Play interactive tour

Edit tour

Analysis Report https://kmlawcoil.odoo.com/

Overview

General Information

Sample URL:	https://kmlawcoil.odoo.com/
Analysis ID:	404003
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Startup

System is w10x64

iexplore.exe (PID: 5812 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5696 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5812 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0101[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://kmlawcoil.odoo.com/

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Show sources

Source: https://thebettermom.co.ke/taxadvisors/0101/

UrlScan: Label: phishing brand: sharepoint microsoft

Perma Link

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 841618.2.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0101[1].htm, type: DROPPED

Phishing site detected (based on logo template match)

Show sources

Source: https://thebettermom.co.ke/taxadvisors/0101/

Matcher: Template: onedrive matched

Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Number of links: 0
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Number of links: 0

Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: Invalid link: Privacy & Cookies

Source: https://kmlawcoil.odoo.com/web/login	HTTP Parser: No <meta name="author".. found
Source: https://kmlawcoil.odoo.com/web/login	HTTP Parser: No <meta name="author".. found
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: No <meta name="author".. found
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: No <meta name="author".. found

Source: https://kmlawcoil.odoo.com/web/login	HTTP Parser: No <meta name="copyright".. found
Source: https://kmlawcoil.odoo.com/web/login	HTTP Parser: No <meta name="copyright".. found
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: No <meta name="copyright".. found
Source: https://thebettermom.co.ke/taxadvisors/0101/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 174.136.57.78:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 174.136.57.78:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.33.40.43:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /?utm_source=db&utm_medium=website HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.odoo.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /page/website-builder?utm_source=db&utm_medium=website HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.odoo.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: kmlawcoil.odoo.com

Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: Roboto-Regular[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: login[1].htm.2.dr	String found in binary or memory: http://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website
Source: login[1].htm.2.dr	String found in binary or memory: http://www.odoo.com?utm_source=db&utm_medium=website
Source: 0101[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 0101[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 0101[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 0101[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: web.assets_frontend[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: web.assets_frontend[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Source
Source: login[1].htm.2.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18I.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo.woff)
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[2].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kmlawcoil.odoo
Source: GHTN6JS2.htm.2.dr	String found in binary or memory: https://kmlawcoil.odoo.com/
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/$Home
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/Root
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/X
Source: imagestore.dat.2.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/image/website/1/favicon?unique=d97d074~
Source: login[1].htm.2.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/image/website/1/logo?unique=d97d074
Source: login[1].htm.2.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/login
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/login&Login
Source: ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/logindoo.com/web/login
Source: ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://kmlawcoil.odoo.com/web/loginj
Source: 0101[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: 0101[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 0101[1].htm.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://thebettermom.c
Source: imagestore.dat.2.dr	String found in binary or memory: https://thebettermom.co.ke/favicon.icoK#
Source: GHTN6JS2.htm.2.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://thebettermom.co.ke/taxadvisors/0101/
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://thebettermom.co.ke/taxadvisors/0101/.Sharing
Source: ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://thebettermom.co.ke/taxadvisors/0101/z
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.odoo.com/?
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://www.odoo.com/?utm_source=db&utm_medium=website
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.odoo.com/?utm_source=db&utm_medium=website$HTTP
Source: ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://www.odoo.com/?utm_source=db&utm_medium=websitez
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.odoo.com/p
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website
Source: {575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website$HTTP
Source: ~DFF2157AB9E18B9B5D.TMP.1.dr	String found in binary or memory: https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=websitemedium=website

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.148:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.195.41.197:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 174.136.57.78:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 174.136.57.78:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.33.40.43:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@3/92@9/7

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{575C5E24-ACE5-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF50CB3EA85C63CB6C.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5812 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5812 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://kmlawcoil.odoo.com/	0%	Virustotal		Browse
https://kmlawcoil.odoo.com/	0%	Avira URL Cloud	safe
https://kmlawcoil.odoo.com/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://thebettermom.co.ke/taxadvisors/0101/	100%	UrlScan	phishing brand: sharepoint microsoft	Browse
https://thebettermom.c	0%	Avira URL Cloud	safe
https://thebettermom.co.ke/favicon.icoK#	0%	Avira URL Cloud	safe
https://thebettermom.co.ke/taxadvisors/0101/.Sharing	0%	Avira URL Cloud	safe
https://thebettermom.co.ke/taxadvisors/0101/z	0%	Avira URL Cloud	safe
https://kmlawcoil.odoo	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
kmlawcoil.odoo.com	35.195.41.197	true	false	high
stackpath.bootstrapcdn.com	104.18.10.207	true	false	high
cdnjs.cloudflare.com	104.16.18.94	true	false	high
odoo.com	178.33.40.43	true	false	high
fonts.odoocdn.com	104.26.6.148	true	false	unknown
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
thebettermom.co.ke	174.136.57.78	true	false	unknown
code.jquery.com	unknown	unknown	false	high
www.odoo.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://thebettermom.co.ke/taxadvisors/0101/	true	100%, UrlScan, Browse	unknown
https://www.odoo.com/?utm_source=db&utm_medium=website	false		high
https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website	false		high
http://www.odoo.com/?utm_source=db&utm_medium=website	false		high
http://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website	false		high
https://kmlawcoil.odoo.com/	false		high
https://kmlawcoil.odoo.com/web/login	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	Roboto-Regular[1].ttf.2.dr	false		high
https://thebettermom.c	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://kmlawcoil.odoo.com/	GHTN6JS2.htm.2.dr	false		high
https://kmlawcoil.odoo.com/$Home	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	0101[1].htm.2.dr	false		high
https://www.odoo.com/?	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://kmlawcoil.odoo.com/web/loginj	~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	0101[1].htm.2.dr	false		high
http://www.odoo.com?utm_source=db&utm_medium=website	login[1].htm.2.dr	false		high
https://kmlawcoil.odoo.com/web/image/website/1/logo?unique=d97d074	login[1].htm.2.dr	false		high
https://kmlawcoil.odoo.com/web/login	login[1].htm.2.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://thebettermom.co.ke/taxadvisors/0101/	GHTN6JS2.htm.2.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	true	100%, UrlScan, Browse	unknown
https://thebettermom.co.ke/favicon.icoK#	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	bootstrap.min[2].js.2.dr	false		high
https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=websitemedium=website	~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://www.odoo.com/?utm_source=db&utm_medium=websitez	~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website$HTTP	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
http://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website	login[1].htm.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	0101[1].htm.2.dr	false		high
https://thebettermom.co.ke/taxadvisors/0101/.Sharing	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://www.odoo.com/p	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://thebettermom.co.ke/taxadvisors/0101/z	~DFF2157AB9E18B9B5D.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://www.odoo.com/?utm_source=db&utm_medium=website	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://kmlawcoil.odoo	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	0101[1].htm.2.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false	Avira URL Cloud: safe	low
https://kmlawcoil.odoo.com/X	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://www.odoo.com/?utm_source=db&utm_medium=website$HTTP	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://kmlawcoil.odoo.com/Root	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	0101[1].htm.2.dr	false		high
https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr, ~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://kmlawcoil.odoo.com/web/login&Login	{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://kmlawcoil.odoo.com/web/logindoo.com/web/login	~DFF2157AB9E18B9B5D.TMP.1.dr	false		high
https://kmlawcoil.odoo.com/web/image/website/1/favicon?unique=d97d074~	imagestore.dat.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
178.33.40.43	odoo.com	France	16276	OVHFR	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
35.195.41.197	kmlawcoil.odoo.com	United States	15169	GOOGLEUS	false
104.26.6.148	fonts.odoocdn.com	United States	13335	CLOUDFLARENETUS	false
174.136.57.78	thebettermom.co.ke	United States	36024	AS-TIERP-36024US	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	404003
Start date:	04.05.2021
Start time:	16:29:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://kmlawcoil.odoo.com/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@3/92@9/7
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://kmlawcoil.odoo.com/ Browsing link: https://kmlawcoil.odoo.com/web/login Browsing link: https://thebettermom.co.ke/taxadvisors/0101/ Browsing link: http://www.odoo.com/?utm_source=db&utm_medium=website Browsing link: http://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website
Warnings:	Show All Excluded IPs from analysis (whitelisted): 168.61.161.212, 40.88.32.150, 104.43.139.144, 88.221.62.148, 142.250.181.234, 142.250.185.227, 69.16.175.42, 69.16.175.10, 172.217.16.138, 152.199.19.161 TCP Packets have been reduced to 100 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, fonts.googleapis.com, cds.s5x3j6q5.hwcdn.net, fonts.gstatic.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{575C5E24-ACE5-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8523564594115531
Encrypted:	false
SSDEEP:	192:rVZuZO29W6trifsr1zMW9BM3DDsfjr4jX:rb6lUSMxoyus
MD5:	504A200527803F1ED57A0321D2E528CF
SHA1:	C30B7DA00FB235AC76C07501F279FA16CBCCCC2D
SHA-256:	2EC332A3DA8763D17196521ECE88F9E750A5586612A545527B0E5A244458EF58
SHA-512:	A496D44BEB29556808109CE0F37BDC26D1FED35951792AAAB5C4FFA4E7DB052D9D802D0ECCCC13A891F1B1C0361EDCB8E32836901641B7140C7B33C34686DBAB
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{575C5E26-ACE5-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	97910
Entropy (8bit):	2.2747973886483344
Encrypted:	false
SSDEEP:	384:r++wEXlZjTB1lpqNSes0TrVJ91qQrXHulk91ojQMy1WNv51ZcHcKmDFcwJ54QxGd:uqag7PchmRZJ5XBvNzhv9vian0
MD5:	0626C7BA1F3E01241C73E92C81298D61
SHA1:	4E7FC8BCD884C3F48288E6D31D8D743BB6E1343B
SHA-256:	1EF046C4061F65BE1EC089442EF9B18A3C01C4B694ADABFF8C20335FF01FB847
SHA-512:	98EC11FED6692C6152EB3873CCE633090BA743AEF6FB822E990D2B279BE3B06922299FA49203DDEB422014D28B76A147F0036CC40B6D78BC0D5667700A66DB57
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DA81208-ACE5-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.561456971280037
Encrypted:	false
SSDEEP:	48:IwCGcpr7Gwpa6G4pQ+GrapbStGQpKnG7HpRNTGIpG:r2ZVQ66wBSXAGTrA
MD5:	88AFE3DB1BE2A926D8595CDFF8DDAE7E
SHA1:	506379C4309BD11882E0197CB93797601AD1DE80
SHA-256:	F23EC01454480D40D729C39D109E9D4F89416CB467FE808879484D0D24F7CEB5
SHA-512:	2F1480DFD80506770C20538D9DB6FCB576ABCD515AC0D4E6B68FB86F5C45048C804D000493CEEE240886D8726D2EF780EE3C4DFD330BD3F7E2F24CBE3D8BC8EB
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	10475
Entropy (8bit):	7.78755008997561
Encrypted:	false
SSDEEP:	192:cbb7uG3rFRhRLmO1bGAcE8VR+30iu5emEInEfReQj5LPDJwhgGg6wNMEZ:cb1hRLnYreml8j5LPDJwBg6gMEZ
MD5:	E25E4BB69F27243A7EC30B78179A6D22
SHA1:	4BCC823CC4915F2DBE1F95B7CA92D7CD350D5834
SHA-256:	E273887B77A60E44E530A990B7A5089164BD6F98A2527B40BB8CDDD674042260
SHA-512:	EAE8200232D52AE3943FCE8CD74FA66F347C671D0B593E7B1236D23B595F77825CBC30414F148543673C35B0EFC8D9B931F80E46E7701DA0B7B4BFA2AE5796FA
Malicious:	false
Reputation:	low
Preview:	E.h.t.t.p.s.:././.k.m.l.a.w.c.o.i.l...o.d.o.o...c.o.m./.w.e.b./.i.m.a.g.e./.w.e.b.s.i.t.e./.1./.f.a.v.i.c.o.n.?.u.n.i.q.u.e.=.d.9.7.d.0.7.4.~............... .h.......(....... ..... ..................................E...F...F...F.N.F...F...F...F...F.K.F...F...E...............E...E...F.E.F...F..F...F...F...F...F..F...F.>.E...F.......F...E...F.b.F..F...F...F...F...F...F...F...F...F..F.X.C...E...F...F.F.F..F...F...F..F...F.n.F.n.F...F..F...F...F..F.=.F...F...F...F...F...F..F.F.F...F...F...F...F.F.F..F...F...F...F...F.P.F..F...F..F.P.F...E...........E...F...F.P.F..F...F..F.J.F...F...F...F...F...F...................F...F...F...F...F...F...F...F...F...F...F...E...................E...F...F...F...F...F...F...F...F...F...F...E...................E...G...F...F...F...F...F...F...F...F...F...F...................F...F...F..F...F...F...F.H.F...F...F..F.X.F...F...........E...J...F.d.F...F...F..F.D.F...F...F...F...F...F.W.F...F...H...F...F.b.F..F...F...F...E...F...F.9.F...F...F...F..F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 3351 x 1679, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	452896
Entropy (8bit):	7.872716308954457
Encrypted:	false
SSDEEP:	6144:bI8EZ9DLcIWd4wmppq1ombiGIC5zz+mcCpuyKQjsxxbHEqKLFPwBL/Q77:kT3VpOeE4rlLbktwov
MD5:	C7F488705C8708B654074FC4B9DAB1F9
SHA1:	7A475F1D3CDCE930BAB967E4EF96F25505CA0384
SHA-256:	CDFF0A47D3BB27E0015ED5332BB2614A5CC8FF8879B9469B531F18FB9DBC9822
SHA-512:	CE1AD081D548DA89AAC04B3C25DCE3AC086E71E749D0797EC5501B1E3925026371548CC405117AADBA5B65A53AF1FF5A0CA7238B121D8A28CB9AB8A4986970F0
Malicious:	false
Reputation:	low
IE Cache URL:	https://thebettermom.co.ke/taxadvisors/0101/1.png
Preview:	.PNG........IHDR..............[8.....sRGB.........gAMA......a.....pHYs............e...!tEXtCreation Time.2020:10:26 18:10:40.+.8...xIDATx^....H..}..m........."\P....2...p...?,...T......"3.c.......p8...VDT........._......?...L........._...O...........Q..>@0.V....A....M.4M.....x..~f.~&.......(..z`Cl..i..i..i..i..i..i..i..i..i..i...~B................D.sh..`..@................r...%.\./..KE.K....]!.....V..........z.i..i._....rc./..[./5......X..O..n..i..i..i..i..i..i..i..i..i..i._...XSH..;..[D...."..."...w.w\|.._".....E.#\|..9.$d.+...A..E&.B.... ..E.A.g.4M.4.<...b.2_..\D...E..Sa.S.,4M.4M.4M.4M.4M.4M.4M.4M.4M.4M.4./.?....q ..s.&"Om...../........r..4.RQ\|.._,./.Y.T.._...r........5\|..~\|.(..i..i._....re..[H.l.,..Q......)..4F.,./......p=._....y.?.)....Z~...Z.\|.......Y.4M.4M.4M.4M.4M.4M.4M..F...DV?z......t\|.(.d.........e }.H...._.......e"\|.._...../...}../.......E....!1....i...M.......KFZ.&..Er.W-DDS{.5.ppa..\|._.f.....><x.\|..Sn.v..l._.......Uxx..l?s.=..y.4M.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\5ISKBR2R.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	10369
Entropy (8bit):	4.3752176229171456
Encrypted:	false
SSDEEP:	96:yIxIITZDLNfqae1QOqmILT0fgw/zdKP/8noyODM4FDYLTHh2:Z2IVDLNDLLT0fgAJKP0FYJDqTHM
MD5:	73424EB3DE3BFEE50C16221E641D4D59
SHA1:	DB2F341028922D23D9779EFF9FBED2E093E2165E
SHA-256:	37BF3C4E7FBCFB9E520B1CAAC9E27838FFE06ADFE0594FDE5A06C289B4C54DEE
SHA-512:	4572BC47E474C63BA018FFB02C635E0F727DDDD7090FB9AC926237209C5444847DA75AE61589FEFC8500D7487CAFDCA422F420A5C26AFE5CC0BCBD68527A090F
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/
Preview:	. <!DOCTYPE html>. . . . . <html lang="en-US" data-website-id="1" data-oe-company-name="kmlaw.co.il">. . . . . . . . . . . . . <head>. <meta charset="utf-8"/>. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"/>. <meta name="generator" content="Odoo"/>. . . . . . . . . . . . . . . <meta property="og:type" content="website"/>. . . . <meta property="og:title" content="Home \| kmlaw.co.il"/>. . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\GHTN6JS2.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	10369
Entropy (8bit):	4.374961009001905
Encrypted:	false
SSDEEP:	96:yIxIITZunLNfqae1QOqmILT0fgw/zdKP/8noyODM4FDYLTHh2:Z2IVunLNDLLT0fgAJKP0FYJDqTHM
MD5:	CC183A033908491E5B402164F09170EF
SHA1:	17D2D2A407736BBFF2F16D470A099DC44044BF90
SHA-256:	921ABF7EEA9FD72331014C2E40AE71F3ADC76316A3A45C3203751516C3064FAE
SHA-512:	35F0DCBDEB6B4F6FA33C714DEB9D4D217F5A3BA61B0E87D0042522294B359680982714A5B863D2A5D6DAD77B32649252D10F9F9AE22BFBAF8BDEE51EBF80ECA2
Malicious:	false
Reputation:	low
Preview:	. <!DOCTYPE html>. . . . . <html lang="en-US" data-website-id="1" data-oe-company-name="kmlaw.co.il">. . . . . . . . . . . . . <head>. <meta charset="utf-8"/>. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"/>. <meta name="generator" content="Odoo"/>. . . . . . . . . . . . . . . <meta property="og:type" content="website"/>. . . . <meta property="og:title" content="Home \| kmlaw.co.il"/>. . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20396, version 1.1
Category:	downloaded
Size (bytes):	20396
Entropy (8bit):	7.974131663185347
Encrypted:	false
SSDEEP:	384:SfXdUIIA0zhyKR28ePpAwxZ5M3py8wtshtdf45DEVTGdYb7H2Q/VEgm:Svdj0zhbRmjIQ8wtsV4lEVGdY3/i/
MD5:	68D6DABFE54E245E7D5D5C16C3C4B1A9
SHA1:	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19
SHA-256:	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
SHA-512:	44EB151F85178A2F9600E85AD43FAE470FABE0F247C9A03E67931B36028E600C7550D9DE2D69B3576A06577A5DEAF54822EE4BDC9DCBB47588D1972C8A959D43
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......O.................................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...Q...`u...cmap...............#cvt .......H...H+~..fpgm...$...3...._...gasp...X............glyf...d..< ..l..C^]hdmx..H....m....03#7head..H....6...6...\hhea..I,... ...$.&..hmtx..IL........".J.loca..K.............maxp..M.... ... .4..name..M........~..9.post..N........ .m.dprep..N........)v60x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....\|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>\|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...\|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....\|......DT..N....Hy.F.Jez......._?7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20332, version 1.1
Category:	downloaded
Size (bytes):	20332
Entropy (8bit):	7.970235088150752
Encrypted:	false
SSDEEP:	384:U0iwaxoOUPVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkAOY:75mlUmOSu1guh+fZhLSxkAr
MD5:	DC3E086FC0C5ADDC09702E111D2ADB42
SHA1:	B1138B84FF19EAC5F43C4202297529D389BD09B7
SHA-256:	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
SHA-512:	10123C785C396CF0844751A014413ECF4D058AD0C00CAAEF5F8FFEF504C370F03EACD0B3C2A49211EEE0877B7AE7D0EF6E01264F04FC910C2660584B5E943BE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Ol.......x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t...cmap...............#cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..;...m.&.x.hdmx..H....m....'/./head..H....6...6.j.zhhea..H.... ...$....hmtx..H...........]uloca..Kp..........m,maxp..Mp... ... .4..name..M........t.U9.post..N`....... .m.dprep..Nt.......I.f..x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Klaw%20sign[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 461 x 181, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	28245
Entropy (8bit):	7.965548875888717
Encrypted:	false
SSDEEP:	768:AYZTdsU6NzzPH6fgzXZC5e2x+aoNXcoeC93pCNWN:AYz6dzP7zppLr2o7p
MD5:	CB5591FC8D53A8E1695D5AA018BCE7F8
SHA1:	2A5DA0349AE0F22777FF5CAD5087B41DEF97A721
SHA-256:	69095500B9169013EC86F731027D3E38371CA60657A83831D25546D4DBF55069
SHA-512:	53A20FD05800DDF4B6185FDD6AE857D58B4AFE52A062985DCBC0A44232829FC65D11871DEFB7B1132D8FA2DE411F9D4A80D515A4D6011BAEE122B4CE56FD6818
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/image/186-2a5da034/Klaw%20sign.PNG
Preview:	.PNG........IHDR.............=C.... .IDATx^..x...o..D...E@..A.".........%......v[..m..v..v.n......n..k....Z!(...+....K.DN1.!..N....{'...$......u.......2...MMMM.\s.p.p.p.p.p.hT.mh.4.[.$.$.$.$.$...h6-#..I.I.I.I.I.H...{................(..9.8.8.8.8.8.t.........@..p....\7'.'.'.'.'.....p.p.p.p.p..R..4.....$.$.$.$.$.@..N.N.N.N.N.QJ..f..r...........h.w.I.I.I.I.I J.8.RP.............M..8.8.8.8.8.D)...Q..us.p.p.p.p.p....'.'.'.'.'.(%.@3JA.nN.N.N.N.N..4.;.$.$.$.$.$....hF)(..I.I.I.I.I...{........................~.....;..>Q..sm....M..w..>7$..lY......N....J.n.O....!9.;.....y./.;z%....9p.?+..?..c.o.\|>_./G.8.t.....;..~.\........@..?..?\|...h....v.p.p.p.p.h....L.U..m.I.I.I.I.I.e.p..2...N.N.N.N....h^G....I.I..I...f..m.......M....q..>.../.v....5.:v.v..........v..o...G.3c...kx......a..........[C.V>....H.q.p.p.hB.^..2............."...a...{.zc...gA...2o...xUW.....z.."...d.Y.d....7?.=...\.k./..$../..-.:.t..N.N.N...,8.;wN....4.b....".fbb..t... ..4..=..+..yEg.&!!A.u.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSans-Hai[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 219076, version 2.0
Category:	downloaded
Size (bytes):	219076
Entropy (8bit):	7.997131411885738
Encrypted:	true
SSDEEP:	3072:00w3JOqmkoxvwLUWnx7RFZefnoNb8TFNOqRsPqin6ephlQJ6Xczpo4eNjjFWE2SQ:a33ml+p7RFCnorUsP96EhNXBN/F4SYP
MD5:	2DEFD6EE5CF6CDBD91B51BB4ED332FC2
SHA1:	758168C24C9E15C2BDE23F246E2625F83EA386B6
SHA-256:	79463AC89894470C15D8FDC0C13BCBE7228C7A191CBB5FC7CFB0A0AE08673A5B
SHA-512:	95DDDEEF717EAC25926E38AD0213216C3FDAE917EB0CF39D895CB4928456432CF0BD3D010B86087F8A1DC12E67645B30D895811DD0032CB656649A9902E2BC78
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-Hai.woff
Preview:	wOFF......W....... x........................GDEF.......1........GPOS......m....4}..GSUB..L....6....D7.jOS/2.......[...`k..Acmap...`...\.......cvt ...........t\|..Wfpgm......p...m:(.\|gasp................glyf............6..head... ...6...6....hhea.......!...$...*hmtx...X......2...M.loca...\|......2...\|.maxp...\... ... ....name............!.;.post.......... ...2prep...,........6..`x....xc.(\U..j.$k.,y..K.,k.lyiy.n..v..}....4...[74.B.B.B..#$C.[x.I..I.1y.H&$.L..2I.........Su.d.m.\|......RU.Sg.s.E..,..=J. .. O..!L0"...g..!.&.q..!..h.u.H..%.T2a.x=w......./....#....p.M.D....BxN.....x.!^.+..t.....1stF/wV.....(bB.a6'Bd...BU.7...U.A.).J.S/......;J.Z}v...#C.UUV......a.Y-fc.KW.....f.w:..J.mU......>..G.........O....{.6.......)\|.Q..\|.~....5./.w....8.>g.b....N.Z...7.k....p.m.U.....V...... .0..p>...r~....j............!......v.Q.sF..@ ......I..2..fWB...X-.....j.....@p.yk.gg.y}l......?.k...;.m....>....F]..1o..L..W..r.z..,"K.=9.A9...;.1.. ~M.mH&.H....#.7..J...P-.......j7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSansArabic-Bol[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 77856, version 2.0
Category:	downloaded
Size (bytes):	77856
Entropy (8bit):	7.993438512586646
Encrypted:	true
SSDEEP:	1536:BEZV9ClAkuqgM/3FhK0V6goabQu8MUYb/EcwCnVb6DToqA89w2HKL:BWVlkuqts7a58M7Ycxnh6QqVH2
MD5:	693A794BB4E29D3CA6A82C901E60A888
SHA1:	BB7D903D703F0872E6D244D3D8A8BAD929FA82B0
SHA-256:	B0F3E01380EA98F0FFDCD1B2E5DA7286118A93EA157E713AA9D88872103182D7
SHA-512:	B82740C5139508B890DE601CE233E68B385B0F1C240E6BABD751E19DD88F21948BD509B232A33FC90D2C735B42B126BCE2385292D4CA09F03FAD8F3B44EEE0F8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansArabic-Bol.woff
Preview:	wOFF......0 ................................GDEF............-..7GPOS......-...P.3..GSUB..........+....OS/2......V...`.X`.cmap..............8cvt ..........0.S.Pfpgm......m...m2..\|gasp................glyf...........#.".head...$...6...6...Whhea...l...!...$...khmtx...\.......2.].loca... ........S4.maxp....... ... ..-.name............&.A.post........... ...2prep............4...x...w.\.>\U..vO.N.i:L...9I.....Q.YB....".D......1.X.l....,.6..k...l.a..6^c0...B..t..n.....>....SoU.:u......Jr?.O...!...!.p...T.............NX.O#.......I$.:..;...K"Q..]N..z..&.@8...+..uWGB.L8..Lm...:...9....b..$'j.k...m.X-...4..K.....R.qUH.x...^..<+..................k...1V..9.....T...5:.......e.3C .Sd.d`"...........7.....R....% .%...C.p,rM...b.....aae.&....djq...B`..[k.. (/....m&....M$...Z...r.p..m...nkl.G....A..47..P=.M&.I.....Wf..._.}....G.;...O!0.....#>.!../.*..m.,[kAQ.@.y.^L-..aj.$(.e=...aD.9L7I/.....M}..(G/.....C..}....6.^ %.6.#u...o.u...u...n?.hK.t./(w....._..?'.K?.e..=.....A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSansArabic-Hai[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 75548, version 2.0
Category:	downloaded
Size (bytes):	75548
Entropy (8bit):	7.992287006981878
Encrypted:	true
SSDEEP:	1536:SGG2lgnnSf+2Qb8fAFvc9fh1wQ/YsIXZG+7aofXskHEk5jFUT89w2HKL:BG2lg+++IFvc9f0Q/RIk+7aG1Z5UwH2
MD5:	A491D433951AA5EBACDB0166B4D05778
SHA1:	D181423F0AEEDBACF2C602BD25480BFEACDED101
SHA-256:	2CCA8D389629E474622A6E39E1B6C4094863775796C7DE6606F58355B43C2DDF
SHA-512:	C9681A8DC69015E41768BD73C25A24FF3DC5667F5E066A5DF61BF8310DDECDDF316FF316B558733A64E0E5CC12A596AC1D547CD708962C8513B854684DBDFFDC
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansArabic-Hai.woff
Preview:	wOFF......'.......[.........................GDEF...d........-..7GPOS...h..,...Pb..p.GSUB..........+....OS/2.......W...`.V\.cmap...l..........8cvt ...(.......0....fpgm...,...m...m2..\|gasp...\............glyf...........z.2.Xhead.......6...6...Ghhea.......!...$....hmtx...........4.N.Oloca................maxp....... ... ....name...D........%.?.post...H....... ...2prep...........4...x..}.x[..9.^].."Y.%[..[.eY..5...c;v.}#.....4.[.HJ.e......n.iY.v.L......3....tJ).e-..,....^.{%......y..G.9.....l.9.@............. .p.a.U.P.........6...7...-.Nw.P..J...Gj.X.6.h...5....}..S....J....-..K.....&.....0:....\|^....[+:+].....E.i!.Z..J...d...1...s0...P"V.SaL....;...J{......9.5.M.a.(Pf.lw.#..A....o4TH.2K=..d. ...B....].@.M.+.w.$....).o..u..!.%t..[....4)...e.Y..Y..e....R=.....,u-....\2.ZX+.-..'.......`..u.d3"..z.+...E.(<.~O.......V.....m..fpe.$\|p.0}.........1...u......W..d.wf_..bi.T.I2YA....KDR.ZF.29.@........#r.a...Q..(].Snb..D..=H.\|..!.....q.C<..-x?_.!.,).W.W.u.r.....N/.z...8E[..#

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSansArabic-Lig[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 75548, version 2.0
Category:	downloaded
Size (bytes):	75548
Entropy (8bit):	7.992287006981878
Encrypted:	true
SSDEEP:	1536:SGG2lgnnSf+2Qb8fAFvc9fh1wQ/YsIXZG+7aofXskHEk5jFUT89w2HKL:BG2lg+++IFvc9f0Q/RIk+7aG1Z5UwH2
MD5:	A491D433951AA5EBACDB0166B4D05778
SHA1:	D181423F0AEEDBACF2C602BD25480BFEACDED101
SHA-256:	2CCA8D389629E474622A6E39E1B6C4094863775796C7DE6606F58355B43C2DDF
SHA-512:	C9681A8DC69015E41768BD73C25A24FF3DC5667F5E066A5DF61BF8310DDECDDF316FF316B558733A64E0E5CC12A596AC1D547CD708962C8513B854684DBDFFDC
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansArabic-Lig.woff
Preview:	wOFF......'.......[.........................GDEF...d........-..7GPOS...h..,...Pb..p.GSUB..........+....OS/2.......W...`.V\.cmap...l..........8cvt ...(.......0....fpgm...,...m...m2..\|gasp...\............glyf...........z.2.Xhead.......6...6...Ghhea.......!...$....hmtx...........4.N.Oloca................maxp....... ... ....name...D........%.?.post...H....... ...2prep...........4...x..}.x[..9.^].."Y.%[..[.eY..5...c;v.}#.....4.[.HJ.e......n.iY.v.L......3....tJ).e-..,....^.{%......y..G.9.....l.9.@............. .p.a.U.P.........6...7...-.Nw.P..J...Gj.X.6.h...5....}..S....J....-..K.....&.....0:....\|^....[+:+].....E.i!.Z..J...d...1...s0...P"V.SaL....;...J{......9.5.M.a.(Pf.lw.#..A....o4TH.2K=..d. ...B....].@.M.+.w.$....).o..u..!.%t..[....4)...e.Y..Y..e....R=.....,u-....\2.ZX+.-..'.......`..u.d3"..z.+...E.(<.~O.......V.....m..fpe.$\|p.0}.........1...u......W..d.wf_..bi.T.I2YA....KDR.ZF.29.@........#r.a...Q..(].Snb..D..=H.\|..!.....q.C<..-x?_.!.,).W.W.u.r.....N/.z...8E[..#

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSansHebrew-Bol[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11728, version 2.0
Category:	downloaded
Size (bytes):	11728
Entropy (8bit):	7.947509943503293
Encrypted:	false
SSDEEP:	192:R/hxaJJNdsrF6sayi69w5woYKWOIXDhk380IUym6K4zQzM6Si9oePq0O1F9IQ:R/hxQ/dsrFpayjK+XDhzmSQR9hC2Q
MD5:	D41870FEB25C8685D94CC7157CDA2666
SHA1:	ED88387C43009406E60F569FC6D98C084CAC79DA
SHA-256:	A55A1C1B568CC9C211BADFD31171354098F6D9097794C10E70803A4E57DF7525
SHA-512:	CD488B7B21F9F1F1B9451A4B1930778CDA6ACAC00F9CF3DA55D5F45A5D3B9B065591404FFC536AE8BE0DCC9E4E8D690C07C1B8940EC7EE73951B4921D8AEEACA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansHebrew-Bol.woff
Preview:	wOFF......-.......Y\|........................GDEF..&T............GPOS..'....,......bzGSUB..-@........w..:OS/2.......V...`...qcmap...8........u..mcvt ..%....!...0.\|..fpgm.......m...m2..\|gasp..&L............glyf..........4L[.Dohead...\|...6...6....hhea....... ...$....hmtx...........4.".>loca...P...,...,w..,maxp...0... ... .#.wname..%4........'$ATpost..&8....... ...2prep..$.........4...x..Z.t.....K.dI..h..C.Y.......X.....y`..(.1...,-..9..iJ..Z-.`..My.@6.r.vy.......m....fO..B)}G...3.eG..{v..3.s..........c........H=...."K2.f.De.~H....S....'...5.....J.Z...E.`....z\u.F[\...*..k@...O..N&MS..W.<{(U[..:S..j'....GJoz[..j...........e...L@p.Y.X.(.K..@R...H.YK..8).i..\I..;..J.B.D..]..t.U.Tv).t-u....rN.........~C.O......#8M."...u4....h..7..H}C..k...+?......K....Y..61.e.yc...=g`u..+..e3+:..ZS.M.'.(........,.....R..@.>[.X..h$.}3...K_.[.7..FJS.X4B.....(.......;...9!.Q&c.\|y.{E.....].E#.#.g..\|w._8...m.....@..^".#.`..z=!.r..........O.{O.g.F`.a.>..!.\|.S.v9k..,...%.p...(.T.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NotoSansHebrew-Hai[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11864, version 2.0
Category:	downloaded
Size (bytes):	11864
Entropy (8bit):	7.946967458341149
Encrypted:	false
SSDEEP:	192:fDvky0uj8c4ZUaxwvnPUSoN0RtKk5tw6LgZegoQT9aurH1Lym6K4zQzM6Sr9o1ii:LvVj8WaxwfMSoGKYtAZRo4HLSQR6m8Q
MD5:	9CF17758A30542F2946ABE9F11B5F85F
SHA1:	2B300F9FBFAAAD384E386E779301063489BAF3F0
SHA-256:	840D14151DE651F40ACD59B1751BF4F17690C9B2D113C7501A4821DC44FF8892
SHA-512:	D99DF76FB8EF0175B1E8ED62779D9A687BE8AE7AD6FBC0706502FDFF6FC198C4288B3BA8BA0E948F7DCE1C8112576656644E42C9FCF567D06826A38A171465D5
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansHebrew-Hai.woff
Preview:	wOFF.......X......W.........................GDEF..&h............GPOS..'(.......z.A.?GSUB..-.........w..:OS/2.......V...`.j.Pcmap...L........u..mcvt ..%$...!...0....fpgm...(...m...m2..\|gasp..&`............glyf..........1tzr..head...x...6...6....hhea....... ...$.!..hmtx......."...4...#loca...L...,...,o.\|^maxp...,... ... .#.pname..%H........%+?.post..&L....... ...2prep..$.........4...x..Z.p..~..5.t.LO.!..I#.4..A.A(.:.sI.`a..-....&..El....N6...o.v.'.M.$KRq.r9d..V..-'.u......h...g4..#.."...........D.8B...0r.z...j.DAD.!$`Q..xL.....a......V.d.snD.........u+@...QKG....tv.....8\g....u$.q.K...J...7.....B_.I...'C..<Y>..62......\>....R.Lb..I....(...<.A.....$.B..=.>....FH.hJ...-rd.%....8e.V..8..).;e.p;.Sv{.Ks...X.aoX.N.p .....:....p..M.P8T......s.{v.l.S;o.qr...c.._W.......U=+.w.s..%..TC...F..4..c..lF3..k....F.....F.]....@ ..?..._..x:....;.u..~......9.[.....]%...$....@p...u7..``w@..m..Q.....4\!<....!.y.qH+z...?......q.'.i..W\...l..w.O\|....O8P..s.mV..$....;ZC..1<...).O.&i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	dropped
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/bullet.png
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon-110x110[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 110 x 110, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9035
Entropy (8bit):	7.968274636373285
Encrypted:	false
SSDEEP:	192:bb7uG3rFRhRLmO1bGAcE8VR+30iu5emEInEfReQj5LPDJwhgGg6wNMEa:b1hRLnYreml8j5LPDJwBg6gMEa
MD5:	2A84B2CDF23C395CA67F098A2EC4CB88
SHA1:	5DE3024FA3131C58843596E4DB1A15F011EBE64A
SHA-256:	CB9C2CB677F09CC37F77C7A61AA33F3199734D4A92F61895C2DF426BB4B03419
SHA-512:	83245492C94A9057DAF56D54F2BF632070D0313D4F8A307487BBA32E0E44CA750801AFBC69DC085C12D9EF37B2B0CB2FA8E68FD537ECC751E2126C961702426B
Malicious:	false
Reputation:	low
IE Cache URL:	https://thebettermom.co.ke/wp-content/uploads/2018/12/favicon-110x110.png
Preview:	.PNG........IHDR...n...n......[&... .IDATx....]WY......Ifz.k..1...Pc,...!....`.(..Z............Z.Xk..B+...R.B.i.i.ZJ.RK....1..8.I.1..8.s.X{..>g&3.4..7..9g.w._.Z.z.g.km8A'.....t..3IOw....h..^l..L...&..2.....h.....\....d`)p.{..G....p........u.F.U.. .X.B+...2...M.?.._..x......Z,.....z..W...n{..V....3....ml.a... j....p...\B.fk..A\i..R....++.;@[.WY.....!t.....$....1./._.$}\|..v.x.....la.5.j/.Q.1.4c.....F....G.gyO........L(......p!.{..9n...r.l.j.A..K..(...>..H.m.x....22\........i.9-.?..0p\\..N.q@.y`...G}hc..2........d....Z.x..........Hr.. 9..R.........F.u......./J.....r.........e^YI..nm4[.GS..z.5.......`.g.!q........l4[._..j...d/....g..A-..D6..v$.g2....p...\..6.(s./........f..Boh..X..7..(...;.........3.fkk.....-8I............(......2.%a..M.u.7....yh!.h........O.......".B+"\|....w.f......4........y.....=gx.6.N.9..r...y.s1g.../.z....c..s...q.N..)...).t. ....qMx.j..{..ch}.77...=.\|...s.5..E...o.l.E.L...UX5.a.%....?j.....9?.....Z.U....0.Q(../....^.....n.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	9674
Entropy (8bit):	4.1450771348778215
Encrypted:	false
SSDEEP:	96:kIxIqTZoLNfqae1QOqmI7T0fgw/zdK4WKDYLTHho:H2qVoLNDL7T0fgAJK4LDqTHO
MD5:	31E494D6E4FD91DA92268CFA88D0C1EF
SHA1:	8BB485CC4A1842F4F24D08702EF4C349A600973E
SHA-256:	AE0FDE2F81F65C0DB669EC7C1677524F1E24A5D1674A58077D1BF65669C3F5E3
SHA-512:	755823E518B1396197F32D7FC4D08E725F45EBA98816236347217C5752E943410E84FB1990F9CE52825A3FF99108997341FCF3FF5A3BE6611E445BA16D960171
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/login
Preview:	. . <!DOCTYPE html>. . . . . <html lang="en-US" data-website-id="1" data-oe-company-name="kmlaw.co.il">. . . . . . . . . . . . . <head>. <meta charset="utf-8"/>. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"/>. <meta name="generator" content="Odoo"/>. . . . . . . . . . . . . . . <meta property="og:type" content="website"/>. . . . <meta property="og:title" content="Login \| kmlaw.co.il"/>. .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\odoo_logo_tiny[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 62 x 20, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1168
Entropy (8bit):	7.736586054272346
Encrypted:	false
SSDEEP:	24:sZupUAK5r7r6nFSReFBSMkNo/cUE9oicx1rTXnVK4I1:s0E56oReXeSdTXQ1
MD5:	96AD549BB39476FA4A6032065EA9EC5E
SHA1:	900E326F8F32B89FD7300C69810E5B204D60AB54
SHA-256:	4A6706C8149FBFF38FA0F8A3E37C8242583F74F466402AA5381398F8854055E4
SHA-512:	93D9B90BFB4A2D6349C094E71AF87197A97CFB973427A3930F4C7C7DB8097E1234B8E48980B6DB2FFF238BD079ABE5231D4655FE3500887FB35CCD59E6D8BD42
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/static/src/img/odoo_logo_tiny.png
Preview:	.PNG........IHDR...>................WIDATx..W..-I..k...m./.q.V}?.m..m.yN.t...h.?U....L.4.L.\|...W.../;;...}B...dO..( ..."~. .7..?..>{.jI.Z.'..?.mZt.A.?... ......0d.....xII."....c.="//o._3......?l..B.....g...nJ>5.#H.d.}.S. r.K.a...#1%?@Z ....0......&.r...i..\|........L..L.[?H.Z............IP..1.M..1..Vf...Q...3y.0).8.$.o...V.R"...[UU.8>...a8y...h?."^PP.:._S.. w..Q...U.<H.J....f`_q.....3C.G.....\..9nlhO...j5.....mmm].cW@...q.... ..Y.....WT6.....5..\|..9J...r.....C...LA.........7..q..^...@p[......c..A.......@o..<_`....\..r.yU..@<..!....+.Qol.c.d..^x.SI.r..?..1r..g..7..2.\|3.L[8D...Fm..ol..o'...>.s..T....#.T.8"...S..'7.....I.....L..%N..5...h#$K...,...y..s.....2.8H<5u..g{..7......j>....I.+d...2.1.... ..x..../....[....i.........g.yV.....Y.Q..b0...#.:-...Li..^^5d....nZ....-...6.}.^...3g.)..s\.\|O.M.b..u.E.2W..!...~..._..%..LC..............A..z...1......H_J.Jg......^..t....z8..R....oG./t..).T1.+.,o...L...6...@...T..U.1cA.%.$.+....k..c.J.o .8...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pdf%20logo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 265, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	24036
Entropy (8bit):	7.908146654675919
Encrypted:	false
SSDEEP:	384:HyilUCK5zCB3P1QGQ3hSJ1XmTiZTdbzkfM33wmJliwbKZXzvNWqyjo5:SiK6U33iNdfkfMHwIltbKZcq6o5
MD5:	F13ED3DE6F2720B99C5F100C73B8D8EF
SHA1:	28A43E0007CF190588498721A0FB341DB27057FE
SHA-256:	675D021BCC06B7F6A98BDF793E12B5CE78488124FD8B068F19C6AD229106FF81
SHA-512:	D2095854D0347B5D67A90F6B42532E4D91D02B835442BE916ED50B7C425418C468C0FEA4B6E06D3FA7F6B78915E2BAC67E57DDDD7B0BF3CF07278FD3AE18EFB0
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/image/187-28a43e00/pdf%20logo.png
Preview:	.PNG........IHDR.............{}.... .IDATx^.]...E...l...Dr.A@%..H....NT<....y.w..;.y...k..DdE2b -.L.sf...{.[.==U.gzv......._..z..^.zU......}\...(....P..m.+.M......J..K...R..n.].....+.R,...Jq.Mw%.......J..\.(..6........(..p...w..tW....:.J..K...R..n.].....@.K..WoW.x<q_.x.`...3.....u.......o2z..(.'.\..@.....(.^......Y.P.......'$$h..^......{...a........S..F....~.M....>.?III..2...D.......D.....\... ;;[S(......O........P.L.$''k.....8./!.[................8}.4V..{.5....;2~...C.@}I._.\..... b....r.R...@........Q._..w...\|....N.......&0HIIA...?e..<.......>.5. F.2.....M.6..q).B... . ......b.?r.f..T.<;...^...$.we....2.={.......q.W.r...I@?....@..s4..R..v....T.\Y.C@@..z/V.\...u...C..a.....&.7'.g.....8.....p....i.P.zumjG._.jU....y..."H.@pO... ....`......p. .&.+_.@^..s.p.....U....~..g...Q.....U.....7....d]*..<..=zH5....!..@@.... .8y.$....;.\|.l..A.55 .{.....%...A,M.W.>..<;..hu...Zp.V........^z)j..y....J...o.Wj.r=..~u=..T\|.. ..4.#/.....+.J...Wk.@..5o...4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19408, version 1.1
Category:	downloaded
Size (bytes):	19408
Entropy (8bit):	7.971326527963912
Encrypted:	false
SSDEEP:	384:MMZ6l/JwnOruXBzLh/V/EEUDvK7La9VvEniLWDNp:MMZ6TwO6XBR/OEUDmG9Vv8iLAj
MD5:	F939F20B37CAAA8E99BCD2E0EF22436C
SHA1:	FCE961B1347C444CC7844F23CF643FC2F91116EB
SHA-256:	345FD0BD6225C53C4D28AA256798D6D8AA0D23EDE27E42933B62599FDE702E7C
SHA-512:	A8F543CF800FC927FA437A3BB19E22113E23EC4435BC63EED767346AFE78A3638AE51CFD55668C4892E5D12A66BC4363FDE4A6DED93FB09A8C91DF08B8460FFE
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I.woff
Preview:	wOFF......K.................................GDEF.......0...:.\..GPOS...........b.(.GSUB............#.#.OS/2.......Y...`Z{sWcmap...<...k......Icvt ..............fpgm...........s.Y.7gasp................glyf......5...f@%...head..B....6...6....hhea..B....#...$....hmtx..B....G...D.c.loca..ED.......$....maxp..Gd... ... .+.]name..G....A....^.w.post..H............prep..K\|...R...V2..6x......0..................v@.C.=..xz.>....ZY...x..3..Q......6.m{.m.{6.4.%.[...k.[X.l=......iO?\|....^6{..j..0....... ........I..+8...O..h.[....TR..Y...qG.P.{.<;f7.]..v....?cO.S:..=..F...s."........Kyn7...[...v..]..H.E.w......j}Mo~..w...`.)...].f..9.i<av.c.xvK.=...8)a<..$(E.R$!%.R$/E..%.P. ..S.(5$CM.SK..<u.....h(y.....i-y.I..R....(.:I....+.H.G..d....&...3V..B...c.....W...kYG..l...IpH....>. dO....c...-G.0\|.YX.,s...ec]...\.c.....9yN...t...]....J+.sN.>.....lb..Ge...bs..b.s..6..-!1.SYa.P."..V.2m.G.mLu..<./7c...,o.KL. ..?..#...~.Gg.Km....11..M...~...G#B..i.L....%_k.n".gE#..........a~.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/ErrorPageTemplate.css
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 22280, version 1.1
Category:	downloaded
Size (bytes):	22280
Entropy (8bit):	7.9727639867534075
Encrypted:	false
SSDEEP:	384:P9oOx7sdtvlKnxdf5DGTHz3uPGia2ghi4OEiO+KdRialMgTC3YS95HbcW8Y:1lZsdKnxdBDwz++ia2l4OEi7KCquoS9J
MD5:	6E949B62AF2E8B6F705E35EE4DBC17F4
SHA1:	31BC06C0C932EC0176F42C6864C58D7450BBF97E
SHA-256:	917A5159BE44DE9A82072F6A1C52EF645844D6BEDF42F8FD1549CD99D6DB2CC5
SHA-512:	109EF637EF3C4FB1670DD328466BF1507F0E92D97153A71CA045F3F17F924CC92FF75777B3730CF722825C755D646A796F429F50973C64B543AA13C174D8921B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff
Preview:	wOFF......W........x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...N...`t6.<cmap...............#cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..C`..tP>.e%hdmx..O....m....$+.-head..P....6...6...mhhea..PT...#...$...zhmtx..Px.........3J.loca..S............maxp..U.... ... .4..name..U0..........>.post..V........ .a.dprep..V$.......?.1 .x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 21656, version 1.1
Category:	downloaded
Size (bytes):	21656
Entropy (8bit):	7.971138981009303
Encrypted:	false
SSDEEP:	384:vfqIIA0zh/VF0+5SLHCK+yo5HHx/KnMpljPSiQZxLZtspfA9JaXWWyBuM9rgaSJV:vJ0zh/VFv0Hm15HHtKnalaiQfZtsp49o
MD5:	147F4E11CE73A22AAC9C6C2822290953
SHA1:	EEFEA89A9C36F8B1A7CA99372A7E0E05C92EADD6
SHA-256:	A22585CFD64238EF14B1B383B5B9A8BAD7C89E354C09FC0886067E876687A38C
SHA-512:	3D7ADA26B281864CE394CB49974A9EA59D28FA8C2EFB006DF31DCAE66DB4684223BDB42B8234A5135BF1B4F834E91DE415E44558EB2CF2346086C88793970589
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff
Preview:	wOFF......T.................................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...O...`u...cmap...............#cvt .......J...J..,ofpgm...$...3....c...gasp...X............glyf...d..@...o.H.6.hdmx..MD...n....,..0head..M....6...6...`hhea..M....#...$....hmtx..N...........1)loca..P.............maxp..R.... ... .4..name..R......... .=$post..S........ .a.dprep..S.........9..Bx...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....\|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>\|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...\|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....\|......DT..N....Hy.F.Jez......._?7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\NotoSans-RegIta[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 226300, version 2.0
Category:	downloaded
Size (bytes):	226300
Entropy (8bit):	7.997660830512532
Encrypted:	true
SSDEEP:	6144:1PBAOyLcSEoRx73PKzptP62chzmzYWOLzyxvb:1JAnczo773MtP/chzmkmj
MD5:	A6B44D145E6C2CBBCF05166481E57E1B
SHA1:	ED92853764E4CCF2686680B040944BEA7BC4277A
SHA-256:	BE81A72591C4DFBE3BBF2CE111E3C2BB82ED16146064824A5E901F3E152F59C0
SHA-512:	4E628793B69127B57C80E1D0D53B46903852D6CB7EC26271E4307EA83E17FEE7F1B93F4E59DAD6E5873A343C8822A0778E44F5CE22E1BFA39FEEA09DE694562D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-RegIta.woff
Preview:	wOFF......s........t........................GDEF.......S.......GPOS......l......_GSUB..h....R...z..S.OS/2......_...`l..6cmap.......}...^.8.scvt ...........N.\p.fpgm......p...m9&.\|gasp................glyf.......J....K'.:head.......6...6.J.hhea......!...$.f..hmtx...4...\..2.....loca...... ...2...{8maxp....... ... ...&name...\|........#.=.post...x....... ...2prep............s..Bx...g`dG.(\u..s.[.V....y43.&i.&y<..4.c.q....,.^......6aw....c.....0.,..e.c...N........Q...S'.9...Lk..F.9.".J........#.NN .e.%.a.b&%.B....h.......1..B...Z.&...K.O.BQ.+......X.e\.w.1.R.u.>:..Be...X.h7.a.<.A....RI.k.]....{'^...V..t.A....s"/.)Wx..je..Y.F.`..AJ.V...NN..RyJ9....vA...n......T.x..,.?9...A..,.y#\|...z..[..u....[..;u.....{{f.m{...........o..... .%..,.f^CA.2..)l1.H3N.\".,.......f....&P8..$P~..~7b...s.......*.=.w.b1..&u..../..4..TV..Q.j7.\|mqk)...,...6.X..._<..o.L)..KR..d1...\|$.a[.VotW4.3R..a.7D.=~k_..2.........d...<....&+~.:..>..l...t#j3.m{..s.......I>.h.~GZJ9bZ$A.k.1..\|...EP

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Roboto-Bold-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto family
Category:	downloaded
Size (bytes):	20966
Entropy (8bit):	7.971425202907671
Encrypted:	false
SSDEEP:	384:ZtJYF6WO/nN+U5BilboGwhthoe6b+/gEQTAxF0ZfrvFj48drVyY8:BYQWyBiZ+c8t4AxF0ZjvFREY8
MD5:	ECDD509CADBF1EA78B8D2E31EC52328C
SHA1:	A76CD602F5188B9FBD4BA7443DCB9C064E3DBF10
SHA-256:	A2CA27E10E7111CA13D7B9368C4B55A165EBF24B40AC16EC715CD3881204BB3A
SHA-512:	8B8F1673A8BE70464A85D2F077ACE09F0C8FFEE1A100C3C26A272AD140C1C3D59DB66D66655574E74191902E30CC456C5B2B1C6A674A685FED9EEFA032FD0D21
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Bold-webfont.eot?
Preview:	.Q...Q............................LP....[ .P .......... ...O........................R.o.b.o.t.o.....B.o.l.d...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3.....R.o.b.o.t.o. .B.o.l.d.....BSGP..................s..2s.2y.+.....xZW.h[qJ.x"c.r,g,E.&..C...........@...0.VF0.i.......^cX.#&.6......C>c\|.....".be\|..M0..fq4...D..r:UMyl.....3..5Z....a.jm..!uX....U...A. 0'..md....%...w..yn..!<.:.....J...sb..o...c.J,S_.F..o.2X.R(.J.....E..K...`)../8...'0..cs.A.$.=...-J....75..BQ~j...N ]G ..(7.+..........;<.r..X.;....^....xo!.....B .`...CZ......^Ybr...@@?>..7..G...P...hF.....u.m`...f.g_.-[..^....Y)l.^>.s5m.%..:.)..B..p$.C!.......]..8.`...5fQi...$L..-....7....G8F..E5...,X.,3X.Q.=.....u......I4.i.FGyV$.IX..#..D,#.......=.qM..8....d.b'a...j....!f...h...".....5RkK.....E.Nq...Z.....\|...p..L....&.3.....D....F..N....?......?..ZL.#..........O a...Z.v..H.`&.....^8.8...F.+...w.5..Q..Yn.n2. ..VOW.+8Wp.......e.}..J..3>.17.!...I.J.F!..U9pJ.*(.G.m..>q...:....h.L.\.H......I

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Roboto-Medium-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Medium family
Category:	downloaded
Size (bytes):	21364
Entropy (8bit):	7.9664840416164155
Encrypted:	false
SSDEEP:	384:zI8SG7HTFTmbpKuHJQNLAjMxz/5aoebcWMnnkxRRswW/E7hh:zI8X3FIpKuHJgLAwxz/oolWMnkFsxMth
MD5:	4D9F3F9E5195E7B074BB63BA4CE42208
SHA1:	1517F4B6E1C5D0E5198F937557253AAC8FAB0416
SHA-256:	714646396932C3ED852F6946B0149AD7FE3EACA63EB0F507ABD4742AFA3F1AC1
SHA-512:	A8709B6F3F8922E561D99F573DF127058317E7DC9B03111CE7B43C4A6CA328B897DEBFB24D502B90830EAF08F7C3B3E45CBB75DBFAA715A2EC24633FA2E90151
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Medium-webfont.eot?
Preview:	tS..~R............................LP....[ .P .......... ...O...U....................R.o.b.o.t.o. .M.e.d.i.u.m.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3....R.o.b.o.t.o. .M.e.d.i.u.m. .R.e.g.u.l.a.r.....BSGP..................t..2..2..,H....xZW.h[qJ.x"c.r,g,E.&..C...........@...0.VF0.i.......^cX.#&.6......C>c\|....w".be\|..M0..fq4...D..r:UMyl.:...3.r..B.....jm.. ..i.6-.pai.d......}8.P ....M._.'..W`.3m..,.Y.B.....\?...&1...1 .M..'......ug......N.KO..`A..K...W.2..ss...C.....b.H.w...}iJ7.@.......+........NJ)..S...d)o.4U.I.5......Z.x3.cL...\|.=....g...~..bA..5...p....mR.....?&.n..... ....R..:....p.I.M..;l......2..f (...V...A~{.X.C..!.<.@%.....Sa&....P.b.6.D.d-.4.X......0w..L..q.1.@.V..#..;.k.,.(.G..(.....q..v..z...F)G.XLDHm.3.e....6.......43U.-/hg`..T..8l.@~#"q.K...&U'4)...&...p..S."..zU...Z...H.w..Vk...U^d..;...r...G.<Hh.T..)...%...........:.@.(#.....X. /....P......,.#...B.b...mD......L...$..{.t...p........... ...v.MJ.I5...RO.[e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Roboto-MediumItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Medium family
Category:	downloaded
Size (bytes):	24908
Entropy (8bit):	7.967532249116753
Encrypted:	false
SSDEEP:	384:ug/UYZeuzZbL/xHV8ZbQ5HFiYKTWDGwbafMunkg9Pf10yjKKskpn1SoKOXdsCiil:ug/wuzZbznP5lwTdfMuH5+W3fxiz4jh
MD5:	78333C4E825EB31F2117349A350BD4FE
SHA1:	DFA99298E2666EFD2CD731FF4D7DAA6CA2840819
SHA-256:	47DCC1E2ECFD7BD8312723E86086244F3DF738C934A43C7D89B0D06F39681709
SHA-512:	5B9D6B0AA37276014748D1249ADAD0EAB0CFFDE3B7B37B78A41DA44D10B3069EC667E04927738AA81B46114C19E727AFAF366963C7B80B61A7248FA2D8A1340A
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-MediumItalic-webfont.eot?
Preview:	La..Z`............................LP....[ .P .......... ...Ozw......................R.o.b.o.t.o. .M.e.d.i.u.m.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...(.R.o.b.o.t.o. .M.e.d.i.u.m. .I.t.a.l.i.c.....BSGP..................\|..9<.9B./.....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`.....dY.L....%.f.fc3.W.<PNj...YX.......^.})..d:.n\l5..\|.SN......I.2@P-....v..P3...:....7.B.T4.q.u.B;Ez.B ..C..j/.t...Sb...v.8).:...&2.7"....I........&T;..'J....{.....nd..9..;g./...".O.......n........r..D2.+5......&-..D.DG.0!s..1P....<m.....=.".Y9.%.h"."....@....L.....V.N.qj.x.X7...q.-ei.s........0.....U..".5.UA ..k.;..O......S.....V.+..!.t.{.0.;N.i.R............\|..f.h/.x. . .....a.(:.N.h.#g.."@<........P.ay....:Cy.d.......4..~....[mO...'Q5.-.82x.O.2..r~..O..<...O.x...;D.m0.t.....4.V#...g....., .....T.9..tw4I."y.>..3...P.K..P,.l..TN.d.p.....I...}..5[.i..KV:........A.....g..=..."..j.B.......j.=......u3D.EE..B..\..)..U.a].)f.*.,.D.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Roboto-RegularItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto family
Category:	downloaded
Size (bytes):	25062
Entropy (8bit):	7.967347443911431
Encrypted:	false
SSDEEP:	384:LzmixB+daRJXWzpY7swCEa+qWKMmxYpecYQPW5i4u8cbITusShaFEn2UeMuIedBi:LzmOBbJl7sPmPmxY4bQyDuZrk4erNg
MD5:	61BC7297D313B748C2DA578315879DE5
SHA1:	6E916CED854BBDDC1711B2D54BBBAE56BECE0B6F
SHA-256:	3E265926BF6F697A72B04325E05BD193831325453E280D290EF0865FCF4EC7EB
SHA-512:	29244ED2A357512B9F15515FF29EFC21317B2C9A08BA18C750EB2B0F013C055416EADE5D9063B9C711AEA3B3F98186A4D9D5CF3B6CA326595EFE29A1A980EE82
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-RegularItalic-webfont.eot?
Preview:	.a...a............................LP....[ .P .......... ...O:7s.....................R.o.b.o.t.o.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3.....R.o.b.o.t.o. .I.t.a.l.i.c.....BSGP..................}I.9%.9+./.....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`........_,8;.)......\8qA9.7#.e...M..y.%.w.DKI...+..r.a...eJ....u..ZLY...P........^L.(.^.V....f.f.n:.....hd..?.?.F.'<._Xk.}.(.u4.5g)...L".X..d.X.c.%......~p...P0D..._..-[......!.Jj~....O.W..T.`....F=....k%O~wi..U,.2d`...T..U.L8........i...%.<.hcp..x....Q?.@..+.........-..r..#..`.@5.F.h.(...F;.......cH.).X`0u.]h............n.f\Uva.Q.. k...+{.xo.-.G.\|.N. ..8.T.M0Z\...'F..B#.A..J.0h?..H2.0......x........f.........j...T............).!tA..?n..%@..x.x3cb.?r.b.i.5A....8Kp5j..>..N.9.....~.4...hR-..(.X..F.b..=......Y..(.`",.}.-&....s.33>fr...'...^E/.^W."..c.....!..;....P.Vh&`...R3k[.T. d@[@.....\...M.@..v..).......Tk.s.n#.....M..\|!j ^.5...Gq..B...%./.c..\..3.VF..O....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	downloaded
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/background_gradient.jpg
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	3.851707612903588
Encrypted:	false
SSDEEP:	12:i1Yo4YTO4YbJUH3GrKHvlM27cdxj7vJdJUt4IWiQUo/:ir4Ya4Y9UH2rCe27EBlUo
MD5:	A342FE863A8E41DFF2A55410C7F118C5
SHA1:	2F7028932480CDCB927F83B0165D577669E620FA
SHA-256:	4BD1AB3D744C19286E0676A67EDDB7D4A649D690589B7E7AC93C9B5A419DB8B0
SHA-512:	348E4E0F22BEC1F4A3FCD57B2E5D2414345EEA33077539AEB6798F1D8B88AA8904A65B1B97141FB3D45DA3A35EA99FF6155F9E8ECB3B11A2AE947D869626F970
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/image/website/1/favicon?unique=d97d074
Preview:	............ .h.......(....... ..... ..................................E...F...F...F.N.F...F...F...F...F.K.F...F...E...............E...E...F.E.F...F..F...F...F...F...F..F...F.>.E...F.......F...E...F.b.F..F...F...F...F...F...F...F...F...F..F.X.C...E...F...F.F.F..F...F...F..F...F.n.F.n.F...F..F...F...F..F.=.F...F...F...F...F...F..F.F.F...F...F...F...F.F.F..F...F...F...F...F.P.F..F...F..F.P.F...E...........E...F...F.P.F..F...F..F.J.F...F...F...F...F...F...................F...F...F...F...F...F...F...F...F...F...F...E...................E...F...F...F...F...F...F...F...F...F...F...E...................E...G...F...F...F...F...F...F...F...F...F...F...................F...F...F..F...F...F...F.H.F...F...F..F.X.F...F...........E...J...F.d.F...F...F..F.D.F...F...F...F...F...F.W.F...F...H...F...F.b.F..F...F...F...E...F...F.9.F...F...F...F..F...F...F...F...F...F...F...F..F.4.F...E...L...F.N.F..F...F...F...F...F...F...F...F...F..F.L.H...E.......F...A...F.1.F...F..F...F...F...F...F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http_403[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4585
Entropy (8bit):	4.046190045670235
Encrypted:	false
SSDEEP:	48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
MD5:	3215E2E80AA8B9FABA83D76AEF71F1B9
SHA1:	C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
SHA-256:	D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
SHA-512:	690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/info_48.png
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\norton[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, frames 3
Category:	downloaded
Size (bytes):	2771
Entropy (8bit):	7.78487492863925
Encrypted:	false
SSDEEP:	48:D9YMX37rniDN4lvkofoZDYNM6e476wdC5SEVW/h94ASUm6lkMcx7K95USyLy:RhXq6lvkNOjC5BMxSUm6y7K95J9
MD5:	6FEA9D05916216DEF042204E946ADC6A
SHA1:	1F9403314779DDA07A4A733F0B6C22DEAE56D6B2
SHA-256:	BB4744D5BF350D19FF1CD9D41E671DFCB54CCCB3C2E95291E9DAE8A218614AB4
SHA-512:	BD0E90C6E4E28D837989DD04AB57BF2B41B8A572C0FD78F397BDE4D7AB15F3798460B557BEF043E9C84BA3F3E1F878744317C1706F8A8E424F32F63E3855CEAF
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/image/188-1f940331/norton.jpg
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................9..........................!.1."AQ2q...#Ra..B....8.bru................................,........................1.!AQR..q....."a..............?...""...." ...""...." ..."".... ..}...."...." ...""...UTTp:i.....`.......S..3..........[.Z.V......C...../%.P......w...ntS..,.q...........$.....r.i.r..M+].........y...Y....f....]"..-}.P.....3....=....i.>...AF<.....1..w...O`J.K......\.gm..I<..Z.....>..fC.1..8....$...++N.3.V.a............>-....G..z:R..v..W.F.0...""...." 5...r.2.7y.v..=.~....Mo...\|pB...^..\...d.....?...;.TH..k..%.pN.\.L..;u...Y..........G...3.....C.;....\|........>..].,V....:Z:v.W...I'..$....~.jKkn.z..\........=.#./.,...h.h...(.......'..k\..Ixk....2s..so.o@t.m5}]5.Q...S...(..@..@.........$:...v].`uU..6[MF....{{..... .m....Q....b#e........v..#...r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\web.assets_common_minimal_js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	18090
Entropy (8bit):	5.1992325212995
Encrypted:	false
SSDEEP:	384:VJBRb7NZRUgF/jzMzFbqlAqZdXZoIaUTuZ8d07D2jzj+Xe:rbBXjzzpoIaUTuZ90Ht
MD5:	B3CEB3F6AA3B5B58C60DFE0D375F2AFC
SHA1:	EC3D4700B3F183722074D06E3A324359F3A64371
SHA-256:	78EF9091F902AF00D48713CBE1257ABFE5CB5662C9CA6E3532302BED99B505E1
SHA-512:	63E4ABB154BB1D0852DA0C864CAA31E9A22DF0A8035FCFAC35050285B5A676A2E297A5EE4AA3D39595B29153C2AAC4982ED5D846F0461CC177DD4873A7FDF007
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/content/170-f05b062/1/web.assets_common_minimal_js.js
Preview:	./* /web/static/lib/es6-promise/es6-promise-polyfill.js defined in bundle 'web.assets_common_minimal_js' */.(function(global,factory){typeof exports==='object'&&typeof module!=='undefined'?module.exports=factory():typeof define==='function'&&define.amd?define(factory):(global.ES6Promise=factory());}(this,(function(){'use strict';function objectOrFunction(x){var type=typeof x;return x!==null&&(type==='object'\|\|type==='function');}.function isFunction(x){return typeof x==='function';}.var _isArray=void 0;if(Array.isArray){_isArray=Array.isArray;}else{_isArray=function(x){return Object.prototype.toString.call(x)==='[object Array]';};}.var isArray=_isArray;var len=0;var vertxNext=void 0;var customSchedulerFn=void 0;var asap=function asap(callback,arg){queue[len]=callback;queue[len+1]=arg;len+=2;if(len===2){if(customSchedulerFn){customSchedulerFn(flush);}else{scheduleFlush();}}};function setScheduler(scheduleFn){customSchedulerFn=scheduleFn;}.function setAsap(asapFn){asap=asapFn;}.var brows

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\web.assets_frontend_minimal_js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2661
Entropy (8bit):	5.107135436822818
Encrypted:	false
SSDEEP:	48:WXWo+sf9YaB+sf+YEXUpb1qbMQIUzYPjxrj8AKofMUUA2fbqdKZ7/KhkmA/VdSj:WG+hd1829rfKofMa2GdKZzKhkmA/VYj
MD5:	0674F8B950C2E43C577383B08AF2B31F
SHA1:	568767DFF35799639ACC387A5646E0F46C7599E1
SHA-256:	7A32A1820A212A09C2FAADEA8B1165EDF5A9D96C04C87B5E341AEA7647CF01D5
SHA-512:	8CE7883AA56CEF0E8ED7DC88BC930AA3BFF3264833D206A661A4C70CAB63CE61A819D2D90EC3AC1ADF727F96C1C0E4FBC165346065A78DD480D90124240D0A07
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/content/171-8bac9a1/1/web.assets_frontend_minimal_js.js
Preview:	./* /web/static/src/js/public/lazyloader.js defined in bundle 'web.assets_frontend_minimal_js' */.odoo.define('web.public.lazyloader',function(require){'use strict';var blockEvents=['submit','click'];var blockFunction=function(ev){ev.preventDefault();ev.stopImmediatePropagation();};var waitingLazy=false;function waitLazy(){if(waitingLazy){return;}.waitingLazy=true;var lazyEls=document.querySelectorAll('.o_wait_lazy_js');for(var i=0;i<lazyEls.length;i++){var element=lazyEls[i];blockEvents.forEach(function(evType){element.addEventListener(evType,blockFunction);});}}.function stopWaitingLazy(){if(!waitingLazy){return;}.waitingLazy=false;var lazyEls=document.querySelectorAll('.o_wait_lazy_js');for(var i=0;i<lazyEls.length;i++){var element=lazyEls[i];blockEvents.forEach(function(evType){element.removeEventListener(evType,blockFunction);});element.classList.remove('o_wait_lazy_js');}}.if(document.readyState!=='loading'){waitLazy();}else{document.addEventListener('DOMContentLoaded',function()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20180, version 1.1
Category:	downloaded
Size (bytes):	20180
Entropy (8bit):	7.97320012816743
Encrypted:	false
SSDEEP:	384:S3ECNC9EU5uXBx/d17jzOBmhUXQOTF3IHrYZEFeWXU5ebGLtCjUdtjVOTg:S3EC2rMXBdjzOBRx3IHrYOFeWLotCYL7
MD5:	5CC3AAE674EA3B199313B3B83BD795BC
SHA1:	993DB0EC4347B0CC53128CFDCBB767606D8A3576
SHA-256:	38399EFE707A8FFC12359A0086E7340315B42194A10FD2E1D1288BE12DA9E39C
SHA-512:	2346622E53705ABB58BDC45818D497CB17E9F9869B546CAF298D1E4D4A2D7E15B5A3C3EE8E6779D64C4C4BB0F98A58216A394BCA81F6660AE137FC6326B48955
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff
Preview:	wOFF......N.................................GDEF.......6...F....GPOS...........f.x.{GSUB.......{... J.c.OS/2...8...V...`[.t.cmap..............3cvt ..........."..fpgm...........s.Y.7gasp................glyf......4...f.....head..E....6...6....hhea..F.... ...$....hmtx..F .......P.=).loca..H4..."....s.Tmaxp..JX... ... .3.zname..Jx...A....[.s.post..K.........SF.prep..N....S...V.c..x....@....{..::#0.ZGK..`....R...^qT..qW<^...../....x....a.......f.]C..fe.5fs...m.a<]Cv}...7..NG..7l.#.}&..J........^c.S.....>..yv.<{.C...N...p@...>....$..!......:...BH...p.C.}).O/..M...t...TB....E....t.....s..L.H _..G3.l.....l?..y.`..............=.....Q.6.e....v.n.]T.........}w..iz..czc;.....C....Z6...m.2G\|....b.8....x\|I'T..Lb%.xI'Q.H.p.%..."UbH.$.%..I&SR.&.4.$...RP2($a..4JJ.e$...M9...DSA..(.T.<S.xjI:Mh..vD.^.. !t..)t.'i../..`....&.1.%..L".)L.a.8.....#...@\|...".Y....J..$.....f%k.a.d.N<...r..6.#...}.gf~S.9......A.A..affff~.......Y.TZ..j....E..N...pO.l..Ze)......`.V..[.c.W.10./.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18I[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19248, version 1.1
Category:	downloaded
Size (bytes):	19248
Entropy (8bit):	7.970518757485756
Encrypted:	false
SSDEEP:	384:wCdVwGEC63uXBrHasvZeCtXiGpaKAmy9wSKOG2sQnRNbr2:wsVwBh+XBrjenGI5m/1BWna
MD5:	15776EEC451FF4C88330CC66EDD9E1E4
SHA1:	3428D0CE8BA520CAB0ED8748FDFDB18D244C094C
SHA-256:	9EB48DFACBA6024EACB293382DD7CAC4B3916C2EBFEF494FEA3F8FA9D1D169BE
SHA-512:	195B2E0E3FB3CDE8E4721DBE73109CACAE4262437BBE80BD92D9C12E8F8F32DC7982E42A2BB063A54F63C27A79FDB4285009D77D7AE00E68365D2219ED8FCCD1
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18I.woff
Preview:	wOFF......K0................................GDEF.......0...:.\..GPOS.......;...b..GSUB............#.#.OS/2.......Z...`\.v.cmap...`...k......Icvt .............9fpgm...........s.Y.7gasp................glyf......4...d..?..head..A....6...6.!..hhea..B0...#...$.U..hmtx..BT...R...D.o.Dloca..D........$[.ukmaxp..F.... ... .+.Uname..F....G....^.u.post..H(...........prep..J....R...V4...x......0..................v@.C.=..xz.>....ZY...x.W...W.}.1...d..........0P..9..3..<7......._....:...d}._}Y+.....r..3.?....D..o{.a.D!D.]wt...].?..q..g\.?..T.`.j...=~tEo....w....L....Vh..q..(Aw....}.d...c..9.[H\.\t8...G.....d2.......B.z.'.\t6.0.p..6...\..p....F'".....q.,.......>D_.C.~..=....?>...P..B....r..B%...(.:.B.BgT.....E(@W...bt.J.C.B9z...[....Ur7a'..Ta/.....(T...+....0....%8Bh.#.2.....IBg...$/.e(..B9..\|......B'.[...$.........g.".T...B.~...x...c..sEs .E.0.0.a;.k.....^?c.Gp...Z........YZT.*L..l...Z..sY....l...3&.......\.....e.S..%u6qm.;".}D.Be@...$c.......3Y..s.#.....j.L....,d.:.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19896, version 1.1
Category:	downloaded
Size (bytes):	19896
Entropy (8bit):	7.973207257576149
Encrypted:	false
SSDEEP:	384:vi9GdFUguXBNV01KI0EhV+xnP+gu9ZLpanYwJz1aRRxaFsq+6LVnQVOTa:vi94iVXBYQnmUYwJz87kLhxnQVOTa
MD5:	B03F2EC28F8E60E61974DD8C57610E5B
SHA1:	DFF9B2C95F626F894185C98CFBB976BB98B50F33
SHA-256:	D8DD0DE638293EB62DBA15A6E410FB0AF9A5B36C35DF226237B1B609D573C63E
SHA-512:	A585B769AA7CD7311FB4075DB5EEBE09E65A46CEA773639482DE0EAAD248C0BCDC571BEF16BCC9EE1196596014871FF39541AF66C1A53FA8B026A82C0F00904D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo.woff
Preview:	wOFF......M.................................GDEF.......6...F....GPOS...........f.o..GSUB.......{... J.c.OS/2...,...V...`\?v.cmap..............3cvt .............9fpgm...........s.Y.7gasp................glyf......3...e.q.B4head..D....6...6....hhea..D.... ...$....hmtx..E........P.k!Nloca..G(........].(maxp..IH... ... .3.rname..Ih...8....X.p.post..J.........SF.prep..Md...R...V2...x....@....{..::#0.ZGK..`....R...^qT..qW<^...../....x.....]...w.jm{..m....m...m.F1.n....\|.........8....w..Uj.6oWkX......?..0.{...{3....4.K..pP....(.{.%..!./(.x....}C.d.`.....29x.@...+.!.......Q...T..+]g.^p.9....x.agI.W[jg.m.K........-.c.E.D......6..r...!.7>.......X+.ok..+7k.o.yj.%..<.uw.*....v.N...>...L`.....x...&..I.......4B$.p. F..4.$.D.#I.I.HR$.TI$MbI.$2$.,rH%WR...t.P.T>.T>.L>.,>..>.(........\.....I......)B8E%.b....H.4.I...I..u4.!Y4.114..)..=.....t..>z..^.x.#^.........3Pr.$~.3.l.H:......FmS%.R....#.S..cvE...6^[...v....Z..`A..]R.hg.\S../w.([.s.n..y.{.....osc....At.....x.%Q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20204, version 1.1
Category:	downloaded
Size (bytes):	20204
Entropy (8bit):	7.9749078907666116
Encrypted:	false
SSDEEP:	384:qxWQ/O1lUMuXBGWZrkF3UZfWXeKcJL0SjvO86XbyNFA6xRGaElAVOT9:qxTF5XBGWZrkVuGeKVSydXbyNFHxyqVE
MD5:	A5002963B0570A073E28156403C78670
SHA1:	8DF8BC29362282573351632366511778D5BC400F
SHA-256:	4C24262A87FDF021D377BF7E4D6C08CE81A1862E774FACCA70713391A4CD3BC7
SHA-512:	4D5AA58E055081B5146594FD77B8940B3FD872907F60F74E0CEAD3420FF041FA4E0A415CC8E5304CEDF68F1259FCBD06026CEF48125AA9D9D91C4290DDDA67FF
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff
Preview:	wOFF......N.................................GDEF.......6...F....GPOS...........<..GSUB...T...{... J.c.OS/2.......T...`Z.s.cmap...$..........3cvt ...<..........fpgm...h.......s.Y.7gasp...d............glyf...l..5...h..$..head..E....6...6....hhea..F$... ...$....hmtx..FD.......P.3..loca..HT...#.......maxp..Jx... ... .3.~name..J....:....U.p.post..K.........SF.prep..N....R...V2..6x....@....{..::#0.ZGK..`....R...^qT..qW<^...../....x....dY...B..]].v.x~.m.^...o.m.m.z...z.>{"6#..i.B{N....7o.nJ@7/.0.O}.s_..[...{Y....=<..o:..<....f.]N....y...@...wz......aK.x.......h.....2../..-......fj.y.G..OX>e.x.....VK..E.(}.t,....m.......W...._..cX..2Kn....N .c..5.....)..6.}...........j0#...06I.;.W^.?.g.P....y~./.5e.3.\|...../.6~m:.x$e.qa..i..c.....f.P7.Ybv...a....."V.K.0..4.2d.c.1...0;Ye....b.....+x.9.....d..`s!.1.<.\...Q..c..8s.g.<...E..b..........ky.5.....;x...........#9.^}.q]..f..e...i.Kf./.U.bV..Y.k\|.+.i..m.....L...5...^........TC.,:....\|...i.nD..m'....9.....4.!..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20404, version 1.1
Category:	downloaded
Size (bytes):	20404
Entropy (8bit):	7.970248785137973
Encrypted:	false
SSDEEP:	384:8uFoOxqigBacqKz8RGLv6K5a+jZ/rFSyeM5B8r/WjRy0BsM16t/PJ:PFlIvUKz8R+t5N53eGar/gY0Bv6tp
MD5:	BF0F407102FAF3A0B521D3B545F547A5
SHA1:	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB
SHA-256:	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
SHA-512:	85359028F7FE49B1DF90B72E48DC7DE4B21F1B65E8BF109595705A3F4EAF9FA79854B5AEF060FE266291C5ECE9D04FCEAD1DE09BAA2C5E20601E1579212520C8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:	wOFF......O........x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t6..cmap...............#cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..<'..m..]5Yhdmx..Ht...m....),..head..H....6...6.Y.ihhea..I.... ...$....hmtx..I<.........Dd.loca..K............maxp..M.... ... .4.\name..M........\|..9.post..N........ .m.dprep..N........:z/.Wx...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSans-BlaIta[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 231844, version 2.0
Category:	downloaded
Size (bytes):	231844
Entropy (8bit):	7.997623685458498
Encrypted:	true
SSDEEP:	6144:3fmHxVMFUa+LtMHbZx3S4AceknTJRa9fGz/y:P0MKjhG3S4AanTi9Gu
MD5:	0E3647B571F1348CE34420458EFC3FBC
SHA1:	D65C57F0F639F2266656AD153CD782388443319E
SHA-256:	92635B3DAFBA3F385834A5419F4241E80E3E98EB951DDCA8CC7576A1EAB868A6
SHA-512:	DE65D33860D0518D9A7F2713FBFB530753C4E60B183E26B0E104DF4283B9D5D221C84FD319AECAE902FADA7FB5A582C29AACEB1F0F64B8CD1B89A576F38228BA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-BlaIta.woff
Preview:	wOFF...............`........................GDEF...P...S.......GPOS......n........4GSUB..~P...R...z..S.OS/2...h...^...`n..vcmap.......}...^.8.scvt ...........N.sv(fpgm...H...p...m9&.\|gasp...H............glyf..........,u....head... ...6...6....hhea...D...!...$....hmtx...X......2.n.H.loca... ......2. L.maxp....... ... ....name...(........'.A;post...0....... ...2prep............s..Bx....`..(\|.W..{.E3..4..u.mY.U.b...e.q..c....l...0.0%$!..%.`Ia!}.H.)@.n.I.n..l.....s..}3#Y...D....{.=.\. .......b..e.).c...B....2.x.0G.a.CH......&...Y.,...Z.......~...DgWC.w.7+-.w..M...6.).o..t..E.!..X2..a$<.A.......=..C.......<......T.....b.C...@..>.gX..a0.....U3H...s.!...h.k....}^h.q......T.O.K.K........?.RD.......7{.V.^<U.....S.k.w.O.&Jk'../..z._..[.....u+,.3....y..P....e..c&.q9mV.....3.C.....<&P......p......g..;\|. .s.......I_c...h'...{.^.`..%4[...&......TY...B!...pw...x<....o........L..]V....P.vK.Xh.'>m.p..Wf}..N..O..7{..}k....-^....]fC.4.2...r..V/..),Z"DO.-.....yn=.lS.-&k.'..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSans-Bla[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 229948, version 2.0
Category:	downloaded
Size (bytes):	229948
Entropy (8bit):	7.996563162090991
Encrypted:	true
SSDEEP:	6144:l1CadMM/kfASztw+5CsKUpMuUUqFUNfD11/3seRnA:2aC7pLVmuUUqi71qSA
MD5:	36D2A1C60127322A5986FC876F7652DF
SHA1:	0B211BD17359D0C4474F87F895E73EF4F962E53F
SHA-256:	817115635F86EA472B225DF239165DCA9D72BA29E0AB1B818DB15B4FA4AC2154
SHA-512:	5DCDC6733B5F462D194828FBB8CFA85A8941B3D01992311BD522547D2708D83531EADBA603EFD8ECDE337607F636512C5E708FCB86F87BFB5D1B759D1450EC1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-Bla.woff
Preview:	wOFF.......<.......H........................GDEF.......1........GPOS......o....z...yGSUB..w....6....D7.jOS/2.......[...`n...cmap...d...\.......cvt ...........t....fpgm.......p...m:(.\|gasp................glyf...........!>l>.head...l...6...6.,..hhea.......!...$.J..hmtx......@..2....]loca...P.. ...2...w,maxp...0... ... ....name............$.=spost........... ...2prep...0........6..`x....`\.0\|.}.M.I..7}F.I..{l..b[r.lKn..c.i6........'.,-.B`Iv.....$....e..n.%.F()......H.$.g.Fs..{.=.<DPl.O..<....}.!<.0.q...mF.w....f..w%s"..3...M!.#?.....v&....D.....hJ$..R)DP;~.....D.\|.`......y.!^.+..T....=i.D..?o......./.0.?..!r.......i..h.sJ.R.0(..8......7..i2.PMu...x=n..&m5...X...J1.~....Q...._.q..thD.Q.}.x...th.~....6..[F.....F.\|.......xf_!....Q...w...&8....^..V.....?.f.h..*0....i.3.1......O.....F,.........\..;4.J.?.)............y.t.".\c...3..D...3[G.M.l.._.Ph.&..J;.U.m.ks.)..c~"....k[..m.:....X...Wn.....m.......?hi..o.\..yM.MV~.=..}........YxS..:5H@....O.7.....(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSans-BolIta[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 225276, version 2.0
Category:	downloaded
Size (bytes):	225276
Entropy (8bit):	7.99795742466269
Encrypted:	true
SSDEEP:	6144:GVPiS+TCG4Wi+C2L6K3Py4H88z7QYotky1b:qPiJTCGv76K36GbBotx1b
MD5:	B92CCF47B7361C8D4A1D5BB409ED8DD8
SHA1:	ED646C70367BAAF0099DE94576650FAC1E0B005F
SHA-256:	7C0A9E08BC418264C064E89FAFB953C09F5AE6CB7AE9BDFCF0CE1AAEF58FB84F
SHA-512:	FA9E32C890AC40B52BA50C32811B596AEE05E7C516732E2F8DF67B488FCAF261EF47B6D6FC23498ABA6113F968A917DDE806E52C7F8F89DD9480DC0EE17AB089
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-BolIta.woff
Preview:	wOFF......o........\|........................GDEF...X...S.......GPOS......l......O.GSUB..d....R...z..S.OS/2...x..._...`m=.zcmap.......}...^.8.scvt ..........N..t4fpgm...X...p...m9&.\|gasp...P............glyf...........z...head.......6...6...hhea...T...!...$...zhmtx.......[..2.3.}loca...... ...2....maxp....... ... ...&name...4........&.Avpost...8....... ...2prep............s..Bx....`\W.0\|.{o.M...43*3..i....H.%W..&.%.e.q..%....I. ....J @`C[...e).....X.05Y.h..{.{3...? kt..s.=.s.b.f....y....%...... .....2.2.0g.1...Z...."k.k,..)...h.5.I[-f....n8..L.......C.I8.].`}.1h/...]:......X2..a <.A....rY.w.......w...-t.(.......3#..........y...)...............1../.Z...C.........`.&C.?.'....O..?\|....!.._L.O).....p.}O....w./(.l?.>.iwp...N..:.w......'`1...gB..(..P...h3c.....iq.2...#..^.l.V..X...8b8.lEX....y.q.....n.U..:....t.../..6..n1(4.-...V.-...~..:...R.....)/..@r.lk4.qKfK8r..J.5t..7....C..../5.p.&S..\|Q....5.n.......;75s..2....<dH.....{.kgXo Z~E....<......V.{.p&......^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSans-Bol[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 219788, version 2.0
Category:	downloaded
Size (bytes):	219788
Entropy (8bit):	7.996865785097218
Encrypted:	true
SSDEEP:	3072:CF1BQDDRZLE69ZcsmnESMjHC9QKYNFEFqu3L+kKncIk0xL6f97p6vUoq:C7izLE6wJnESMT8QTEFU3cx0xL6H6c1
MD5:	96E14CD749C041F6973E4840F2089E6A
SHA1:	C99EAEF7D834372FAA1596950DA794CB3BFD0C26
SHA-256:	F7D715A41FE6C056E03BF18541D42FD2A0C660D8C602ED94BBF0DD7138407E45
SHA-512:	5ED1EF413B2850518D2109D9ACF5211AE64F2D173BFF7CE98F81A4C3DC34C3DA52F4724472D478E925A6ED5CBD4BC891F29AEA43F8269FD8BD1643F25C0A08A7
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-Bol.woff
Preview:	wOFF......Z.......O.........................GDEF......1........GPOS......m{......XyGSUB..OT...6....D7.jOS/2.......\...`m<.Zcmap...<...\.......cvt ...........t.L..fpgm......p...m:(.\|gasp...............glyf...........@.r>5head.......6...6....hhea......!...$...$hmtx..........2.....loca..........2....Gmaxp....... ... ....name...........!.<)post.......... ...2prep............6..`x....`[.u0\|.}. @l....$@..... )q...EI..(Y....!.,....'N=b;N..;nf..Y.v..i.7..f:.k...~.....R..........s..G.i.{...{....Tf...:E(.y.0&L.A.$...f..P.......J:.6U....1.S.H...d .\|..b.T".J.#..H7.....U.`..(v.....MF..B.j.Z....Ye..B@....M6.....s9....9.a....T..........h..F...ztFO......3l...r/..]eN....g(.Qu..P.2..N.WJ._v%\|..u..Pxwx:.3x......ysxg.H..&.&...3..3.....m?p........w..DI.,..$.....a.uT.)`.l.D.:Hp..=M.0.Jv(.B....g.0o..ov..0e1g:.....g:..M.t..p...^.`..v!.....tc82....Pztzd......@..].{....\|.[..z..'\.h.k.....*...-.].....-.m...ik....J...R.$.s.....D...$..#/.?.Z.6.7P..j.Js.T.Z%.Q.. .zA'.r.0.j.Z....n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSans-Lig[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 219076, version 2.0
Category:	downloaded
Size (bytes):	219076
Entropy (8bit):	7.997131411885738
Encrypted:	true
SSDEEP:	3072:00w3JOqmkoxvwLUWnx7RFZefnoNb8TFNOqRsPqin6ephlQJ6Xczpo4eNjjFWE2SQ:a33ml+p7RFCnorUsP96EhNXBN/F4SYP
MD5:	2DEFD6EE5CF6CDBD91B51BB4ED332FC2
SHA1:	758168C24C9E15C2BDE23F246E2625F83EA386B6
SHA-256:	79463AC89894470C15D8FDC0C13BCBE7228C7A191CBB5FC7CFB0A0AE08673A5B
SHA-512:	95DDDEEF717EAC25926E38AD0213216C3FDAE917EB0CF39D895CB4928456432CF0BD3D010B86087F8A1DC12E67645B30D895811DD0032CB656649A9902E2BC78
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-Lig.woff
Preview:	wOFF......W....... x........................GDEF.......1........GPOS......m....4}..GSUB..L....6....D7.jOS/2.......[...`k..Acmap...`...\.......cvt ...........t\|..Wfpgm......p...m:(.\|gasp................glyf............6..head... ...6...6....hhea.......!...$...*hmtx...X......2...M.loca...\|......2...\|.maxp...\... ... ....name............!.;.post.......... ...2prep...,........6..`x....xc.(\U..j.$k.,y..K.,k.lyiy.n..v..}....4...[74.B.B.B..#$C.[x.I..I.1y.H&$.L..2I.........Su.d.m.\|......RU.Sg.s.E..,..=J. .. O..!L0"...g..!.&.q..!..h.u.H..%.T2a.x=w......./....#....p.M.D....BxN.....x.!^.+..t.....1stF/wV.....(bB.a6'Bd...BU.7...U.A.).J.S/......;J.Z}v...#C.UUV......a.Y-fc.KW.....f.w:..J.mU......>..G.........O....{.6.......)\|.Q..\|.~....5./.w....8.>g.b....N.Z...7.k....p.m.U.....V...... .0..p>...r~....j............!......v.Q.sF..@ ......I..2..fWB...X-.....j.....@p.yk.gg.y}l......?.k...;.m....>....F]..1o..L..W..r.z..,"K.=9.A9...;.1.. ~M.mH&.H....#.7..J...P-.......j7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSansArabic-Reg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 74912, version 2.0
Category:	downloaded
Size (bytes):	74912
Entropy (8bit):	7.991977775761762
Encrypted:	true
SSDEEP:	1536:KnN2xzw0n5DEwFdoR3U5doiQe0htTGgsAhsBxSIvsK3BNOC89w2HKL:xxzwCDEJR3UXctiusBIIvsK3oH2
MD5:	D9CE41207A88946941C01EEC3E77C3E5
SHA1:	53F19618C7A3E1CA0C5F6A04D40F0BF9ACEE5546
SHA-256:	08735CDCCB02B8733060EC6FBCBC272F87D757248111A61B94E8C969D12C72C5
SHA-512:	036EB9D3C8E68F6B163F0C2E021F92E71C8930413B0F05B6FF54F0CF683A877868DB073ACFB0171305240447969BC4B323193C4055652554D9DF04D3AD31DA1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansArabic-Reg.woff
Preview:	wOFF......$.......qT........................GDEF...........-..7GPOS........N@..'.GSUB..........+....OS/2...H...W...`..].cmap.............8cvt ...\.......0....fpgm...`...m...m2..\|gasp...............glyf.............$.head...(...6...6...Zhhea...$...!...$...nhmtx...`.......2..g.loca...$...........Kmaxp....... ... ....name...\|........).C.post.......... ...2prep............4...x..}.\|.U..9.L.L&3...'.drO&.L.6i.m...^h).r.H...Z......e.......... ......XPD..-M3......3.V.o....O.y..9.y....s.......n...K.+ .p.........g..g....G.........hgGWW{..n.FCA..j..1.^!..#.p.y....R^.,oJx...n..3{.....<..8f...R[.....kJ..\|>......<%4...r....(\O8.V9joc.`v..TVVi+.v....E%...Xu.c.M-@.....7.&....v.....bk5.d.. ...(......Y ...A...L..K... T...x..^}.u...."y.48...#3.W.<. ..b)....&..k.K!(+.%`.f.d.K.h4...".....CS+..:mE..=5.n)......[;.v..K+.e...%.....dYxk.(.*..v.j...........}...{g.....&J..."'(H.I..H............r.L.u..aV.i...Q...<......N....-O..3......I.....8..0.....}n.F<C9.P9re.1 ^.%~ ..q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSansHebrew-Bla[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11728, version 2.0
Category:	downloaded
Size (bytes):	11728
Entropy (8bit):	7.947509943503293
Encrypted:	false
SSDEEP:	192:R/hxaJJNdsrF6sayi69w5woYKWOIXDhk380IUym6K4zQzM6Si9oePq0O1F9IQ:R/hxQ/dsrFpayjK+XDhzmSQR9hC2Q
MD5:	D41870FEB25C8685D94CC7157CDA2666
SHA1:	ED88387C43009406E60F569FC6D98C084CAC79DA
SHA-256:	A55A1C1B568CC9C211BADFD31171354098F6D9097794C10E70803A4E57DF7525
SHA-512:	CD488B7B21F9F1F1B9451A4B1930778CDA6ACAC00F9CF3DA55D5F45A5D3B9B065591404FFC536AE8BE0DCC9E4E8D690C07C1B8940EC7EE73951B4921D8AEEACA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansHebrew-Bla.woff
Preview:	wOFF......-.......Y\|........................GDEF..&T............GPOS..'....,......bzGSUB..-@........w..:OS/2.......V...`...qcmap...8........u..mcvt ..%....!...0.\|..fpgm.......m...m2..\|gasp..&L............glyf..........4L[.Dohead...\|...6...6....hhea....... ...$....hmtx...........4.".>loca...P...,...,w..,maxp...0... ... .#.wname..%4........'$ATpost..&8....... ...2prep..$.........4...x..Z.t.....K.dI..h..C.Y.......X.....y`..(.1...,-..9..iJ..Z-.`..My.@6.r.vy.......m....fO..B)}G...3.eG..{v..3.s..........c........H=...."K2.f.De.~H....S....'...5.....J.Z...E.`....z\u.F[\...*..k@...O..N&MS..W.<{(U[..:S..j'....GJoz[..j...........e...L@p.Y.X.(.K..@R...H.YK..8).i..\I..;..J.B.D..]..t.U.Tv).t-u....rN.........~C.O......#8M."...u4....h..7..H}C..k...+?......K....Y..61.e.yc...=g`u..+..e3+:..ZS.M.'.(........,.....R..@.>[.X..h$.}3...K_.[.7..FJS.X4B.....(.......;...9!.Q&c.\|y.{E.....].E#.#.g..\|w._8...m.....@..^".#.`..z=!.r..........O.{O.g.F`.a.>..!.\|.S.v9k..,...%.p...(.T.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSansHebrew-Lig[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11864, version 2.0
Category:	downloaded
Size (bytes):	11864
Entropy (8bit):	7.946967458341149
Encrypted:	false
SSDEEP:	192:fDvky0uj8c4ZUaxwvnPUSoN0RtKk5tw6LgZegoQT9aurH1Lym6K4zQzM6Sr9o1ii:LvVj8WaxwfMSoGKYtAZRo4HLSQR6m8Q
MD5:	9CF17758A30542F2946ABE9F11B5F85F
SHA1:	2B300F9FBFAAAD384E386E779301063489BAF3F0
SHA-256:	840D14151DE651F40ACD59B1751BF4F17690C9B2D113C7501A4821DC44FF8892
SHA-512:	D99DF76FB8EF0175B1E8ED62779D9A687BE8AE7AD6FBC0706502FDFF6FC198C4288B3BA8BA0E948F7DCE1C8112576656644E42C9FCF567D06826A38A171465D5
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansHebrew-Lig.woff
Preview:	wOFF.......X......W.........................GDEF..&h............GPOS..'(.......z.A.?GSUB..-.........w..:OS/2.......V...`.j.Pcmap...L........u..mcvt ..%$...!...0....fpgm...(...m...m2..\|gasp..&`............glyf..........1tzr..head...x...6...6....hhea....... ...$.!..hmtx......."...4...#loca...L...,...,o.\|^maxp...,... ... .#.pname..%H........%+?.post..&L....... ...2prep..$.........4...x..Z.p..~..5.t.LO.!..I#.4..A.A(.:.sI.`a..-....&..El....N6...o.v.'.M.$KRq.r9d..V..-'.u......h...g4..#.."...........D.8B...0r.z...j.DAD.!$`Q..xL.....a......V.d.snD.........u+@...QKG....tv.....8\g....u$.q.K...J...7.....B_.I...'C..<Y>..62......\>....R.Lb..I....(...<.A.....$.B..=.>....FH.hJ...-rd.%....8e.V..8..).;e.p;.Sv{.Ks...X.aoX.N.p .....:....p..M.P8T......s.{v.l.S;o.qr...c.._W.......U=+.w.s..%..TC...F..4..c..lF3..k....F.....F.]....@ ..?..._..x:....;.u..~......9.[.....]%...$....@p...u7..``w@..m..Q.....4\!<....!.y.qH+z...?......q.'.i..W\...l..w.O\|....O8P..s.mV..$....;ZC..1<...).O.&i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NotoSansHebrew-Reg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 11728, version 2.0
Category:	downloaded
Size (bytes):	11728
Entropy (8bit):	7.9443514712148495
Encrypted:	false
SSDEEP:	192:/ywvmiDK6zEaed55cYEbw2us0iBbJEym6K4zQzM6SVGu+AAO7dVjzwRQ:/yar925wb58SQRK+V0dwQ
MD5:	99A302C2847AD33CFF9A37F81375B03B
SHA1:	35BB88EF99105BA639D7A929C28AC7B2F5BFE917
SHA-256:	834F8CFC57625D8CB1969C87CC896436C85FC2AEB5E95EE9F97E6D5F87B0719A
SHA-512:	EEED82796DFD723FD0049A50166C9F03771BC6E8240A3B1477F4361A16F34E101B10F12295CFD7D7828479F59E7E216055A1714675BE91B7C8F241943FFA2055
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansHebrew-Reg.woff
Preview:	wOFF......-.......X@........................GDEF..&D............GPOS..'....:.....j..GSUB..-@........w..:OS/2.......V...`...acmap...$........u..mcvt ..$....!...0....fpgm.......m...m2..\|gasp..&<............glyf..........2...m.head...d...6...6....hhea....... ...$.+..hmtx...........4....loca...8...,...,k.w]maxp....... ... .#.uname..% ........).D4post..&(....... ...2prep..$p........4...x..Z.t[g}...}.a=....dY.e..r..r..e'q.;....%....4...m...5!+]G..\.=-..v..c..c.H(...e;c.2(.F....a......e..ii....t..........f...:.^..H~..,. .....9..2Py/.A S@.0mWlx-lPU.5.F#...!...S....S3j&=@....8~N.t=.]...U...C.z...=.....}......#.'....$R.........?..H_Y@...A.i.(....!.).. ........!8.w.'.................Fd."....8<N.J<^..<...h~.34.L..A.h4.3.X.m...p......sc..........-7.p......4.m........].jhp.{W.e....dk...k.#...o.....]Y.Y.L.OV....PCC./....7B.p.\|.]....p}yo.!\O......}[.......Jd..I)~.U.v...{.a7...?To.....S.....o'~.2..s......`.... w....'......q..B?7.E..x......7..A......Y...Qv...]F\U..d.....$}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Roboto-Black-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Black family
Category:	downloaded
Size (bytes):	20698
Entropy (8bit):	7.9701587874971445
Encrypted:	false
SSDEEP:	384:C4mtkh88LeIiUOB4zgFAhqP1kmloOzMlUIB09hBFdspITauWIQFZ6O:C4mk88ni5BagFgm1kmlVglwonxI+d
MD5:	3FB7EE3C46A4737CED31105B89E87F0C
SHA1:	61A3ED7B70C5DC56E5D3B2B9ADF6605D12A60C6E
SHA-256:	770BC2298C6300872CB1AB0D3F2F656468DF037D62511DD95D35CB35C184A2CE
SHA-512:	08566997B9D9532B7AB9322FBC194A96D5898C106B4072C3915ABF74B8EC8FBB0EA8ACCE01E605F2E450A6118FDC4085434CCF2A7821E933C7A5BB889C464611
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Black-webfont.eot?
Preview:	.P...O............................LP....[ .P .......... ...O.2]3....................R.o.b.o.t.o. .B.l.a.c.k.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...(.R.o.b.o.t.o. .B.l.a.c.k. .R.e.g.u.l.a.r.....BSGP..................t..3..3..,B....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`......Y.L... .f.fc3.W..('5..u..R.......E....H..\|[.[.v...T...l.V.... ('......@x.5.y..a=.r....W...T).....`~..v.....qW..R..j.e....=...7#UZ....I1-...l.HUT.v.M.E.$g.W..i.......t.._........N6s..m...z._h...:T...K...{.....a...:....4.....`{HE....\%.c.F&....O..3.F.F0.%&...B..n..d.,".Y[.1l.'.O...\|..e.>..{.....\k..qF.....:w.1..R>......uC...D.6..............(./2N.G..f..._.i!.wH.......B."pI9.`..s.......8.....r..E...T)0:`\|...\|..3...a "Di....6.Z...!5}X......8D....s.......4...7.<c.].D.m0/t.-O.T4..F12...%-c..S...(.@Y.9.z..'..E.?...3..M.b%lFw(....F_>H5.....i......\|...r...;.H......h4.`%G...8&s....:.iB.Y....3..n#...2D:+..Z.(H.=....TH-...:..H.] ..)z..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Roboto-BlackItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Black family
Category:	downloaded
Size (bytes):	23849
Entropy (8bit):	7.969733898954456
Encrypted:	false
SSDEEP:	384:6vsrq8wslyLe9bUutV4zmN+jaWmcxJABjx01B13P//Ln9buItG2o9ChUvSHi7xnG:csq45bTxNFW+F01nPHzJ/zGqCFncGP5o
MD5:	66DC0A84C12B5EF3036882018D3A147C
SHA1:	A01840A9C544CB10FD04CF26C17FB07E0F6E9A46
SHA-256:	E94870D9B94D7801E55E3791BCD61B910BF69700BB7B4CAFEB1D2A1828910B86
SHA-512:	61577EA8382B4A67D5A7E25B83C4DD4EA146026183A0E0BC7D3F57443E8EABD5BCB1C1E84D15713022EFC88811A112599EB73CCE82E9612FE3BF472455172159
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-BlackItalic-webfont.eot?
Preview:	)]..;\............................LP....[ .P .......... ...O.......................R.o.b.o.t.o. .B.l.a.c.k.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...&.R.o.b.o.t.o. .B.l.a.c.k. .I.t.a.l.i.c.....BSGP..................{..9..9../.....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`.....$Y.L...#K.....g...x........o.&.g<...'.DKI.A[.....]...4....0...d....Kj.}.U....[.oX+..2U.!a.F..oP.'T#.........Q..../...hQ.mc.<E..S.$...F.K].. Y......W......`.......}f.L...^..\|......K........u...cH......e..-9p.M...^a..J..y...?..$.....y.@......0...@z.....\|+.^..p.5..-.Y...JU.<JU.4. ..F.....^.T2r._B.V...6.( U\|...&.+....0&l.O..8~h.1...!......S{6^.).........F.....$z..-....iA.@.ArA.....p........`.\....8...$..G..\..W.O.?..ZG...iD.P...[K..D(df.........1qrob...V.....`....u7.Sx8...%V..+......"..].=@..?..,.B..K_b....k.O."v.I...6o.........A..>.DC..........74.Od_:..p-..c.p..,.!i.v..!..e.6K..1n.i.....x./.`.........6.'..O..KLA..D.5.U...p..@..dr..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Roboto-BoldItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto family
Category:	downloaded
Size (bytes):	24778
Entropy (8bit):	7.968731866542877
Encrypted:	false
SSDEEP:	768:hHOW/Qnkl8s+DYbH6gy1RBwFxYYzbcACbLq:5OW/QB3DYbHf3IAl
MD5:	737B3D547D1A3D4126201753C5EBC671
SHA1:	572FCE32AE06379FD887825CCDE421E6B1FF900A
SHA-256:	F34F182C43EA2E6F4F5B725719B9807BAF906A99D9416EA7BD902EB67E2B5D16
SHA-512:	0218E2FB34A93B3D8553B5CF89A43D1CAD2AEC7089B440C01B2BD8EA30FB2AAB173C1B55BF8841E8828EBC4EE45D66F9E291DF7F0A867DAAB69CF7CF65C47CED
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-BoldItalic-webfont.eot?
Preview:	.`..._............................LP....[ .P .......... ...O..{.....................R.o.b.o.t.o.....B.o.l.d. .I.t.a.l.i.c...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...$.R.o.b.o.t.o. .B.o.l.d. .I.t.a.l.i.c.....BSGP..................{L.9j.9p./.....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`.....$Y.L...!......g...(..........I...;D....).. ...I..hOp.4.....0........V..i..wfo.z.....a.g..xy..B..vpA......_.......=.m.ZY:.....&.a...-.8n.........TC.....R/......@..k._..N.e.....4.......Wl..S.....v.....+..r<.............8......j.1.@B...D.e3ts......Gce..3CpXK.]O\|0.$...`...._Td{uHm.J'..8..@...1c{......;1X....7.."V?.G"......L.......5C..kT..ni@.v...Gi....0..< ...?q.......0..pP8.8...nc.b.....l.Q$....S`.@V.2a....c.?.tD..1........X!..^\....ql.&D....I b..q{......aa..m.h..4.Y..M..i..\|.......%...U...V.P.^......K.(F..W.$..w.S..."..V................$&..'/.....G1c.K... ?....lajY.......8.1G$..N.?. .R#._.;.....U.(h8...T(...=@.Jm..*.....R...]....w.(].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1207
Entropy (8bit):	5.170867437416538
Encrypted:	false
SSDEEP:	24:5/iY3QYGaNxb/iY3QY7aNxol+/iY3QYN0aNxY/iOYGaNxsl/iOY7aNxUv/iOYN0u:UY3Q1aNkY3QEaN0BY3QpaNpO1aNROEaR
MD5:	C9185D22CF643BFBC159F70021C14761
SHA1:	5C3C8AB8ACC3406E412976B046057A4BC898A1DF
SHA-256:	EF5FDB30D25060121CF9A6225A0649D6119D7AF7D394205CAEAE4FA44E3EAC8A
SHA-512:	C5E03730C57F72289D0147698FAEA033B4F6E7B0A6732D9B70DE6C9CE7C696712E51A24B607FB8A5243543D34331604A5C6F1AD7E6A895204BB1D8FE2C15B780
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\css[2].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1375
Entropy (8bit):	5.225792851467225
Encrypted:	false
SSDEEP:	24:5cY3QYGaLgcY3QY7aFJcY3QYN0aLi+cOYGan/cOY7a3cOYN0aJ:CY3Q1aLbY3QEaFyY3QpaLiNO1ankOEae
MD5:	A435CB4A045D008FBD382CAF3D832E0C
SHA1:	91DAE8FECD64CACEBA0DB2A0C9B4FCA0D6B7730A
SHA-256:	B1464D8AA5F5E317250DD104E577D97661A4061B0584BF483B714F7E3D85162A
SHA-512:	567965F2FA074E0A564A0B23A3ED0A1F78289D88C9AF2CF41EFD72C789022D75BCE95773EF5AB850E8C718965BE0EE1DFF3D4FEE0E80E9250B3AC5966785ED5F
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I.woff) format('woff');.}.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v14/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ.woff) format('woff');.}.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18I.woff) format('woff');.}.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff) format('woff');.}.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-wei

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\kmlaw.co[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 134 x 68, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6119
Entropy (8bit):	7.935754139906258
Encrypted:	false
SSDEEP:	96:ftUF4KD7PJBBKW2/ZCCEc/5ovZml2dHOmJ003+clUo/HRStQpKBjsGzW7J0Ury2u:ftS7JBAXxsc/xsHOm73+clUKMtQsBjsm
MD5:	0F4A8F4CFC66A36762CA6A565961A89C
SHA1:	94B67BE95BBCA604EE1329C4F48C9F05984E949E
SHA-256:	D9D20D83EDDE1D5AE3910CE7B81061B577F4229E154A98040BE27B8F43A10F37
SHA-512:	74F49F2DF8271BC17D02664590BAC736CBEBC6E0328515CB7B38B3DD5FFE40806B3ACF0343826CC61F0A921C489148C5B73E69C85B2AEAB35C7A6A139FD78A59
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/image/website/1/logo/kmlaw.co.il?unique=d97d074
Preview:	.PNG........IHDR.......D.....DYM.....IDATx^...l$.....33333333.B........f..fT.................].4jOOuUu....`....M....V`.>`.a._+...>\.s.Z.....l..v.r./....5.P...~.....b.~vLC...?.i....f../....?..6.`]"..~.8...?...=..e...>x.....~...jF.y...G.e.2.C.....O.0..S..t....m}..g6n.=......3.f...w.....^..........o...B.....D..".p.....u_...4F....f!.a......h..@..&}8.E..#<..]}.O........g.../.(.. .n.......e.QG.........Y.....y...b"...0:s~...f..,.{j.y..........&.x.r6....>.2..R.o!`. ..Y..w.0..en.7.d..8.}d>.P.._......Z.#....../.........5.j`.7.\|..[..P....SO=U..J..~.N;..............g.......f...Z...........Q.$.H#... ...r...\~3f.1:K....'..F..w.)..0.......I...pz...=..........@-..b.R":.../l..r.TB0._~Y..<..sE....Q.I...U........1...\|..$.....s....)dl..3.....ic..z.....-.........X.z.H...c.f.......GZ.F..R%......`1..x.?.ps..6.N:i....w........7.>.h..[.`....."...\|P....H&s0....n.....\sM..'.4.n.a!.{"m&.`..,..".'=..:.3..h..H..>..y..g.w...P....a1.s.5W3.Xcux(....O.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0101[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	150426
Entropy (8bit):	6.150402773222627
Encrypted:	false
SSDEEP:	3072:T4X0o510tciUoVSp5UYaw2twNtUZlPjwwEuZ:T4X01BMrUGoZlP/FZ
MD5:	8F5AC55780DFD7AA4DF21E044711692F
SHA1:	12739382BB457F8734CC46C22F1C5989C1A09D9A
SHA-256:	53CB733F83EBC2199AD17876052E96252BF881185DAFCD92C5ABF6A5721B72F4
SHA-512:	5DEE1DDE944252D83AB15C4AA028B96E6F18CCDE962E24F2B9B2E6C9B5E3A3A585C3266C9CC2FD4B27F47971D3EEA5676CB456D3947A721BCEE0BA0E67773CAD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0101[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://thebettermom.co.ke/taxadvisors/0101/
Preview:	<html>....<head>.. <meta charset="UTF-8" name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">.. <title>Sharing Link Validation</title>.. <link rel='stylesheet prefetch' href='https://fonts.googleapis.com/css?family=Open+Sans:600'>..<style>....html {...line-height: 1.15;...-ms-text-size-adjust: 100%;...-webkit-text-size-adjust: 100%..}..body {...height: 100%;...margin: 0..}..article, aside, footer, header, nav, section {...display: block..}..h1 {...font-size: 2em;...margin: .67em 0..}..figcaption, figure, main {...display: block..}..figure {...margin: 1em 40px..}..hr {...box-sizing: content-box;...height: 0;...overflow: visible..}..pre {...font-family: monospace, monospace;...font-size: 1em..}..a {...background-color: transparent;...-webkit-text-decoration-skip: objects..}..abbr[title] {...border-bottom: none;...text-decoration: underline;...text-decoration: underline dotted..}..b, strong {...font-weight: inher

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19368, version 1.1
Category:	downloaded
Size (bytes):	19368
Entropy (8bit):	7.971969892864419
Encrypted:	false
SSDEEP:	384:1RfjqmZuXBZftcC+n8/IEfNjqXDZap41M1HdtXFJQA+9B0csRTzRm:1RfumsXB5tcj8nfNOXDkzQA+9B0XBY
MD5:	86B2389FA562DA6B9425271D1833D490
SHA1:	60A25F71CAE90E48045B684E6D2AD3EEA2E76B4C
SHA-256:	40C28DCF61EC065E337F9A7F00AFD08CFE6F399F7D5454CB1842B199A8B58F4D
SHA-512:	1D98D6FBC16E260907964EAD3FBDFC12BB03BB762FCB51923DDBD3A9104CACDD93A07E916360CEB4DA260528C4B29CA124491D56E132B22D84F44F130E038F29
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/sourcesanspro/v14/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ.woff
Preview:	wOFF......K.................................GDEF.......0...:.\..GPOS.......6...b...5GSUB............#.#.OS/2.......Z...`Z.tlcmap...\...k......Icvt ..........."..fpgm...........s.Y.7gasp................glyf......5\|..e2O0..head..Bt...6...6....hhea..B....#...$....hmtx..B....X...D.)&.loca..E(.......$p..Xmaxp..G@... ... .+.Zname..G`...=....Z.r.post..H............prep..KT...S...V.]..x......0..................v@.C.=..xz.>....ZY...x....\......Y....m.Q.a.W...v....=.....3p......M..}.M.9g.)...p..wq'..5.....d.........G...#..a.Kq...5ep..d.3..D...k..-v....{eg.X1.....R.....4........Q........{....v.....K...........}...\|.O.a:/.+&.o..,g.+Y.V.........qY)Y..l....K.\)"K".I.B....!. x....d.....GR.......H..U..0.%D%q..!jJ.:....'..\.....OcZPD+....n.$.^R@oq.. B.. C......,..f...g.a.I!....R..hJ..v.6P..`W.l^.?.+...d.4[..^_.^..RDa...;...W.u$(A.@.@...AB.......:.:E9.g.\r..j...lM.d..=._..f^....K...{.{.}....}..h..u:.l0....u"..M...i0..._q0...>..O.."&v..&[<Q>.ed.....&.#h.uO2&.Kg..0.7..,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 22036, version 1.1
Category:	downloaded
Size (bytes):	22036
Entropy (8bit):	7.974581575530646
Encrypted:	false
SSDEEP:	384:WhoOtWgD0GjcBsPSQSQhzT8EeFVJDOFKA3t1pLXhj8gGddsbnDX1F:4l30GI/cRMzqKA91pNj89WnDX1F
MD5:	522AECAD450B10CE647739BC8D9AA1C6
SHA1:	6C3528F1BDD5B980F41BDCD1D9FCD812FE0C6D61
SHA-256:	2B5FB1F0EE063320196A64157AE9A949BB4656BC48604914175F1EDA636DCE07
SHA-512:	33AAAE71C92278EE04102EE59B3856DB9EB7C6F187EC35BBD302492619CA47811FF379A2B469DAF670407ADEA10B3BCF56A7B883CD1241447957471263CF95B3
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff
Preview:	wOFF......V........x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...O...`t..Rcmap...............#cvt .......R...R..-.fpgm.......4....s...gasp...<............glyf...H..Bd..rp}..hdmx..N....m....#-.,head..O....6...6...ehhea..OT...#...$....hmtx..Ox.........cC.loca..R.......... \|.maxp..T.... ... .4..name..T0..........:.post..U........ .a.dprep..U .......D..].x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NotoSans-Reg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 221488, version 2.0
Category:	downloaded
Size (bytes):	221488
Entropy (8bit):	7.99790022863227
Encrypted:	true
SSDEEP:	6144:VgaNEwQJNVOWUGF2P8ZhE6tqb0ZZJhhBvRXSwZb:WwQOGFFZhE640Z3nBY+
MD5:	54A9A4F8AB7F4FC10CA5EF96C595FDBF
SHA1:	FFEECB19453F75D7FCA3A49BB9F20C495967C495
SHA-256:	C04491D2066349F7C0345BA9ABA7445FC423D708828C5B8D7FDD40C6816040BE
SHA-512:	780CFF6FFD0BB1F24FEE7CE08F3BE761196A4AD0BBEC256777908E5D4F9910CA36EB63723177925D5B88FDB5938A92B866753913CA3CFB7DA35CA19B8B3FA6BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSans-Reg.woff
Preview:	wOFF......a0......O.........................GDEF...,...1........GPOS...`..m........(GSUB..U....6....D7.jOS/2...`...[...`l..Ucmap......\.......cvt ...d.......t~..5fpgm.......p...m:(.\|gasp...$............glyf......._....=&..head.......6...6....hhea...<...!...$...(hmtx.......6..2..-3Vloca..........2...Uymaxp....... ... ....name............%3>ipost........... ...2prep...........6..`x....xdG.0ZU...9..[.[.[.V+...V..Fi$M.h.g..8..x..9.`...amX..b.l.1....m2....cXX..aQ.{;H#.}...A#uuU.sN.T...X.#z.\@..#o..!....'..!.....`.h..T.Kp...:.."......<x,.r.BNW...W..<.P.........r.L.........h.....\&@..(.Z+.\....C......r!....tN..!....?.Q.....H!...$p...e5VO..Sd.!.....]N...m6...Vby....R.'.`?.9............wG..7.^v..@..ho...w{..\|..?..^....z......7......4m.U......T..xX"..=Q=>...Er..}...H8..B.F...aw.8..N.........@.i....F..j.k...d8.I.l.w..!.LX......8.[..Lf.......pd5.... .{..L:9.t..D.f..-.....4.:..b.~.....[.3[..ib.g.f..seG].....\|./Z...........k..t.E...r...E..z..[..b..+..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NotoSansArabic-Bla[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 78976, version 2.0
Category:	downloaded
Size (bytes):	78976
Entropy (8bit):	7.993233168309686
Encrypted:	true
SSDEEP:	1536:b6pAXGIEFRKMaUb3T+Cq7uZfsliJOM98/1njjVoRgscr3Kw89w2HKL:bJXtEuEb3CZuNslWGtnvKm5TKlH2
MD5:	71718EA492BCDF56DF132BDA892C9C9D
SHA1:	6EBBD726E3EB62B936790E27D85A65E428765AB4
SHA-256:	33CE335FE4B019EDD6CC14C948BB4E809FB60B61AB9B5677ABEA2C282C1CDB74
SHA-512:	70A350B1896EF531E4F53E04D305D71B86865D0BC4F97C309D34342FF0AA8EA1166BC28B1E956FB922E492B77B7FB113DD12554A7C32986164C7225B037B3704
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.odoocdn.com/fonts/noto/NotoSansArabic-Bla.woff
Preview:	wOFF......4.................................GDEF............-..7GPOS......-...Q.....GSUB...d......+....OS/2...t...W...`.RcNcmap..............8cvt ..........0....fpgm......m...m2..\|gasp................glyf.......T...~K.4\head.......6...6....hhea...P...!...$.f..hmtx...4.......4L.e.loca................maxp....... ... ..(.name...........)"B.post.......... ...2prep............4...x..}.x\....i...j...^$.z[.K^.E.$7..M..`.v0.0`L1!......$....`RL....H..B.)..TB..........9gw..>.......w.....\|3.@..z.....x@4.......g...8..........`A.V0.c.hGG<.io..hm.;L.H0..vGG.Q,..y.....]...e..U.<...=}...\|.l)..6t.o2...O.......^..0.."..7fRD.T...bV&5.Iy4'.E.X.2G..]..0.......^.C......g..&I...R.R..... .R.!(@....I.,..+a. ...........2.d.....lGl..)3...Ae.h..I..TF).'<.&..@.....\.F (.WdP.K%.5&.".(.#.:..\.yG....C,..5....aF...P...4..U.w...!".@/3)"J;...Bx.....C .......i._.jT.........R_..E.y.4....y..o.&Qa...9Jw..rF....R?..ba.....@_..r..\.{..j.-..3...(.W.......K.....>....!J..?.e\.z.".....i.I.Q. D!x7.K\_.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-Light-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Light family
Category:	downloaded
Size (bytes):	20940
Entropy (8bit):	7.966910006157203
Encrypted:	false
SSDEEP:	384:qEOdTAX5wYPyuTRissPv2ywqgU8Vsf7Dly5nbs51LiROYRPVD:qtdT+lToia8IyBYvLiROYRPF
MD5:	A990F611F2305DC12965F186C2EF2690
SHA1:	42FE156996197E5EB0C0264C5D1BB3B4681F4595
SHA-256:	2517B97E2C0E1E6C8CEB9DD007015F897926BC504154137281EEC4C1A9F9BDC9
SHA-512:	92F5410DB3C62B91526C9FD202E7FD0DC679733A88C4415A2B0AFACC436D44D193AB2EEB8521AB5520D896AAA1A96F64DBF3A838D1DFE1BADAE62E9D630D476E
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Light-webfont.eot?
Preview:	.Q...P......................,.....LP....[ .P .......... ...O...@....................R.o.b.o.t.o. .L.i.g.h.t.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...(.R.o.b.o.t.o. .L.i.g.h.t. .R.e.g.u.l.a.r.....BSGP..................u..2..2..,.....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`.....H..._,8[.)......\.8.............;D\|...i".8.n.l....M8B....-&....`.KkOm.....c.M.S.9....-.U8...B/......\|..t....]}`..6...7..Vz......6)o..'.e+d@.....8=.....FH.U...u..n..........n0..?...A....]....v.....MC+D.r.K.~n'...}..+xp.%...H... ...kI..7a..^6O?.`v.._.n....U.6.I./.@.h........,@y.....h.0.:Xxb..0f"3.+k..S..A.......L.B.f....A.F......\& ....:....i..I#w.(p$....Hq.d.!. ,cJ.A.NR@..q.G....G/.~.\|......4,...P:.:...............#..8.4.iq.<...:..=Q.&...D.F...P........v/.x....D.m..j....4...9.D..X...3.._..p......tV.M.*...o....Q..fE..V..E..wb".#A..$D#...W..._.BH....m....teL.TB.z2...)...D....sT).$X.....2.../..W.454<Q..z$..r..)_.........e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-LightItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Light family
Category:	downloaded
Size (bytes):	25458
Entropy (8bit):	7.967250690038068
Encrypted:	false
SSDEEP:	768:wqaFLul7xbtzbOSbBQzPXWtBfQN4e9DhZLC3HhPyqDHQ/u:vcLcxbtHOmeL4Bf5eZ0P1HF
MD5:	44D2E2BEDAD9CFBFD91A2217C6A511AA
SHA1:	BF92466157ADD53E2573ABF1C3ABEE7A541FDE87
SHA-256:	4BECA59B90D50E2A619439E8FB31B16280155C13E15A365F0EE8711BD23F7549
SHA-512:	5E80B511B102B212E03390900B3112E40CDCC77FD4D517D27D60B888C54F46B2301E2B49437D1F898A8D0C6E36B201823D858A4A87B96272110471DEF7FE6EF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-LightItalic-webfont.eot?
Preview:	rc...b......................,.....LP....[ .P .......... ...Op..\....................R.o.b.o.t.o. .L.i.g.h.t.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3...&.R.o.b.o.t.o. .L.i.g.h.t. .I.t.a.l.i.c.....BSGP.....................9X.9^.02....xZW.h[qJ.x"c.r,g,E.&..C...........@...T`...\.i.......Y.qq...o.A.....P.`.....dY.L...4.SL;3....l.r.nGZ.wMG.y.....4I..\|'[.[.vCn...l.f.... (%.....l.BD..$....y.`..).iT.....P..Wh......s.....qa......w.xr....L..0.p....6.R.\rn...2..s...6c8...b.D.\[......uX..Kh..?...C.Q....!..<.d....V.oe.&F..d..h......l...+.....=.)IX..Wj...^@.$.O..2...1..,8D..p+i......2.z.2......%DA.....A%0..C.(.@....;.e.4.....DF..C.v4U~...(DA..:...do(......B:".15M.%4.,..La...M@9Z\:......s....9...~`~.J.....a.aMb.........9.G=..f'2H...&.#.L...^\G{..@...l(.:b.....}\...pQ}..Y.&..2EtC..<..a......\C.9c.....Ac.(?..gb....+...!..a`}...h9..S.b.HD..NLg..<!Y[......O.......L.....(Yni.....0@../.X.n.....B...V.N..rTg...8...,d3.w.."a.x.*7H.H:.\J.D..u..D.;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-Regular-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto family
Category:	downloaded
Size (bytes):	21320
Entropy (8bit):	7.967326153924976
Encrypted:	false
SSDEEP:	384:zq+0vJx7yGzwghuOVxeLUdFMyVDsQiXNc/IraXwImPxWr:zqvGGzznF6yNsDXNcgragImJWr
MD5:	30799EFA5BF74129468AD4E257551DC3
SHA1:	77AE3E980EC03863EBE2587A8EF9DDFD06941DB0
SHA-256:	CBB656AD18B9FA7D67C2D6E67372BE1BC5924F9AD9A708619A31597DE23CE8C0
SHA-512:	7819C66624831782B24180319A75B83ED96D603C00F401EB674C26094A7CD4977B23F74BD347DEF0FEF5E97CA4C0A49F1C2A7F02BA93A83A766AD93A027C2F69
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Regular-webfont.eot?
Preview:	HS..nR............................LP....[ .P .......... ...O..8Q....................R.o.b.o.t.o.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3.....R.o.b.o.t.o. .R.e.g.u.l.a.r.....BSGP..................tD.2..2..,"....xZW.h[qJ.x"c.r,g,E.&..C...........@..,T`...`.......k$a.q...o.....d..1.]ag...g12..~L.`vf38..D....r:.A..{A6.5.RH.y&D3H........].:..4....0..Rd.......8.T.wjwtM.a.'.9W......DL}B.(.(.....H`...5..W.U..].K.iAVz..@Z..j.X..)....8t...X.;7=...........?u....O)E...3.y".......j.W3").2:.d.....f.d.g.VlT[....Q.9CQ.1.....?@..]B..7...".A...A?;.....!.s..U..Y.H........(t.;.)C..a..a........8la.....U%...F...1$..>......u.r.wL-....\...S..[.,@..oi.P.....?t.Z.+..@b.....jp.4.tpppVcS...9...t..X.Y.`.@. ...L.....G..y..@,.Z....tsb...-8F.fb$)..y......d.......F./.....E.,.EZ..`D.Zr...30ma2..5s..Z..o0f\|.+.. ..0..lH.....y.e).H....9..Dt.Ox.K.B..F4KC..GTL...T+.\|.E........,.I......X....iOP..I..C.. ..1.`B@.........p.,.....'NA...Dp#..B...\|.I.&..".3@..R....K[.q.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-Regular[1].ttf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht
Category:	downloaded
Size (bytes):	170984
Entropy (8bit):	6.45979378386698
Encrypted:	false
SSDEEP:	3072:hy2goL/sAQRuzzlPrvRwhRFUzMWlYfxJVBxV+aYT3qPXI0AWz48uNOIOU7og2FnI:ZOmCeu+bqPcWuWUMxFnI
MD5:	18D44F79B3979EC168862093208C6D7D
SHA1:	CCA06F9DE4844F45A2E0AF1501B64F317078B3B0
SHA-256:	9E79EAEBEFE9CB1188DEFBA9413AD6D383CFF1F0B4334F0B878634648FB70322
SHA-512:	AA09026C1F35F9FF06F8988EF170C9F580AF9701C90713B0818EA294B36B56C1E1131576043198E4653051EA5023CB3DDE718D80B66B0AF261F146231C7DF239
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/static/src/fonts/google/Roboto/Roboto-Regular.ttf
Preview:	........... GDEF.B....&(...bGPOS......(...].GSUB..Y...X....OS/2.......l...`cmap.wX........Fcvt +.....$4...Tfpgmw.`...!,....gasp......&.....glyf&......,...lhdmxUz`z........head.j.z.......6hhea.......H...$hmtx.r.........8loca.w.........maxp.>........ name.U9...$....tpost.m.d..%.... prep.f...."....I...d...(.............q......9........................EX../....>Y..EX../....>Y......9......9......9......9..........9......9.......01!!.!.......!.5.!.(.<..6......................}.w...x.^.^..^.......{.......0...EX../....>Y..EX../....>Y.....+X!...Y......901.#.3.462..."&.[....7l88l7......-==Z;;........#.........../......9../........01..#.3..#.3...o.....o...x...........w...............EX../....>Y..EX../....>Y..EX../....>Y..EX../....>Y......9\|../......+X!...Y............../.....+X!...Y...............................01.!.#.#5!.!5!.3.!.3.3.#.3.#.#.!.!....P.P...E....R.R..R.R..E..P....E.....f....b....`...`.....f.#.b....n.0.....+.i...EX../....>Y..EX."/..".>Y.."...9..................+X!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-Thin-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Thin family
Category:	downloaded
Size (bytes):	21659
Entropy (8bit):	7.953842567483415
Encrypted:	false
SSDEEP:	384:KaFSl44iLdzScYdujBNNJ0qvADcdxIYmF69p3v1gnD52kzm5aIUHGl8dQ+e8s/:7PRBzzYduJJ0qIDcv269pfmDgkzXU/8y
MD5:	DFE56A876D0282555D1E2458E278060F
SHA1:	0790A51A848DBE7292C98F9D0459218BF1A8FFDD
SHA-256:	EC8252B3A3F3A07433AD90409B707ABD59B88F74DAE0878EA97DD4D5357EA5AE
SHA-512:	9D012ED7F242D279C0699FD18EFD493890DEA6F0E8098325C7CDFAAB1DF7E788F4C239C7BFE2F0E1F3CEA16A23494F30C6765E387ACAC5D0D644B1A04473AD67
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-Thin-webfont.eot?
Preview:	.T..%S............................LP....[ .P .......... ...O:......................R.o.b.o.t.o. .T.h.i.n.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3.;. .t.t.f.a.u.t.o.h.i.n.t. .(.v.0...9.4...1.4.-.c.9.0.1.). .-.l. .8. .-.r. .5.0. .-.G. .2.0.0. .-.x. .1.4. .-.w. .".g.G.D.". .-.c. .-.f...&.R.o.b.o.t.o. .T.h.i.n. .R.e.g.u.l.a.r.....BSGP..................\|..4..4..0.....xZW.h[qJ.x"c.r,g,E.&..C...........@..X...Y......cj.Q.qq...o..\$:.C>.x.k...".$..y2.....M.42fZ...UX.H2.m.b.IL.zx.M..../..h5..%.Se......H.&@`J{.i=....:.q..aq....)..B./.-.o.s......PDK./..iE..-.?\.0W.%...;.\<.<..zi..R..;4D$lt.....;X......h\|.C..<#.f.,.....:n...)..S...M....(a..Q9.3at. 00.x.&b...I..6.....0....j.....i..+n..(K.).J.RA.a....TT,...8 .1h.(wV.B.k..."...T "l.].T..VY....0..qY.X/..Z!b..?X.}....-.?.Z.RU.6F6f.#......}......1"a9.Q..>.."../."B.y.I....?...9.y..,9X).....(...yqdWYId.....#....Hj.xK...".!CF..(R..OO.n.....nR.....nwbA.i.N..X...{A...%....?ce..wbh..K....U.vRZ......V...J+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Roboto-ThinItalic-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Roboto Thin family
Category:	downloaded
Size (bytes):	26645
Entropy (8bit):	7.966980884842096
Encrypted:	false
SSDEEP:	768:s57Jxej1gBDpB3RyLd1k+PYYaHCTP3jGx2G9Y/3f8FZ:sdJxexepd4LdD6CTP3qqfq
MD5:	8B97626F67883267CFF2C72251595383
SHA1:	DE5E6864043AE119EC095AC0249DF74065ACC251
SHA-256:	0878DF0503B8499D099B6FB3B213343A62E346EC844FA778E69F092D27EF4E24
SHA-512:	60B0FBFCC6EA809E4BDA49C08EF88815E5C3A2318ED9A89AC1C95B547C988DB272DDCF74F16815ACDEAE221425FC8B0ABA1DB226F2CAE2EB75D3002A16CE6E51
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web_enterprise/static/src/fonts/Roboto/Roboto-ThinItalic-webfont.eot?
Preview:	.h...f............................LP....[ .P .......... ...O...}....................R.o.b.o.t.o. .T.h.i.n.....I.t.a.l.i.c.....V.e.r.s.i.o.n. .1...1.0.0.1.4.1.;. .2.0.1.3.;. .t.t.f.a.u.t.o.h.i.n.t. .(.v.0...9.4...1.4.-.c.9.0.1.). .-.l. .8. .-.r. .5.0. .-.G. .2.0.0. .-.x. .1.4. .-.w. .".g.G.D.". .-.c. .-.f...$.R.o.b.o.t.o. .T.h.i.n. .I.t.a.l.i.c.....BSGP...................".;..;..3\|....xZW.h[qJ.x"c.r,g,E.&..C...........@..X...Y......cj.Q.qq...o..\$:.C>.x.k...E.I..Are3.......L2fZ...ES.H$....q.<a..d.....4..I<.DT.j[....!I...>zZJ....N.8...V...]....jQ.7..I...@..!.B....]1].-.zG......l.C&...r'.R.Y)..Gzi....z..9.......{..A.......t=!...3....i...F1..1P..F...Eb<......!.C.../<].(.....g..P.aZJ..h....Qw.....p.o...`...U.....g.......Da....?.B..R6.U..3k....h.@...x..44.y.2.o.0.0.`.........M._0..(.=L`.~.....x.xJM..q.....QQ....g.<D."SR.S.2.f..D`..(....K.Y.z.$Y.."(..pa,..@.G.g\|...N..D.W.X.)U.U.D.j.2..TD.5 <..e.t.........;.uFyZoi.ZS.....i..........t.15`\|[P4f.{.:.D..KtG..q.YE.M`..,..8

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	188
Entropy (8bit):	5.119072399147113
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCiF15RI5XwDKLRIHDfFTo/TfqzrZqcdJ2dTi8EuRlGlL+9JYARNin:0IFFm15+56ZTo/Tizlpd0celdJNin
MD5:	4CFC4658F748E1FC67D2EA27F9B3692F
SHA1:	82C520D112F48E337E99DF00067BFAA75D0F9CA2
SHA-256:	ABC5A61E85F95E54C925FE9589099AD680912480E7C97052AF0496CBC6D111B8
SHA-512:	BFDDD6D4E0225EF444FD621B2CC20D022C02E30AB3E8AACA197E8F6304AA95E8C253815C6DC329646E5F39BBAF0B953A0667B296D15AB6BCECE788D1BFDC614B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Open+Sans:600
Preview:	@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http_403[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4585
Entropy (8bit):	4.046190045670235
Encrypted:	false
SSDEEP:	48:upUw1V4VOBXvLwSZIPTC5f1a5TI7jn3GFa7KGuc1kpNc7K1rfQy:u3p9ZQw6Kj36a7gG7I
MD5:	3215E2E80AA8B9FABA83D76AEF71F1B9
SHA1:	C7582D414EE6A1DAE098F6DBBBF68ED9641D0023
SHA-256:	D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
SHA-512:	690E4D62229AD14D3D842DABE986651B4CC2E4C873A50E5B7FC4FD539662A703690ECC70649ACEA7751E69CE6046489C0E6B05D24F0030D68773C67B3DCBAE00
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/http_403.htm
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>.... <title>HTTP 403 Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">.. </td>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\web.assets_common[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	160726
Entropy (8bit):	5.169566193180635
Encrypted:	false
SSDEEP:	1536:/XsxVsnw4w3DRGSjfphwaOMeIobx+IinCckZarI+3q50WNlif:7eDR3fphwa5NI6qY
MD5:	1373CAFDA2B366635921217DAC1F2DAF
SHA1:	0C446B7824B2168BFF485A9DD37AB623CF954640
SHA-256:	870D6AD162056E1075066A961D3478C752668E364327924D42626E4D27E7B4F6
SHA-512:	F208A9A27683159939F1412ABB67C9D29C261DCC02DBE0DDC73A3F09A804D28F0035FFC653949403410DB9FFB2B02C38B3BA1C9FB17F8E8DB9BE1912E4915313
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/content/167-6a8719c/1/web.assets_common.css
Preview:	./* /web/static/lib/bootstrap/scss/_functions.scss defined in bundle 'web.assets_common' /. ../ /web/static/lib/bootstrap/scss/_mixins.scss defined in bundle 'web.assets_common' /. ../ /web/static/src/scss/bs_mixins_overrides.scss defined in bundle 'web.assets_common' /. ../ /web/static/src/scss/utils.scss defined in bundle 'web.assets_common' /. .o_colorpicker_widget .o_opacity_slider, .o_colorpicker_widget .o_color_preview{position: relative; z-index: 0;}.o_colorpicker_widget .o_opacity_slider::before, .o_colorpicker_widget .o_color_preview::before{content: ""; position: absolute; top: 0; left: 0; bottom: 0; right: 0; z-index: -1; background-image: url("/web/static/src/img/transparent.png"); background-size: 10px auto; border-radius: inherit;}.o_colorpicker_widget .o_opacity_slider::after, .o_colorpicker_widget .o_color_preview::after{content: ""; position: absolute; top: 0; left: 0; bottom: 0; right: 0; z-index: -1; background: inherit; border-radius: inherit;}../ /web/stati

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\web.assets_frontend[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	430787
Entropy (8bit):	5.153139125134861
Encrypted:	false
SSDEEP:	12288:nN0jkatQXHhMWQxTbSh+ApP1ANyFL4gyEqFlUFo2qsZfeai:nk
MD5:	5D583E800772168B231CBA7004DB16FB
SHA1:	C9C782CA0AD90735194051963E5F8ED79DE7BC0A
SHA-256:	189D1F5E1E37DF20EBC623AF93F3136234DB6D75E9DF2D50EB9F8162D55C2903
SHA-512:	690503A3CDB0F85902E9FB0C2E5C72928EEF8A2BF8B551BDD29283FD494DCE7B332409108FCCF6DF5C95DA45453A805050BE7951EB4158BA239DA15988167000
Malicious:	false
Reputation:	low
IE Cache URL:	https://kmlawcoil.odoo.com/web/content/168-74052ad/1/web.assets_frontend.css
Preview:	@import url("https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i&display=swap");.@import url("https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,300i,400,400i,700,700i&display=swap");../* <inline asset> defined in bundle 'web.assets_frontend' /.@charset "UTF-8"; ../ /web/static/lib/bootstrap/scss/_functions.scss defined in bundle 'web.assets_frontend' /. ../ /web/static/lib/bootstrap/scss/_mixins.scss defined in bundle 'web.assets_frontend' /. ../ /web/static/src/scss/bs_mixins_overrides.scss defined in bundle 'web.assets_frontend' */. .o_figure_relative_layout .figure-caption h1, .o_colored_level .o_figure_relative_layout .figure-caption h1, #wrapwrap.o_portal h1, .o_colored_level #wrapwrap.o_portal h1, .bg-o-color-5 h1, .o_colored_level .bg-o-color-5 h1, .bg-o-color-4 h1, .o_colored_level .bg-o-color-4 h1, .bg-o-color-3 h1, .o_colored_level .bg-o-color-3 h1, .bg-o-color-2 h1, .o_colored_level .bg-o-color-2 h1, .bg-o-color-1 h1, .o_colored_level

C:\Users\user\AppData\Local\Temp\dat67AA.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 2532, version 2.24904
Category:	dropped
Size (bytes):	2532
Entropy (8bit):	7.627755614174705
Encrypted:	false
SSDEEP:	48:WGMiY6elIk7QuaqrjRh4pi6j4fN6+XRsnBBpr+bes:WRBLlIoQuHfRh4pi6sfPGnDFs
MD5:	10600F6B3D9C9BE2D2B2CE58D2C6508B
SHA1:	421CA4369738433E33348785FE776A0C839605D5
SHA-256:	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
SHA-512:	B6C04F3068EB7DAC8F782BDED0FE815B4FE5A9BECCF0B561D6CEAEAA7365919A39710B2D1AD58D252330476AA836629B3C62C84FABFA6DC4BCF1C8F055D66C1C
Malicious:	false
Reputation:	low
Preview:	wOFF..................aH....................OS/2...D...H...`1Wp.cmap.......I...b..ocvt ....... .......fpgm...........Y...gasp................glyf.............Whead.......2...6.tJ.hhea...........$....hmtx................loca.............X.hmaxp...,....... .y..name...L...........Mpost...D....... .Q.}prep...X........x...x.c`aog......:....Q.B3_dHc..`e.bdb... .`@..`.....,9.\|...V...)00...C..x.c```f.`..F.......\|... ........\..K..n.,..g`@.I\|.8"vYl.....p...0..........x.c.b.e(`h`X.......x............x.]..N.@..s$..'@:!.uC....K$.%%...J.......n..b.........\|.s...\|v..G*)V.7........!O.6eaL.yV.e.j..kN..M.h....Lm....-b....p.N.m.v.....U<..#...O.}.K..,V..&...^...L.c.x.....?ug..l9e..Ns.D....D...K........m..A.M....a.....g.P..`....d.............x..R.K.1...$....g-.B.Vq..m..Z..T..@\t.E...7X...:.).c... ].{.Q.[7'...`.^...&....{y<..N.....t...6..f....\.K1..Z}{.eA-..x.{....0P7p.....l........E...r....EVQ.....Q_.4.A.Z..;...PGs.o..Eo...{t...a.P.~...b,Dz.}.OXdp."d4."C.X..&,u.g.......r.c..j

C:\Users\user\AppData\Local\Temp\~DF50CB3EA85C63CB6C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4791407943534906
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fRIF9l8fRw9lTqfy:c9lLh9lLh9lIn9lIn9log9low9lW6
MD5:	9FC7FA1F4514AFDD60A2A8F64DA48DA8
SHA1:	39618FBBEAB6D9D4DAC000C038CB14D2FE6969EB
SHA-256:	877F9227E489D11AED3735F807ECA3329E13CA09B81DF696253897B914F39799
SHA-512:	B8E9116D52E20DEA074D937174D21113EFC59D9285B492A02CADD1AA3169225C5EE0E2D974DD3132D03D5B02870CFC9560A3601B8397C4AD1F547314A0478F3C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC45E6FCFDEC83A21.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF2157AB9E18B9B5D.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	87515
Entropy (8bit):	0.8374428986228791
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+TtfW95Vmkj5ER0T6ZxZentb1y919719BaXcwJ5XzHvrIkhvFbvian:EE9r7rAXZJ5DHvUkhv9vian
MD5:	8004E39F71B68D1716F6F17CA1DA3F2A
SHA1:	B6AC8237C9D4C369B9A393C95ED94F25B2B5E88E
SHA-256:	338BF9704537A5A375F24B80313A8369A2ABC59D587872F7860047DAD8AD0555
SHA-512:	991515FA91CE86CB15B7B8F254C05A16BA9D9C70D02E980397662DB7E00E52AD5A1AE887B812A8461E8BAC2E859ADC4491103366BADFB5F3045E941112555F94
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 16:31:00.390099049 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.390731096 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.451395035 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.451574087 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.453489065 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.453739882 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.460458994 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.460567951 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.520900965 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.521766901 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.521797895 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.521815062 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.521903038 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.521941900 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.522932053 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.523705959 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.523734093 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.523756027 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.523885965 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.523952007 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.562943935 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.563088894 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.570588112 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.623347044 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.623491049 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.623828888 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.625300884 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.625494957 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.625647068 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.631016970 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.648004055 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.648042917 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.648087978 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.648101091 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.648123980 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.648154974 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.711040974 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.711803913 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.713540077 CEST	49725	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.714479923 CEST	49726	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.715600967 CEST	49727	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.716789961 CEST	49728	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.773710012 CEST	443	49725	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.773897886 CEST	49725	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.774113894 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.774519920 CEST	443	49726	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.774641037 CEST	49726	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.774825096 CEST	49725	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.775005102 CEST	443	49727	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.775125027 CEST	49727	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.776804924 CEST	49726	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.777168036 CEST	49727	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.779788017 CEST	443	49728	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.779937029 CEST	49728	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.780791044 CEST	49728	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782104015 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782135963 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782156944 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782181978 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782226086 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782264948 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782310963 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782325983 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782342911 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782351971 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782377005 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.782388926 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782480955 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.782502890 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.783509970 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.783540010 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.783629894 CEST	49723	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.790807962 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.790935993 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.790963888 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.790987968 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791012049 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791030884 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791048050 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.791057110 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791074991 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.791079044 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791100979 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791136026 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.791161060 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.791873932 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791902065 CEST	443	49722	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.791971922 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.792012930 CEST	49722	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.834913015 CEST	443	49725	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.835056067 CEST	443	49725	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.835159063 CEST	49725	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.836458921 CEST	443	49727	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.836647034 CEST	443	49727	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.836728096 CEST	49727	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.836843014 CEST	443	49726	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.836908102 CEST	443	49726	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.836987019 CEST	49726	443	192.168.2.4	35.195.41.197
May 4, 2021 16:31:00.842602015 CEST	443	49723	35.195.41.197	192.168.2.4
May 4, 2021 16:31:00.842632055 CEST	443	49723	35.195.41.197	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 16:30:40.204622030 CEST	61516	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:40.256417036 CEST	53	61516	8.8.8.8	192.168.2.4
May 4, 2021 16:30:41.458672047 CEST	49182	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:41.509280920 CEST	53	49182	8.8.8.8	192.168.2.4
May 4, 2021 16:30:43.083056927 CEST	59920	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:43.134251118 CEST	53	59920	8.8.8.8	192.168.2.4
May 4, 2021 16:30:44.249850988 CEST	57458	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:44.298728943 CEST	53	57458	8.8.8.8	192.168.2.4
May 4, 2021 16:30:46.494939089 CEST	50579	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:46.554997921 CEST	53	50579	8.8.8.8	192.168.2.4
May 4, 2021 16:30:49.501115084 CEST	51703	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:49.553170919 CEST	53	51703	8.8.8.8	192.168.2.4
May 4, 2021 16:30:52.074641943 CEST	65248	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:52.124196053 CEST	53	65248	8.8.8.8	192.168.2.4
May 4, 2021 16:30:56.252072096 CEST	53723	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:56.301157951 CEST	53	53723	8.8.8.8	192.168.2.4
May 4, 2021 16:30:58.696407080 CEST	64646	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:58.745417118 CEST	53	64646	8.8.8.8	192.168.2.4
May 4, 2021 16:30:59.082813025 CEST	65298	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:59.151987076 CEST	53	65298	8.8.8.8	192.168.2.4
May 4, 2021 16:30:59.542270899 CEST	59123	53	192.168.2.4	8.8.8.8
May 4, 2021 16:30:59.595175982 CEST	53	59123	8.8.8.8	192.168.2.4
May 4, 2021 16:31:00.292828083 CEST	54531	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:00.378097057 CEST	53	54531	8.8.8.8	192.168.2.4
May 4, 2021 16:31:00.491643906 CEST	49714	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:00.540268898 CEST	53	49714	8.8.8.8	192.168.2.4
May 4, 2021 16:31:00.988080025 CEST	58028	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:01.045499086 CEST	53	58028	8.8.8.8	192.168.2.4
May 4, 2021 16:31:01.336771965 CEST	53097	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:01.353586912 CEST	49257	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:01.393829107 CEST	53	53097	8.8.8.8	192.168.2.4
May 4, 2021 16:31:01.413841009 CEST	53	49257	8.8.8.8	192.168.2.4
May 4, 2021 16:31:03.315552950 CEST	62389	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:03.364414930 CEST	53	62389	8.8.8.8	192.168.2.4
May 4, 2021 16:31:04.186853886 CEST	49910	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:04.246732950 CEST	53	49910	8.8.8.8	192.168.2.4
May 4, 2021 16:31:05.833462000 CEST	55854	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:05.884874105 CEST	53	55854	8.8.8.8	192.168.2.4
May 4, 2021 16:31:06.764416933 CEST	64549	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:06.815565109 CEST	53	64549	8.8.8.8	192.168.2.4
May 4, 2021 16:31:09.792992115 CEST	63153	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:09.841705084 CEST	53	63153	8.8.8.8	192.168.2.4
May 4, 2021 16:31:11.721451998 CEST	52991	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:11.775003910 CEST	53	52991	8.8.8.8	192.168.2.4
May 4, 2021 16:31:18.690843105 CEST	53700	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:18.763370991 CEST	53	53700	8.8.8.8	192.168.2.4
May 4, 2021 16:31:25.357214928 CEST	51726	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:25.839373112 CEST	53	51726	8.8.8.8	192.168.2.4
May 4, 2021 16:31:26.779632092 CEST	56794	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:26.840019941 CEST	53	56794	8.8.8.8	192.168.2.4
May 4, 2021 16:31:26.937457085 CEST	56534	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:26.988061905 CEST	53	56534	8.8.8.8	192.168.2.4
May 4, 2021 16:31:26.990716934 CEST	56627	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:27.007443905 CEST	56621	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:27.014753103 CEST	63116	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:27.054675102 CEST	53	56627	8.8.8.8	192.168.2.4
May 4, 2021 16:31:27.066909075 CEST	53	56621	8.8.8.8	192.168.2.4
May 4, 2021 16:31:27.076829910 CEST	53	63116	8.8.8.8	192.168.2.4
May 4, 2021 16:31:29.014884949 CEST	64078	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:29.071965933 CEST	53	64078	8.8.8.8	192.168.2.4
May 4, 2021 16:31:29.085457087 CEST	64801	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:29.134121895 CEST	53	64801	8.8.8.8	192.168.2.4
May 4, 2021 16:31:29.791956902 CEST	61721	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:29.841759920 CEST	53	61721	8.8.8.8	192.168.2.4
May 4, 2021 16:31:30.079904079 CEST	64801	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:30.140149117 CEST	53	64801	8.8.8.8	192.168.2.4
May 4, 2021 16:31:30.797645092 CEST	61721	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:30.857903004 CEST	53	61721	8.8.8.8	192.168.2.4
May 4, 2021 16:31:31.094672918 CEST	64801	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:31.153404951 CEST	53	64801	8.8.8.8	192.168.2.4
May 4, 2021 16:31:31.812541008 CEST	61721	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:31.874886990 CEST	53	61721	8.8.8.8	192.168.2.4
May 4, 2021 16:31:33.111689091 CEST	64801	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:33.160537004 CEST	53	64801	8.8.8.8	192.168.2.4
May 4, 2021 16:31:33.828398943 CEST	61721	53	192.168.2.4	8.8.8.8
May 4, 2021 16:31:33.877114058 CEST	53	61721	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 4, 2021 16:31:00.292828083 CEST	192.168.2.4	8.8.8.8	0xfdd6	Standard query (0)	kmlawcoil.odoo.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:01.353586912 CEST	192.168.2.4	8.8.8.8	0x6c0b	Standard query (0)	fonts.odoocdn.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:18.690843105 CEST	192.168.2.4	8.8.8.8	0xb734	Standard query (0)	kmlawcoil.odoo.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:25.357214928 CEST	192.168.2.4	8.8.8.8	0x626a	Standard query (0)	thebettermom.co.ke	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.779632092 CEST	192.168.2.4	8.8.8.8	0x6562	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.937457085 CEST	192.168.2.4	8.8.8.8	0x3a11	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.990716934 CEST	192.168.2.4	8.8.8.8	0x4c73	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:27.014753103 CEST	192.168.2.4	8.8.8.8	0xb48	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)
May 4, 2021 16:31:29.014884949 CEST	192.168.2.4	8.8.8.8	0x12ab	Standard query (0)	www.odoo.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 4, 2021 16:31:00.378097057 CEST	8.8.8.8	192.168.2.4	0xfdd6	No error (0)	kmlawcoil.odoo.com		35.195.41.197	A (IP address)	IN (0x0001)
May 4, 2021 16:31:01.413841009 CEST	8.8.8.8	192.168.2.4	0x6c0b	No error (0)	fonts.odoocdn.com		104.26.6.148	A (IP address)	IN (0x0001)
May 4, 2021 16:31:01.413841009 CEST	8.8.8.8	192.168.2.4	0x6c0b	No error (0)	fonts.odoocdn.com		104.26.7.148	A (IP address)	IN (0x0001)
May 4, 2021 16:31:01.413841009 CEST	8.8.8.8	192.168.2.4	0x6c0b	No error (0)	fonts.odoocdn.com		172.67.69.4	A (IP address)	IN (0x0001)
May 4, 2021 16:31:18.763370991 CEST	8.8.8.8	192.168.2.4	0xb734	No error (0)	kmlawcoil.odoo.com		35.195.41.197	A (IP address)	IN (0x0001)
May 4, 2021 16:31:25.839373112 CEST	8.8.8.8	192.168.2.4	0x626a	No error (0)	thebettermom.co.ke		174.136.57.78	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.840019941 CEST	8.8.8.8	192.168.2.4	0x6562	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.840019941 CEST	8.8.8.8	192.168.2.4	0x6562	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
May 4, 2021 16:31:26.988061905 CEST	8.8.8.8	192.168.2.4	0x3a11	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 16:31:27.054675102 CEST	8.8.8.8	192.168.2.4	0x4c73	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
May 4, 2021 16:31:27.054675102 CEST	8.8.8.8	192.168.2.4	0x4c73	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
May 4, 2021 16:31:27.076829910 CEST	8.8.8.8	192.168.2.4	0xb48	No error (0)	stackpath.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
May 4, 2021 16:31:27.076829910 CEST	8.8.8.8	192.168.2.4	0xb48	No error (0)	stackpath.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
May 4, 2021 16:31:29.071965933 CEST	8.8.8.8	192.168.2.4	0x12ab	No error (0)	www.odoo.com	odoo.com		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 16:31:29.071965933 CEST	8.8.8.8	192.168.2.4	0x12ab	No error (0)	odoo.com		178.33.40.43	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www.odoo.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49763	178.33.40.43	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
May 4, 2021 16:31:29.126827955 CEST	4557	OUT	GET /?utm_source=db&utm_medium=website HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.odoo.com Connection: Keep-Alive
May 4, 2021 16:31:29.178276062 CEST	4557	IN	HTTP/1.1 302 Found content-length: 0 location: https://www.odoo.com/?utm_source=db&utm_medium=website cache-control: no-cache
May 4, 2021 16:31:30.272747040 CEST	4563	OUT	GET /page/website-builder?utm_source=db&utm_medium=website HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.odoo.com Connection: Keep-Alive
May 4, 2021 16:31:30.322454929 CEST	4563	IN	HTTP/1.1 302 Found content-length: 0 location: https://www.odoo.com/page/website-builder?utm_source=db&utm_medium=website cache-control: no-cache

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 4, 2021 16:31:00.521797895 CEST	35.195.41.197	443	192.168.2.4	49723	CN=*.odoo.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Apr 16 10:11:25 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Thu Jul 15 10:11:25 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:00.521797895 CEST	35.195.41.197	443	192.168.2.4	49723	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:00.523734093 CEST	35.195.41.197	443	192.168.2.4	49722	CN=*.odoo.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Apr 16 10:11:25 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Thu Jul 15 10:11:25 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:00.523734093 CEST	35.195.41.197	443	192.168.2.4	49722	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.754868031 CEST	104.26.6.148	443	192.168.2.4	49731	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.754868031 CEST	104.26.6.148	443	192.168.2.4	49731	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.815505028 CEST	104.26.6.148	443	192.168.2.4	49732	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.815505028 CEST	104.26.6.148	443	192.168.2.4	49732	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.845663071 CEST	104.26.6.148	443	192.168.2.4	49740	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.845663071 CEST	104.26.6.148	443	192.168.2.4	49740	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.851500034 CEST	104.26.6.148	443	192.168.2.4	49742	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.851500034 CEST	104.26.6.148	443	192.168.2.4	49742	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.875138044 CEST	104.26.6.148	443	192.168.2.4	49739	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.875138044 CEST	104.26.6.148	443	192.168.2.4	49739	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.875572920 CEST	104.26.6.148	443	192.168.2.4	49741	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:01.875572920 CEST	104.26.6.148	443	192.168.2.4	49741	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:18.910279036 CEST	35.195.41.197	443	192.168.2.4	49749	CN=*.odoo.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Apr 16 10:11:25 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Thu Jul 15 10:11:25 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
May 4, 2021 16:31:18.910279036 CEST	35.195.41.197	443	192.168.2.4	49749	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
May 4, 2021 16:31:26.159281015 CEST	174.136.57.78	443	192.168.2.4	49751	CN=www.thebettermom.co.ke CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Mar 06 11:15:49 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Fri Jun 04 12:15:49 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.159281015 CEST	174.136.57.78	443	192.168.2.4	49751	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.159344912 CEST	174.136.57.78	443	192.168.2.4	49750	CN=www.thebettermom.co.ke CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Mar 06 11:15:49 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Fri Jun 04 12:15:49 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.159344912 CEST	174.136.57.78	443	192.168.2.4	49750	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.948955059 CEST	104.18.11.207	443	192.168.2.4	49753	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.948955059 CEST	104.18.11.207	443	192.168.2.4	49753	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.950786114 CEST	104.18.11.207	443	192.168.2.4	49752	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:26.950786114 CEST	104.18.11.207	443	192.168.2.4	49752	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.436738968 CEST	104.16.18.94	443	192.168.2.4	49756	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.436738968 CEST	104.16.18.94	443	192.168.2.4	49756	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.438735008 CEST	104.16.18.94	443	192.168.2.4	49757	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.438735008 CEST	104.16.18.94	443	192.168.2.4	49757	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.481357098 CEST	104.18.10.207	443	192.168.2.4	49759	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.481357098 CEST	104.18.10.207	443	192.168.2.4	49759	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.539211035 CEST	104.18.10.207	443	192.168.2.4	49758	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:27.539211035 CEST	104.18.10.207	443	192.168.2.4	49758	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:29.309360027 CEST	178.33.40.43	443	192.168.2.4	49764	CN=*.odoo.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Apr 16 10:11:25 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Thu Jul 15 10:11:25 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 16:31:29.309360027 CEST	178.33.40.43	443	192.168.2.4	49764	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5812 Parent PID: 800

General

Start time:	16:30:58
Start date:	04/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff67f7a0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5696 Parent PID: 5812

General

Start time:	16:30:59
Start date:	04/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5812 CREDAT:17410 /prefetch:2
Imagebase:	0xe00000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://kmlawcoil.odoo.com/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5812 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 5696 Parent PID: 5812

General

Disassembly