Analysis Report https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y

Overview

General Information

Sample URL:	https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y
Analysis ID:	375557
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: registration[1].htm.2.dr	String found in binary or memory: src="https://www.facebook.com/tr?id=1947377292258582&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
Source: 183487702480957[2].js.2.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func

Source: unknown

DNS traffic detected: queries for: www.keepandshare.com

Source: WV1W1JAQ.htm.2.dr, contact_us[1].htm.2.dr	String found in binary or memory: http://developer.keepandshare.com/
Source: fontawesome-webfont[1].eot.2.dr, master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: prototype-1.7.3.min[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: K6ngFdK5haaaRGBV8waDwA[1].ttf.2.dr, nHiQo1BypvYzt95zlPq1TvesZW2xOQ-xsNqO47m55DA[1].ttf.2.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: prototype-1.7.3.min[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: http://www.iloveflipbooks.com/
Source: contact_us[1].htm.2.dr	String found in binary or memory: http://www.keepandshare.com/business/support_email/support_email_form.php
Source: contact_us[1].htm.2.dr	String found in binary or memory: http://www.keepandshare.com/business/support_email/support_email_form.php?type=support
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: http://www.keepandshare.com/global/lp/js/matchMedia/0.1.1/matchMedia.js
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr, f[1].txt.2.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: js[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: registration[1].htm.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/keep-share/id1013157533?mt=8
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://keepn.com/graphics/lpgraphics/core_pages/index/hero_image.min_v2018.png
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.keepandshare.keepshare
Source: f[1].txt.2.dr	String found in binary or memory: https://services.google.com/sitestats/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: contact_us[1].htm.2.dr	String found in binary or memory: https://support.keepandshare.com
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://support.keepandshare.com/
Source: contact_us[1].htm.2.dr	String found in binary or memory: https://support.keepandshare.com/a/solutions/categories/92413
Source: f[1].txt.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: tp.widget.sync.bootstrap.min[1].js.2.dr	String found in binary or memory: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/539ad60defb9600b94d7df2c/index.html?businessunitId=5654e51c
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?businessunitId=5654e51c
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?businessunitId=5654e51c
Source: registration[1].htm.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.ch/pagead/1p-user-list/1067089813/?random
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/1067089813/?random
Source: registration[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LePRYAUAAAAAFOMetxSk3zNP53GLq1OntSUjnMP
Source: recaptcha__en[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LePRYAUAAAAAFOMetxSk3zNP53GLq1OntSUjnMP&co=aHR0
Source: f[1].txt.2.dr, js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: webworker[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js
Source: anchor[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/styles__ltr.css
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.keepandshare.com
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/business/registration.php?form=free_trial&ifr=y&lp=
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/registration_pre.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/registration_pre.php?form=free_trial
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/support_email/support_email_form.php
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y$Error
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=yRoot
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.keepandshare.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.keepandshare.com/favicon.ico~
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/htm/calendar_self_booking.php
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php-covid-19-names-pdf-2k?da=y
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php2Contact
Source: WV1W1JAQ.htm.2.dr, contact_us[1].htm.2.dr	String found in binary or memory: https://www.keepandshare.com/htm/message/request_consultation.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/index_signin.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/m/index.php
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/oc10/32417/enquest-covid-19-names-pdf-2k?da=y
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/xOnline
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepare.com/htm/contact_us.phpRoot
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepare.com/oc10/32417/enquest-covid-19-names-pdf-2k?da=yRoot
Source: 5406e65db0d04a09e042d5fc[2].json.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/evaluate/embed/keepandshare.com
Source: 5406e65db0d04a09e042d5fc[2].json.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/evaluate/keepandshare.com
Source: WV1W1JAQ.htm.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, contact_us[1].htm.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/review/keepandshare.com
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5df630f7c845450b742f8871
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5dfa9f08c845450b74324784
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e1c7f21c845450bec365306
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e1ca337c8454503e830ec5c
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e25fd103c93ae0b249339a3
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e37e73c3c93ae04c0d91817
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e3bc02d3c93ae04c0db84c4
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e56d2593c93ae0bc40aec17
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e6acbbe3c93ae0964631243
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e723d163c93ae0964667056
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e79154e3c93ae0964699854
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e8abc41086b6409bc7df9cd
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eaafe03086b640954447d45
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eab597c086b64095444c602
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eb584b525e5d209b8e58d15
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ebc367f25e5d209b8ea0577
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed1613025e5d20a88a2d9c4
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed4399625e5d20a88a4228a
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed6a55825e5d20a88a5da9c
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ee827277dd7530828c1edf1
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f095b1e3f06f202a45aef4b
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f281ed21a5a6907a4798d53
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3164531a5a690788a5c826
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3237631a5a690788a638cf
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3678039cc22a073c979286
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3eabd402e85708c8d534de
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f456f5e02e85708c8d8c2f3
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f58d91702e85707dcef1486
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f5da04502e8570acc36cb0c
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f6df3f1798e6f09601fe872
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f738521798e6f0960230d13
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f9708295e693f06f872130c
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f9da8a95e693f06f87692bd
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5fc995ca5e693f07049f3a8b
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5fdba86d755dc107e0c6b8fa

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/96@20/18

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC1456364037F95DB.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4692 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4692 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.215.255.105	prod-eu-pixel-collector-vpc-145135437.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
52.84.138.122	widget.trustpilot.com	United States	16509	AMAZON-02US	false
74.125.133.154	ads-bid.l.doubleclick.net	United States	15169	GOOGLEUS	false
23.111.9.38	rec.mouseflowaps.netdna-cdn.com	United States	33438	HIGHWINDS2US	false
66.160.183.118	keepn.com	United States	54288	SOLIDTOOLSINCUS	false
151.101.0.65	g.global-ssl.fastly.net	United States	54113	FASTLYUS	false
157.240.17.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
66.102.1.155	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
64.62.174.128	www.keepn.com	United States	6939	HURRICANEUS	false
172.217.168.66	cm.g.doubleclick.net	United States	15169	GOOGLEUS	false
31.13.86.36	star-mini.c10r.facebook.com	Ireland	32934	FACEBOOKUS	false
64.71.144.43	www.keepandshare.com	United States	6939	HURRICANEUS	false
216.58.215.227	www.google.ch	United States	15169	GOOGLEUS	false
87.248.118.22	edge.gycpi.b.yahoodns.net	United Kingdom	203220	YAHOO-DEBDE	false
104.244.42.195	s.twitter.com	United States	13414	TWITTERUS	false
172.217.168.34	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
37.252.173.62	ib.anycast.adnxs.com	European Union	29990	ASN-APPNEXUS	false
34.98.64.218	us-u.openx.net	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
star-mini.c10r.facebook.com	31.13.86.36	true
g.global-ssl.fastly.net	151.101.0.65	true
www.keepn.com	64.62.174.128	true
us-u.openx.net	34.98.64.218	true
stats.l.doubleclick.net	66.102.1.155	true
s.twitter.com	104.244.42.195	true
rec.mouseflowaps.netdna-cdn.com	23.111.9.38	true
prod-eu-pixel-collector-vpc-145135437.eu-west-1.elb.amazonaws.com	52.215.255.105	true
www.keepandshare.com	64.71.144.43	true
scontent.xx.fbcdn.net	157.240.17.15	true
googleads.g.doubleclick.net	172.217.168.34	true
keepn.com	66.160.183.118	true
cm.g.doubleclick.net	172.217.168.66	true
ads-bid.l.doubleclick.net	74.125.133.154	true
widget.trustpilot.com	52.84.138.122	true
www.google.ch	216.58.215.227	true
ib.anycast.adnxs.com	37.252.173.62	true
edge.gycpi.b.yahoodns.net	87.248.118.22	true
www.facebook.com	unknown	unknown
cdn.mouseflow.com	unknown	unknown
bid.g.doubleclick.net	unknown	unknown
pixel.rubiconproject.com	unknown	unknown
secure.adnxs.com	unknown	unknown
pixel-geo.prfct.co	unknown	unknown
connect.facebook.net	unknown	unknown
stats.g.doubleclick.net	unknown	unknown
analytics.twitter.com	unknown	unknown
ads.yahoo.com	unknown	unknown
tag.marinsm.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.keepandshare.com/htm/contact_us.php	false		high
https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IQKAPMW1\www.keepandshare[1].xml	ASCII text, with very long lines, with no line terminators	FA2433EF4996CE9638E2B62CECA42B05	5AB14C39FC4BF1299B13F652B0C775755B9162F5	0B1F72FE1B4431CAE2491CC8E80C73A7D2F6F29E58489E21A1028A6EA016A728
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\X1FQLEDM\www.google[1].xml	ASCII text, with no line terminators	DE7F37AFEDDC3C118912C462308816C8	0CBD621B736E902235386F528FF3FA2E93849681	5D5C5610F295D191EAA3260BE599EB9B7E073717132D6C966163EE102F1BBA0E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{368AFD0A-8D53-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4BCD4517C17B60D7C7063E8C3D4D9777	C849DA0489927C18701C929D9A5FA1060F35FB75	90BFD6BF1E79DB2FC6A529E05D6AFAD27C0F9862F238AFEA9976A662138014CD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	842C0AAD93C70E5BDB73E618DF0EEDAC	26F14D5BC682F9820F078FCBA0D99902324153AF	A25748C3D7811B24ED3DEAC7987416212F4F523A96F11507E98994130A7E41B7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{368AFD0D-8D53-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	D2C461905177E9FBC8C966B2DA12A916	EFDF0C7C6D63BE672CAF8F1EDF5374214214E325	2FD56D1E176FB955AA033FD8A84056DC3FD369B8B036D9CEEF8F7DB1DF13F61E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	03DC62965602C7FD102DA217147670BC	E6B8A7B4BF251FE009EA9621921D228E031E1E66	1F0CD6B84E7B81039B6E9EB892F14B1C706B0045B7E2EA08AAB121F42D524A3B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5406e65db0d04a09e042d5fc[1].json	ASCII text, with very long lines, with no line terminators	03E888BCD26307CA75DD120D41D8FAE3	5E1534A03FC655A8DAAC526C3F7B6604C0CCCA16	10D34C681282F9D4AF9CAD648B0D33438E66E64BEE236B95D96AABD50A3E9A05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5406e65db0d04a09e042d5fc[2].json	ASCII text, with very long lines, with no line terminators	03E888BCD26307CA75DD120D41D8FAE3	5E1534A03FC655A8DAAC526C3F7B6604C0CCCA16	10D34C681282F9D4AF9CAD648B0D33438E66E64BEE236B95D96AABD50A3E9A05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\59f77fc955540b22fa000038[1].js	ASCII text, with very long lines	2504BB49A6034A5241D2C111A23767AD	158ED19173F8973C3FF998CC0F35A083AAFD2E1C	F6E42E6DD0C039907B0D9BCC72C813A62F2AF201B9B6C459868E29D49E14028B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\73f08661-a058-4e73-90df-bb12917a4ad6_eu[1].js	ASCII text, with very long lines, with no line terminators	302EE656C975B3A53343F1BBE02A0B53	A9CBD216667A93F56A42C47590ABEB98D4D44A43	F943EACFC483576EB7CA68A1FC5A4251614669E60FF2DE262C16A2FD5CA9CE12
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js	ASCII text, with very long lines	6A10EB2BB5C90414980729F4F96FFBDA	8BBBD5948255549E4B691B614AA3177DEA9AF1B7	0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\app_store_badge[1].png	PNG image data, 168 x 50, 8-bit colormap, non-interlaced	F10DE02C4BFF18DE91C5F8FDAFC2FB67	DCCAA08E336F8E6658544D999A6ACCAFE0F3B179	952F13396B98EF6F08ECC127A36CF326DDB028A5050146F5A00604909C620764
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].js	ASCII text, with very long lines	5869C96CC8F19086AEE625D670D741F9	430A443D74830FE9BE26EFCA431F448C1B3740F9	53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cream_dust[1].png	PNG image data, 50 x 50, 4-bit colormap, non-interlaced	A8B426BDF54D58953C84589AF6D79EBE	EEF38C387DB75E461F07F1C3578942D8907E4F5A	E1CF6492F2A93556D3AEFD9E91C10B206D100C5CD522FD0E50640341C6F9E47E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\google_play_badge[1].png	PNG image data, 169 x 50, 8-bit colormap, non-interlaced	CAF65AC02780F4E724D92C73427A1EC0	A6E6E310592885689106D21088D492A77D2BF715	C20E5BCDB91048366E2B759EF87CBE0E7C394E0FD64C0810ACD9C9A0FEE3EF13
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main[1].js	UTF-8 Unicode (with BOM) text, with very long lines	54A85C8529E9EDFDD38EFFECA44FF4AA	CD7E8161B10E0330EC223EC228182131F23A7880	D5D9101888E9484F48ABF25BED40BFD18006D50A125351A34DFBBEB77CA660EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\modalbox.min[1].js	ASCII text, with very long lines	560BE2557FAEE985800880DB6A51D6EE	ACD7F18DE836C63B51B3F68D164A33697AFB15DD	0D65DE6B87B750DE48564A9AA21267D63516CEB52EF8D624BC6E38E6DFF47030
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recaptcha__en[1].js	HTML document, ASCII text, with very long lines	105FF5713D60E0B400E03A71BBF249E3	A601E6E6394C0B91350972C4B31A21EA636F9C50	B6FCDD11C229160158B2399CFC0524BD1712B0B24E86E9D3432E5EEC78D9E518
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\screen_month_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	D4E0F38B45125CCD42DF840921B56A0D	DA25838B8935F75979D89E1CB18F36F26368C29C	90806E69CE3D21C0CDAEF46D4034AE993B194F507089258E4584DE1CF32A1D87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	E548DC0AEF0A21A2DF5B964EF93118AA	983091AEC1E7BFEB79F768E4B997C43B55EDE14A	6B08EA3A348838BC942AD470A757575975BD09459B63C1872C6E1129A6CA1939
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\webworker[1].js	ASCII text, with no line terminators	63582536B71B4C6CBBB0FF6F71E43979	EDCAE8FFBB3020A57A620ED448F1CF955263A002	9C2464ADD3C699D2BE6D7EC889EED8D56FF71327CE4FC9E43955CEA79B117FCE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\59f77fc955540b22fa000038[1].js	ASCII text, with very long lines	2504BB49A6034A5241D2C111A23767AD	158ED19173F8973C3FF998CC0F35A083AAFD2E1C	F6E42E6DD0C039907B0D9BCC72C813A62F2AF201B9B6C459868E29D49E14028B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\73f08661-a058-4e73-90df-bb12917a4ad6[1].htm	HTML document, ASCII text, with CRLF line terminators	CD2E0E43980A00FB6A2742D3AFD803B8	81FFBD1712AFE8CDF138B570C0FC9934742C33C1	BD9DF047D51943ACC4BC6CF55D88EDB5B6785A53337EE2A0F74DD521AEDDE87D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AHRhs1D3ZquYsgAMpj5q2vpzkPMkbMfvPao1yrEQEiw[1].js	ASCII text, with very long lines, with no line terminators	6A685A8533248FD41EEB3A89430C2287	05C77E65C10AE254D471273C4529E9CAAA169938	007461B350F766AB98B2000CA63E6ADAFA7390F3246CC7EF3DAA35CAB110122C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\K&S_Logo@3x[1].png	PNG image data, 717 x 144, 8-bit colormap, non-interlaced	0C01F827B25079066BEE794F7ACD2FD4	F6B5BA5169DD0C5AF58A6E30B86AF396B695AA32	A5900A5D9512BAE84E0D44CF7A1F10F10D22BD86C856EA56545DD715228E366A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bat[1].js	ASCII text, with very long lines, with no line terminators	815C752A1218F66565366C60C0E4B265	615F539F4291D33C097AC72C75F69A14D5A6EEBE	F14F0D4CA69DB0C2914322578F10BF3F9393771F439C9F670CC4D40971B0AF8D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hypnotize_bg[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, frames 3	74747D06042222DFBE0A46E650CF5949	4B64B5EF4B86B0C4E8F01CD7EF2D62A702873A20	CDC86B519E06E92392B0B714F3C3161BF037A2E2FB21D6D10E3E32D44D48BACC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js[1].js	ASCII text, with very long lines	8D10AE258936E6C8B040DD0E833CA8DD	E84685AF2163C5E1CA1AC2314E86F588DACD15AC	65180B1B5FD8A9861B05E2BA937F2F9109310625CA1AB77BE53E9A1531A3227C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main[1].js	UTF-8 Unicode (with BOM) text, with very long lines	137B9ABABE3E2A97383A2597B91786A0	F3F701712FB5765F5D764F2A9262F78D852D19F2	43174A7F2DBFD1C2235A0EC1609DC283FDDF1B31BE8F0845D072F118DB6CCE69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main[2].js	UTF-8 Unicode (with BOM) text, with very long lines	29BD80DF7C051084066709022D748C45	D1F303B1672677B5F651F6409DAB0C283535D530	703D55C7607C1564783CF1F4DF1D6125F0064216FA2813CBDD0659AC1C3A438A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\prototype-1.7.3.min[1].js	ASCII text, with very long lines	E0F66399BFE49D2BE6976726138869AB	CD6CC034C19B253E4A26A1107F61FEAD66532C4B	F235FF9CA71534AF3417D8D2F8D7CFAB6BF88468DDBB9679F53B2B4C42081E94
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen_day_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	DFABD438268BFBA8E4EBCF2F6B4FE850	4EDEA995E8CD966FE4393A6881CD4ABF5138BDE2	7C93F35E13747BB842C7BD39CAB1C15B4044B1613AA5C4044CCC25EF9C206496
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen_event_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	4CF34DB1E8F0B7EADF64E8C06C86CD0D	2821FABDFF7FB30AEF196623BFCA41613C664BF5	1298FD22B241B849511A45A34E504317037BE9EC5DFCAAEAB128635A9D79B417
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen_sbs_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	737DD13976887ADD6513B1FB6B55F2F0	A0D67B3FC2B82EDFCB22C86E608D20BBF68FC17B	4C5C72149BF1048BB90F515A81784921A7188BBEF359800B1B8A7F531DF4C982
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen_week_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	EF13CA8782B23DE18679EEF6C3C05707	802D4873DA9A5F7358BC0FB86B2B9C0273868738	7F38661A68D01F0F00B5637A5AC6103DA8F906BF8560D7562DBAEED577790C84
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen_year_view[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	FC888E7825101D287A88F0464BD1EF4A	5BB81EF67F2C037212AC8024F1AEE308A54FDD9A	29CD376D7BBB1BE1E09AFDB7397E2846ABAE8CAB2EB8C7C08ECFDBDC766309C1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\seg[1].gif	GIF image data, version 89a, 1 x 1	07FFF40B5DD495ACA2AC4E1C3FBC60AA	E8AC224BA9EE97E87670ED6F3A2F0128B7AF9FE4	A065920DF8CC4016D67C3A464BE90099C9D28FFE7C9E6EE3A18F257EFC58CBD7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\tp.widget.bootstrap.min[1].js	UTF-8 Unicode (with BOM) text, with very long lines	7317650D5DFD754D6285A0B01E058AC8	7AD6BC8CE4663BD658CD3C4793E4F62C4A3FB704	648C1DE13CB751E7C054B5A44ACC2082F58A05DD5753B9F9827A1BCD8865A278
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\voc_amy_kelly_md[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 200x194, frames 3	04D1EE636642E007EC5E3DE2CEC87D7C	B92EBA370237EC04C0700CA0471AD56C66800E07	EE5CE7B3D2BB601FA2D9B7C2D84B17AAD8CFDE82547FC705AD0A4076839FB810
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1067089813[1].gif	GIF image data, version 89a, 1 x 1	7EDD19F8419144CEA07BFBE8887B944E	49D47C4F9EAFC111ED241D743F09D73C3A12F5C4	605627E07A397426E1FDB473A8B69F252EB192CC953C266199DE9E5E63629F68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1067089813[2].gif	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\183487702480957[1].js	ASCII text, with very long lines	16641F0708FCFC0E580FD4135771EC3B	6542AE4E2683C78151FE40D12F6970B8E7100EEE	B624D0AAADB541F3BF5120BF21D540BFB5C64B22615031FB4DB7713B22A54260
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\183487702480957[2].js	ASCII text, with very long lines	16641F0708FCFC0E580FD4135771EC3B	6542AE4E2683C78151FE40D12F6970B8E7100EEE	B624D0AAADB541F3BF5120BF21D540BFB5C64B22615031FB4DB7713B22A54260
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\K6ngFdK5haaaRGBV8waDwA[1].ttf	2010Version	B31792FB6A5825FBE2B9779C52EFC219	990984BFC90351F2CE8B7FDA8141822AEF78F17B	3E2FDF4BBF6D0768EDA9228A927F23B12C169BA359523CFEDA3AC767ECAA23F0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\WV1W1JAQ.htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	A06D9F6510BC3E09C0798EF1F5C2658B	0595E9A399968BB421B6612AB7FD3067A8800960	72374C0946908A2FC040671A40CBE4B212FD51E39E5BA7D5E2B79FEC4955CA4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\api[1].js	ASCII text, with very long lines, with no line terminators	93F7625CED3CFAD104705C24F85422FB	4F5F6E23342926E05A7E554D76763F6A12191849	27180C223B4AC955F47D663377D20B08C1C3DC638720B1A84163196604B7A2FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\email_validate[1].js	ASCII text, with very long lines, with CRLF line terminators	D516C69B5DFB7425A2F354DD3FCCB739	942F7FB271513510A49E78DA1C96204172CE752D	2AC4D39AAC6AEF2FF8238112D1AE1A24CCBA503C06B79D40E9700FCF35031B9F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\f[1].txt	ASCII text, with very long lines, with no line terminators	741422364D992103B2F373794554C039	AE5808860A21D6480020B55B243A845E7F72466F	3D433D3A1E1878FA9C530D8410CC9B248433D1F71A3A12458095D16913C9B992
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fbevents[1].js	ASCII text, with very long lines	1DE516A5B6B1C6033B92EE5F5D50C140	9E37DA5D5D789074D1DADD60977A9575A6332DD5	9E7EA2B4BA8E2BCC4A964D6192E4671DC5F6863A1C7E35B52B229A3C1E67A68D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\forest_bokeh_bg_hero[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, progressive, precision 8, 1200x800, frames 3	FB9117AA15F6CC14B6F8C69723225E99	D540DAA052598590D83FB383E8E338734CC1B581	32149A29621E5E7AB12F22B165FF37812E1719BF32AF71B5A3C01CBBDB350C08
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hero_image.min_v2018[1].png	PNG image data, 800 x 500, 8-bit colormap, non-interlaced	9A7E637CDAE628BBDA254993003FF4ED	4751E25C1B02CC8C102D1F800D84166E342939B3	553B8DBDD001F6A1FF249784B8C59953189D7328D3C4ACA744903D0950AD941E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\index[1].htm	HTML document, ASCII text, with very long lines	789FDF5E4E812246D99D3B60008733E5	5CB5A30ED34393BD0DEBE76BE5A29DE200C5827A	B1CE327D4B8E0F9E3C0D7A717BD98CF8CA6FB59C22D3BF5CE3A1131F8A43CA67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\index[2].htm	HTML document, ASCII text, with very long lines	F28F20391D42FD8E1F51F4060E320B68	F6D0B0FCF64FCC9CFAC142B4C514044AEE9B15E9	D441B41E8E048C7F1A7453202C16B153B0EEA29667B06F543CA857812930E996
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\index[3].htm	HTML document, ASCII text, with very long lines	789FDF5E4E812246D99D3B60008733E5	5CB5A30ED34393BD0DEBE76BE5A29DE200C5827A	B1CE327D4B8E0F9E3C0D7A717BD98CF8CA6FB59C22D3BF5CE3A1131F8A43CA67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery[1].js	ASCII text, with very long lines	397754BA49E9E0CF4E7C190DA78DDA05	AE49E56999D82802727455F0BA83B63ACD90A22B	C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\keepandshare_calendar_screenshot_01[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	BF335D8CE98EBDC0402D2BABCA2B2004	395DCA3C67F14BDD11564B43C18C572FF9DBC390	3FCBD302B8F5498A4FACBDF51814F63C212F2960BE818888D0F08EF1F7D03FD1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\keepandshare_calendar_screenshot_02[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	7390FF7964D6A34B78134CF7A38D85A9	354222FE7702FE17A5B0D46D5616AE2D7E291E28	F7D63B379A9B694147CD79419C38D18DBD9E2C5632354244AD20014573062D5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\keepandshare_calendar_screenshot_03[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	DE789842C9A536F57435008E608AC20C	1373A7B9A6CBE6A947AD9CC2988B40151E042958	A731D138A868C300B12389F26BBECF093C0A2E4A2BB748AD5FA57B9816699FEC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\keepandshare_calendar_screenshot_04[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	4D3359C959C2840576C4797658AD6E3C	3548B3220F13A424CBD087E8AF4C07FCAFA1A3E2	9D87B6E8A18E726592100FF86A0C6D8A6C6768B95EB5B984B8CF62B00946945A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\keepandshare_calendar_screenshot_05[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1066x710, frames 3	716E808A3A379FC7DAC8919DA0A13C1B	04702C6C7B33AE8B332DC814D9B4D18435D74FED	24649193E9349A1E29392410045368FBC5ADCC86F1CE780B8924E1D27D356099
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\nHiQo1BypvYzt95zlPq1TvesZW2xOQ-xsNqO47m55DA[1].ttf	2010Cabin BoldV	D1A2CB0C1D2AAD18D96942A189674EA4	E4B12FDA6D8605F011301109ADEC5A885E022755	87C66ED7F873B9B9C5E39DB419CF7AEC79FEFB281995887211B3683096D54891
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\seg[1].gif	GIF image data, version 89a, 1 x 1	592EBEFC7104D681D57852665E9AD514	15CDF8DF32AA251DD6DD590A60BF9CF74474E7C5	4B5B6B15C6255109E06720CCE42A06D3AEAD8B7874423D9C52CB0303212C25EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\seg[2].gif	GIF image data, version 89a, 1 x 1	592EBEFC7104D681D57852665E9AD514	15CDF8DF32AA251DD6DD590A60BF9CF74474E7C5	4B5B6B15C6255109E06720CCE42A06D3AEAD8B7874423D9C52CB0303212C25EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tagjs[1].js	ASCII text	795F65F2963B2F8E8A0C3AC171B9C193	4F6D9B8AE6641CCD7098A27144CD392330F98B8D	C7394C66A2FDFC18AA171EB0A30FE53C1617F584B85B449F121877E71DC13B1B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tp.widget.sync.bootstrap.min[1].js	UTF-8 Unicode (with BOM) text, with very long lines	901928912893C693700FE1B09842B5DD	08773982E60D89A23E354DACB481E6C347946D1E	BD90495A01D0E283633E1B39FA2E683C85DB34C41D8BD4611D3B222EE8E80CA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tr[1].gif	GIF image data, version 89a, 1 x 1	B798F4CE7359FD815DF4BDF76503B295	F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5	10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tr[2].gif	GIF image data, version 89a, 1 x 1	B798F4CE7359FD815DF4BDF76503B295	F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5	10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\539ad60defb9600b94d7df2c[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	FA5561CB0B8DDB211798ADF6302F5D8D	721404362F9D1AF55513C3B54372966FD339746D	A31B1B4AE132615E426A496C46282028415C7EB3B3626B52C1CE9B273E70A9AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\539adbd6dec7e10e686debee[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	382C17E59EC63F9EF7FCD75F654D9933	8979D465D5E0F04747100F8DE8B5D97D8355A531	940CE521E57944A4A68948AA7B3A44CD15FFA79F1DA0FA3B5F5FC964A3091C7D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\anchor[1].htm	HTML document, ASCII text, with very long lines	F3146C4EA36B7B020E4C92F9FE5400B9	E55CFA8717DDA6AA098DA49E74C5BDB210E0FF93	7823CA108304BC7BC032892C42ED7567C2A59D8567AE9D9140F0A95EFA539774
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\contact_us[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	281A2078EE85F42E581DC69FD82E1A52	2B58759BB3498AF32A271EE81FC6512699B91A11	F7E2425173884CD4F6AE9674F28013882C2352FCAC153DFF3EA46778F2AC2B4E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\email_image_support_v3[1].png	PNG image data, 221 x 21, 8-bit colormap, non-interlaced	BA3D13F4F64FF22383685EAC2FD183F2	EE6C7AE4BA9B16B748119A6F788C2DCAD745E6B2	361DC73F5E7B41977AD9AD5E1BADC116B243AB6EF785FB22E5E6F89ED85660EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\episodes-002.min[1].js	ASCII text, with very long lines, with no line terminators	97CF79BD7D3ADE1CCC3366CA70648489	76DECF0175F52889E5766D8967988C4C8B5DA8E7	2EAC2A80F2AB8BAE3DECD6F3392D99E96B304E35A4DDA243300658CA9A0FA702
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\f[1].txt	ASCII text, with very long lines	54C16810EE87E9AFD39E301B9EC91C7B	7CB1BDC6F31FD505B6E488C28EF38A4F0B0098EF	42CC3140ECABA3FF0E14EC131C74C3556477488F76C063D5292F659A820A02E5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\f[2].txt	ASCII text, with very long lines, with no line terminators	1786530DFBCB5C7C582C919FE6D779DF	C18E4D1F59978B48B670E464543A486C2684ED07	1A879B6DA684AAC032B25F55C73A89B3CB2DEE7F55273B2B904FBD61FB152BA6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	82E5E07E96E0A870AC967FE12F943182	AC7094A348025B555394350A4B0856A35C6C58B9	38201057679984F727499876D1E981239624DA6FD362E2AD1ED711D8672450C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fbevents[1].js	ASCII text, with very long lines	1DE516A5B6B1C6033B92EE5F5D50C140	9E37DA5D5D789074D1DADD60977A9575A6332DD5	9E7EA2B4BA8E2BCC4A964D6192E4671DC5F6863A1C7E35B52B229A3C1E67A68D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\index[1].htm	HTML document, ASCII text, with very long lines	C59716939D5AED2388BF0F9EBB68EFB5	20B1A6862E0F4D82DC69172711A7FA1A5C2A410D	D7F8AA3896680688E0C2054A74A965098B28EE300FEC36E75B42FC857BE07D04
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\keepandshare_calendar_screenshot_01[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\keepandshare_calendar_screenshot_02[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\keepandshare_calendar_screenshot_03[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\keepandshare_calendar_screenshot_04[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\keepandshare_calendar_screenshot_05[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\master_external-20180124_1031.min[1].css	UTF-8 Unicode text, with very long lines	B20FF516B9810F6E7CA8EFA5A3235F3B	1E26F09610D6BB740FB4DE9B7961810264BFC420	10005B2C7735A68A86F165BF726EBBB3C3985AFBF52571FFC3083FE0158AB14E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\matchMedia[1].js	ASCII text	89F369588D629240D6A8D4F8788490C8	FB014487044FE7F608FA3E19E868ED5F9C41AA00	76B8C213B84808D8F2986BFA38E79E3F2D1A94F065E517A143999B198ABD8BD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\registration[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	2C95B918DFC0ABCDA3389114E962C3D1	6843FF9DAF75F2F0E70419935D1B985A1AD6AD4B	A5DB4BD2215E8D1423CE9223B98157EB28ED1B677B3663ABA13156FDBC1615C6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\tr[1].gif	GIF image data, version 89a, 1 x 1	B798F4CE7359FD815DF4BDF76503B295	F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5	10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\tr[2].gif	GIF image data, version 89a, 1 x 1	B798F4CE7359FD815DF4BDF76503B295	F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5	10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
C:\Users\user\AppData\Local\Temp\~DF5715D24817D4D378.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFC1456364037F95DB.TMP	data	42DDFCA2E5EFEEC92FABE513C70E6F79	B7B950E0FE909140E2E52F3F98B37487E56A77ED	804500B19107DC2B7F4EE700BAE7D4F693747C6DE0022ABE02999B7D807E881F
C:\Users\user\AppData\Local\Temp\~DFF9C80A2350DB77A3.TMP	data	61033240299A434ECC87FB6D331A51AF	636C8ACF12ECFF915CC58241D1AFD9919D67F9BD	19663C218F179BDC7A25E180920531858420E7ECC42983B716EA4499EF60BE5D

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: registration[1].htm.2.dr	String found in binary or memory: src="https://www.facebook.com/tr?id=1947377292258582&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
Source: 183487702480957[2].js.2.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func

Source: unknown

DNS traffic detected: queries for: www.keepandshare.com

Source: WV1W1JAQ.htm.2.dr, contact_us[1].htm.2.dr	String found in binary or memory: http://developer.keepandshare.com/
Source: fontawesome-webfont[1].eot.2.dr, master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: prototype-1.7.3.min[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: K6ngFdK5haaaRGBV8waDwA[1].ttf.2.dr, nHiQo1BypvYzt95zlPq1TvesZW2xOQ-xsNqO47m55DA[1].ttf.2.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: prototype-1.7.3.min[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: http://www.iloveflipbooks.com/
Source: contact_us[1].htm.2.dr	String found in binary or memory: http://www.keepandshare.com/business/support_email/support_email_form.php
Source: contact_us[1].htm.2.dr	String found in binary or memory: http://www.keepandshare.com/business/support_email/support_email_form.php?type=support
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: http://www.keepandshare.com/global/lp/js/matchMedia/0.1.1/matchMedia.js
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr, f[1].txt.2.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: js[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: registration[1].htm.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: master_external-20180124_1031.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://itunes.apple.com/us/app/keep-share/id1013157533?mt=8
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://keepn.com/graphics/lpgraphics/core_pages/index/hero_image.min_v2018.png
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.keepandshare.keepshare
Source: f[1].txt.2.dr	String found in binary or memory: https://services.google.com/sitestats/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: contact_us[1].htm.2.dr	String found in binary or memory: https://support.keepandshare.com
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://support.keepandshare.com/
Source: contact_us[1].htm.2.dr	String found in binary or memory: https://support.keepandshare.com/a/solutions/categories/92413
Source: f[1].txt.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: tp.widget.sync.bootstrap.min[1].js.2.dr	String found in binary or memory: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/539ad60defb9600b94d7df2c/index.html?businessunitId=5654e51c
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?businessunitId=5654e51c
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?businessunitId=5654e51c
Source: registration[1].htm.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.ch/pagead/1p-user-list/1067089813/?random
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/1067089813/?random
Source: registration[1].htm.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=6LePRYAUAAAAAFOMetxSk3zNP53GLq1OntSUjnMP
Source: recaptcha__en[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LePRYAUAAAAAFOMetxSk3zNP53GLq1OntSUjnMP&co=aHR0
Source: f[1].txt.2.dr, js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: webworker[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/recaptcha__en.js
Source: anchor[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/6g5J7UfDQ9mLrweZHj04ekSP/styles__ltr.css
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.keepandshare.com
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/business/registration.php?form=free_trial&ifr=y&lp=
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/registration_pre.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/registration_pre.php?form=free_trial
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/business/support_email/support_email_form.php
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y$Error
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=yRoot
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.keepandshare.com/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.keepandshare.com/favicon.ico~
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/htm/calendar_self_booking.php
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php-covid-19-names-pdf-2k?da=y
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/htm/contact_us.php2Contact
Source: WV1W1JAQ.htm.2.dr, contact_us[1].htm.2.dr	String found in binary or memory: https://www.keepandshare.com/htm/message/request_consultation.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/index_signin.php
Source: WV1W1JAQ.htm.2.dr	String found in binary or memory: https://www.keepandshare.com/m/index.php
Source: ~DFF9C80A2350DB77A3.TMP.1.dr	String found in binary or memory: https://www.keepandshare.com/oc10/32417/enquest-covid-19-names-pdf-2k?da=y
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepandshare.com/xOnline
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepare.com/htm/contact_us.phpRoot
Source: {368AFD0C-8D53-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.keepare.com/oc10/32417/enquest-covid-19-names-pdf-2k?da=yRoot
Source: 5406e65db0d04a09e042d5fc[2].json.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/evaluate/embed/keepandshare.com
Source: 5406e65db0d04a09e042d5fc[2].json.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/evaluate/keepandshare.com
Source: WV1W1JAQ.htm.2.dr, 539adbd6dec7e10e686debee[1].json.2.dr, contact_us[1].htm.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/review/keepandshare.com
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5df630f7c845450b742f8871
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5dfa9f08c845450b74324784
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e1c7f21c845450bec365306
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e1ca337c8454503e830ec5c
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e25fd103c93ae0b249339a3
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e37e73c3c93ae04c0d91817
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e3bc02d3c93ae04c0db84c4
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e56d2593c93ae0bc40aec17
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e6acbbe3c93ae0964631243
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e723d163c93ae0964667056
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e79154e3c93ae0964699854
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5e8abc41086b6409bc7df9cd
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eaafe03086b640954447d45
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eab597c086b64095444c602
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5eb584b525e5d209b8e58d15
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ebc367f25e5d209b8ea0577
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed1613025e5d20a88a2d9c4
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed4399625e5d20a88a4228a
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ed6a55825e5d20a88a5da9c
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5ee827277dd7530828c1edf1
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f095b1e3f06f202a45aef4b
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f281ed21a5a6907a4798d53
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3164531a5a690788a5c826
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3237631a5a690788a638cf
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3678039cc22a073c979286
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f3eabd402e85708c8d534de
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f456f5e02e85708c8d8c2f3
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f58d91702e85707dcef1486
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f5da04502e8570acc36cb0c
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f6df3f1798e6f09601fe872
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f738521798e6f0960230d13
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f9708295e693f06f872130c
Source: 539adbd6dec7e10e686debee[1].json.2.dr, 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5f9da8a95e693f06f87692bd
Source: 539adbd6dec7e10e686debee[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5fc995ca5e693f07049f3a8b
Source: 539ad60defb9600b94d7df2c[1].json.2.dr	String found in binary or memory: https://www.trustpilot.com/reviews/5fdba86d755dc107e0c6b8fa

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.71.144.43:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 66.160.183.118:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.84.138.122:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.65:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.62.174.128:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.111.9.38:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.215.227:443 -> 192.168.2.3:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.215.255.105:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.252.173.62:443 -> 192.168.2.3:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.86.36:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.248.118.22:443 -> 192.168.2.3:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.98.64.218:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.195:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/96@20/18

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC1456364037F95DB.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4692 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4692 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	375557
Product:	CloudBasic
Start time:	03:16:05
Start date:	25.03.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://www.keepandshare.com/doc10/32417/enquest-covid-19-names-pdf-2k?da=y

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs