operator/1610960497650/operatordeferred_bin_base.js",. "eagerLoadHostnamePattern": "((https://www\\.google\\.com/express)|((adwords|campaignmanager|support|support-content-staging.sandbox|business|fi|.+\\.corp)\\.google\\.))",. "eagerLoadHostnameFlags": "i",. "cbfVersion": 1610960497650,. "experiments": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment": true,. "enable_chat_attachment_percentage": 100,. "enable_desktop_screenshare_email_fallback": false,. "enable_emojis": true,. "enable_youtube_specific_endpoints": true,. "mole_show_survey_url_percentage": 100,. "mole_skin_version": 2,. "operatordeferred_report_rpc_events_percentage": 10,. "screenshare_skin_version": 3. },. "settings": {. "attachment_upload_url": "https://support.google.com/chat-upload/support-cases/resumable",. "enable_chat_attachment":
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\so[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):47151
                                              Entropy (8bit):5.7264567508381505
                                              Encrypted:false
                                              SSDEEP:768:HBjt/d9SvRug3PM0jcyknoVYnlo5NjQPFJ/N4g5SmIyfq1g3v1AzyK:h3aMZno2na5N21+yfq1gf1AzyK
                                              MD5:C3FB4861E4C1BFBB0B065CA6765B5459
                                              SHA1:DB032B245C6E06869995986F80C214F4868F6FE4
                                              SHA-256:1C86AD11C01F85DF7980B1EB5D2374B0ABEFC43889609E92389BD6A61D4FAD9B
                                              SHA-512:EF4BC6DA10C5E1ACEB1DAB16C3219F872565B57B5C003D8FCE7B055273EAF76937108D6CBC587F77C84A304CF13EEB4544E95D722A0C446133FB0D20D467FBCE
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ogs.google.com/widget/app/so?origin=https%3A%2F%2Fsupport.google.com&cn=app&pid=117&spid=117&hl=en
                                              Preview: <!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><link rel="preconnect" href="https://apis.google.com"><link rel="prefetch" href="https://apis.google.com/js/api.js"><script data-id="_gd" nonce="2hLgQwawvcWt93e+Y1dJUQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"944090879679231378","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S1NZmd":false,"Yllh3e":"%.@.1611080691894347,179610957,2281898475]\n","ZwjLXe":117,"cfb2h":"boq_onegooglehttpserver_20210112.01_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[1763433,1772879,1782333,45695529],"gGcLoe":false,"ikfjnc":["https://support.google.com"],"nQyAE":{"wcLcde":"false","tBSlob":"false"},"qwAQke":"OneGo
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\unnamed[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):3279
                                              Entropy (8bit):7.715641786855708
                                              Encrypted:false
                                              SSDEEP:48:yqQvnLtkzdjmJJ3hAk+dJa9XrVmdGeNXCZ4o6w+Zv4lUWVV4c/952ql7mHiGJ4JU:7Q89mek+dJjnXno/++WSx1Vc/KWoxO/
                                              MD5:039E5B669C976EAA7569F9FA8ED813BE
                                              SHA1:1B5E33D16FC2A26B9318DFEAD0FEC938C5A0C98F
                                              SHA-256:265FE691B1687E0D18A34D33B5958C1A72E4CCB7D90BF3C70311B6DD4BAE13B6
                                              SHA-512:D9E8934419FC9E0A34CCDE0EEE3D8BC5435A95C4A72D50F9F8F1B3063C54AC6DB97E30B68ED8CD8CB37B5B73AD7400DC6585864E349B0893210B6152F08485D3
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://lh4.ggpht.com/WnIr0x3yhEpMTqI4DCrI_ZOc9vdK_yV0WPig_suRjHQCv4B-2CmQoQu3nE-Eo7_MZ-yZQbq30w=w72
                                              Preview: .PNG........IHDR...H...H.....U.G....tEXtSoftware.Adobe ImageReadyq.e<...hiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:0180117407206811822ABF5C578297F4" xmpMM:DocumentID="xmp.did:FAD30A79931D11E290ACA48D7B31C326" xmpMM:InstanceID="xmp.iid:FAD30A78931D11E290ACA48D7B31C326" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0180117407206811822ABF5C578297F4" stRef:documentID="xmp.did:0180117407206811822ABF5C578297F4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*.P=....IDATx..[l....?J.....4.l'..Rb..f]..-.(Z
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2801455510-postmessagerelay[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):9879
                                              Entropy (8bit):5.579296703325767
                                              Encrypted:false
                                              SSDEEP:192:1TyJwMuoQ7zM1ueeFWLCivp3YiIJ1MfWXxPKPo5ulhIEkvwt:1TowMuoQ7zM1yC3ZIJvBiPKWaot
                                              MD5:F2BD1D2E00DEDBD451AA5003CEDF69CC
                                              SHA1:1A368F9C023F244F6DE111C8E213F47ACEC891E5
                                              SHA-256:0B38E24497A006357613322357AF9D5D3CD270F8498A1E78D773620F0910C6E6
                                              SHA-512:0E076191531E579AF4BD941F5B09579D05097456ACC9294FD29AF730345D262503F9685A9DA6D19874F120DC3E3A72E34D43FB305D287C9F90CAF1534CFFE5ED
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/accounts/o/2801455510-postmessagerelay.js
                                              Preview: /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self,w=function(a,b){a=a.split(".");var c=m;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var e;a.length&&(e=a.shift());)a.length||void 0===b?c=c[e]&&c[e]!==Object.prototype[e]?c[e]:c[e]={}:c[e]=b},x=function(a,b){function c(){}c.prototype=b.prototype;a.A=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.v=function(e,d,h){for(var l=Array(arguments.length-2),n=2;n<arguments.length;n++)l[n-2]=arguments[n];return b.prototype[d].apply(e,l)}};function y(a){if(Error.captureStackTrace)Error.captureStackTrace(this,y);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))}x(y,Error);y.prototype.name="CustomError";var z=function(a,b){a=a.split("%s");for(var c="",e=a.length-1,d=0;d<e;d++)c+=a[d]+(d<b.length?b[d]:"%s");y.call(this,c+a[e])};x(z,y);z.prototype.name="AssertionError";var B=function(a,b,c){if(!a){var e="Assertion failed";if(b){e+=": "+b;var
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 26464, version 1.1
                                              Category:downloaded
                                              Size (bytes):26464
                                              Entropy (8bit):7.981932066790926
                                              Encrypted:false
                                              SSDEEP:768:OIYb4Auz6mM1gBEL1WuL1BU91c6HJ8Y4mAS:OI84AueNmwHpBU91qY4m7
                                              MD5:08F80DE0ACF68D82AABAB974A47D9E5F
                                              SHA1:E6F1C0F5395A9C297AA162468961C1FAF0EC1ED9
                                              SHA-256:4070911A1BB9CC52C4E4CD5E85CA186DCDE89308A0517A8FAA4715C2E0A9D45E
                                              SHA-512:720DE47FDDA648AF7CE5F3F574EFA3322191C4D0001E31181739D65FFE0CCECED56635AF58E5E828072A17EEE1ED1E318AF467B8ED7F4185EE0F5155501CD8D0
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff
                                              Preview: wOFF......g`.......d........................GDEF.......q........GPOS.......$..+..K.MGSUB................OS/2.......U...`i`..cmap...........~n..cvt ................fpgm...T.......uo..gasp................glyf...(..>W..mNU!.)head..[....6...6..'.hhea..[.... ...$...4hmtx..[..........1'jloca..^....~......t.maxp..a.... ... ....name..a4.......V..4.post..a.........O...prep..e........^....x.D...Q...3..I.=D.@@....@....."...}......`.%.....x.........umW...g.WwO.....J..^?.Jci^N{.Nr..Jw@.n(.....t4....i...x..Z...6.=r...............q`.>....m.....fy.g..y4N...tAg.."KWWW.j.....8...n.3..:..1....9.+.}...b]....0..6V..).G.r........N...,R(.o.t.LU....;.{.l.y....i..w.{F..;p'.....,.........:3...|..,.`pGPAV.?....q!......=.(cn.'<......sK_...]..U.W.......b....E|.o..Jp.n.uX....*J.q'SFy...l..Cd..XZ..RP...#.w...C)..s../..D..1.G...Sx...e.....x.o.mJ...~./L..r...Y..sD./.......>$R`..&.v......D..w.). .f.Y."<..V/.zQ{.8./...X*................B..Jp#%.7.e>+L.Q.1..hd..k._...f..u....+....Q...N..|....$Lv.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\CheckConnection[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):63420
                                              Entropy (8bit):5.4418442733879075
                                              Encrypted:false
                                              SSDEEP:768:GHWnpYYHbeVnHJptuJ78L4mSgy++HWnpYYHbeVnHJptuJ78L4mSgy+2:kK97eVHxuc4m7yPK97eVHxuc4m7yb
                                              MD5:B53B728A7CD046B5F599A0FD63EDE707
                                              SHA1:5554DE0DE3911BD292A7208851840C9DEB10A5E5
                                              SHA-256:0A417151BE2ED40C81B974BBF0B48369D2DF26753EFF88497F15DD673DD27236
                                              SHA-512:7857DE22B388E7BB68C0F7981DAF4973666F60B36B5E9A139B5470F13908C99413663063B2BD1B8FA6EF4E090618A127901F22D7A9B89B3DF607B7D1383365EB
                                              Malicious:false
                                              Reputation:low
                                              Preview: <html><head><script nonce="h6eiGOBliO4lGidfv0YD3w">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;.try{./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k=function(a){if(Error.captureStackTrace)Error.captureStackTrace(this,k);else{var b=Error().stack;b&&(this.stack=b)}a&&(this.message=String(a))},aa=function(a,b){a:{for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"===typeof a?a.charAt(b):a[b]},ca=function(a,b){b=ba(a,b);var c;(c=0<=b)&&Array.prototype.splice.call(a,b,1);return c},da=function(a){l(a)},ha=function(){var a={};a.location=document.location.toString();.if(ea())try{a["top.location"]=top.location.toString()}catch(c){a["top.location"]="[external]"}else a["top.location"]="[external]";for(var b in fa)try{a[b]=fa[b].call()}catch(c){a[b]="[error] "+
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ErrorPageTemplate[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):2168
                                              Entropy (8bit):5.207912016937144
                                              Encrypted:false
                                              SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                              MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                              SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                              SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                              SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/ErrorPageTemplate.css
                                              Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 19916, version 1.1
                                              Category:downloaded
                                              Size (bytes):19916
                                              Entropy (8bit):7.96782347282656
                                              Encrypted:false
                                              SSDEEP:384:JiNCb8EbT1rG/3rjJmQ8uLc5ZiRE5HWSiPTI45tKVr6+F7gLLdz:k4zbM3rjEQ8uQPiRERWSGIWtKVrWJ
                                              MD5:A1471D1D6431C893582A5F6A250DB3F9
                                              SHA1:FF5673D89E6C2893D24C87BC9786C632290E150E
                                              SHA-256:3AB30E780C8B0BCC4998B838A5B30C3BFE28EDEAD312906DC3C12271FAE0699A
                                              SHA-512:37B9B97549FE24A9390BA540BE065D7E5985E0FBFBE1636E894B224880E64203CB0DDE1213AC72D44EBC65CDC4F78B80BD7B952FF9951A349F7704631B903C63
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff
                                              Preview: wOFF......M.................................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`t.#.cmap...........L....cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..:...j...w.hdmx..F....d........head..GD...6...6.Y.ihhea..G|.......$...vhmtx..G....k.....\].loca..J.........g.L.maxp..K.... ... ...\name..L........|..9.post..L........ .m.dprep..L........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxM[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 19824, version 1.1
                                              Category:downloaded
                                              Size (bytes):19824
                                              Entropy (8bit):7.970306766642997
                                              Encrypted:false
                                              SSDEEP:384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
                                              MD5:BAFB105BAEB22D965C70FE52BA6B49D9
                                              SHA1:934014CC9BBE5883542BE756B3146C05844B254F
                                              SHA-256:1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
                                              SHA-512:85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
                                              Preview: wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... .m.dprep..Lx.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KT0S08Y7.htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode text, with very long lines
                                              Category:downloaded
                                              Size (bytes):59096
                                              Entropy (8bit):5.7855139115319165
                                              Encrypted:false
                                              SSDEEP:768:aesg9rbjATtj/x3+iTugpTsJaPgAM6JYz3qhygKiDjTJ3QhNSUV1ZNz:XrH+tj//TuVG293qhUit38
                                              MD5:7B56630D5EFC2AAAE111E1F282370FB4
                                              SHA1:FDF36D2A6DE5CC5F159C8848B4C442853BD7C691
                                              SHA-256:760CEE6AF5C228A7E6520AB925238C6BD26302EC3FEE83B061F71FB9B8D0DB28
                                              SHA-512:8EF534DE077DF01FEC49B4F4D4D30E3964E83D3D815CE84A717660D0307821316BD5F02B2F0E28565FDBCA79800E27E6666F72A321C6EE05E237147181EEE28F
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:http://router-53793385-219d-4888-98f9-123aca45f939.eastus.cloudapp.azure.com/
                                              Preview: .<!DOCTYPE html>.<html lang="en">. <head>. <script>(function(){function e(a){this.t={};this.tick=function(a,c,b){var d=void 0!=b?b:(new Date).getTime();this.t[a]=[d,c];if(void 0==b)try{window.console.timeStamp("CSI/"+a)}catch(e){}};this.tick("start",null,a)}var a;window.performance&&(a=window.performance.timing);var f=a?new e(a.responseStart):new e;window.jstiming={Timer:e,load:f};if(a){var c=a.navigationStart,d=a.responseStart;0<c&&d>=c&&(window.jstiming.srt=d-c)}if(a){var b=window.jstiming.load;0<c&&d>=c&&(b.tick("_wtsrt",void 0,c),b.tick("wtsrt_",."_wtsrt",d),b.tick("tbsd_","wtsrt_"))}try{a=null,window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),b&&0<c&&(b.tick("_tbnd",void 0,window.chrome.csi().startE),b.tick("tbnd_","_tbnd",c))),null==a&&window.gtbExternal&&(a=window.gtbExternal.pageT()),null==a&&window.external&&(a=window.external.pageT,b&&0<c&&(b.tick("_tbnd",void 0,window.external.startE),b.tick("tbnd_","_tbnd",c))),a&&(window.jstiming.pt=a)}catch(g){}
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\accounts[1].htm
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode text, with very long lines
                                              Category:downloaded
                                              Size (bytes):707389
                                              Entropy (8bit):5.631367740600935
                                              Encrypted:false
                                              SSDEEP:6144:GDUgUm8/SilBvU5Y82KXSYKg+q1qtdOnNr2sKE77bT0KXupCWIuUFgsS:3SilBv6iYctDOnfKE77bT0K+pC/FgT
                                              MD5:8EAAAE12424679F4F2E8C75C1D750A40
                                              SHA1:BFA27875224591B78E67595C78BF5A9EF119BA5A
                                              SHA-256:FEA78937D684D9D2833D9CA8B1CAEBBD7D8FBC73BE3671137B1C794011B5B8A3
                                              SHA-512:07830D1BDEFFB2370C3BAFA1A3E3547FE1732C416F07BB225C7F3007C632B36EC279FBF133485187C97ED74DC9DD11035C17209ADDFA2963D47BF8C7241949CF
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://support.google.com/accounts/?hl=en
                                              Preview: <!doctype html><html class="hcfe" data-page-type="HOMEPAGE" lang="en"><head><title>Google Account Help</title><meta content="email=no" name="format-detection"><meta content="follow,index" name="robots"><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"><meta content="Official Google Account Help Center where you can find tips and tutorials on using Google Account and other answers to frequently asked questions." name="description"><link href="https://support.google.com/accounts/?hl=en" rel="canonical"><meta content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no" name="viewport"><style>@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight:500;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)format('woff');}@font-face{font-family:'Roboto';font-style:normal;font-weight
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cb=gapi[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:dropped
                                              Size (bytes):213220
                                              Entropy (8bit):5.518438460669518
                                              Encrypted:false
                                              SSDEEP:3072:pUnq59U3zzVB2UM8aLCLLbJlco3/TqOJPKB/FL6+LClcL2JDBJt4yU8JMPGBNnX:pOZzlL3JupF2+acaVBJt4ytJMPGBNnX
                                              MD5:68F7670315C465CF9017576197206812
                                              SHA1:1A1544DB510EBB9A571A99F6232F603492C31C4A
                                              SHA-256:5CD7BB98D47F6001973B383BC2C43913D2606F8AD3FACE658A51FBFF4D7C0EC8
                                              SHA-512:3998CA94E911D8DFE6DE57E5290985BD315EB4919B13CD2B7DA2DA86452C21A1C66A9167FC90C5EF2D50761EA904540761B3579C833FE31F94B13BBC9D02B40E
                                              Malicious:false
                                              Reputation:low
                                              Preview: /* JS */ gapi.loaded_1(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var Rx=function(){};Rx.prototype.VD=null;Rx.prototype.getOptions=function(){var a;(a=this.VD)||(a={},_.Sx(this)&&(a[0]=!0,a[1]=!0),a=this.VD=a);return a};.var Ux;Ux=function(){};_.O(Ux,Rx);_.Sx=function(a){if(!a.WG&&"undefined"==typeof XMLHttpRequest&&"undefined"!=typeof ActiveXObject){for(var b=["MSXML2.XMLHTTP.6.0","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP","Microsoft.XMLHTTP"],c=0;c<b.length;c++){var d=b[c];try{return new ActiveXObject(d),a.WG=d}catch(e){}}throw Error("la");}return a.WG};_.Tx=new Ux;.._.Le=_.Le||{};.(function(){function a(c,d){return String.fromCharCode(d)}var b={0:!1,10:!0,13:!0,34:!0,39:!0,60:!0,62:!0,92:!0,8232:!0,8233:!0,65282:!0,65287:!0,65308:!0,65310:!0,65340:!0};_.Le.escape=function(c,d){if(c){if("string"===typeof c)return _.Le.escapeString(c);if("Array"===typeof c){var e=0;for(d=c.length;e<d;++e)c[e]=_.Le.escape(c[e])}else if("o
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cb=gapi[2].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):63996
                                              Entropy (8bit):5.575641152056994
                                              Encrypted:false
                                              SSDEEP:1536:pYB9v4ye0RGPEiI199MSjQT7Rx0WgU3zKXRF1OVxKRNc/VC:pK4ye0RkgU3zKXRG4
                                              MD5:325C4FA4DF8F45F58DAF1D5FE8FBC10D
                                              SHA1:D8F614488C718BD543B2A2BDF77893E1E593395B
                                              SHA-256:5E020E137CC87D25C4F921F1BAC926B28B9D98C4E916A685F636DA792B8F2DF0
                                              SHA-512:BD32609868C0F47259FD8F28476B18A5B707497D1ED92C61C279C00FCA9367037B0D7DC4FB1FFF1A8D21FCEC9C593EC0BAB564FE831FA61AB65FDBA6F569B44E
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.L7mys-cL6BM.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8QoBZWYtEZfsgOGqh_X1WKvJV7Wg/cb=gapi.loaded_0
                                              Preview: /* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ka,na,sa,ya,Aa,Ba,Ga;_.ha=function(a){return function(){return _.ba[a].apply(this,arguments)}};_.ba=[];ka=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};na="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.sa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};ya=sa(this);Aa=function(a,b){if(b)a:{var c=ya;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&na(c,a,{configurable:!0,writable:!0,value:b})}};.Aa("Symbol",function(a){if(a)return a;va
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                              Category:downloaded
                                              Size (bytes):5430
                                              Entropy (8bit):3.6534652184263736
                                              Encrypted:false
                                              SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                              MD5:F3418A443E7D841097C714D69EC4BCB8
                                              SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                              SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                              SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://www.google.com/favicon.ico
                                              Preview: ............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http_404[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):6495
                                              Entropy (8bit):3.8998802417135856
                                              Encrypted:false
                                              SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                              MD5:F65C729DC2D457B7A1093813F1253192
                                              SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                              SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                              SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                              Malicious:false
                                              Reputation:low
                                              Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 18668, version 1.1
                                              Category:downloaded
                                              Size (bytes):18668
                                              Entropy (8bit):7.969106009002288
                                              Encrypted:false
                                              SSDEEP:384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
                                              MD5:A7622F60C56DDD5301549A786B54E6E6
                                              SHA1:D55574524345932DB3968C675E1AEA08C68A456F
                                              SHA-256:6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
                                              SHA-512:1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
                                              Preview: wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-UFVZ0d[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 18100, version 1.1
                                              Category:downloaded
                                              Size (bytes):18100
                                              Entropy (8bit):7.962027637722169
                                              Encrypted:false
                                              SSDEEP:384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
                                              MD5:DE0869E324680C99EFA1250515B4B41C
                                              SHA1:8033A128504F11145EA791E481E3CF79DCD290E2
                                              SHA-256:81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
                                              SHA-512:CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff
                                              Preview: wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pxiDypQkot1TnFhsFMOfGShVF9eI[1].woff
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:Web Open Font Format, TrueType, length 40068, version 1.1
                                              Category:downloaded
                                              Size (bytes):40068
                                              Entropy (8bit):7.986363416256898
                                              Encrypted:false
                                              SSDEEP:768:SZjhV5AtCnIR51aT0aCfvoIypmLL5V+VQLwv0JR9D2juelmPrldaC+Qac7:S5r5KRnECf6aL5V+VQLtmk4QaC
                                              MD5:3ABA54A73723BD3E90CB74D603687CCD
                                              SHA1:2C3D597CD36CA5856587C8482557B07DD8633329
                                              SHA-256:A94234B7387BC4E9FA7B73DEDD34E5CC1189A28D526F4DADDECD1C9AB7B86840
                                              SHA-512:78F4E6514CD81CECC898D151B31B691122715D0239A47AB5D53ACA4F45FC1707DDD8464543D523E355DC1C19FF257C14DF4490D0938518D02BA35AECD72482B6
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://fonts.gstatic.com/s/productsans/v12/pxiDypQkot1TnFhsFMOfGShVF9eI.woff
                                              Preview: wOFF..............`.........................GPOS..........<.?..GSUB...........l..ROS/2.......V...`h...cmap...l...<....T.S$cvt .......g...l...wfpgm...........a.A..gasp...............!glyf......Wm.......Nhdmx..i...(...O.....head...p...6...6..N{hhea....... ...$...Uhmtx.......x......+.loca...@...\...\y"..maxp....... ... .J..name...........,+.I.post............]/1.prep..............oNx.d..G.Q.....5.....n. ....d..d..p..o.........Q.....o..y~.....<..0 ....h..'c..d8.;.N'.....@...._.........LC.@.v......:.<.....r~.c....i..&.C.!Gt.x.jF...r....K...R}H@G.la./i.#..C./Q....pl+..\..$..o.....Hm\.*.....Z..t.".S..-....p..W\...*9..a|IH...9..c.s,.<88dI...%&GD.4..$D$D$.w;.=..%.4N6N].R...V>..O...0q.D$.Ow.HP....7!..v..7.%#.#...;...&?a.W..\oS....P..t+T..........+.K...,.V..h.D.'t......qW......,.e1.n.......}.....G...q..b>.(........#.....#Z./?0~FZ.5...O.".d4.'..|.ki..G...G.......Sv.w.@.qs`G@K.&.G..yk.......z.2.zB3.g....Mo.......E9..2lq...~H.B\.H..8...&..../.4.k..*6..]R.;.X..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\red_x[1]
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                              Category:downloaded
                                              Size (bytes):4692
                                              Entropy (8bit):7.929034471918412
                                              Encrypted:false
                                              SSDEEP:96:Sn/2mON/mv8Z7QuHy9TZhjR0ZmegAmURrkxeDlOyMX:SnO8i7QhVTvUbDlq
                                              MD5:5F3C13A459A72438E42B2289C7AF2034
                                              SHA1:F43551BE102CD1EB0B2E87DC24F980720194A56B
                                              SHA-256:A7A63CA1370CD6FC3470FA81BB1DCB21BCE31B0048A36E5BCE8914EEB88DAAB1
                                              SHA-512:14E82E281DC91ED57EAB780279D167413185DB3FA7BE49FBDB4942888E7F4E30B1A0536B269258FB8C3975BCF2BC189B51AAC4F70BF44887BC17506DF6ECB507
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:res://ieframe.dll/red_x.png
                                              Preview: .PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.*G..d;c..8.`........3.....2"Qq.g@.0.aK.I.V.R{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.*(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$*..I..0. m).8'..P..h..k@...]..C..{.*L..qm9...W_.yX.....@.Kh..7/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\related_item_external_avatar[1].png
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:PNG image data, 80 x 80, 8-bit colormap, non-interlaced
                                              Category:downloaded
                                              Size (bytes):2577
                                              Entropy (8bit):7.781446647389294
                                              Encrypted:false
                                              SSDEEP:48:hIClmS5juJIIPoy8mJgii5Je64GRWEcaGuFAHvUu3olwHCMtToF3PNxXPqoE:hIQj5jLIwXmJIasRXGhPywHo19P5E
                                              MD5:DBB859BB594B6AB827C4A148D9343720
                                              SHA1:BD7E94CCCAEB4B244E0D6A333450013F35FCC817
                                              SHA-256:679EC39C5CCB27D18357D6E23DE0DFA22D07ED435B09E85F7003FFC3870150D4
                                              SHA-512:9EA39C37EA3A6395B7E9CD63DA3BAAD1F2585B9BAB598D73B5FEBC7399B8532AC8FE57ED2E77537F9D7E689CE8CC289E20D29060023CD2AAD7ADFF4E03944C71
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://ssl.gstatic.com/support/content/images/static/related_item_external_avatar.png
                                              Preview: .PNG........IHDR...P...P.............PLTE................F........?.......@..-..2..:..'.............4..............1..5..A.....*...........k..i..[.....I.......*..(..................T..3..9....!.....}.......*...............%........t.......8..v..'..+.........................k.....x........S........S.........E...................................>..5............A..........G..Y.......&...............".....................@..%....................................................>.....(..`..:............C..O..1..9..........s..M........m...........?..V..2..a..e..j..&..$..:.......R..&....................4........(..... ..............B..9.....-.."..-../.....E..\..2..*..7.....0........<..I..<..!........$..*...........D..5........B...................................;.f.....tRNS.@..f....IDATx..eTTi......a...k.....6....( ..H.2 .5...42.H.!.....H.....;.;qa..........y.J<..=..+....)cL@..a-..N..u.w....2..H}..q......WD...<i.W.W_.}&5=...p..Q.....1.....|..T....4.
                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\rpc_shindig_random[1].js
                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              File Type:ASCII text, with very long lines
                                              Category:downloaded
                                              Size (bytes):12539
                                              Entropy (8bit):5.458974573896238
                                              Encrypted:false
                                              SSDEEP:192:8iApwYKUa9u5vocJJBA1UwgZCwm5Mi0+Sczle:83pw9dk9JO1UUwmR0+Scxe
                                              MD5:DF813DA45C8AE692979B28CB1FD2F417
                                              SHA1:5E3E14691CDC1E7D9F8626D86D5695FB96BBB029
                                              SHA-256:ABE23E191DE0904E3B7FE3D486395162DD8B190EED41501AD53E870ED8BB9DD4
                                              SHA-512:D9AF5073957EF9D4E7F13CDEC08EB7CBE57FC1EBD0E940403187A706DADFA09C3069B2CA3272DC5313C865A9C0F24D690BBC563C612DD9F469248024AA097C1D
                                              Malicious:false
                                              Reputation:low
                                              IE Cache URL:https://apis.google.com/js/rpc:shindig_random.js?onload=init
                                              Preview: var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var g=this||self,h=function(a){return a};/*. gapi.loader.OBJECT_CREATE_TEST_OVERRIDE &&*/.var m=window,n=document,aa=m.location,ba=function(){},ca=/\[native code\]/,q=function(a,b,c){return a[b]=a[b]||c},da=function(a){a=a.sort();for(var b=[],c=void 0,d=0;d<a.length;d++){var e=a[d];e!=c&&b.push(e);c=e}return b},v=function(){var a;if((a=Object.create)&&ca.test(a))a=a(null);else{a={};for(var b in a)a[b]=void 0}return a},x=q(m,"gapi",{});var C;C=q(m,"___jsl",v());q(C,"I",0);q(C,"hel",10);var D=function(){var a=aa.href;if(C.dpo)var b=C.h;else{b=C.h;var c=/([#].*&|[#])jsh=([^&#]*)/g,d=/([?#].*&|[?#])jsh=([^&#]*)/g;if(a=a&&(c.exec(a)||d.exec(a)))try{b=decodeURIComponent(a[2])}catch(e){}}return b},fa=function(a){var b=q(C,"PQ",[]);C.PQ=[];var c=b.length;if(0===c)a();else for(var d=0,e=function(){++d===c&&a()},f=0;f<c;f++)b[f](e)},E=
                                              C:\Users\user\AppData\Local\Temp\~DF647CF66800DC8527.TMP
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):119517
                                              Entropy (8bit):2.428049920199029
                                              Encrypted:false
                                              SSDEEP:3072:z535a3rxKtdCKxdCK7CKphbCKtsCKeCKxCK:oKtdCKxdCK7CKphbCKtsCKeCKxCK
                                              MD5:4BED51E8B159BC20B50FC7A20C27CD04
                                              SHA1:A06EE0BA6FF1C6E08B8A4E849CCD485204C701FC
                                              SHA-256:98CFDEE57BB4036995D433AC91772FC2D6571CBDF70CCB55DD37F1CDA13B1664
                                              SHA-512:307AE29D676F31C5B91838403550408A491F9A18727B10EDAB629B4619F946D60109F50CEBCBE34A0147527954F75D1E2A8E9FAE014C0910EEB23E4750EE37A5
                                              Malicious:false
                                              Reputation:low
                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Temp\~DFC2B9C593EF906210.TMP
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):13029
                                              Entropy (8bit):0.4806895648472569
                                              Encrypted:false
                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9loBF9loD9lWyqA+r+8:kBqoIkayqA+r+8
                                              MD5:346FBF14FEA0B2501ABB066F0E9B7F8C
                                              SHA1:773CC83B4B1FB29AF21FDF3E9FD6281A62BF7546
                                              SHA-256:BB50B7EC44F1455BCDAF60AEF10C5FAB9BD00C4DC3498F494236F8BC3DD056FB
                                              SHA-512:17BD637F5DDCB8DC14738593EDCF2E569F712BE79E3758BC746EEC68237987BE21D31F336C5B5E42A854F417228670473A84D7D7E1EEA4FBE55AF738C3DE4F45
                                              Malicious:false
                                              Reputation:low
                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Temp\~DFF706986C6B70957F.TMP
                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):25441
                                              Entropy (8bit):0.30166624613030074
                                              Encrypted:false
                                              SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laANGi7O:kBqoxxJhHWSVSEabNO
                                              MD5:F9F4FD185E0B73F5BC3ADFD1A40846AE
                                              SHA1:C2BAD9FB39A546A633BC83E11A1335A99718547A
                                              SHA-256:F9D1EF110DEA6EAA6BEC37002D77C603AD1153D3AEAF85905CD94878568058E4
                                              SHA-512:017F91B75A7801A775F7A9D39CFC772CD52A2C2BE7E4DCDB43C978BD1D9E1F3A6D16618259106D2A1BBC35C31EB4AA6652AECAD3DD56B42EAF2D371FE92A27A9
                                              Malicious:false
                                              Reputation:low
                                              Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              No static file info

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 19, 2021 19:24:50.211232901 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.211343050 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.251000881 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.251082897 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.251178026 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.251312017 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.264508963 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.265943050 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.304709911 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.305635929 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.311683893 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.311738014 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.311779976 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.311815023 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.311851025 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.311927080 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.311934948 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.311940908 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.312628984 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.312715054 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.312720060 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.312783003 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.312786102 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.312824965 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.312880039 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.312892914 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.322499037 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.322909117 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.323193073 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.348973036 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.362816095 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.362864017 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.362879992 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.363014936 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.363055944 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.363704920 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.363746881 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.363776922 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.363823891 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.363843918 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.363857031 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.363922119 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.389403105 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.389440060 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.389544964 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.541153908 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.544811964 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.545969009 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.546327114 CET49736443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.582062960 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.582170963 CET49737443192.168.2.3216.58.212.129
                                              Jan 19, 2021 19:24:50.586908102 CET44349736216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:50.591816902 CET44349737216.58.212.129192.168.2.3
                                              Jan 19, 2021 19:24:51.415497065 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.417490959 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.463969946 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.464075089 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.464833975 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.465272903 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.465370893 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.465967894 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.513401031 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.513623953 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529325008 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529365063 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529427052 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529464006 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529464960 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529510975 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529519081 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529524088 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529618979 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529656887 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529676914 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529706001 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529731035 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529767036 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.529781103 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.529814005 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.536678076 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.539366007 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.539705038 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.540599108 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.540985107 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.584649086 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.584700108 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.584770918 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.584789991 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.585361004 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.586987019 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.587119102 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589257002 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589298964 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589334011 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589356899 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589446068 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589502096 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589524031 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589556932 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589576006 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589607954 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589636087 CET44349742216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.589682102 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589710951 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.589716911 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.590375900 CET49742443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.591778994 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.591873884 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.592025042 CET49743443192.168.2.3216.58.206.33
                                              Jan 19, 2021 19:24:51.638303995 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.640964985 CET44349743216.58.206.33192.168.2.3
                                              Jan 19, 2021 19:24:51.642811060 CET44349742216.58.206.33192.168.2.3

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 19, 2021 19:24:22.434984922 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:22.498106003 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:23.549367905 CET6015253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:23.666316032 CET53601528.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:23.989111900 CET5754453192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:24.005578995 CET5598453192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:24.053208113 CET53575448.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:24.077606916 CET53559848.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:24.388313055 CET6418553192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:24.449073076 CET6511053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:24.455099106 CET53641858.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:24.506036997 CET53651108.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:38.933653116 CET5836153192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:38.990325928 CET53583618.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:39.906616926 CET6349253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:39.968120098 CET53634928.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:40.189532042 CET6083153192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:40.240179062 CET53608318.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:41.336121082 CET6010053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:41.386838913 CET53601008.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:42.364447117 CET5319553192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:42.430479050 CET53531958.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:45.274920940 CET5014153192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:45.325918913 CET53501418.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:45.645629883 CET5302353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:45.693624973 CET53530238.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:45.704201937 CET4956353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:45.760375977 CET53495638.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:46.444912910 CET5135253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:46.501521111 CET53513528.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:47.303232908 CET5934953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:47.351300955 CET53593498.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:47.373219967 CET5708453192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:47.421192884 CET53570848.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:48.338321924 CET5882353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:48.386138916 CET53588238.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:49.097871065 CET5756853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:49.162067890 CET53575688.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:50.072705030 CET5054053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:50.075674057 CET5436653192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:50.123742104 CET53505408.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:50.123790979 CET53543668.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:50.313930035 CET5303453192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:50.370138884 CET53530348.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.034282923 CET5776253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.098838091 CET53577628.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.348589897 CET5543553192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.396251917 CET5071353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.413443089 CET53554358.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.420033932 CET5613253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.447017908 CET53507138.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.479698896 CET53561328.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.640685081 CET5898753192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.704756021 CET53589878.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.731929064 CET5657953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:51.796292067 CET53565798.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:51.940982103 CET6063353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:52.005495071 CET53606338.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:52.347497940 CET6129253192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:52.395431042 CET53612928.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:52.443615913 CET6361953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:52.499540091 CET53636198.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:53.108628035 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:53.156754971 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:53.299622059 CET6194653192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:53.350696087 CET53619468.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:53.445753098 CET6361953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:53.493855953 CET53636198.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:54.101687908 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:54.103189945 CET6491053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:54.150017977 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:54.151055098 CET53649108.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:54.608639956 CET6361953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:54.664767027 CET53636198.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:55.117882013 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:55.174141884 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:56.789174080 CET6361953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:56.825155020 CET5212353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:56.837269068 CET53636198.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:56.886692047 CET53521238.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:57.132443905 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:57.139961958 CET5613053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:24:57.180591106 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:24:57.190613985 CET53561308.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:00.047761917 CET5633853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:00.095715046 CET53563388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:00.804631948 CET6361953192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:00.831672907 CET5942053192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:00.852889061 CET53636198.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:00.879699945 CET53594208.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:01.148494959 CET6493853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:01.196419954 CET53649388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:01.499289989 CET5878453192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:01.557442904 CET53587848.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:01.641746044 CET6397853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:01.697936058 CET53639788.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:03.290983915 CET6293853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:03.341880083 CET53629388.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:04.424045086 CET5570853192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:04.472063065 CET53557088.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:07.057358980 CET5680353192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:07.072532892 CET5714553192.168.2.38.8.8.8
                                              Jan 19, 2021 19:25:07.117810965 CET53568038.8.8.8192.168.2.3
                                              Jan 19, 2021 19:25:07.120582104 CET53571458.8.8.8192.168.2.3

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Jan 19, 2021 19:24:24.388313055 CET192.168.2.38.8.8.80x2610Standard query (0)accounts.youtube.comA (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:39.906616926 CET192.168.2.38.8.8.80xe3ceStandard query (0)favicon.icoA (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:50.075674057 CET192.168.2.38.8.8.80xffb4Standard query (0)lh3.googleusercontent.comA (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:51.348589897 CET192.168.2.38.8.8.80x376dStandard query (0)lh4.ggpht.comA (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:51.420033932 CET192.168.2.38.8.8.80x2fb0Standard query (0)www.youtube.comA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Jan 19, 2021 19:24:24.455099106 CET8.8.8.8192.168.2.30x2610No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)
                                              Jan 19, 2021 19:24:39.968120098 CET8.8.8.8192.168.2.30xe3ceName error (3)favicon.icononenoneA (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:50.123790979 CET8.8.8.8192.168.2.30xffb4No error (0)lh3.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                              Jan 19, 2021 19:24:50.123790979 CET8.8.8.8192.168.2.30xffb4No error (0)googlehosted.l.googleusercontent.com216.58.212.129A (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:51.413443089 CET8.8.8.8192.168.2.30x376dNo error (0)lh4.ggpht.comphotos-ugc.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                              Jan 19, 2021 19:24:51.413443089 CET8.8.8.8192.168.2.30x376dNo error (0)photos-ugc.l.googleusercontent.com216.58.206.33A (IP address)IN (0x0001)
                                              Jan 19, 2021 19:24:51.479698896 CET8.8.8.8192.168.2.30x2fb0No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)

                                              HTTPS Packets

                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                              Jan 19, 2021 19:24:50.311815023 CET216.58.212.129443192.168.2.349737CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                              Jan 19, 2021 19:24:50.312824965 CET216.58.212.129443192.168.2.349736CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                              Jan 19, 2021 19:24:51.529464006 CET216.58.206.33443192.168.2.349742CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021
                                              Jan 19, 2021 19:24:51.529767036 CET216.58.206.33443192.168.2.349743CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Tue Dec 15 15:47:09 CET 2020 Thu Jun 15 02:00:42 CEST 2017Tue Mar 09 15:47:08 CET 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                              CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Start time:19:24:21
                                              Start date:19/01/2021
                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                              Wow64 process (32bit):false
                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                              Imagebase:0x7ff6caf00000
                                              File size:823560 bytes
                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low

                                              General

                                              Start time:19:24:22
                                              Start date:19/01/2021
                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5908 CREDAT:17410 /prefetch:2
                                              Imagebase:0x1130000
                                              File size:822536 bytes
                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low

                                              Disassembly

                                              Reset < >