Play interactive tour

Edit tour

Analysis Report https://ziadieinsurance.eb-sites.com/5518707892682752

Overview

General Information

Sample URL:	https://ziadieinsurance.eb-sites.com/5518707892682752
Analysis ID:	404234
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site detected (based on logo template match)

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Classification

Startup

System is w10x64

iexplore.exe (PID: 3084 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 3028 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm	JoeSecurity_HtmlPhish_7	Yara detected HtmlPhish_7	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://ziadieinsurance.eb-sites.com/5518707892682752

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social usering

Antivirus detection for URL or domain

Show sources

Source: https://fitnessfortravel.top/spider/xx/

SlashNext: Label: Fake Login Page type: Phishing & Social usering

Phishing:

Phishing site detected (based on shot template match)

Show sources

Source: https://fitnessfortravel.top/spider/xx/

Matcher: Template: office matched

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 585948.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, type: DROPPED

Yara detected HtmlPhish7

Show sources

Source: Yara match	File source: 585948.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, type: DROPPED

Phishing site detected (based on logo template match)

Show sources

Source: https://fitnessfortravel.top/spider/xx/

Matcher: Template: onedrive matched

Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: https://www.ziadieinsurance.com/	HTTP Parser: Iframe src: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=

Source: https://www.ziadieinsurance.com/	HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/	HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/	HTTP Parser: Number of links: 1
Source: https://www.ziadieinsurance.com/	HTTP Parser: Number of links: 1
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: Number of links: 0
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: Number of links: 0

Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: Title: OneDrive \| Login does not match URL
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: Title: OneDrive \| Login does not match URL

Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="author".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="author".. found
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: No <meta name="author".. found
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: No <meta name="author".. found

Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ziadieinsurance.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: No <meta name="copyright".. found
Source: https://fitnessfortravel.top/spider/xx/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 100.25.4.145:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49784 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.ziadieinsurance.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: ziadieinsurance.eb-sites.com

Source: AZJRJN0J.htm.2.dr	String found in binary or memory: http://browsehappy.com/
Source: fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: slick[1].js.2.dr	String found in binary or memory: http://github.com/kenwheeler/slick
Source: slick[1].js.2.dr	String found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: xx[1].htm0.2.dr	String found in binary or memory: http://gmail.com/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: slick[1].js.2.dr	String found in binary or memory: http://kenwheeler.github.io
Source: slick[1].js.2.dr	String found in binary or memory: http://kenwheeler.github.io/slick
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: drag-a79a51ae7c41df2c005cf922050e5260f58d79815ecefda6cc6b9f766577ae29[1].svg.2.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: http://www.google.com/chromeframe/?redirect=true
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: http://www.ziadieinsurance.com/
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/4ALeRBgPdiqBWaQKnSYigUHS
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/6eeMuS9eNcBramrNByc8JY9s
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/9r6aMqZHBbSxF6mYyBXbTmK4
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/9rMCoz65GNhVQjiFtFZB7x5x
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/DXnh2gQGUzsBKDcjrSfahMBG
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/J6HCMGSsUygUJQvcFZ2XfDaG
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/PGVP3NWeAPUabnTrTA1PQpn6
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/f3GY34unAFcsvxZqAfapGaRU
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/jxSxTBQt9wpC9Z1kmUx4U8F5
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://agentmethods-production.s3.amazonaws.com/oQcerTs5SqZdSUU7TJZ9S8oy
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://agentmethods.c
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://agentmethods.com/
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://agentmethods.com/e.com/r/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://agentmethods.com/e.com/r/xx/8707892682752T
Source: xx[1].htm0.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: leadgrabbers[1].json.2.dr	String found in binary or memory: https://app.engagebay.com/rest/api/signup/signup-user
Source: leadgrabbers[1].json.2.dr	String found in binary or memory: https://app.engagebay.com/signup
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://cdn2.eb-pages.com/uploads/5356667366539264/pdf.png
Source: xx[1].htm0.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick-theme.min.css
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js
Source: xx[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: AZJRJN0J.htm.2.dr, xx[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: xx[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: leadgrabbers[1].json.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/avatar/avatar-new.png
Source: imagestore.dat.2.dr, 5518707892682752[1].htm.2.dr, ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico5:
Source: imagestore.dat.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico~
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/bootstrap.min.css
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/commons.css
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/iframe.js?86-2.4349062990782067
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page-actions.js?=86-2.434906299
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page.css
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/cloud/prod/assets/lib/font-family/roboto.css
Source: ehform[1].js.2.dr	String found in binary or memory: https://d2p078bqz5urf7.cloudfront.net/jsapi
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://fitnessfortrave.eb-sites.com/5518707892682752
Source: 5518707892682752[1].htm.2.dr	String found in binary or memory: https://fitnessfortravel.top/spider/xx
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://fitnessfortravel.top/spider/xx/
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://fitnessfortravel.top/spider/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://fitnessfortravel.top/spider/xx/8707892682752p
Source: free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr	String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: 9rMCoz65GNhVQjiFtFZB7x5x[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:ital
Source: xx[1].htm0.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: roboto[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrIzQ.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ABc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjARc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBhc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgWxM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu52xM.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9vAA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5vAA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlvAA.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtvAA.woff)
Source: css2[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[2].js.2.dr, bootstrap.min[1].css0.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr, bootstrap.bundle.min[1].js.2.dr, bootstrap.min[1].css1.2.dr, application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: v215[1].js.2.dr	String found in binary or memory: https://github.com/faisalman/ua-parser-js
Source: bootstrap.bundle.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr, bootstrap.bundle.min[1].js.2.dr, application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://images.unsplash.com/photo-1509023464722-18d996393ca8?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjE
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: xx[1].htm0.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: xx[1].htm0.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: xx[1].htm0.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: bugsnag.min[1].js.2.dr	String found in binary or memory: https://notify.bugsnag.com
Source: bugsnag.min[1].js.2.dr	String found in binary or memory: https://sessions.bugsnag.com
Source: xx[1].htm0.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: AZJRJN0J.htm.2.dr, 5518707892682752[1].htm.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.engagebay.
Source: 5518707892682752[1].htm.2.dr, ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lps
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lps2682752
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.engagebay.com/?utm_source=eb-lpsT
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=H
Source: AZJRJN0J.htm.2.dr, {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&licen
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&a
Source: AZJRJN0J.htm.2.dr	String found in binary or memory: https://www.ziadieinsurance.com
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.ziadieinsurance.com/
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.ziadieinsurance.com/PExpress
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752b
Source: ~DFE213617724B763D4.TMP.1.dr	String found in binary or memory: https://www.ziadieinsurance.com/r/xx/8707892682752e
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268/ziadieinsurance.eb-sites.com/5518707892682752
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/5518707892682752
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/5518707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268com/?utm_source=eb-lpsRoot
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268el.top/spider/xx/8707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268om/e.com/r/xx/8707892682752Root
Source: {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://ziadieinsurance.eb-sites.com/551870789268rance.com/r/xx/8707892682752Root

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.110.228.35:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.253.54:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.21.90:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.184.243:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.210.20.74:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 100.25.4.145:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.23.123:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.89.76:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.88.7:443 -> 192.168.2.6:49784 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.win@3/128@17/12

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E2545E7-AD52-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF7320F14610119AE5.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ziadieinsurance.eb-sites.com/5518707892682752	1%	Virustotal		Browse
https://ziadieinsurance.eb-sites.com/5518707892682752	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/5518707892682752	100%	SlashNext	Fake Login Page type: Phishing & Social usering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://fitnessfortravel.top/spider/xx/	100%	SlashNext	Fake Login Page type: Phishing & Social usering
https://www.engagebay.com/?utm_source=eb-lps	0%	Virustotal		Browse
https://fitnessfortravel.top/spider/xx/8707892682752	0%	Avira URL Cloud	safe
https://fontawesome.comhttps://fontawesome.comFont	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268rance.com/r/xx/8707892682752Root	0%	Avira URL Cloud	safe
https://app.engagebay.com/signup	0%	Avira URL Cloud	safe
http://www.ziadieinsurance.com/	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268com/?utm_source=eb-lpsRoot	0%	Avira URL Cloud	safe
https://www.ziadieinsurance.com	0%	Avira URL Cloud	safe
http://ianlunn.github.io/Hover/)	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268/ziadieinsurance.eb-sites.com/5518707892682752	0%	Avira URL Cloud	safe
http://kenwheeler.github.io	0%	Avira URL Cloud	safe
https://www.engagebay.com/?utm_source=eb-lpsT	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268el.top/spider/xx/8707892682752Root	0%	Avira URL Cloud	safe
https://agentmethods.c	0%	Avira URL Cloud	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
https://www.ziadieinsurance.com/r/xx/8707892682752b	0%	Avira URL Cloud	safe
https://www.ziadieinsurance.com/r/xx/8707892682752e	0%	Avira URL Cloud	safe
https://agentmethods.com/e.com/r/xx/8707892682752	0%	Avira URL Cloud	safe
https://www.engagebay.com/?utm_source=eb-lps2682752	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268Root	0%	Avira URL Cloud	safe
https://www.engagebay.	0%	Avira URL Cloud	safe
https://cdn2.eb-pages.com/uploads/5356667366539264/pdf.png	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/551870789268om/e.com/r/xx/8707892682752Root	0%	Avira URL Cloud	safe
https://fitnessfortrave.eb-sites.com/5518707892682752	0%	Avira URL Cloud	safe
https://ziadieinsurance.eb-sites.com/5518707892682752Root	0%	Avira URL Cloud	safe
https://agentmethods.com/e.com/r/xx/8707892682752T	0%	Avira URL Cloud	safe
https://fitnessfortravel.top/spider/xx/8707892682752p	0%	Avira URL Cloud	safe
http://kenwheeler.github.io/slick	0%	Avira URL Cloud	safe
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
http://www.bohemiancoding.com/sketch	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch	0%	URL Reputation	safe
http://www.bohemiancoding.com/sketch	0%	URL Reputation	safe
https://app.engagebay.com/rest/api/signup/signup-user	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ziadieinsurance.eb-sites.com	143.110.228.35	true	false	unknown
stackpath.bootstrapcdn.com	104.18.11.207	true	false	high
www.quotit.net	208.90.88.30	true	false	high
sessions.bugsnag.com	35.190.88.7	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
s3-1-w.amazonaws.com	52.217.89.76	true	false	high
cdnjs.cloudflare.com	104.16.19.94	true	false	high
d3w29h23ietttc.cloudfront.net	13.32.21.90	true	false	high
d2wy8f7a9ursnm.cloudfront.net	13.32.23.123	true	false	high
d2p078bqz5urf7.cloudfront.net	13.35.253.54	true	false	high
fox.agentmethods-0820.c66.me	100.25.4.145	true	false	unknown
fitnessfortravel.top	31.210.20.74	true	false	unknown
ghs.googlehosted.com	142.250.184.243	true	false	unknown
ka-f.fontawesome.com	unknown	unknown	false	high
kit.fontawesome.com	unknown	unknown	false	high
favicon.ico	unknown	unknown	false	unknown
app.engagebay.com	unknown	unknown	false	unknown
cdn2.eb-pages.com	unknown	unknown	false	unknown
code.jquery.com	unknown	unknown	false	high
agentmethods-production.s3.amazonaws.com	unknown	unknown	false	high
www.ziadieinsurance.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.engagebay.com/?utm_source=eb-lps	true	0%, Virustotal, Browse	unknown
https://agentmethods.com/	true		unknown
http://www.ziadieinsurance.com/	false	Avira URL Cloud: safe	unknown
https://ziadieinsurance.eb-sites.com/5518707892682752	true		unknown
https://www.ziadieinsurance.com/	true		unknown
https://fitnessfortravel.top/spider/xx/	true	SlashNext: Fake Login Page type: Phishing & Social usering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico~	imagestore.dat.2.dr	false		high
https://fitnessfortravel.top/spider/xx/8707892682752	~DFE213617724B763D4.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	AZJRJN0J.htm.2.dr, xx[1].htm0.2.dr	false		high
https://images.unsplash.com/photo-1509023464722-18d996393ca8?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjE	AZJRJN0J.htm.2.dr	false		high
https://www.ziadieinsurance.com/	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		unknown
https://agentmethods-production.s3.amazonaws.com/J6HCMGSsUygUJQvcFZ2XfDaG	AZJRJN0J.htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://agentmethods-production.s3.amazonaws.com/DXnh2gQGUzsBKDcjrSfahMBG	AZJRJN0J.htm.2.dr	false		high
http://github.com/kenwheeler/slick	slick[1].js.2.dr	false		high
https://agentmethods-production.s3.amazonaws.com/9r6aMqZHBbSxF6mYyBXbTmK4	AZJRJN0J.htm.2.dr	false		high
https://fontawesome.comhttps://fontawesome.comFont	free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js	5518707892682752[1].htm.2.dr	false		high
https://fontawesome.com	free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=	AZJRJN0J.htm.2.dr	false		high
https://fitnessfortravel.top/spider/xx/	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	true	SlashNext: Fake Login Page type: Phishing & Social usering	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.2.dr, bootstrap.bundle.min[1].js.2.dr, application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://ziadieinsurance.eb-sites.com/551870789268rance.com/r/xx/8707892682752Root	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://app.engagebay.com/signup	leadgrabbers[1].json.2.dr	false	Avira URL Cloud: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://agentmethods-production.s3.amazonaws.com/4ALeRBgPdiqBWaQKnSYigUHS	AZJRJN0J.htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?license_no=	AZJRJN0J.htm.2.dr, {2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://www.engagebay.com/?utm_source=eb-lps	5518707892682752[1].htm.2.dr, ~DFE213617724B763D4.TMP.1.dr	false	0%, Virustotal, Browse	unknown
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js	AZJRJN0J.htm.2.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico5:	imagestore.dat.2.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.2.dr	false		high
https://kit.fontawesome.com/585b051251.js	xx[1].htm0.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	xx[1].htm0.2.dr	false		high
https://ziadieinsurance.eb-sites.com/551870789268com/?utm_source=eb-lpsRoot	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=N&license_no=	AZJRJN0J.htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=T&license_no=	AZJRJN0J.htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=	AZJRJN0J.htm.2.dr	false		high
https://www.ziadieinsurance.com	AZJRJN0J.htm.2.dr	false	Avira URL Cloud: safe	unknown
http://ianlunn.github.io/Hover/)	hover[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page.css	5518707892682752[1].htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=I&license_no=	AZJRJN0J.htm.2.dr	false		high
https://ziadieinsurance.eb-sites.com/551870789268/ziadieinsurance.eb-sites.com/5518707892682752	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://kenwheeler.github.io	slick[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&licen	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://www.engagebay.com/?utm_source=eb-lpsT	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://ziadieinsurance.eb-sites.com/551870789268el.top/spider/xx/8707892682752Root	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	xx[1].htm0.2.dr	false		high
https://agentmethods.c	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page-actions.js?=86-2.434906299	5518707892682752[1].htm.2.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/iframe.js?86-2.4349062990782067	5518707892682752[1].htm.2.dr	false		high
https://agentmethods-production.s3.amazonaws.com/PGVP3NWeAPUabnTrTA1PQpn6	AZJRJN0J.htm.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick-theme.min.css	AZJRJN0J.htm.2.dr	false		high
https://sessions.bugsnag.com	bugsnag.min[1].js.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoentry/infoEntry.asp?covTypeID=ES&InsuranceTypeId=G&a	AZJRJN0J.htm.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=	AZJRJN0J.htm.2.dr	false		high
http://ianlunn.co.uk/	hover[1].css.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.ziadieinsurance.com/r/xx/8707892682752b	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/bootstrap.min.css	5518707892682752[1].htm.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false		high
https://github.com/IanLunn/Hover	hover[1].css.2.dr	false		high
https://www.ziadieinsurance.com/r/xx/8707892682752e	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://agentmethods-production.s3.amazonaws.com/jxSxTBQt9wpC9Z1kmUx4U8F5	AZJRJN0J.htm.2.dr	false		high
https://agentmethods.com/e.com/r/xx/8707892682752	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/faisalman/ua-parser-js	v215[1].js.2.dr	false		high
https://www.engagebay.com/?utm_source=eb-lps2682752	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://agentmethods-production.s3.amazonaws.com/oQcerTs5SqZdSUU7TJZ9S8oy	AZJRJN0J.htm.2.dr	false		high
http://browsehappy.com/	AZJRJN0J.htm.2.dr	false		high
https://ziadieinsurance.eb-sites.com/551870789268Root	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.engagebay.	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://ka-f.fontawesome.com	585b051251[1].js.2.dr	false		high
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/jsapi	ehform[1].js.2.dr	false		high
https://agentmethods-production.s3.amazonaws.com/9rMCoz65GNhVQjiFtFZB7x5x	AZJRJN0J.htm.2.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/cloud/prod/assets/lib/font-family/roboto.css	5518707892682752[1].htm.2.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.2.dr	false		high
https://agentmethods.com/	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		unknown
https://agentmethods-production.s3.amazonaws.com/f3GY34unAFcsvxZqAfapGaRU	AZJRJN0J.htm.2.dr	false		high
http://github.com/kenwheeler/slick/issues	slick[1].js.2.dr	false		high
https://cdn2.eb-pages.com/uploads/5356667366539264/pdf.png	5518707892682752[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://ziadieinsurance.eb-sites.com/551870789268om/e.com/r/xx/8707892682752Root	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry_V2.asp?InsuranceTypeId=D&license_no=	AZJRJN0J.htm.2.dr	false		high
https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/commons.css	5518707892682752[1].htm.2.dr	false		high
https://fitnessfortrave.eb-sites.com/5518707892682752	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://ziadieinsurance.eb-sites.com/5518707892682752Root	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://agentmethods.com/e.com/r/xx/8707892682752T	~DFE213617724B763D4.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=X&license_no=H	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://fitnessfortravel.top/spider/xx/8707892682752p	~DFE213617724B763D4.TMP.1.dr	true	Avira URL Cloud: safe	unknown
http://kenwheeler.github.io/slick	slick[1].js.2.dr	false	Avira URL Cloud: safe	unknown
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	fontawesome-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
https://notify.bugsnag.com	bugsnag.min[1].js.2.dr	false		high
https://github.com/twbs/bootstrap/blob/main/LICENSE)	bootstrap.bundle.min[1].js.2.dr	false		high
https://agentmethods-production.s3.amazonaws.com/6eeMuS9eNcBramrNByc8JY9s	AZJRJN0J.htm.2.dr	false		high
https://code.jquery.com/jquery-3.1.1.min.js	xx[1].htm0.2.dr	false		high
http://www.bohemiancoding.com/sketch	drag-a79a51ae7c41df2c005cf922050e5260f58d79815ecefda6cc6b9f766577ae29[1].svg.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=E&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://app.engagebay.com/rest/api/signup/signup-user	leadgrabbers[1].json.2.dr	false	Avira URL Cloud: safe	unknown
https://ziadieinsurance.eb-sites.com/5518707892682752	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	true		unknown
https://www.quotit.net/eproIFP/webPages/infoEntry/infoEntry.asp?insuranceTypeID=L&license_no=	{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
100.25.4.145	fox.agentmethods-0820.c66.me	United States	14618	AMAZON-AESUS	false
52.217.89.76	s3-1-w.amazonaws.com	United States	16509	AMAZON-02US	false
208.90.88.30	www.quotit.net	United States	22221	GMACI-COMMUS	false
13.35.253.54	d2p078bqz5urf7.cloudfront.net	United States	16509	AMAZON-02US	false
143.110.228.35	ziadieinsurance.eb-sites.com	United States	30376	COLLEGE-OF-ST-SCHOLASTICAUS	false
35.190.88.7	sessions.bugsnag.com	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
31.210.20.74	fitnessfortravel.top	Netherlands	61157	PLUSSERVER-ASN1DE	false
142.250.184.243	ghs.googlehosted.com	United States	15169	GOOGLEUS	false
13.32.23.123	d2wy8f7a9ursnm.cloudfront.net	United States	7018	ATT-INTERNET4US	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.32.21.90	d3w29h23ietttc.cloudfront.net	United States	7018	ATT-INTERNET4US	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	404234
Start date:	04.05.2021
Start time:	20:29:13
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://ziadieinsurance.eb-sites.com/5518707892682752
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.win@3/128@17/12
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://fitnessfortravel.top/spider/xx Browsing link: http://www.ziadieinsurance.com/ Browsing link: https://www.ziadieinsurance.com/ Browsing link: https://agentmethods.com/ Browsing link: https://www.engagebay.com/?utm_source=eb-lps
Warnings:	Show All Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.42.151.234, 13.88.21.125, 2.23.155.201, 2.23.155.211, 2.23.155.250, 2.23.155.179, 2.23.155.184, 2.23.155.224, 2.23.155.171, 88.221.62.148, 142.250.181.234, 142.250.185.227, 142.250.184.234, 69.16.175.10, 69.16.175.42, 104.18.23.52, 104.18.22.52, 172.64.101.17, 172.64.100.17, 20.82.210.154, 152.199.19.161, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194 TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, ka-f.fontawesome.com.cdn.cloudflare.net, 2-01-3cf7-0009.cdx.cedexis.net, a767.dspw65.akamai.net, wu-fg-shim.trafficmanager.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, kit.fontawesome.com.cdn.cloudflare.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fonts.googleapis.com, fonts.gstatic.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, download.windowsupdate.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\ziadieinsurance.eb-sites[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	146
Entropy (8bit):	5.074305158451461
Encrypted:	false
SSDEEP:	3:D90aK1ryRtFwstECAC6l0QAqLVbL26AvQVZgU9HjZHa9qSf1FKbFKb:JFK1rUFD6jAqwB4VZgU9DZ6lNFzb
MD5:	E6D860F22381373A552E0FAC04F5E4FE
SHA1:	50912CB5FB335673D8E38A70959869EA48448D07
SHA-256:	771B0492FA1B2215AB2190E3527115F82A4CFB095505125C43D63F9A0CB12CBB
SHA-512:	9246EE7518179F273C0E471A7FEB82F7DD6D69D2418CE3E44AAEA97949FF6DEEF27F708C77871C8EBB09D778DB84AB7EF08C221F070783E9AC07C9C1E0A88482
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="Engagehub_Data" value="{"app_visitor_id":6137086022254592}" ltime="4090219760" htime="30884190" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\www.ziadieinsurance[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	523
Entropy (8bit):	4.955684448171455
Encrypted:	false
SSDEEP:	12:JsrUdSJ7wnd5VhQrUdSJ7wnd5VhuVtPV4hQrUdSJ7wnd5VhuVtPzhu:WUU6LVhIUU6LVhatPV4hIUU6LVhatPzQ
MD5:	03CBF2179DBACEC2D74CB5C4E6ABE27B
SHA1:	157231C0432E54E62802F8E087502A7FE34D440C
SHA-256:	11E21AA4264D2C400CC8172AD894E2E140585788F937236D2D65CAA63D97732A
SHA-512:	D51A5B5CB0E3A28AF7ABF87C5FBAF708813A9AE390B0398DFC978F17B47F2DCC1E4211E2D0972F00D26B5586CF819E184AFDECB2563FD71997F5AAFF102B227B
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="bugsnag-anonymous-id" value="ckoawkqsk000004780ea3i388" ltime="44542464" htime="30884191" /></root><root><item name="bugsnag-anonymous-id" value="ckoawkqsk000004780ea3i388" ltime="44542464" htime="30884191" /><item name="licenseNumber" value="0E35937" ltime="46572464" htime="30884191" /></root><root><item name="bugsnag-anonymous-id" value="ckoawkqsk000004780ea3i388" ltime="44542464" htime="30884191" /><item name="licenseNumber" value="0E35937" ltime="239232464" htime="30884191" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E2545E7-AD52-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8535601490969709
Encrypted:	false
SSDEEP:	96:rgZnZ32XWLWX+tXhhAfX+bhPh1MX/hXhTXahthRXwh+fXRbhihlX:rgZnZ32WWutgfOlMXY/fBsX
MD5:	41558D4797D87DDAE41D99F8EF40DEC4
SHA1:	677223AC3CDBC07792497DD18D73980E5EBEFF72
SHA-256:	EC0578C2FECF1E4C093EBDB547C5E7EB7A1DB79A53D3A48F5257895635D295FB
SHA-512:	F413260F9013F74E8DC8C568D4B9DBDE8898945A44C814496A7166688AF93420CBA85ACAAD322F33F814CF9D79B05048E29FEBFCE3763676DB578C46C2194A8A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E2545E9-AD52-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	132668
Entropy (8bit):	2.898724091549303
Encrypted:	false
SSDEEP:	384:rN9Xz1tCgoXhqo+szflHL5/xHl5c0/LdZLdgw0/Ld5LdxluE0kLdqLdffW0XLdqj:5VkzLdZLdwLd5LdtLdqLd39LdqLdx
MD5:	7B619815A7958FC0148BAA370368A917
SHA1:	094B9D114CE0D36DE938BAB73995500A1D88943E
SHA-256:	DA580E389D8522A5B3299B44ACCDCF24B17D74424E9CE2E52ABA6BC64258C91E
SHA-512:	D111E3121B0CFECB25D9B9720C6767D2E4E061DDEC5574CCE5296023332B0FA00C9675D6DB2B70682B6A6A0001865140E93BB80AF65EBF1AFA20207B66388442
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E2545EA-AD52-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5660111948651838
Encrypted:	false
SSDEEP:	48:IwOGcprzGwpadG4pQ5GrapbSI/ZGQpKeG7HpRMs/aTGIpG:rSZtQf6ZBSI/zAZTMs/eA
MD5:	6B2C898A9DF954C85F6B21C13ABC39EE
SHA1:	965029E23309CCD77BA137E31543126578F52D99
SHA-256:	061BEC18F6278CFC77101236435493631B19A24C5BDF97A76F7EECEBDE90FB47
SHA-512:	87DBA70369037307FF189CAEC6C9ED55C2DCE7D8999674E2EDB9B65E6047DCE830ED881AAA3C37909CAF803CAD701B316BBDB88DFE091FAFDA764B32B30AA8FC
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	308979
Entropy (8bit):	3.243860097715829
Encrypted:	false
SSDEEP:	1536:sjyVgWOmN091Xh7lzixyww4ncj8P8WZ9HNu0dgGy8p12:sjyPO0091Xhsx9wNjA8WZ9HNu0Nb2
MD5:	19F681B0F042CFE5F5AE18F7A7C68392
SHA1:	E259521AB4A4A9602FB579DCB7746246201AF525
SHA-256:	BE76A6AF8E32B4A0B5C9406F9B5B6936C4A4763839F097D6E32EF1698E60171A
SHA-512:	74DAB984B2C786D3C17A575EC4413B9FEEE61B22F095890BD86EDB4C87E8BF816C1257203B87A956E544B6054054F93EADF985AEFC001B68F7B1163A9E3BAB82
Malicious:	false
Reputation:	low
Preview:	L.h.t.t.p.s.:././.d.2.p.0.7.8.b.q.z.5.u.r.f.7...c.l.o.u.d.f.r.o.n.t...n.e.t./.c.l.o.u.d./.a.s.s.e.t.s./.i.m.g./.l.o.g.o./.f.a.v./.a.b.-.1.6.x.1.6...i.c.o.~............... .h.......(....... ..... ..............................9h..9h..9h..9h`.8f..8e..9g..9h..9h:.9h..9h..................9h..9i..9hC.8f..9g.?{.\|C...;o.9g.9h.9h..9h..9h..9h..........9h..9hL.9h..B..jK..E[.6b..=_.9g/.9h..9h.9h..9h..9h..........9h'.9h.:m.E[.1d..0d.?3c.3c..0d.A.....9hj.9h.9h..9h..9h......9g..=t.RU.-f.B3c..3c.3c.B3c..3c..1d...*6..9h..9h.9h%.9h......8f.~B..5b..3c.3c.^3c..3c.~3c.a3c..3c......9gC.9h.9h].9h......9h..;m.1d.3c..3c.W3c.3c..3c.S3c.3c..1d.^.7b..9h.9h..9h..9h..9h..9g.$i..3c..3c..3c.,3c..3c..3c.53c..3c..F[.=.8f..9h..9h..9h..9h.9h.....2c.23c.G3c..3c.=3c.o3c..3c.A3c..2d.~B.K.8eI.9g..9h..9h..9h.9h3.9h..9h.3c..3c..3c../e...q..2c.s3c..3c.mJ..NW.......9h4.9h..9h..9h..9h..9h..........5\.....eM..3c.3c..3c.L3c..3c...9h..9ha.9h.9h..9h>.9h..9h..9h..9h..9hu.8f.XS.@2c..3c..3c.#3c...9h..9h..9h]

C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\BONICSM1\onedrive[1].dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	2359296
Entropy (8bit):	7.7154191667334215
Encrypted:	false
SSDEEP:	49152:5EHKc4lvNWdauXBHx8zCFCmD2+HVpT57EQwOLYhTAtLw:KHKc4lUBHuC0mD2+HVNxE3OctAtL
MD5:	8A6B74370F99662230C6F5693D6EE296
SHA1:	A0F339F1279D2D68FFB9F3A8758163BD21176F62
SHA-256:	4501CB4AB5F6BC93136BDF5A5B60B722250002D9A079F3C11449808750145414
SHA-512:	D6B6D2E89481D5D78D9548B1B265DFD26A682DD9CD8BA9AB7350FDAAE7115B27D2BAE62219ADED0524E451802D7D23B6DA245E1FAF453490825D2508F4B3687D
Malicious:	false
Reputation:	low
Preview:	r..a..D7.n!.?..K..h...-_W4.SH......^{....J..........lTm..z.eK"-\|..U.h.A....;8..q....VE.F..<..%.ia..W &a<..~...d...4.(%.G......z....G-.;..6E.,zd.\|..{.....M..z...U].!...S\{.'D...S.Oqg-....r...l...A..Pl.F.....O....w...r.lA.v...h.f.F.i.!.....3..w........5.S.T...V`/n.\|....=Xi...j3}...h.Io$px..E..d.[)$II.......~@.^t.nx.fVg.4.v;\...w.J...X..r..tx.......(A...n.m..A.[.....C..`12.%.Nc........^....^rA...C.N..;..h.W....5.8.....o..>B.y.qZ.........tg.Dk.#y<R.\|....<.....L...h..~?..An1...I.(.J.....FI/..E..f'..).......;8......$..y.5hpm.G.;....d....9.5..B..@..'...?....F1].q.3..^........s.y.m.....^oz.s.........W-....b.....(.I.oK....C.;.0'..H.w;..p...S.1?.N...a6.;...Vz...3......!..E..a...6:..B.Q..o.G.q...._'Z.q.`.U.{B.\|............d..}L.1...//[bu.p.3^.A$.[rv....(......<`5?.?Z.../J.t.ac.)...u..y....qt.L.Hh.)ts`.......?.....G.'..mm.6".YKM.t...O.%;*.%.........5.G-...-.JT....9.Lr"j.-9@K.d...1.Q..D....?..[y.......h..Kfy:yE.0...(C...z.....W$..x.Y.....'..B.0.k......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\6eeMuS9eNcBramrNByc8JY9s[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	381022
Entropy (8bit):	7.985005721041961
Encrypted:	false
SSDEEP:	6144:vuAXqRomQqyjLtX5QhaJ8IWjgwO+EYB3B06WnPzamSkS0Y6HTl3uONREVo:2AXlqyjwh28IWjgwk6WnPze0Y65+OPEC
MD5:	61179C4AB974768FE66AEDEBDE6323B9
SHA1:	F3F505848492587D2293CF935C5DDA2D8B0F7360
SHA-256:	648DE8EE2B5AF4D99DC7865F41ED45A61D073E72162ED7426C4C20AEBE49E83A
SHA-512:	FF27BD5CF2679EA2EEF5DB695865022F90D94A65470D5EE4B8FCE73466CE4C35633DD70D25FF43F672FC2A0A9048195B08F50E8680E1D2246D14CAC310794050
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/6eeMuS9eNcBramrNByc8JY9s
Preview:	......JFIF.....................................................................&""&0-0>>T.......................................................&""&0-0>>T......8...."...................................................U.n..?s.:..I.l..."..&.I.K.k)'"...[0.W}.y..)81.T....A..8.fU.V"..qq.m.?...qN..!Cc...1...r.+.....\|...M.-....U.qH...r.L.~.t.#PW0..LJ.{...}b..^w...{..........+...A..G.U].:G.viK,'.....OZ._......#.Rr._8].zK..&.....c.AQ...,Y...%...I.>.f....:..Lj~#....a^..7.._..1.....]S.V8...o[&.).\|<..Y.?i......:}O5....N..x.$L...^..lc...m..}.4lz..R...b..z.k.,.L.+..T[U..?.....5.y..R....-....S.A.:\|...{.c..C...hy.S...C...2.Tn.J......t...Rq.;...8...9g..d..6Z.ci..D..X,.Ze...(..h....+."....C......[...at(.j.&.3..:..Y#.}....Om.....{E.Y.....5.-j..].XPh.N.<.t.f=G..o~..U..s............Lz....-.o;..... .[-1j.F?.qM..Mg.......v. .}..y.w...S.....y2.SC.gn...../..e.E.82..$\$.5$.!5h~..-.~.*.N-.-......6.....#....LE.)......d..m!l.Z.3L.\|.8..[Y..W#&h.n.".u.....).j.!}.U......]}S.K..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AZJRJN0J.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	47844
Entropy (8bit):	5.1074558409531985
Encrypted:	false
SSDEEP:	768:6qZ7Pxglv1YWDJT2j6LEs0+fWEuetCuKzK4FHvRiRyV5p+bK/i8O/E5K/i8dpGq2:ZUltYqJlLBfLuetCu94FHvRcyV5p+bKl
MD5:	7B8CA58DA480132F93F841273BBEC77C
SHA1:	792F405C10B114774D969C9CA719DB83D2FBCE9A
SHA-256:	5B29B13653769986C4333A7AD140E8849368362144B7396F2ACC4230C3872F52
SHA-512:	C403FCEB2FBBFCE677E1DF7F2A79485922A9213DFAA18499CB90C1BB3C031FB37BF7A055A7B337C66792A01F518B408E5DD1783ECE160731B323647F38A6AC45
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>. [if lt IE 7]>.<html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->. [if IE 7]>.<html class="no-js lt-ie9 lt-ie8"> <![endif]-->. [if IE 8]>.<html class="no-js lt-ie9"> <![endif]-->. [if gt IE 8]> >.<html class="no-js"> <![endif]-->.<head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">.<script>window.NREUM\|\|(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","errorBeacon":"bam.nr-data.net","licenseKey":"807b5e689e","applicationID":"333238524","transactionName":"J1wKFUALW1lVFBleAA1dSxJaC0A=","queueTime":0,"applicationTime":103,"agent":""}</script>.<script>(window.NREUM\|\|(NREUM={})).loader_config={licenseKey:"807b5e689e",applicationID:"333238524"};window.NREUM\|\|(NREUM={}),__nr_require=function(e,t,n){function r(n){if(!t[n]){var i=t[n]={exports:{}};e[n][0].call(i.exports,function(t){var i=e[n][1][t];return r(i\|\|t)},i,i.exports)}return t[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/ErrorPageTemplate.css
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOiCnqEu92Fr1Mu51QrIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 68740, version 1.1
Category:	downloaded
Size (bytes):	68740
Entropy (8bit):	7.9912742591330685
Encrypted:	true
SSDEEP:	1536:UsLyiYNtQ/lyftnCut3tszL5EH2fjF7OJ7eG4rMDX0x3Yj1:DL3YzclyfP3tsZEWrFMSFrz41
MD5:	05FCBDC301A814FA7CB07427AD4907DE
SHA1:	D2BB5841ACAB975674AF1CD27F56375FF2EBB9C9
SHA-256:	77CF0DB4EFDEC659CB03A916C2DA62CB885EC50146FE6D9CCBE9DE64CCC9813C
SHA-512:	DAA2672AB04499CB23CDAC2DA23096F99FE3CDFEA6F679388FF0C8ABB549BF1F3E1B392DFC42944A55D17AE550E7E3F4B703683BB0CAD3132D5E13EFEB1A9D25
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrIzQ.woff
Preview:	wOFF...............X........................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]EOS/2......S...`..'cmap..+8........v...cvt ../....H...H.2..fpgm..0....3...._...gasp..1<............glyf..1H.../....6...hdmx...x...U.......head.......6...6.\|.hhea.......#...$.}.Chmtx...,............loca...8...........7maxp....... ... ....name............ G= post........... .a.dprep............+6.x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOjCnqEu92Fr1Mu51TjARc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 70440, version 1.1
Category:	downloaded
Size (bytes):	70440
Entropy (8bit):	7.991275597140372
Encrypted:	true
SSDEEP:	1536:dsLyiYwPpj89uCcGyd69RGBnBxrtU3VzdOL3ZR0DbG4R7441lY:WL3Yq8ACcGyd69RwD9KG4p4Wq
MD5:	55A94720F0D72392889D683B3CBDB73A
SHA1:	E05546E42B545232D1714EF1BD4F5095C68A7DCB
SHA-256:	B53A9D5C6D17104A95DE35BA8ACE4947A81A648171F3674154791A79498371FF
SHA-512:	5100515F18085706DC80D148B93BB0933924539A75B94D1D75AE960AE12DA240406AEEB2E52DDE558CD6305038B7FBE1B6E85F3D199CB83B30BE3C2F0C30E2DA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjARc-.woff
Preview:	wOFF.......(....... ........................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]?OS/2......Q...`...<cmap..+8........v...cvt ../....X...X/...fpgm..0....4......".gasp..1L............glyf..1X...W.....l.,hdmx.......R........head.......6...6...mhhea...<...#...$...bhmtx...`...B.....u._loca............y...maxp...0... ... ....name...P..........>.post...,....... .a.dprep...D.......?.1 .x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOkCnqEu92Fr1Mu52xM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 69460, version 1.1
Category:	downloaded
Size (bytes):	69460
Entropy (8bit):	7.991412284392658
Encrypted:	true
SSDEEP:	1536:KsLyiY8nnzFi45ZXBrKv2yZEleD+KRE+QXmqJ8ok0/CJF:tL3YT4nQPz+K6+7qJ80CJF
MD5:	623257FB07C66742E64481DF50113229
SHA1:	5B9E71262312F90501DFA1847CFCE9C9FF00FDEF
SHA-256:	B78057A40DA921A62C4DCB45909B3CD9DF40A9087FB33F1F43EF19DF182A7283
SHA-512:	B73108D1A4639DDE45ABA96FE0667E71A0790548D7188C027E7CB4C7DBD2A0E8AB8FCCBF22935CD3AF580BD8455790B0CC89437C303242A6E5E134C9CED4385B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu52xM.woff
Preview:	wOFF.......T.......8........................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]?OS/2......Q...`...Rcmap..+8........v...cvt ../....R...R..-.fpgm..0....4....s...gasp..1H............glyf..1T...y..zX..1.hdmx.......Q........head...$...6...6...ehhea...\...#...$...zhmtx.......?....=..\loca............-...maxp...P... ... ....name...p..........:.post...H....... .a.dprep...`.......D..].x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20532, version 1.1
Category:	downloaded
Size (bytes):	20532
Entropy (8bit):	7.966425322589798
Encrypted:	false
SSDEEP:	384:tfEIIA0zhnegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyKd:tr0zhnewHxRmqd8PdwLLeR/ZLGwZLbTA
MD5:	DA2721C68B4BC80DB8D4C404F76B118C
SHA1:	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804
SHA-256:	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
SHA-512:	5110656E41A261BD2A06F8B5B2A362FF8836B4289E1DE0777D83DB8E9D709C4C4248B67653A28FA47AD4AE823021ADBFC587900E142BF6887C2A7C936F7F4C33
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:	wOFF......P4.......l........................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...Q...`t...cmap...............#cvt .......\...\1..Kfpgm...8...2......$.gasp...l............glyf...x..<e..n..W..hdmx..H....m....+1.3head..IP...6...6...rhhea..I.... ...$....hmtx..I...........S.loca..L8...........maxp..N4... ... .4..name..NT..........:.post..O0....... .m.dprep..OD.......S...)x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....\|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>\|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...\|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....\|......DT..N....Hy.F.Jez......._?7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20332, version 1.1
Category:	downloaded
Size (bytes):	20332
Entropy (8bit):	7.970235088150752
Encrypted:	false
SSDEEP:	384:U0iwaxoOUPVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkAOY:75mlUmOSu1guh+fZhLSxkAr
MD5:	DC3E086FC0C5ADDC09702E111D2ADB42
SHA1:	B1138B84FF19EAC5F43C4202297529D389BD09B7
SHA-256:	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
SHA-512:	10123C785C396CF0844751A014413ECF4D058AD0C00CAAEF5F8FFEF504C370F03EACD0B3C2A49211EEE0877B7AE7D0EF6E01264F04FC910C2660584B5E943BE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Ol.......x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t...cmap...............#cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..;...m.&.x.hdmx..H....m....'/./head..H....6...6.j.zhhea..H.... ...$....hmtx..H...........]uloca..Kp..........m,maxp..Mp... ... .4..name..M........t.U9.post..N`....... .m.dprep..Nt.......I.f..x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ab-16x16[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	307221
Entropy (8bit):	3.2301603974237807
Encrypted:	false
SSDEEP:	1536:+e1VgWOvNt9KXh7l0ixybw4ncj8P8WZ9HNu7dgGy8p1h:+e1POlt9KXhpxmwNjA8WZ9HNu7Nbh
MD5:	890AAFC101CF6E505068ED8DD5BF78DD
SHA1:	910FC714CAC915688F59B4ED247AA6202D9E2A76
SHA-256:	D5C1A1248313F34F24D1F9785EC26E71E00318378636C9C41CF536A49233532C
SHA-512:	83FCBC20F61A73B27786CA50742A62E339120A79D56998EADFEC1E791102AC3671555AF28E464FC9AE0758BF1F4487D127707815FD8E9514E1F582DC17CAFFA4
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/assets/img/logo/fav/ab-16x16.ico
Preview:	............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ ..:...u..(....... ..... ..............................9h..9h..9h..9h`.8f..8e..9g..9h..9h:.9h..9h..................9h..9i..9hC.8f..9g.?{.\|C...;o.9g.9h.9h..9h..9h..9h..........9h..9hL.9h..B..jK..E[.6b..=_.9g/.9h..9h.9h..9h..9h..........9h'.9h.:m.E[.1d..0d.?3c.3c..0d.A.....9hj.9h.9h..9h..9h......9g..=t.RU.-f.B3c..3c.3c.B3c..3c..1d...*6..9h..9h.9h%.9h......8f.~B..5b..3c.3c.^3c..3c.~3c.a3c..3c......9gC.9h.9h].9h......9h..;m.1d.3c..3c.W3c.3c..3c.S3c.3c..1d.^.7b..9h.9h..9h..9h..9h..9g.$i..3c..3c..3c.,3c..3c..3c.53c..3c..F[.=.8f..9h..9h..9h..9h.9h.....2c.23c.G3c..3c.=3c.o3c..3c.A3c..2d.~B.K.8eI.9g..9h..9h..9h.9h3.9h..9h.3c..3c..3c../e...q..2c.s3c..3c.mJ..NW.......9h4.9h..9h..9h..9h..9h..........5\.....eM..3c.3c..3c.L3c..3c...9h..9ha.9h.9h..9h>.9h..9h..9h..9h..9hu.8f.XS.@2c..3c..3c.#3c...9h..9h..9h].9h.9h.9h.9h..9h..9h.9h..9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\application-e06d9cfcef1a4497446791a3c0939f92f16a1aacae9c59de547df02233791822[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	79
Entropy (8bit):	4.216111408283583
Encrypted:	false
SSDEEP:	3:twxET/QPgykHWMePggWWMv:sErQ4yk2Me4TWu
MD5:	F3F8B49BB69E57F823F73547E94E2F3D
SHA1:	80FFD4C1869EBB1988F5AFA916053055D07C2EBE
SHA-256:	E06D9CFCEF1A4497446791A3C0939F92F16A1AACAE9C59DE547DF02233791822
SHA-512:	6F72276CA017F564B53521CCBC90EB6103846184217873377B9DCB5D6B1E64F482B9157571AAA505BF2E7BA8BCCD3B23FF9639954B4AB46D081BEADADF304EC6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/public-layout/application-e06d9cfcef1a4497446791a3c0939f92f16a1aacae9c59de547df02233791822.css
Preview:	@import url(bootstrap.min.css);@import url(global.css);@import url(public.css).

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	dropped
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\bootstrap.min[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\font-awesome.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	4.746143404849733
Encrypted:	false
SSDEEP:	384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
MD5:	269550530CC127B6AA5A35925A7DE6CE
SHA1:	512C7D79033E3028A9BE61B540CF1A6870C896F8
SHA-256:	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
SHA-512:	49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\navcancl[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2713
Entropy (8bit):	4.1712007174415895
Encrypted:	false
SSDEEP:	24:r3avxU5hzsIVmVMeLmVMyHf63lboxMCLxvriN6LOAPAnQay78eLx5Tb87nVkEhML:upU0GVeLVGBXvrp4n/1a5TI7Ve/G79KX
MD5:	4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1:	42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256:	BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512:	BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="res://ieframe.dll/ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... <title>Navigation Canceled</title>.... <script src="res://ieframe.dll/errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="res://ieframe.dll/httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:navCancelInit(); ">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="res://ieframe.dll/info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\navcancl[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2713
Entropy (8bit):	4.1712007174415895
Encrypted:	false
SSDEEP:	24:r3avxU5hzsIVmVMeLmVMyHf63lboxMCLxvriN6LOAPAnQay78eLx5Tb87nVkEhML:upU0GVeLVGBXvrp4n/1a5TI7Ve/G79KX
MD5:	4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1:	42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256:	BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512:	BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/navcancl.htm
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="res://ieframe.dll/ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... <title>Navigation Canceled</title>.... <script src="res://ieframe.dll/errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="res://ieframe.dll/httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:navCancelInit(); ">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="res://ieframe.dll/info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\office3651[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18147
Entropy (8bit):	3.129970468920896
Encrypted:	false
SSDEEP:	96:OSTWvkiTJq6UqENG+GfNFrNnVhsc5l8vQ1BDTQ+OLb3iMXLGe8Q/e9cv5:OSCkiNq6UqEw7A41N0+OnLbbTe9E
MD5:	A5CDADD60382E9AE6228121542EB1C2A
SHA1:	CEC15F6470D0237569E931D7D11752B41AC5D8A3
SHA-256:	71E729939E175F4AE9D3FCC645D6B7389EC341A47A84950E047197331FDC22F1
SHA-512:	D7CC71E07F00D47ECB7B0C74BC9BD3FCEAE72845415036DD2AF6F4ABF428D8C8246EABF73A8DD92C115A157DCD0888F533AC418B50C3FD04C4C630985945FB14
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/images/office3651.png
Preview:	.PNG........IHDR............. ...... cHRM..z&..............u0...`..:....p..Q<....sRGB.........gAMA......a.....pHYs...............:.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-18T21:49:38+05:00</xmp:CreateDate>. <

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\pdf[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 238 x 238, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9937
Entropy (8bit):	7.9028923369896855
Encrypted:	false
SSDEEP:	192:P1RVfwQ4wexwEsQavCUqcbnwQsaUhbfq+zM2/He4MB2cw+2:9TfwQzexPavCUqfQ6bfqyZ/1MY7p
MD5:	8267DEBFA57C0348052664BB7062D8A0
SHA1:	1DC3CD31413156665A4E96E77099852A156F1651
SHA-256:	4BCDC53EBCA3B70551D5D22865CDDEDD702FCFFDCD6C20D620379EF3D004EDAC
SHA-512:	055818F854A2FAD07DBEA3EE583D2BFE9904F2B0446433A968C871FC7E2FAB4D468E1E7FAFF22ED450D93E43E13CC0FA82AEA535110A307803F5321501A84B34
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn2.eb-pages.com/uploads/5356667366539264/pdf.png
Preview:	.PNG........IHDR.............>.;"....pHYs...........~... .IDATx...xTe...QVi..HHB..b....b....E]..E.....AE...\?i."."R.E..JH25mR.$!!.\|.y.;3I..i.I&....?.d.N...9.yO1...8..0.+......................6 ..f..Vp.9r....(//.j....'..In..*.n..EEE.gaa!.UZZJ...d6....D..n.[\>`.Z...}....c..F....P..w..^/.......\(L....q...V....P..../_...m..P......}......p=.r.\-/...$......m{...(p...pS~A....o.87.m.G....w...'..V..DpY.h.mn5..u..wR....zY.u.p.]:.,....H.s.Q.+OR~y....A...[D..o@p.KKi.....#..#.@...C.h.%.0Pr$.N:..@.I....`...@...........A;..H......SRW..N...+..\.F..q.....Kp.....Y.h.9..........r......\......;-...\.......[*.......-...u.-..V.nrO..z..x^\._/A<?...............x...^...pK..u...]B;.........g.H....E......O....L'w..!K.8...-g......6Z...k..m.p=..exY.7.........Rs2..r.t.T..ME.....K.......r..U.k..l ..o...X..$._....F...PW.Q....nR.o..k..8..qao.;..Q.7..\..{.-....n..Q_FE...W-%....Y......+.L..E.Q..P....^p....E..0\|...........&b..p.....<.j.WU........M......f....s.({....][.'...=.5..k..GY

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\slick-theme.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	2390
Entropy (8bit):	5.024310243771725
Encrypted:	false
SSDEEP:	24:Mnq/KNATLJPAzx3HeTwXh8uUsigq8hDSlNRSEOEMeOmfIwfeemGaxRvOfV9q8hDi:h/KNAZxTo+VGDSdOBmrfGD2mGD9U
MD5:	8A027447D99592734DA0715287305E13
SHA1:	7C2E6E74FB60177782CF7AE30F5FEC71B7790874
SHA-256:	E21AA5B0D3FD28CEBED9E03C5544F4924E11B0C453792ED018720CF8C679B0B6
SHA-512:	D7B120085111A6064A726D23D1F12AD58089BB2016773F4A52DBF512356E68ECFCA439E1FF49D9C6653A0415F069AC6AA22F4F4179D15AA95C0C1D36EE182FF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick-theme.min.css
Preview:	@charset 'UTF-8';.slick-loading .slick-list{background:#fff url(ajax-loader.gif) center center no-repeat}@font-face{font-family:slick;font-weight:400;font-style:normal;src:url(fonts/slick.eot);src:url(fonts/slick.eot?#iefix) format('embedded-opentype'),url(fonts/slick.woff) format('woff'),url(fonts/slick.ttf) format('truetype'),url(fonts/slick.svg#slick) format('svg')}.slick-next,.slick-prev{font-size:0;line-height:0;position:absolute;top:50%;display:block;width:20px;height:20px;padding:0;-webkit-transform:translate(0,-50%);-ms-transform:translate(0,-50%);transform:translate(0,-50%);cursor:pointer;color:transparent;border:none;outline:0;background:0 0}.slick-next:focus,.slick-next:hover,.slick-prev:focus,.slick-prev:hover{color:transparent;outline:0;background:0 0}.slick-next:focus:before,.slick-next:hover:before,.slick-prev:focus:before,.slick-prev:hover:before{opacity:1}.slick-next.slick-disabled:before,.slick-prev.slick-disabled:before{opacity:.25}.slick-next:before,.slick-prev:befo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\trash-10a167593d2e212f9eb8c8e282a1d3358e9862b45a877aa24a52bcc27dd4c1d1[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3358
Entropy (8bit):	4.656429737184193
Encrypted:	false
SSDEEP:	96:o6L/JSGmZH7M/knx4EmXdU1Ve4wLP5cCKEWT3kzQ:/L/JSbMigS16LP5c9EWDb
MD5:	E6C9ACB84551740DFB5ABDFCE815D3A9
SHA1:	286143AF8AAFE96C2B5CD8B7EE09F7986CB4CF8B
SHA-256:	10A167593D2E212F9EB8C8E282A1D3358E9862B45A877AA24A52BCC27DD4C1D1
SHA-512:	64E8C62B4E2B0198B8B03132897FBA50F33A9E9264A741E91C0924E6FF71D85D763E2ECB56500BDE59FF516722253CCDE67DDF4AC2A6A39325F4FAAA36F5AB53
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/web_forms/trash-10a167593d2e212f9eb8c8e282a1d3358e9862b45a877aa24a52bcc27dd4c1d1.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="15px" height="19px" viewBox="0 0 15 19" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: sketchtool 43.2 (39069) - http://www.bohemiancoding.com/sketch -->. <title>2E69DDBF-6409-4FB1-A92D-98EA7123074F</title>. <desc>Created with sketchtool.</desc>. <defs></defs>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Field-settings" transform="translate(-566.000000, -675.000000)" fill="#BB1D47">. <g id="Group-5" transform="translate(25.000000, 275.000000)">. <g id="Card" transform="translate(20.000000, 390.000000)">. <g id="Group-4">. <g id="Group-2" transform="translate(484.000000, 10.000000)">. <g id="trash" transform="translate(37.000000, 0.000000)">. <path d="M13.2692308,4.75 L1.73076923,4.75 C1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\v215[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	211490
Entropy (8bit):	5.252876922752664
Encrypted:	false
SSDEEP:	6144:8fvlKkpz3wiXiISqdnPndnulXsovnYxUcbZcCLLi1VyN52P47kbn:8ftgeglX5YxUKu
MD5:	D375A22E84BE90D2F2338D97D83DB63C
SHA1:	11DACE25D9F38157A198D6228DE80AE40E5FF195
SHA-256:	E3244CC9C0680B8A1FEB49D46B7287B50B69276F15C5ADA565FEBB047A64B3C3
SHA-512:	4914CCF15AC8767C7FA181AB3441FC3234F86CE62561D2367482B373D4BEFF3F46E4C8DCDF90A891EBFAD4A1F02E0C6B8FDBEEF98DF5801C2C57A749D25EB6BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/jsapi/min/v215.js
Preview:	var EhAccount={key:"",domain:"",version:"",baseURL:"",restBaseURL:"",appURL:"",cloudPathURl:"https://d2p078bqz5urf7.cloudfront.net/",formCSSUrl:"https://d2p078bqz5urf7.cloudfront.net/jsapi/css/min_v39.css",ifrmCSSUrl:"https://d2p078bqz5urf7.cloudfront.net/jsapi/css/iframe/min_v6.css",contact:null,trackingDomain:null,setAccount:function(b,c,a){this.key=b;this.domain=c;this.version=a;this.setBaseURL();this.setActualDomainName()},getKey:function(){return this.key},getDomain:function(){return"app"},getBaseURL:function(){return this.baseURL},getRestBaseURL:function(){return this.restBaseURL},getAppURL:function(){return this.appURL},setBaseURL:function(){if(!this.version){this.baseURL="https://"+this.getDomain()+".engagebay.com"}else{this.baseURL="https://"+this.getDomain()+"-dot-"+this.version+"-dot-accountbox-154605.appspot.com";if(this.version=="localhost"){this.baseURL="http://localhost:8888"}this.formCSSUrl=this.baseURL+"/assets/css/min_v5.css";this.ifrmCSSUrl=this.baseURL+"/assets/css/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	247
Entropy (8bit):	5.089257381178516
Encrypted:	false
SSDEEP:	3:PIyPhxn0+7/y9xwv7clXqy5AEtZ6UzUbX1XqSMuR0Lk3XmyPEKhfMaEEZcKBcD:pn0+Dy9xwol6hEr6VX16hu9nP2u+KqD
MD5:	0F46293D4D06204170E87C9059712913
SHA1:	7875B5D6BA7EE57F1F20A43607EC4CD2B7BC35D9
SHA-256:	7A05B3A665C4CF954AE342A8D1D0FDFB50D25374B47A30E91F4AEADA6ECE2491
SHA-512:	645BFA98ECC84A1F5225FBB1AE33DDE1F19C2AB6CC0978EDA2D03A7D5BE775FB93226B38617E1FFDF627B2FBA3434F1E6527632B6E15CF7A7737FEAC8E2B346A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, Author: Joe Security Rule: JoeSecurity_HtmlPhish_7, Description: Yara detected HtmlPhish_7, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\xx[1].htm, Author: Joe Security
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://fitnessfortravel.top/spider/xx/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\585b051251[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10866
Entropy (8bit):	5.182623714755422
Encrypted:	false
SSDEEP:	192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
MD5:	D8CA71772D1E86D5FB9D5E2F6CC1AE70
SHA1:	9B043E60997FE552D652E4474E16AFF923D7AA76
SHA-256:	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
SHA-512:	8E9DA8E9AE10EC0EB854A6E488FB4568A960EE10AF46FE4AA49F22F227CB94997F40E49E10A81E341B99489256163A2C0E065730EEA642777061CDA61B4D56C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://kit.fontawesome.com/585b051251.js
Preview:	window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.3"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\9r6aMqZHBbSxF6mYyBXbTmK4[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	921
Entropy (8bit):	4.688683932177171
Encrypted:	false
SSDEEP:	24:SLazFz9vJ7/wS5wd7zCNjwSnSy41t/5hfEASh:SLazFzb5wwS5XEAe
MD5:	2E71D25EAFAA9C7D9D1F2463C0EE848A
SHA1:	966D156107582ED6CF607C5D2CE2F279D189BE19
SHA-256:	2464984B8768368B7068CE3E4AE59697450B8D23602D33FD074552C06DDB1DAB
SHA-512:	2BF51EE86DB6CFE4D76101A9A393CAE60606135B40311B512CB7FCDB3BE7A5E31B511F612CD34C5C107381DB58623EC1C5EA7760FBD7A411BE7DB8030307E3C2
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/9r6aMqZHBbSxF6mYyBXbTmK4
Preview:	.am-media-1 {. padding-top: 40px;. padding-bottom: 40px; }. @media (min-width: 768px) {. .am-media-1 {. padding-top: 80px;. padding-bottom: 80px; } }...am-media-1 {. color: var(--am-text-dark); }. .am-media-1 [data-edit="image"] {. border-radius: var(--am-card-radius);. overflow: hidden; }. .am-media-1 [data-edit="image"] img {. max-width: 100%;. width: 100%;. height: auto;. border-radius: var(--am-card-radius); }. .am-media-1 .row {. align-items: center; }. .am-media-1 .container {. z-index: 5; }. @media (max-width: 767px) {. .am-media-1 .am-media-desc {. margin-bottom: 30px; } }. .am-media-1.am-text-light [data-element="text"] {. color: #ffffff; }. .am-media-1.am-text-dark [data-element="text"] {. color: #000000; }. .am-media-1 .am-bg-image + .container [data-element="text"] {. text-shadow: 2px 1px 5px black;. color: #ffffff; }.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\9rMCoz65GNhVQjiFtFZB7x5x[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	22530
Entropy (8bit):	4.670028947171469
Encrypted:	false
SSDEEP:	384:rLfUw0XMky8qHfHUjXUPhAtBmfGQivFlupAFM5nFnprFMFDX:rrr0zFPJWgFvFqFprFMFDX
MD5:	54023A5EE7C64C79296424767042D03F
SHA1:	BB534C5E8052B4BBB7094D59984EB706BC2D0474
SHA-256:	F0B2EFBE89A8FC3CF268E58A5F413F7B67688984E52E92F54BA204476D63AD76
SHA-512:	7CDAD2882F0685E3F1CDB6BF6C9AF4921B46E647498168E68B77C36A83EAEAE4DE2147129C3A33F0B9420A6FC43C446A8F0D22B33C47E1F39C516546E6261282
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/9rMCoz65GNhVQjiFtFZB7x5x
Preview:	@import url("https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap");..am-landing h1, .am-landing h2, .am-landing h3, .am-landing h4, .am-landing h5, .am-landing h6 {. font-weight: 800; }...am-landing h1,..am-landing h2,..am-landing h3,..am-landing h4,..am-landing h5,..am-landing h6 {. font-family: var(--am-font-secondary); }...am-landing h1 {. font-size: 26px; }. @media (min-width: 565px) {. .am-landing h1 {. font-size: 28px; } }. @media (min-width: 767px) {. .am-landing h1 {. font-size: 30px; } }. @media (min-width: 992px) {. .am-landing h1 {. font-size: 34px; } }...am-landing h2 {. font-size: 25px; }. @media (min-width: 565px) {. .am-landing h2 {. font-size: 26px; } }. @media (min-width: 767px) {. .am-landing h2 {. font-size: 28px; } }. @media (min-width: 992px) {. .am-landing h2 {. font-size: 30px; } }...am-landing h3 {. font-size: 22px

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\KFOjCnqEu92Fr1Mu51TLBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 71384, version 1.1
Category:	downloaded
Size (bytes):	71384
Entropy (8bit):	7.992505257802137
Encrypted:	true
SSDEEP:	1536:bo/13YVDBYwaP7W2GED2BXuCQILJtg0CSXFYNLzM3jLLi:k/13YFBYwq7hGEDQ+YJi0C6FCLg3Li
MD5:	5494C7E2158514A581B43E56D692001F
SHA1:	B17A1265866D62322C1C98FDAB50DB3D53737A78
SHA-256:	FE400F7D7CF1C04C4FA703C31C4E08D76E752C2E8CD22F510B49FA39EACA2C03
SHA-512:	86CF52919C13EFA0BCB759FCBD575D32BAB201FA7B799321985E238A56B94FEC2EEAA0D1839C71513D98B6E8E92414D673533CF32D28AA78CB65DDE6FA55DD2E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBBc-.woff
Preview:	wOFF........................................GDEF.......-....p.m.GPOS......&...VL.o?]GSUB..).........u.]?OS/2.......Q...`.v..cmap../.........v...cvt ..3....Z...Z...=fpgm..4....3......#.gasp..54............glyf..5@...F...<=...hdmx.......F.....%..head.......6...6.G.Whhea.......#...$.H..hmtx...,...3.....D+.loca...`........q..Pmaxp....... ... ....name..............>.post........... .a.dprep...........8...Cx...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x.R..]A......G...m....E..2Nm.E.'/N..y.Z....F..!RE..F.w..k..L\.`..L]0y.....h...x!...9.7f...sD..fDk.BPI.wDL.:..s&..<.I\|.4D...5...'.B.R=.....I....~.H.t.......g`F'..#....5...2..:.+.T.Y.2S!.Y..W.....L[.opD.."..QIrIfI.7....]..o.>.f...V...zK.}.P2..j..F7..h..q..........f..Wai.w.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\KFOkCnqEu92Fr1MmgWxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 63872, version 1.1
Category:	downloaded
Size (bytes):	63872
Entropy (8bit):	7.992301189655542
Encrypted:	true
SSDEEP:	1536:BsLyiYBXnsL99jwWrkzbazKMdceB9yuEHoWY7p/NgXQS:aL3YWRRObaGM2eB9Q3Y7p6Xt
MD5:	3B5D735572713453F214D5F6A9879A7C
SHA1:	B53CDE6D23211801F3AFB0EB2406569102A233D9
SHA-256:	3DAB2F3A9999A49ACEFFB5E7E749E349B14E060B80C3E024BFB376CFF6B82038
SHA-512:	97598EB577FF76E6BDBC9AB30CD3ECE3DBC052E91EB99022A3D75DAD2E411AE601A3E7A43ACB88EFBDE40C09840C7B397FFFB0CD90846DA84EAFDBB28D07D863
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgWxM.woff
Preview:	wOFF........................................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]EOS/2......Q...`..{cmap..+8........v...cvt ../....H...H.2..fpgm..0....3...._...gasp..1<............glyf..1H...p..v\` .hdmx......O........head.......6...6.G..hhea...@... ...$..._hmtx...`..........v.loca...<........}..?maxp....... ... ....name...........x..9.post........... .m.dprep............+6.x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\PGVP3NWeAPUabnTrTA1PQpn6[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.10, datetime=2020:07:25 07:02:49], progressive, precision 8, 1500x844, frames 3
Category:	downloaded
Size (bytes):	524472
Entropy (8bit):	7.9922377120576735
Encrypted:	true
SSDEEP:	12288:cN9z7TFXffIlXLKyHntpaRsRBZynkw7x3kWAvpT/UefHj:EXNffk73HtEsRBkzx3kVvpwevj
MD5:	FE31ABA014B150CB0D577F3BF8348F0C
SHA1:	72F1C8759680344D333E57BAD89AD5FC93E3AE1B
SHA-256:	A129BBC11E4C565338365C2D406FF69A514C503B4A001810DA3E5D40F29489E3
SHA-512:	13AE2536609C67B5AE055362D2FD395BAACCF74F9D16EA4C13A8B4EDAD8D37C74493EACEFCD4CB45C001DC166D5AB91A95E28CDA76E534947A04DABE86E3DC54
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/PGVP3NWeAPUabnTrTA1PQpn6
Preview:	......JFIF.....,.,....%.Exif..II...............J...........R...(...........1.......Z...2.......h...\|...,.......,.......GIMP 2.10.10..2020:07:25 07:02:49................................................................................................$..................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E...G.i.4..........P.QG.V.M..R.Q.E8..IT.4Q....K....(.j6....cC.G..S)....=.L..M.=...r..G..O.iy..y..{@.3\|.<...=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\album[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2433
Entropy (8bit):	4.99236423182102
Encrypted:	false
SSDEEP:	48:z2d2xYTGT7Qdrxgud9T570G8qday0CeSnM+Vp9n4THtv5t:z2IqS4Tguvtr8nNkbVjn45Rt
MD5:	944799FC98B666F3BA0ECE9304DD7DDA
SHA1:	0EBFD347A653629D57D6D8C135C87C390E6EBA44
SHA-256:	A6DCBF5C0D819D82A0A8781DFCDE5BB405A4311A6B9CC088F4D4056A3E5095A8
SHA-512:	69AE1032347CB3E350503E9DF28BCB0D33FDC4B47507DA48EED91CEA8B414A4311DE2AC9B5A854B3F36795BCE96B628630A5CB614EA0349CE9FD58CDC6DFF7FB
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/css/album.css
Preview:	:root {.. --jumbotron-padding-y: 2rem;.. }.. .. .jumbotron {.. padding-top: var(--jumbotron-padding-y);.. padding-bottom: var(--jumbotron-padding-y);.. margin-bottom: 0;.. min-height: auto;.. background-color: transparent;.. }.. @media (min-width: 768px) {.. .jumbotron {.. padding-top: calc(var(--jumbotron-padding-y) * 1);.. padding-bottom: calc(var(--jumbotron-padding-y) * 1);.. }.. }.. .... @media (max-width: 380px) {.. footer p {.. display: none;.. }.... footer{.. margin-top: 200px;.. }...... .jumbotron {.. padding-top: 0;.. margin-top: 0;.. }.... .main-video-wrapper {.. height:100vh;.. overflow: auto;.. }....}...... .jumbotron p:last-child {.. margin-bottom: 0;.. }.. .. .jumbotron-heading {.. font-weight: 300;.. }.. .. .jumbotron .container {.. max-width: 40rem;.. }.. .. footer {.. padding-top: 1.2rem;.. padding-bottom: 1.2rem;.. }.. .. footer p {.. margin-bottom: 0;.. }.. .. .box-s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	180998
Entropy (8bit):	5.333594234171312
Encrypted:	false
SSDEEP:	3072:CgZm0H5HO5+gCKWZyPmHQ47GK+57P18x0iEsX:Cim0Zu5+LBy+HQ47GK+5T1M03a
MD5:	6C63E594E4A034EE930DBB6C25E1BFC4
SHA1:	07F7A36B41EFE6294B38986C27BEE2D96B1911E6
SHA-256:	E787529EAF981CD5A233DBFFB4FE8672557B4485AF3E5C74E85BAC7AE01AC35E
SHA-512:	3968DBE179CE07C4E17DF3FFB8F16FB5996F2C18BC11FA74CEDFA53433AAC361856B0909F52364A962831134451690A1DB496BA7851C50D775A7CCFE6CC74F40
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/public-layout/application-e787529eaf981cd5a233dbffb4fe8672557b4485af3e5c74e85bac7ae01ac35e.js
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}va

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	154615
Entropy (8bit):	5.060705991714609
Encrypted:	false
SSDEEP:	1536:L/xImaGIcCQYYDnDEBi83NcuSEk/5kXruKiq3SYiLENM6HN26n:L/RZzoi3q3SYiLENM6HN26n
MD5:	F64D3837A895BE24BE21E6B11E1664F4
SHA1:	E6C5CB0A491D9B8D97E03CD6F5A1937BB02D8014
SHA-256:	A36B91284CC33D2E26FEBA77675A1D587684C541455E347F3BB1AC2529657AC9
SHA-512:	2396210074AF9EDB9F48AED8074EB5B0E3749C2A2945260AFC441047C197319B35BFC46375DBF3896D9959B692D76E1A32D6CC5BB855488AD0EC0CC62D99648B
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/bootstrap.min.css
Preview:	/!.. Bootstrap v4.3.1 (https://getbootstrap.com/).. * Copyright 2011-2019 The Bootstrap Authors.. * Copyright 2011-2019 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */::after,::before{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}body{}}[tabindex="-1"]:focus{outline:0!important}hr{box-sizing:content-box;height:0;overflow:visible}h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem}p{margin-top:0;margin-bottom:0}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bugsnag.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	40861
Entropy (8bit):	5.207730090737713
Encrypted:	false
SSDEEP:	768:kIdY2LpHAZIl4AQ1csbGZe5iJGooGtc2amMW:rnH604ddiJvtc2mW
MD5:	3EDB3753DA3DBFC714FB80AF64D0DA52
SHA1:	F1EC400851D067DDA166EBF860E34E501A65B586
SHA-256:	FE4E62978522E70EA0E4C0D4E8E7245C8AFE58015EB13172C5CD7A9DA100FF39
SHA-512:	03033E5F30BB6292F644A4ED08DBCE5C024B21BA4352837E86136CBF3F0EBA5A9DCB73A1DE2889379E43C4510D8492059FD39D5982C9EA2F9BF54CAD59F61866
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js
Preview:	!function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).Bugsnag=e()}}(function(){var o=["navigation","request","process","log","user","state","error","manual"],h=function(e,t,n){for(var r=n,o=0,i=e.length;o<i;o++)r=t(r,e[o],o,e);return r},p=function(e,o){return h(e,function(e,t,n,r){return o(t,n,r)?e.concat(t):e},[])},v=function(e,o){return h(e,function(e,t,n,r){return!0===e\|\|t===o},!1)},t=function(e){return"[object Array]"===Object.prototype.toString.call(e)},i=!{toString:null}.propertyIsEnumerable("toString"),a=["toString","toLocaleString","valueOf","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","constructor"],s=function(e){var t,n=[];for(t in e)Object.prototype.hasOwnProperty.call(e,t)&&n.push(t);if(!i)return n;for(var r=0,o=a.length;r<o;r++)Object.prototype.hasOwnProperty.cal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\commons[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4234
Entropy (8bit):	4.915711819486833
Encrypted:	false
SSDEEP:	48:U1tkogYcBpzUXQ+5DGrfjzOYztStjTY2l+ORMCHaZPUs2/GdAZeKQfObdqDZIw0S:U1OjyKjjfwiqGycAkWoZt7
MD5:	7E58D8C57DD337D51C801F2DE145B33A
SHA1:	59CCED5D51BE1996FC1123033D187D755DF3C8A8
SHA-256:	222283BD442533DF373E971DD801D07E58E2FBD7C0702C79078EBABBD8BAB3A5
SHA-512:	5B71293E70333395FA1D62D995E91CCDD74E540883114D5CE1DFF702291A56B8CD6F347D5E2F192EE1E79C120118ABE691A42F9E28D7258822C76E850E1735AB
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/commons.css
Preview:	body {.. font-family: 'Varela', sans-serif !important;.. background-color: #f6f8f9;.. color: #43506a;.. letter-spacing: 0.01em;.. font-size: 12px;..}.....carousel .carousel-control-prev .chevron, .carousel .carousel-control-next .chevron{...font-size: 23px;.. color: #fff;..}.....carousel .carousel-control-prev:hover .chevron, .carousel .carousel-control-next:hover .chevron{.. z-index: .8;..}.....carousel .carousel-indicators li:hover{... z-index: 1;..}.....carousel .carousel-inner.default .carousel-item{...text-align: center;..}.....carousel .carousel-inner.thumbnail_left .carousel-item, .carousel .carousel-inner.thumbnail_top .carousel-item{...padding-top: 15px;..}.....carousel .carousel-inner.default .carousal-thumbnail{...width: auto !important;...height: 100% !important;...max-width: 100%;..}.....carousel .carousel-inner.default .carousel-description{...position: absolute;.. right: 15%;.. bottom: 20px;.. left: 15%;.. z-index: 10;.. padding-top: 2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	5.142612311542767
Encrypted:	false
SSDEEP:	6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY
MD5:	72C5D331F2135E52DA2A95F7854049A3
SHA1:	572F349BB65758D377CCBAE434350507341ACD7B
SHA-256:	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
SHA-512:	9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Preview:	@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\drag-a79a51ae7c41df2c005cf922050e5260f58d79815ecefda6cc6b9f766577ae29[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3896
Entropy (8bit):	4.645204084475664
Encrypted:	false
SSDEEP:	48:cDPeNETznWa35nwsTqZ63ws9bVJGjkgPcP7woxul7M6pIj4NcrE2zC:c4ETDWa3BTqZ6gZkfY7M6EI2zC
MD5:	1DA27B21D2900822B2F83A8DB4093A2C
SHA1:	7B3D931D88422AF53D04321E7469FA219811DBF7
SHA-256:	A79A51AE7C41DF2C005CF922050E5260F58D79815ECEFDA6CC6B9F766577AE29
SHA-512:	DA75155F97C2460C3352B026D80A8609FCD8E4DC8FB21BE611A3CCFA9281D0683E6EA254462151E5F3DE3F8CBC86969795CA5A9C67DDB0732F905F1963E8D19A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/web_forms/drag-a79a51ae7c41df2c005cf922050e5260f58d79815ecefda6cc6b9f766577ae29.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="17px" height="17px" viewBox="0 0 17 17" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: sketchtool 43.2 (39069) - http://www.bohemiancoding.com/sketch -->. <title>A648F1DC-82B7-441F-BD42-8A3CCFD7E540</title>. <desc>Created with sketchtool.</desc>. <defs>. <path d="M3.61556087,9.67929143 L7.39132044,9.67929143 L7.39132044,13.3772678 L6.06583436,13.3772678 C5.6801772,13.3772678 5.56845206,13.6138269 5.8277113,13.919086 L8.34834497,16.8869505 C8.47591386,17.0371537 8.68208305,17.0330952 8.80143374,16.8869505 L11.2251739,13.919086 C11.46955,13.619848 11.3465708,13.3772678 10.9693618,13.3772678 L9.64387573,13.3772678 L9.64387573,9.67929143 L13.3844391,9.67929143 L13.3844391,11.0047775 C13.3844391,11.3819865 13.6270194,11.5049656 13.9262573,11.2605896 L16.8941219,8.83684944 C17.0402665,8.71749874 17.044325,8.51132955 16.8941219,8.38376066 L13.9262573,5.86312699

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\fontawesome-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	downloaded
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.eot?
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\free-fa-regular-400[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Regular family
Category:	downloaded
Size (bytes):	34034
Entropy (8bit):	6.323740915979423
Encrypted:	false
SSDEEP:	384:TsILh/4eF1sQQbC5LbC4TH/s+v4B3Q89h8g6WIHL8ScQU5:TPLZ49tep3/8Bn9vIHL8ScQU5
MD5:	2FF042159499ED1D620A024733E4F65C
SHA1:	2FD0833B9EC62A4BCC13A8E0D23DC150DA0AEA58
SHA-256:	5C46B816B52A8468D6395A1FDA444481AD87779708D2A8CF74674CD2DA068BED
SHA-512:	DB54BAFE1EE611F475ADF5A0724BA801ADA5486D42F3029EDE698706512FEB952EC4AA4DDC804BA9AF88FC5ED34C53F21CB2F3D48249382EC3878A2CDF1012A3
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.eot?
Preview:	................................LP..............................................6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...L.3.3.1...5.2.3. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...3.)...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r................PFFTM.._5........GDEF.*..........OS/2A.S....X...`cmap...........gasp............glyf.;y.... ..m\head..........6hhea.5.........$hmtx...t.......Tloca..H.......6maxp.......8... name:.>"..v\|...[post.iA...{..........K......_.<..........v\|-.....v\|3.................................................................................@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................@...........................@...............@...................@.......@...@.......@...@...................................`...............................@...................@....................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\free-fa-solid-900[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Solid family
Category:	downloaded
Size (bytes):	203030
Entropy (8bit):	6.347367233249361
Encrypted:	false
SSDEEP:	6144:ZtrDdIZG2nqJElpL3im9+3Kz9BngKbtPLLd5Mn:36TnSEl1yt6zzng0Lu
MD5:	D5DE805D9CC4E0665FB04CA2D2336EE8
SHA1:	89D5DBEBA993F33C0B5BE98C0DF0D87B03AD1B37
SHA-256:	BC0CCA590079A0D7921FF7445BB4EBD55928D00ADA1C9E6F41E16918AAFC8171
SHA-512:	576721318162E4E82F50D624EA37382CB52137332FBA5B4A868EB4D67F591CFB5F3E3A35D658EBE0A791625006294CA09C50B61D0A83E96A3E9837E20A233D08
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.eot?
Preview:	..................................LP........................W.ve..................2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d.....S.o.l.i.d...L.3.3.1...5.2.3. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...3.)...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d................PFFTM.._6........GDEF.*..........OS/23.V`...X...`cmap.j.4...h....gasp............glyfT....-....lhead..........6hhea.C.-.......$hmtx............loca..jD...8....maxp.N.]...8... name%.1....X...+post..Fa.....1......K..ev.W_.<..........v\|......v\|3...............................................................Z. ...............@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................................@.......@. .........................@...........@...................................................................................@...........................`.......................@.......@.......@...................................@....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\hover[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	114697
Entropy (8bit):	4.9296726009523
Encrypted:	false
SSDEEP:	1536:67O7EesvXIPRX4PT8aZv8qoXIoqbTFaFeTxvyAZ+D7M71D:qXIPRX4PT3
MD5:	FAC4178C15E5A86139C662DAFC809501
SHA1:	EF1481841399156A880EC31B07DDA9CFAA1ACE39
SHA-256:	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
SHA-512:	0902219B6E236FBF9D8173D1D452C8733C1BF67B0EB906CC9866EA0C27C2D08F6DA556D01475E9B54E2C6CE797B230BFBD5F39055CE0C71EA4D3E36872C378D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/css/hover.css
Preview:	/!. Hover.css (http://ianlunn.github.io/Hover/). * Version: 2.3.2. * Author: Ian Lunn @IanLunn. * Author URL: http://ianlunn.co.uk/. * Github: https://github.com/IanLunn/Hover.. * Hover.css Copyright Ian Lunn 2017. Generated with Sass.. /./ 2D TRANSITIONS /./ Grow /..hvr-grow {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-duration: 0.3s;. -webkit-transition-property: transform;. transition-property: transform;.}..hvr-grow:hover, .hvr-grow:focus, .hvr-grow:active {. -webkit-transform: scale(1.1);. transform: scale(1.1);.}../ Shrink */..hvr-shrink {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\iframe[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1280
Entropy (8bit):	5.044373612229707
Encrypted:	false
SSDEEP:	24:dx0x15u/n6j9SRQfoLQwvRdRQflzpKB28BioDZMMXYTxVn:Hi14iSuQ8MHutF028DaMX4xVn
MD5:	116E28F03C0E6DDA20174E08F1A49685
SHA1:	1D23C80D0102F33C8E08B48E764C6BC8BAE97E7C
SHA-256:	4401CB5A593CBA0A74412658BAB8F87A2976E49183C8343FCC209CA99AE9EF2F
SHA-512:	8A8C1D18E075BB711176CAFFC03116592FC77EFEDEE42B4C613F0E422DC3FE0D9C6C21935F1E0D0065DDDDDD904D8584F43322DD4F4A377829B8B97BB8C9C2D4
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/iframe.js?86-2.434906299078206788
Preview:	function loadHTMLTypeContentInFrame(iframe) {......try {....if(Number($(iframe).attr("data-retry")) >= 2).....return;...} catch (e) {...}......try {........var content = $(iframe).attr("data-srcdoc");....if(!content).....return;........// Parse and check....try {.....var parser = new DOMParser();.....var doc = parser.parseFromString(content, "text/html");.....$(doc.documentElement).find('body').find('.engage-bay-source-form form').attr("onsubmit", "window.parent.EhForm.submit_form(event,this)");.....content =doc.documentElement.outerHTML..........var formId = $(doc.documentElement).find('body').find('.engage-bay-source-form form').attr('data-id');.....if(formId){......$(iframe).addClass('engage-bay-source-form');......$(iframe).attr('data-id', formId);.....}....} catch (e) {....}........// console.info('content', content);........var dstDoc = iframe.contentDocument \|\| iframe.contentWindow.document;....dstDoc.write(content);....dstDoc.close();........$(iframe).removeAttr("data-srcdoc");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/info_48.png
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jxSxTBQt9wpC9Z1kmUx4U8F5[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1073
Entropy (8bit):	4.571547745936974
Encrypted:	false
SSDEEP:	24:d3LRWt6bsAC6bsnxIf0w6i6Y66M6rN63n0FMmuASh:ZLKSnCS+Isw5w7uNWAe
MD5:	2BB8697CD950CF6D212CE7779BEF3552
SHA1:	AAF4FFE184C36A5A2D43FEAD804C63047A8E7365
SHA-256:	2846B9A5C488172F39BCFEB93D4BC0F5DCC05019404391DA3F3B631D697DAE1E
SHA-512:	FC67CD6536EFBA6CB1A7CF7891CEE4FB90CD38DD4AAA8476291437816FE258461F175B0B3A70CEF1E11DB07224C47EBC55DF6A218448CE181F9CE8224A619578
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/jxSxTBQt9wpC9Z1kmUx4U8F5
Preview:	.am-epro-hero-1 {. padding-top: 70px;. padding-bottom: 70px; }. .am-epro-hero-1 .am-hero-content {. position: relative;. z-index: 2;. text-align: center; }. @media (min-width: 768px) {. .am-epro-hero-1 {. padding-top: 120px;. padding-bottom: 120px; } }. @media (min-width: 992px) {. .am-epro-hero-1 {. padding-top: 170px;. padding-bottom: 170px; } }. .am-epro-hero-1 .am-content {. margin-bottom: 30px; }. @media (min-width: 992px) {. .am-epro-hero-1 .am-content {. margin-bottom: 50px; } }. .am-epro-hero-1 .am-content h1:before, .am-epro-hero-1 .am-content h2:before, .am-epro-hero-1 .am-content h3:before, .am-epro-hero-1 .am-content h4:before, .am-epro-hero-1 .am-content h5:before {. width: 0px; }. .am-epro-hero-1.am-text-light .am-hero-content .am-content {. color: #ffffff; }. .am-epro-hero-1.am-text-dark .am-hero-content .am-content {. color: var(--am-text-dark); }. .am-epro-hero-1 .am-bg-image + .am-hero-content

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\leadgrabbers[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2252
Entropy (8bit):	5.093020955927407
Encrypted:	false
SSDEEP:	48:2cc3PmHRUjkizQF3ODNNQEtQQR23xUIQZlQDQ6SuIpBl:2ccfwCsFONZQvBBDQnZp
MD5:	60AFFEFA9537943161C4448CC8079A4A
SHA1:	3B7B58C650D2EF2C07D6888CCC12B6938016B66F
SHA-256:	EE12EB79949002B291655CB94C969B0B208F428FFD87D9BA5E0D11BA2B2C64E3
SHA-512:	E9DB191A59E06B0EB6CED82E2431EB9E00CF2F927975D92C367D9938956B552657FAE0E51D6CF1608A0C96127EC86F868EA5C3B9E0133AABB5525D7BDEE8C881
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.engagebay.com/jsapi/rest/leadgrabbers?apiKey=rk7kjfq5ithu1gq1nkhuvpk99a
Preview:	[{"created_time":0,"updated_time":0,"is_popup_callout":true,"isEnableEmail":true,"is_recaptcha_enabled":false,"disable":false,"rules":[],"or_rules":[],"webRules":[],"webAutomations":[],"addCountryAsTag":false,"addCityAsTag":false,"userIds":[],"version":"v1","formStats":{"totalVisitors":0,"uniqueVisitors":0,"totalContacts":0,"presentContacts":0,"refreshContacts":false,"mobile":0,"desktop":0,"created_time":0,"updated_time":0,"contactsCount":0},"pushContactToURL":true,"spamDetected":false,"email_domain_settings":{"free_service_domains":false},"formOwner":{"id":5791492015652864,"domain_id":5356667366539264,"email":"rola@ziadieinsurance.com","password":"3f1109070aaa1e05a343f57706931fe2","password_decrypted":"","name":"rola","created_time":1619705420,"updated_time":1620138147,"is_admin":true,"is_verified":false,"is_owner":true,"job_title":"","role":"founder-cEO","phone_number":"+18654166590","language":"en","time_zone":"Antarctica/Casey","time_format":"24","loggedin_time":1620140164,"logging

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\page-actions[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3381
Entropy (8bit):	5.050091219850445
Encrypted:	false
SSDEEP:	48:8GgHvGCGNoe3M8WdetCNT5kK3948/QeMdjED6CjkC/e4eXo0Y+DsmnjxCd8JCWlj:P9u544izXV286l6ZRYRk8HCKJSh4pW
MD5:	62E9E627C1322AB990194EB6BDFD5499
SHA1:	448B8FD27CF3E19E92374CEF0045A08BC2C26B3E
SHA-256:	FAE77A813E81D7829692F1C70D6F9E2CEBFAACE0941A85CDC7E142204840C635
SHA-512:	3605E978599D6FE6E85CD2C3E55E9E20C6399F788015367DE1CFD98DE1F23B47190E4E5D7A5BCA4CA3757A5FA6A6F45EC64B25767B333914A8B37E97D6A7DE2C
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page-actions.js?=86-2.434906299078206788
Preview:	$('.engagebay-lp-button').....on(......'click',......function(e) {.......e.preventDefault();.........var buttonAction = $(this).attr('data-actionType');.......var buttonActionValue = $(this).attr('data-actionValue');.........if (!buttonAction \|\| !buttonActionValue)........return;.........switch (buttonAction) {.........case "open_url_in_new_tab":................var pattern = /^((http\|https\|ftp):\/\/)/;........if (!pattern.test(buttonActionValue)) {.........buttonActionValue = "http://" + buttonActionValue;........}................window.open(buttonActionValue, '_blank').focus();........return;.........case "open_url_in_same_tab":..........if (window.parent.location..........&& window.parent.location.href.............indexOf('/landingpage-builder/preview/preview.jsp') > 0).........window.parent.location = buttonActionValue;........else{.........var pattern = /^((http\|https\|ftp):\/\/)/;.........if (!pattern.test(buttonActionValue)) {..........buttonActionValue = "http://" + buttonActionV

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\page[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1520
Entropy (8bit):	5.090582382913269
Encrypted:	false
SSDEEP:	24:na6zmCdzf0xEBjvWfFVXm87nyIctbdQkerJy+y8LEKv008QuWIGQSEMcqQo6yh0P:nzfdYqdoFVXm8dObdqN18QVeIh/XivRX
MD5:	71374AEE1A3FD085641B64402B0FA5CE
SHA1:	86FA69E69AE2BECCF082FD67766C46648B4861C9
SHA-256:	D3D99606E7E22717A6225968F11A608D5DF2FFB37488D4DDAE8B139D157337C7
SHA-512:	F63808FA1DD4B29A2B66AE022CFB38B2367B9FAE181CFE04D58C04E88359AAF0F679CE47410A2E1AD324BE92AA6ADE3554C8CCFCFAE78A6118617C0FE05D26A1
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page.css
Preview:	body{.. margin: 0;.. text-align: left;.. font-size: 1rem;.. /* font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";.. font-size: 1rem;.. font-weight: 400;.. line-height: 1.5;.. color: #212529;.. background-color: #fff; */.. ..}....body .container{...padding-left: 0;...padding-right: 0;..}.....no-border {...border: none;..}.....section-background-video {...display: block;.. position: absolute;.. right: 0;.. .bottom: 0;.. .width: 100%; .. .height: 100%;.. .boder:none;..}....button{...box-shadow: none !important;..}..button:hover{...box-shadow: none !important;...opacity: 0.9;..}....@media only screen and (min-width:601px) {....has-mobile-view .desktop-view {....display: block;...}....has-mobile-view .mobile-view{....display: none;...}.....}.....video-modal iframe{...min-height: 400px;..}.....video-modal video{...height: 400px;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\roboto[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	202
Entropy (8bit):	4.934838261225945
Encrypted:	false
SSDEEP:	6:6THRSa2q9VemJBglZYtN85DeSvMM1lKDoA/:6TUaZe+BglZ4HMKDD
MD5:	775CD75CE56F94D14325B4C781973549
SHA1:	D876A8786FC35410F3079D057B1E953B3DC662E1
SHA-256:	A1AD98928C3F060D83E612380CEC67893929AAA4C8BD9EDF4A8AF49891C1DC7A
SHA-512:	0483F53DB961318F3084DF74020400EF99CE78696493F095BC337DEFC70E1D37436228831EC2C019184F87A1FF9D6ECBC31845C327136E06401312A561D9DD9D
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/cloud/prod/assets/lib/font-family/roboto.css
Preview:	@import url('https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap'); ..body, .font-family-roboto { ..font-family: 'Roboto', sans-serif; ..}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\1pix[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	106
Entropy (8bit):	4.571279214692948
Encrypted:	false
SSDEEP:	3:yionv//thPlE+kSI+DtjyRw/9h/rywOhSllln+wbp:6v/lhPfkCDtmS/9hm9Wlln+Yp
MD5:	B8C257AC72453ECE1B50162396F4C684
SHA1:	89ACAC2E336EB778DBF7DEF27C1A9CDBAFFEDACC
SHA-256:	199B7A9AB9EC79511D5CDDDEEB2068632A9AAE382A916CC56E99701F4C365237
SHA-512:	4913B89D3CA9FB295BF5A79C0C586153EE0353EA541E1CDC95A3CC080E164ADED75FBCF3418999817A9D1F79D6BD0A645C0339676A0DA6A521CA40FA468B0747
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/images/1pix.png
Preview:	.PNG........IHDR.............%.V.....PLTE......U\|.l....pHYs..........+......IDAT..c`.......qd.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\J6HCMGSsUygUJQvcFZ2XfDaG[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2078
Entropy (8bit):	4.8417172870475875
Encrypted:	false
SSDEEP:	48:aZhxoq3clkzLy9WrEZhRsUbftZhH3Kr9TgS1gvn0K4S1MG0zgUpCvQNsswY:kckzLy9WrWsGfIrDwnNF0zgWR
MD5:	7C69C9084AA0A23F37E396E193400A18
SHA1:	372D42B7ECC01EC6F5ACFAAF6EB66422B27A9DEA
SHA-256:	3122B05F9435D1EA31832CE67894A41F795FFEFB5B22E6C8EECEFA8C0827BFDC
SHA-512:	F6F463DF10B408D7DE202893F7A362265A8CEBA176749498D880AB2E54BADD0DBA6CC9AB6813AFD07A687DF40A58D4A88E4BF6D7DD2A16B3DED3F1161C5E5E40
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/J6HCMGSsUygUJQvcFZ2XfDaG
Preview:	:root{.--am-primary : rgb(219, 31, 72);.--am-primary-a75 : rgba(219, 31, 72, 0.75);.--am-primary-a50 : rgba(219, 31, 72, 0.75);.--am-primary-a25 : rgba(219, 31, 72, 0.75);.--am-primary-a1 : rgba(219, 31, 72, 0.75);.--am-secondary : rgb(0, 66, 105);.--am-secondary-a75 : rgba(0, 66, 105, 0.75);.--am-secondary-a50 : rgba(0, 66, 105, 0.75);.--am-secondary-a25 : rgba(0, 66, 105, 0.75);.--am-secondary-a1 : rgba(0, 66, 105, 0.75);.--am-quardanary : rgba(37, 39, 46, 1);.--am-quardanary-a75 : rgba(37,39,46,0.75);.--am-quardanary-a50 : rgba(37,39,46,0.50);.--am-quardanary-a25 : rgba(37,39,46,0.25);.--am-quardanary-a1 : rgba(37,39,46,0.1);.--am-primary-navbar-background : rgb(219, 31, 72);.--am-primary-navbar-link : rgba(251, 251, 251, 1);.--am-primary-navbar-link-hover : rgb(252, 200, 121);.--am-primary-navbar-link-active : rgba(251, 251, 251, 1);.--am-primary-navbar-link-active-background : rgb(0, 66, 105);.--am-primary-navbar-company-name : rgb(0, 66, 105);.--am-secondary-navbar-background : r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOiCnqEu92Fr1Mu51QrEzAdKQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 21776, version 1.1
Category:	downloaded
Size (bytes):	21776
Entropy (8bit):	7.972467440478283
Encrypted:	false
SSDEEP:	384:G+oO9eMm6IbA7qJx9w3/TVd3fr5KjEid8pTN4TbOwyFPhgGRw9:zl9eMm6eKsHwpdPr5K+Pu6wsPaGRU
MD5:	E21019768EE6D334593AA1EBCA028ACF
SHA1:	DFE80B4CB13F47ECED9236E33AB360DB41711B0C
SHA-256:	75D75439F2A7EA1851A3E5B621320B9DFA1399861D2EC6D443A3C2919B93AFB7
SHA-512:	CFE0237C61D61CD630A1F9E05C2A00DEE1C2006811ADAB19162F2BCB890E2F126054EC01131CD2642D2D2398C0F56C7D2D9A25A56C2BAD6FF4BC6FB21029C6E9
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff
Preview:	wOFF......U.................................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...O...`t..'cmap...............#cvt .......H...H.2..fpgm.......3...._...gasp...0............glyf...<..A...u....hdmx..M....q.....#.&head..Np...6...6.\|.hhea..N....#...$.}.[hmtx..N..........rQ.loca..QX........ .._maxp..SP... ... .4..name..Sp........ G= post..TL....... .a.dprep..Td........+6.x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOjCnqEu92Fr1Mu51S7ABc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 70696, version 1.1
Category:	downloaded
Size (bytes):	70696
Entropy (8bit):	7.992363571364484
Encrypted:	true
SSDEEP:	1536:8o/13YSo7wlLbjWFOZL6TT/dM3hxFwYBfzefBTkTWPzR2z5:h/13YL7YLbaFOZmT/MhxFfifsWPN2z5
MD5:	C01F80AAE6DADF6E585CC8462CC72BE5
SHA1:	BDC52E97364DF2A2A7208FB7D8F2A78B1CE4AEEA
SHA-256:	B0694AD449E7A909ECF5540753DC3277EBD1F7A353A08A556718EE42AEB532C2
SHA-512:	CF7FE65DA658E7A55936D8D262C42B9C51FB404F2B62FA989FEAC91F396EDC00561048086B55982322CDD88CF81EEF1700C53C3718BB756E7ED80F9086F41BC5
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ABc-.woff
Preview:	wOFF.......(................................GDEF.......-....p.m.GPOS......&...VL.o?]GSUB..).........u.]?OS/2.......R...`..dcmap../.........v...cvt ..3....\...\1..Mfpgm..4....2......$.gasp..54............glyf..5@...i..}...>.hdmx.......R........head.......6...6...vhhea...8...#...$....hmtx...\...:....q!.Jloca............L...maxp... ... ... ....name...@........!.>gpost........... .a.dprep...4.......X9..x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x.R..]A......G...m....E..2Nm.E.'/N..y.Z....F..!RE..F.w..k..L\.`..L]0y.....h...x!...9.7f...sD..fDk.BPI.wDL.:..s&..<.I\|.4D...5...'.B.R=.....I....~.H.t.......g`F'..#....5...2..:.+.T.Y.2S!.Y..W.....L[.opD.."..QIrIfI.7....]..o.>.f...V...zK.}.P2..j..F7..h..q..........f..Wai.w.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOjCnqEu92Fr1Mu51TLBCc6CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 22360, version 1.1
Category:	downloaded
Size (bytes):	22360
Entropy (8bit):	7.975733480737877
Encrypted:	false
SSDEEP:	384:afBIIA0zhsqLW3UAI+x+VH9cxS8XwZtyOOCiKCu5s7YRKWIrfu/oiQfTO4TPg:aG0zhsqLSUAI+xi2s8XwZtuKJzE6/qfg
MD5:	C2E42D1EAC2DE2B58A2358686E6ED73C
SHA1:	24760369053031DF1F2BE831E067E3D9E37F0B3A
SHA-256:	B31B421BAFE532F6B6BDBB6F680FB11BD3968F23C7FE09A29B1A22F4C8DD2A7E
SHA-512:	BFB71B0B6DE51CD1E643733A14B5CD4342F4E93A1732E9AAF6F3A6012DD85EEC5F660F409474C55751B28D122BA202875A325D72F0B7CF327660577C7C1DC9D7
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff
Preview:	wOFF......WX.......h........................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...O...`v...cmap...............#cvt .......Z...Z...=fpgm...4...3......#.gasp...h............glyf...t..C...t..,..hdmx..O....n....25$8head..Pl...6...6.G.Whhea..P....#...$.H..hmtx..P..........B(Cloca..Sd............maxp..Ud... ... .4..name..U...........>.post..Vd....... .a.dprep..V\|.......8...Cx...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....\|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>\|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...\|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....\|......DT..N....Hy.F.Jez......._?7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20404, version 1.1
Category:	downloaded
Size (bytes):	20404
Entropy (8bit):	7.970248785137973
Encrypted:	false
SSDEEP:	384:8uFoOxqigBacqKz8RGLv6K5a+jZ/rFSyeM5B8r/WjRy0BsM16t/PJ:PFlIvUKz8R+t5N53eGar/gY0Bv6tp
MD5:	BF0F407102FAF3A0B521D3B545F547A5
SHA1:	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB
SHA-256:	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
SHA-512:	85359028F7FE49B1DF90B72E48DC7DE4B21F1B65E8BF109595705A3F4EAF9FA79854B5AEF060FE266291C5ECE9D04FCEAD1DE09BAA2C5E20601E1579212520C8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:	wOFF......O........x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t6..cmap...............#cvt .......X...X/...fpgm.......4......".gasp...@............glyf...L..<'..m..]5Yhdmx..Ht...m....),..head..H....6...6.Y.ihhea..I.... ...$....hmtx..I<.........Dd.loca..K............maxp..M.... ... .4.\name..M........\|..9.post..N........ .m.dprep..N........:z/.Wx...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOlCnqEu92Fr1MmSU5vAA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 64952, version 1.1
Category:	downloaded
Size (bytes):	64952
Entropy (8bit):	7.9912520031982375
Encrypted:	true
SSDEEP:	1536:vsLyiY8Jcy8i1lkbl2evmqm8cgcoxIJ7uW3pqo:EL3Y/HbQeefGCJn3p3
MD5:	130EAFC23A987A6CF560C9B69AF84818
SHA1:	67274FA757715FA68CBA4E1E0105B89C30A2DF60
SHA-256:	CBF6CB2430AE871620CA4BE54F689B7DD217793513F0DD0FB9529C4304B7AFE1
SHA-512:	4B6FBC55DFF9C76A4EBB30F8D342278127C6E7ACF7C32CC570636BC4ED29131D2152FDB8321921502E7D594FD1C5AEE34D6F1E51A6B4B7AA483182EBEC18338C
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5vAA.woff
Preview:	wOFF........................................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]?OS/2......R...`....cmap..+8........v...cvt ../....X...X/...fpgm..0....4......".gasp..1L............glyf..1X......p4)...hdmx...T...R........head......6...6.Y.ihhea....... ...$...uhmtx.......H....S.U.loca...H.........Z)maxp....... ... ...\name...........\|..9.post........... .m.dprep...........:z/.Wx...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOmCnqEu92Fr1Me5g[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 65244, version 1.1
Category:	downloaded
Size (bytes):	65244
Entropy (8bit):	7.991096421944703
Encrypted:	true
SSDEEP:	1536:usLyiYRm7KcA16K7XxlQSa3DucaXhMBbGaDWz2e:xL3YMWcAM8Fa36vRhag
MD5:	73F26BF98A715ECAB4D2287FF3A02AD0
SHA1:	C6C8A2B7E67C182D77916CD2118B1B0D8A6CA549
SHA-256:	55110586D3719C3E8BDAA21F06E4CC1C0A7451ABBAE662344CBD4411536B585F
SHA-512:	429C24A54FD35F9E7DFE341425BC88746BAE605DD3BB53E48679F0174312A2A8C0C29C2B138411118E8D2678258224FF50EF10FB460CEB4B010F2FA30FA40FE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Me5g.woff
Preview:	wOFF...............0........................GDEF.......-....p.m.GPOS......"...N...}.GSUB..%.........u.]?OS/2......R...`....cmap..+8........v...cvt ../....T...T+...fpgm..0....5....w.`.gasp..1L............glyf..1X......u`..p6hdmx...T...R........head......6...6.j.zhhea....... ...$....hmtx.......L......3rloca...L.........j..maxp....... ... ....name...........t.U9.post........... .m.dprep...........I.f..x...3..P.D.7..nb.Ul....f..V..N..Yo..w.z..........;.&8...Nlqb..;.m.r.t.,..\s..7.]'.;...N.t.5o.;..N\|.....'.H.i..B'.%..h....:....Fjb..9Qm....:...l{...v.....e.i....v.f...o.j.]..v.V..Zm.j....D.....).)#LBaj8c.{.Axc...k.y!...b.X.V.Ul........x......x.^.i......Q...;....\....Z"J..I.qI7J...V....x...d.a.._.,....%.=.v'.\|...N1...`.i.F...C.0.p`.......f....'*..@....\|Z.h~..w...{...(....O.Mh.x=.@..pk....v..E....Ba{k...r.qn..U.wP..Vj..J?../..oz).UL!..a.D.[~)4.....J..y#.L.7..]...Z.3.o\.W..S....?...j.'^J..^.scp3........nO.........z.t.4m.i..C..hy.......+=..&._:.he...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\background_gradient[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category:	downloaded
Size (bytes):	453
Entropy (8bit):	5.019973044227213
Encrypted:	false
SSDEEP:	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5:	20F0110ED5E4E0D5384A496E4880139B
SHA1:	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256:	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512:	5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/background_gradient.jpg
Preview:	......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\bullet[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\bullet[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	447
Entropy (8bit):	7.304718288205936
Encrypted:	false
SSDEEP:	12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5:	26F971D87CA00E23BD2D064524AEF838
SHA1:	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256:	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512:	C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/bullet.png
Preview:	.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...\|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2420
Entropy (8bit):	5.176947579569134
Encrypted:	false
SSDEEP:	48:UY3QS0aNAY3Q1aNkY3QEaN0BY3QXaNwY3QpaNpY3QbaNlOS0aNhO1aNROEaNKCOj:UYgS0aNAYg1aNkYgEaNuYgXaNwYgpaN4
MD5:	DF28ED37E7D807193B5C684BD64F67D1
SHA1:	D78474124D2BAE7FCA1DF622B93075887908C6B0
SHA-256:	12931046F7EE4AA8C6DCD1E68B20AA324BFD84A02AA05A31161210189490A3E7
SHA-512:	0019E9218231FADE55CC83B60E9DC9EEEF4AF511CDF0AB8927281F67D8FED21CB26E1797011696F1F164A730E19E23928A802A7C08D22DDA57AB3F52EB2C5A60
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 100;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOiCnqEu92Fr1Mu51QrEzAdKQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff) for

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\edit-d8d8448de4acf39f0d205239932f69cebadc8ef71bc2b9c3ac1d78a0cb314053[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1066
Entropy (8bit):	5.011379474325491
Encrypted:	false
SSDEEP:	24:2d0Qv7LuR47tNLdeaxMwhll5mdABR6g4wCVfj02ZyLTUTxLf:cDPe47tNjCVfjdZLTxLf
MD5:	7E1B8CE06E8FC3A70005BDD28E16CC49
SHA1:	8D66DF9489B622C51ECFD4EA34EBE39211005E13
SHA-256:	D8D8448DE4ACF39F0D205239932F69CEBADC8EF71BC2B9C3AC1D78A0CB314053
SHA-512:	51286DE13DAA68C2103DE9BB4060867F1E0CEADACA38AA091BB0E7747F5B4FD66EE9B9D30EF61E1BF42F1F742F8E01163D9F7C7611FB054A4D61BF4FCD9F9180
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/web_forms/edit-d8d8448de4acf39f0d205239932f69cebadc8ef71bc2b9c3ac1d78a0cb314053.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="17px" height="17px" viewBox="0 0 17 17" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: sketchtool 43.2 (39069) - http://www.bohemiancoding.com/sketch -->. <title>9A52D040-5E81-45E6-91C4-2B55E4C56B40</title>. <desc>Created with sketchtool.</desc>. <defs></defs>. <g id="Symbols" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round">. <g id="edit" stroke="#319EDE">. <g>. <path d="M5.5,14.5 L16.1,4.1 C16.7,3.5 16.7,2.6 16.1,2 L15.1,1 C14.5,0.4 13.6,0.4 13,1 L2.5,11.5 L0.5,16.5 L5.5,14.5 Z" id="Stroke-1"></path>. <path d="M12,2 L15,5" id="Stroke-3"></path>. <polyline id="Stroke-5" points="2.5 11.5 4 11.5 4.5 12.5 5.5 13 6 14"></polyline>. <path d="M1,15.5 L1.5,16" id="Stroke-7"></path>. <path d="M13.5,3.6 L4.5,12.5" i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\errorPageStrings[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\f3GY34unAFcsvxZqAfapGaRU[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3068
Entropy (8bit):	4.607020970786924
Encrypted:	false
SSDEEP:	48:PLazFiQ+dAM++dp+d0KwYvKYwk4Viw/o1+ogYAXwQDqnwDKFDwD3mabIXwU+df+R:PLCiVswYyYwk4Viw/o1+DYAwQDGwmJwm
MD5:	D6D6598546C3A3302B3726ECD5789D5E
SHA1:	D6BFA2111FEB4D54FD4412E625B1C8D26D9CC24D
SHA-256:	87A9D3875BFA584D6426C2246088E195C7C5352B6C770FF0AC1F53D81C081621
SHA-512:	FD89DB7D984A86F5151C7C7A660D1E39DA134A36536E00E56DE712306DB30DCDC79CD7CC46165ED3BABDFDA6082969BD2E66F30012AE3D8128A67C9D12F9AB50
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/f3GY34unAFcsvxZqAfapGaRU
Preview:	.am-landing.am-epro-card-1 {. padding-top: 40px;. padding-bottom: 40px; }. @media (min-width: 768px) {. .am-landing.am-epro-card-1 {. padding-top: 80px;. padding-bottom: 80px; } }...am-landing.am-epro-card-1 {. color: var(--am-text-dark); }. .am-landing.am-epro-card-1 .container {. z-index: 5; }. .am-landing.am-epro-card-1 .am-card-content {. max-width: 750px;. margin-left: auto;. margin-right: auto;. text-align: center;. margin-bottom: 40px; }. @media (min-width: 768px) {. .am-landing.am-epro-card-1 .am-card-content {. margin-bottom: 80px; } }. .am-landing.am-epro-card-1 .am-card-content {. text-align: center; }. .am-landing.am-epro-card-1 .card {. margin-bottom: 30px;. border-radius: var(--am-card-radius); }. .am-landing.am-epro-card-1 .card .card-header {. padding: 0px; }. .am-landing.am-epro-card-1 .card .card-header img {. max-width: 100%;. border-radius: var(--am-card-radius); }. @med

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.829823522211244
Encrypted:	false
SSDEEP:	192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	8A99CE81EC2F89FBCA03F2C8CF1A3679
SHA1:	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
SHA-256:	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
SHA-512:	930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728641238865369
Encrypted:	false
SSDEEP:	768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
MD5:	390B4210E10C744C3C597500BCF0B31A
SHA1:	2600C7C2F25D7DBCBC668231601E426010DC6489
SHA-256:	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
SHA-512:	E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\gmail[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	66743
Entropy (8bit):	7.712342056984168
Encrypted:	false
SSDEEP:	1536:FxqKcVqezl0vLoYxEuKoYk5LHjGkT3b1mQOEj0+R+EH:FsK2qezl0zoYxEuKo7CYrOb+Rb
MD5:	DCE2F2B0E50CB1DBB0246D152791CB46
SHA1:	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6
SHA-256:	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
SHA-512:	91054B36EF1673B24E4FE3DC324CBE339F4E9EB72785A6A4C355C7B2A11A9A7C6E188FF9BF5B34FFDD2805D4BBED71EF6CA4975EE3E330FD8D8E383ED64B28EE
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/images/gmail.png
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs............/....tEXtSoftware.www.inkscape.org..<... .IDATx...{x.u.....I.sS..9Q(..J.L&.$..V\|........#.."...Zw.eEQv.Q..U.A]9Vh..I8...H2)`....i.....).....f.y....L.pu...{n..........................................................................................................................................................................................................................................................................................................................................................................................................@Is..... mj=...X<65....U.l.b.t.U...mR...e..P.i.$.i2U..@N1.f...i.s...cf.../....2ev.`..%.\|.o...s..j..l.B....V&..s;b..Pfg......!...:..5....$.@...I0.=.lY.......a...B.4g... T.9Wif..R..o.R.t'.0...?G.9i...L...*..&..s.Vgnkhn...;p[.0.5.........$......P......^".HL.M...@.p..;04....9.&.(i....9.sK..=&.'$m........f..1..'...f2.Uww......PH....@..xq....k.2..l.Luf..s5..`.\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	24210
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	384:xPini/i+1Btvjy815ZVUwiki3ayimi5eqBG1fm304Pini/i+1Btvjy815ZVUwik5:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y8d
MD5:	7B6C8BD51E49F7F56E2B21311D0EA59B
SHA1:	EDB0F7D21BCEC6C48DEDC14E9ED41383740BAE37
SHA-256:	620BD33A4E0358498D9429FE2DBA00F85A86D6059FA796B482E2A9F6B0794F2D
SHA-512:	DD1D524872EE165D230BE5B3872DEE108B806AB684AACFA955F07B7A87C1ACA63FA3B59210442E1E3C9A2D33409583E0AC3B1A6A0D4EB91BBEEF62D311FD1BC4
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\info_48[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\info_48[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4113
Entropy (8bit):	7.9370830126943375
Encrypted:	false
SSDEEP:	96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
MD5:	5565250FCC163AA3A79F0B746416CE69
SHA1:	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256:	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512:	E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..\|........7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....\|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.\|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\min_v6[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2116
Entropy (8bit):	4.986653900154579
Encrypted:	false
SSDEEP:	24:T2DAPg2n1/kKUuf+5TVUeeEMID/5v9XQf9flgWOBXYhsOg0Nt0XO2D07ya/hAcld:CD7MHbHmJ9XQFcGbM2h1
MD5:	0001A59FB5DC223B9327003735A359B4
SHA1:	2E83DDF2239116E46CE84D5CB3BCFFC4152CD87E
SHA-256:	668C4EA01B5AD8F78A731AB245C4E23994EFB33D0A6F525D5B0F42828B2E2591
SHA-512:	D4439604390C6CEAAC1F585C3336A998C458C5AC3FC8F635A70914FFBAE935F6E40C3FDF06B4037380F4EBC7A521ADD2CD0B7B61B4F50F5CE5A5E17A3A0ABBEA
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2p078bqz5urf7.cloudfront.net/jsapi/css/iframe/min_v6.css
Preview:	.engagebay-popup-iframe{border:0;position:fixed;height:100px;width:auto;min-width:410px;max-width:100%;max-height:100%;display:inline;z-index:16777271}@media screen and (max-width:480px){.engagebay-popup-iframe{min-width:300px}}.engagebay-popup-iframe.popupbox{top:0;bottom:0;left:0;right:0;height:100%!important;width:100%!important}.engagebay-popup-iframe.fullform{background-color:#32303b}.engagebay-popup-iframe.slide-left,.engagebay-popup-iframe.slide-right{bottom:5px;top:auto}.engagebay-popup-iframe.dropdown{position:fixed;top:0;left:0;right:0;bottom:auto;width:100%!important}.engagebay-popup-iframe.slide-left{left:5px;right:auto}.engagebay-popup-iframe.slide-right{left:auto;right:5px}.engagebay-popup-iframe.engage-fadeInUp{-webkit-animation:fadeInUp .4s;-moz-animation:fadeInUp .4s;-o-animation:fadeInUp .4s;animation:fadeInUp .4s;animation-timing-function:linear}@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translateY(0)}1%{-webkit-transform:translateY(20px)}100%{opacity

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\navcancl[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2713
Entropy (8bit):	4.1712007174415895
Encrypted:	false
SSDEEP:	24:r3avxU5hzsIVmVMeLmVMyHf63lboxMCLxvriN6LOAPAnQay78eLx5Tb87nVkEhML:upU0GVeLVGBXvrp4n/1a5TI7Ve/G79KX
MD5:	4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1:	42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256:	BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512:	BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="res://ieframe.dll/ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... <title>Navigation Canceled</title>.... <script src="res://ieframe.dll/errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="res://ieframe.dll/httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:navCancelInit(); ">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="res://ieframe.dll/info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\onedrive-w[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 242 x 167, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	16538
Entropy (8bit):	2.5138273798009148
Encrypted:	false
SSDEEP:	96:5SkkEWRtxNXPXjssc5OUFbnGDZkFvDS/fMrrwiYvl:5SkktXxzOyk8/krrwiYvl
MD5:	A4E9A192337B2DD72BAACE5F6BB7A7C8
SHA1:	88EB42C8A10E146E610C9519CAD72B0FE175A64C
SHA-256:	D4594C50BCDB75CC4A51C77C77A089C1BC9D1860F4E50B7AC33039551C82B408
SHA-512:	C064FCE4F7FA62E47A333DC9F019F57A2FEFE4FE8725CDCA20CE50826B25039106E073214AA20C0ACF9421AAB32410090A516A4ED97333938B3972034B8A93E0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/images/onedrive-w.png
Preview:	.PNG........IHDR.............++..... cHRM..z&..............u0...`..:....p..Q<....sRGB.........gAMA......a.....pHYs...............9.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-20T14:46:56+05:00</xmp:CreateDate>. <

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\outlook1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	771
Entropy (8bit):	7.682244426935498
Encrypted:	false
SSDEEP:	24:74yiH9yQmOntihdLl00qDeu1BcaDa0oljZG0:omOntO7v/uJDYG0
MD5:	C3FC46C5799C76F9107504028F39190F
SHA1:	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23
SHA-256:	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
SHA-512:	DF4A0A2F78B2013035FB738BF405119B275D4CFEC31A23071EB9AF499D5F31FDC4BE22754CE791C975D7D417E908B5CAD16F962B0ADD3DFDCDE19844D74F6678
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/images/outlook1.png
Preview:	.PNG........IHDR..............JL.....bKGD..............IDATH....k.A..k6.b.F1..H@...j@.aQ...(.. .. ........ .A..D...I......E......1...W...;;.Y.d.}].U5]..x"3?....!..A..y..+R2\...m.NX.=..p.0...d.^.3......J.Z.X.).....P\..x1.3.M.0....m.........F....?...n.......l.Fo)x._ R\|.s..a.T?...?.=.9.Y..u....z..\|.....Wz...h..<..P.. ...$.Y......k`/4.y/......L.C......."....U....7....G...'h.....1j1E..%t.....@..a.......b.ED-.Tn.<..o.D...o..(.{1l>........".4a.:k.I./.7t./.Q-'..>.. ......'3eb..d.@=4...C....A...;..N.X3.(.......,v...+...S...W..l...@,...j.).u<..@u..0...V&.b.yp.....0..o.?..V..B =.~&m"r(...6;EP.T.......h.m".[f.U)\|t..2.Q.....g.cP.W...D..[.O>..d;.yI.{/..#v.._..$.Q.......t\E..5i.q._.."/n...v.w..Uo ...#..S....^.....F..+._??.r.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\slick.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1369
Entropy (8bit):	4.790302563475718
Encrypted:	false
SSDEEP:	24:4u/SZOZHEPJ/popJzwxI0kATpL4HNrreVx:4qTEJMJzyuKx
MD5:	6A62AD0F300504C583E7797C79C2D8AB
SHA1:	E6E4F113FC2D008516D21228DAC93BB6A2FCBB53
SHA-256:	50AD448A8A5720BF8A5617DB15AF31AE60163DE06331576F60C6244C012FFC72
SHA-512:	C879273F5FC0C11FB2C76E9C075CB4723BD050CBC46B63C5CEDD5CF4B952E29450E4D39364559B8418A0F97F46F5E616FFC9B4FF8397371F29C49EB3E7BC7477
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.min.css
Preview:	.slick-slider{position:relative;display:block;box-sizing:border-box;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-touch-callout:none;-khtml-user-select:none;-ms-touch-action:pan-y;touch-action:pan-y;-webkit-tap-highlight-color:transparent}.slick-list{position:relative;display:block;overflow:hidden;margin:0;padding:0}.slick-list:focus{outline:0}.slick-list.dragging{cursor:pointer;cursor:hand}.slick-slider .slick-list,.slick-slider .slick-track{-webkit-transform:translate3d(0,0,0);-moz-transform:translate3d(0,0,0);-ms-transform:translate3d(0,0,0);-o-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.slick-track{position:relative;top:0;left:0;display:block;margin-left:auto;margin-right:auto}.slick-track:after,.slick-track:before{display:table;content:''}.slick-track:after{clear:both}.slick-loading .slick-track{visibility:hidden}.slick-slide{display:none;float:left;height:100%;min-height:1px}[dir=rtl] .slick-slide{float:right}.slick-sl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\tick-07c4e79cc650de31f50404a4d05b260abd05652dd12a56f436e868ed925e9d48[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1515
Entropy (8bit):	4.832544049538586
Encrypted:	false
SSDEEP:	24:2dmm91LuR+AxwOLdeaxM2TxXu9fjU2lfkbRfwvtBtcG5gP3o4AMKljL/IR:cT9VefNpijlfuRfwvF35gvo4AjS
MD5:	DD9DBCD24FE4C1C89A23BDDA42AF7F78
SHA1:	C7302875EF6C0503F55011234B2430B374C377B8
SHA-256:	07C4E79CC650DE31F50404A4D05B260ABD05652DD12A56F436E868ED925E9D48
SHA-512:	0075B91F2407915EEE2CC0942313FE6C45E8C43E826A74909988A2A19A9B9285669FF53EDDB7CA37547147CDA48B68EA69D15A1CAA2A72D3EF2F9B522D04EA48
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.ziadieinsurance.com/assets/web_forms/tick-07c4e79cc650de31f50404a4d05b260abd05652dd12a56f436e868ed925e9d48.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="19px" height="20px" viewBox="0 0 19 20" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: sketchtool 43.2 (39069) - http://www.bohemiancoding.com/sketch -->. <title>F9693B3C-B843-42EB-829F-D9E78FA31377</title>. <desc>Created with sketchtool.</desc>. <defs></defs>. <g id="Symbols" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="tick" fill="#00A300">. <path d="M9.16666667,0.666666667 C4.10416667,0.666666667 0,4.770625 0,9.83333333 C0,14.8960417 4.10416667,19 9.16666667,19 C14.2291667,19 18.3333333,14.8960417 18.3333333,9.83333333 C18.3333333,4.770625 14.2291667,0.666666667 9.16666667,0.666666667 Z M9.16666667,17.3333333 C5.02458333,17.3333333 1.66666667,13.9754167 1.66666667,9.83333333 C1.66666667,5.69125 5.02458333,2.33333333 9.16666667,2.33333333 C13.30875,2.33333333 16.6666667,5.69125 16.6666667,9.83333333 C16.6666667,1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\xx[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	20653
Entropy (8bit):	4.874672170550623
Encrypted:	false
SSDEEP:	384:y6uAFhwI4msjTbopOGoqWOVCtSt/4j22/:tgI4r
MD5:	90B9B5AEF0B580B439C7E47FE36550CA
SHA1:	696840191967AFE6CFE72DF21F9F1351B9EF8CF4
SHA-256:	74D9357DE367B4AB1879D4D0C9831753A033E822204ED0B4AB86AB738CA7812E
SHA-512:	E8A2BC260D028126659C46106ACD9A4E51A536073AAF44E0B4C62AD2E6838C9D14E2174FB5173233FE3496C0A993D7500E819D28C97A3613147ED403108B8C72
Malicious:	false
Reputation:	low
IE Cache URL:	https://fitnessfortravel.top/spider/xx/
Preview:	..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">.. <link href="https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap" rel="stylesheet">.. <script src="https://kit.fontawesome.com/585b051251.js" crossorigin="anonymous"></script>.. <title>OneDrive \| Login</title>.. <link r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\5518707892682752[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8128
Entropy (8bit):	5.158637754369493
Encrypted:	false
SSDEEP:	192:jEWhLKrKZghzWk1ew9D8hzx0hE9wt1kThESEDSi4wCvcO8n:jEwLKmZDk1ewps1w3kHEDSi4wdzn
MD5:	B787EBDA0D945D5E198FF3B75B5A4FE8
SHA1:	39FFD6264D4C5783B755BF4809C0D2A0025473F9
SHA-256:	1FC1FCB4F92358E79C697219FE2FC9D680368547AAC8D0EC8002DB0751F7DE3B
SHA-512:	E8D053218F90F8F71F9E7D42863D4354CD6A0D33E1FDD2269CA1BB3524B4CE1C2C1B9A2ABFF7615AC7A5D0DF1496B0055F95A828F2B1CA211BC4EB978A590CB3
Malicious:	false
Reputation:	low
IE Cache URL:	https://ziadieinsurance.eb-sites.com/5518707892682752
Preview:	<!DOCTYPE html>.<html>. <head> . <link rel="stylesheet" href="https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/bootstrap.min.css" /> . <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" /> . <link rel="stylesheet" href="https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/page.css" /> . <link rel="stylesheet" href="https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/commons.css" /> . <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" type="text/javascript"></script> . <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.bundle.min.js" type="text/javascript"></script> . <script src="https://d2p078bqz5urf7.cloudfront.net/cloud/landingpage-builder/page/iframe.js?86-2.434906299078206788" type="text/javascript"></script> . <link rel="stylesheet" href="https://d2p078bqz5urf7.cloudfront.net/cloud/prod/assets/lib/font-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\DXnh2gQGUzsBKDcjrSfahMBG[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1823
Entropy (8bit):	4.763272843379095
Encrypted:	false
SSDEEP:	24:pLazF09gwt3wSLC0CBajPzM9HMYsShGx5kx8r1wa3qvgwRvt:pLazF0SaLC0CBaj1PYdd1t
MD5:	740CB93692E95FF001966C451EC45675
SHA1:	049BE6E3BB83CF0813264FF65DCB32E6DD305C76
SHA-256:	98F88289B61A757FF32FE6AD0787A75814909F8AA1F677B349AB77B02F19B551
SHA-512:	705C3E4F0D2AFB32A086C4532D5E53F12EFC8F62D1D0588336D02C9DF02C23D4A00AF2408A768864D0B90E013161292F96ADE30032A768BA1C12973F2B016BFE
Malicious:	false
Reputation:	low
IE Cache URL:	https://agentmethods-production.s3.amazonaws.com/DXnh2gQGUzsBKDcjrSfahMBG
Preview:	.am-landing.form-1 {. padding-top: 40px;. padding-bottom: 40px; }. @media (min-width: 768px) {. .am-landing.form-1 {. padding-top: 80px;. padding-bottom: 80px; } }...am-landing.form-1 .form-box {. margin-top: 40px;. max-width: 600px;. margin-left: auto;. margin-right: auto;. padding: 15px;. background-color: var(--am-secondary);. border-radius: var(--am-card-radius); }. @media (min-width: 992px) {. .am-landing.form-1 .form-box {. margin-top: 70px; } }. @media (min-width: 992px) {. .am-landing.form-1 .form-box {. padding-left: 30px;. padding-right: 30px;. padding-top: 40px;. padding-bottom: 40px; } }. .am-landing.form-1 .form-box form {. margin-bottom: 0px; }. .am-landing.form-1 .form-box label {. color: var(--am-text-light);. font-weight: 500; }. .am-landing.form-1 .form-box p {. color: var(--am-text-light); }. .am-landing.form-1 .form-box fieldset > .control-group:last-child {. margin-top: 60px; }. .am-landing

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2168
Entropy (8bit):	5.207912016937144
Encrypted:	false
SSDEEP:	24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5:	F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1:	F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256:	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512:	62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious:	false
Reputation:	low
Preview:	.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source IP	Dest IP
05/04/21-20:30:02.799625	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:02.834820	ICMP	449	ICMP Time-To-Live Exceeded in Transit	84.17.52.126	192.168.2.6
05/04/21-20:30:02.835482	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:02.870776	ICMP	449	ICMP Time-To-Live Exceeded in Transit	149.11.89.129	192.168.2.6
05/04/21-20:30:02.872018	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:02.907758	ICMP	449	ICMP Time-To-Live Exceeded in Transit	130.117.49.165	192.168.2.6
05/04/21-20:30:02.909780	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:02.952373	ICMP	449	ICMP Time-To-Live Exceeded in Transit	130.117.0.18	192.168.2.6
05/04/21-20:30:02.955951	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:03.008126	ICMP	449	ICMP Time-To-Live Exceeded in Transit	154.54.36.53	192.168.2.6
05/04/21-20:30:03.020333	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:03.066571	ICMP	449	ICMP Time-To-Live Exceeded in Transit	130.117.15.66	192.168.2.6
05/04/21-20:30:03.076661	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:03.148604	ICMP	449	ICMP Time-To-Live Exceeded in Transit	195.22.208.117	192.168.2.6
05/04/21-20:30:03.149018	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:03.217264	ICMP	449	ICMP Time-To-Live Exceeded in Transit	93.186.128.39	192.168.2.6
05/04/21-20:30:03.217736	ICMP	384	ICMP PING	192.168.2.6	2.23.155.201
05/04/21-20:30:03.280402	ICMP	408	ICMP Echo Reply	2.23.155.201	192.168.2.6

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 20:30:06.584922075 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.585870981 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.786051035 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.786170959 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.787108898 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.787209988 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.791626930 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.791724920 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.992563009 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.992598057 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.994321108 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.994369984 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.994406939 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.994434118 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.994499922 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.994546890 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.995975971 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.996021032 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.996054888 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.996067047 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.996095896 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:06.996154070 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:06.996165991 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.033096075 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.033154011 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.038965940 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.234236002 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.234276056 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.234307051 CEST	443	49713	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.234431028 CEST	49713	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.234515905 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.234590054 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.240339994 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.465636969 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.465712070 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.465755939 CEST	443	49714	143.110.228.35	192.168.2.6
May 4, 2021 20:30:07.465770006 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.465801954 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.465806007 CEST	49714	443	192.168.2.6	143.110.228.35
May 4, 2021 20:30:07.616772890 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.619040966 CEST	49718	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.625596046 CEST	49719	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.626584053 CEST	49720	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.628082037 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.657326937 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.657497883 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.660018921 CEST	443	49718	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.660419941 CEST	49718	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.666153908 CEST	443	49719	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.666446924 CEST	49719	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.667011976 CEST	443	49720	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.667125940 CEST	49720	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.668462992 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.668567896 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.754121065 CEST	49722	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.757359028 CEST	49723	443	192.168.2.6	104.16.19.94
May 4, 2021 20:30:07.758718014 CEST	49724	443	192.168.2.6	104.18.11.207
May 4, 2021 20:30:07.759008884 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.759974003 CEST	49725	443	192.168.2.6	104.16.19.94
May 4, 2021 20:30:07.760798931 CEST	49726	443	192.168.2.6	104.18.11.207
May 4, 2021 20:30:07.782936096 CEST	49720	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.787208080 CEST	49718	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.787360907 CEST	49719	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.788654089 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.794651031 CEST	443	49722	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.794785976 CEST	49722	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.796650887 CEST	49722	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.799437046 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.799783945 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.799803972 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.799815893 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.799869061 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.799937010 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.802064896 CEST	443	49721	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.802146912 CEST	49721	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.809000969 CEST	443	49723	104.16.19.94	192.168.2.6
May 4, 2021 20:30:07.809200048 CEST	49723	443	192.168.2.6	104.16.19.94
May 4, 2021 20:30:07.810482025 CEST	443	49724	104.18.11.207	192.168.2.6
May 4, 2021 20:30:07.810609102 CEST	49724	443	192.168.2.6	104.18.11.207
May 4, 2021 20:30:07.812361956 CEST	443	49725	104.16.19.94	192.168.2.6
May 4, 2021 20:30:07.812485933 CEST	49725	443	192.168.2.6	104.16.19.94
May 4, 2021 20:30:07.813646078 CEST	443	49726	104.18.11.207	192.168.2.6
May 4, 2021 20:30:07.813751936 CEST	49726	443	192.168.2.6	104.18.11.207
May 4, 2021 20:30:07.824938059 CEST	443	49720	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.829125881 CEST	443	49718	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.829152107 CEST	443	49719	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.830223083 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.830775023 CEST	443	49719	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.830801964 CEST	443	49719	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.830826044 CEST	443	49719	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.830888033 CEST	49719	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.830945015 CEST	49719	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.831016064 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.831060886 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.831088066 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.831100941 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.831140041 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.831159115 CEST	49717	443	192.168.2.6	13.35.253.54
May 4, 2021 20:30:07.834417105 CEST	443	49717	13.35.253.54	192.168.2.6
May 4, 2021 20:30:07.834496021 CEST	49717	443	192.168.2.6	13.35.253.54

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 20:29:58.351599932 CEST	49448	53	192.168.2.6	8.8.8.8
May 4, 2021 20:29:58.400161982 CEST	53	49448	8.8.8.8	192.168.2.6
May 4, 2021 20:29:59.149720907 CEST	60342	53	192.168.2.6	8.8.8.8
May 4, 2021 20:29:59.211801052 CEST	53	60342	8.8.8.8	192.168.2.6
May 4, 2021 20:29:59.962898970 CEST	61346	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:00.023190975 CEST	53	61346	8.8.8.8	192.168.2.6
May 4, 2021 20:30:01.074476004 CEST	51774	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:02.089879990 CEST	51774	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:02.138379097 CEST	53	51774	8.8.8.8	192.168.2.6
May 4, 2021 20:30:02.735053062 CEST	56023	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:02.789964914 CEST	53	56023	8.8.8.8	192.168.2.6
May 4, 2021 20:30:03.384809971 CEST	58384	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:03.438159943 CEST	53	58384	8.8.8.8	192.168.2.6
May 4, 2021 20:30:04.346496105 CEST	60261	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:04.398235083 CEST	53	60261	8.8.8.8	192.168.2.6
May 4, 2021 20:30:05.278456926 CEST	56061	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:05.340547085 CEST	53	56061	8.8.8.8	192.168.2.6
May 4, 2021 20:30:05.645289898 CEST	58336	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:05.702354908 CEST	53	58336	8.8.8.8	192.168.2.6
May 4, 2021 20:30:06.514102936 CEST	53781	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:06.568592072 CEST	54064	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:06.574223042 CEST	53	53781	8.8.8.8	192.168.2.6
May 4, 2021 20:30:06.617569923 CEST	53	54064	8.8.8.8	192.168.2.6
May 4, 2021 20:30:07.397136927 CEST	52811	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:07.448540926 CEST	53	52811	8.8.8.8	192.168.2.6
May 4, 2021 20:30:07.550288916 CEST	55299	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:07.570085049 CEST	63745	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:07.582621098 CEST	50055	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:07.612873077 CEST	53	55299	8.8.8.8	192.168.2.6
May 4, 2021 20:30:07.634085894 CEST	53	50055	8.8.8.8	192.168.2.6
May 4, 2021 20:30:07.634780884 CEST	53	63745	8.8.8.8	192.168.2.6
May 4, 2021 20:30:07.764247894 CEST	61374	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:07.825690985 CEST	53	61374	8.8.8.8	192.168.2.6
May 4, 2021 20:30:08.267934084 CEST	50339	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:08.324942112 CEST	53	50339	8.8.8.8	192.168.2.6
May 4, 2021 20:30:08.587001085 CEST	63307	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:08.645564079 CEST	53	63307	8.8.8.8	192.168.2.6
May 4, 2021 20:30:08.959216118 CEST	49694	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:09.030118942 CEST	53	49694	8.8.8.8	192.168.2.6
May 4, 2021 20:30:09.752408028 CEST	54982	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:09.801659107 CEST	53	54982	8.8.8.8	192.168.2.6
May 4, 2021 20:30:10.828455925 CEST	50010	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:10.881597042 CEST	53	50010	8.8.8.8	192.168.2.6
May 4, 2021 20:30:11.927648067 CEST	63718	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:11.978497982 CEST	53	63718	8.8.8.8	192.168.2.6
May 4, 2021 20:30:13.363648891 CEST	62116	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:13.417045116 CEST	53	62116	8.8.8.8	192.168.2.6
May 4, 2021 20:30:14.511919022 CEST	63816	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:14.570288897 CEST	53	63816	8.8.8.8	192.168.2.6
May 4, 2021 20:30:15.951565027 CEST	55014	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:16.002032995 CEST	53	55014	8.8.8.8	192.168.2.6
May 4, 2021 20:30:17.155333042 CEST	62208	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:17.207133055 CEST	53	62208	8.8.8.8	192.168.2.6
May 4, 2021 20:30:18.522368908 CEST	57574	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:18.573550940 CEST	53	57574	8.8.8.8	192.168.2.6
May 4, 2021 20:30:27.007352114 CEST	51818	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:27.064696074 CEST	53	51818	8.8.8.8	192.168.2.6
May 4, 2021 20:30:30.481265068 CEST	56628	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:30.849812031 CEST	53	56628	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.180932045 CEST	60778	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.192281008 CEST	53799	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.200879097 CEST	54683	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.212449074 CEST	59329	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.238246918 CEST	53	60778	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.243829966 CEST	53	53799	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.263345003 CEST	53	54683	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.272469997 CEST	53	59329	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.828021049 CEST	64021	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.889746904 CEST	53	64021	8.8.8.8	192.168.2.6
May 4, 2021 20:30:31.919544935 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:31.969824076 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 20:30:33.291605949 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:33.475260973 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 20:30:34.601337910 CEST	50700	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:34.621011972 CEST	54069	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:34.661562920 CEST	53	50700	8.8.8.8	192.168.2.6
May 4, 2021 20:30:34.690661907 CEST	53	54069	8.8.8.8	192.168.2.6
May 4, 2021 20:30:35.268917084 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:35.317534924 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 20:30:35.650073051 CEST	57017	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:35.685650110 CEST	56327	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:35.698697090 CEST	53	57017	8.8.8.8	192.168.2.6
May 4, 2021 20:30:35.865483999 CEST	53	56327	8.8.8.8	192.168.2.6
May 4, 2021 20:30:36.012271881 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:36.061075926 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 20:30:36.269921064 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:36.318582058 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 20:30:37.022871971 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:37.084856033 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 20:30:37.274692059 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:37.324146986 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 20:30:38.039675951 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:38.088941097 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 20:30:40.560631037 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:40.571255922 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:40.609500885 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 20:30:40.620063066 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 20:30:44.624641895 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:44.629287004 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 20:30:44.675529003 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 20:30:44.680043936 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 20:31:07.236368895 CEST	62055	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:07.501893997 CEST	53	62055	8.8.8.8	192.168.2.6
May 4, 2021 20:31:08.946252108 CEST	61249	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:09.066765070 CEST	53	61249	8.8.8.8	192.168.2.6
May 4, 2021 20:31:09.732569933 CEST	65252	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:09.791449070 CEST	53	65252	8.8.8.8	192.168.2.6
May 4, 2021 20:31:10.251705885 CEST	64367	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:10.311758041 CEST	53	64367	8.8.8.8	192.168.2.6
May 4, 2021 20:31:11.278527021 CEST	55066	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:11.337848902 CEST	53	55066	8.8.8.8	192.168.2.6
May 4, 2021 20:31:12.062045097 CEST	60211	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:12.168153048 CEST	53	60211	8.8.8.8	192.168.2.6
May 4, 2021 20:31:12.363704920 CEST	56570	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:12.430548906 CEST	53	56570	8.8.8.8	192.168.2.6
May 4, 2021 20:31:12.837090015 CEST	58454	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:12.899161100 CEST	53	58454	8.8.8.8	192.168.2.6
May 4, 2021 20:31:13.714473963 CEST	55180	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:13.776721954 CEST	53	55180	8.8.8.8	192.168.2.6
May 4, 2021 20:31:14.705833912 CEST	58721	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:14.766251087 CEST	53	58721	8.8.8.8	192.168.2.6
May 4, 2021 20:31:15.537075996 CEST	57691	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:15.594485044 CEST	53	57691	8.8.8.8	192.168.2.6
May 4, 2021 20:31:19.678308964 CEST	52943	53	192.168.2.6	8.8.8.8
May 4, 2021 20:31:19.752171040 CEST	53	52943	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 4, 2021 20:30:06.514102936 CEST	192.168.2.6	8.8.8.8	0xa3db	Standard query (0)	ziadieinsurance.eb-sites.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.550288916 CEST	192.168.2.6	8.8.8.8	0x4005	Standard query (0)	d2p078bqz5urf7.cloudfront.net	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.570085049 CEST	192.168.2.6	8.8.8.8	0xd35b	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.582621098 CEST	192.168.2.6	8.8.8.8	0xe1c6	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.764247894 CEST	192.168.2.6	8.8.8.8	0xe13b	Standard query (0)	cdn2.eb-pages.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:08.959216118 CEST	192.168.2.6	8.8.8.8	0x2a6e	Standard query (0)	app.engagebay.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:27.007352114 CEST	192.168.2.6	8.8.8.8	0x9606	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)
May 4, 2021 20:30:30.481265068 CEST	192.168.2.6	8.8.8.8	0x9dc0	Standard query (0)	fitnessfortravel.top	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.192281008 CEST	192.168.2.6	8.8.8.8	0xacbf	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.200879097 CEST	192.168.2.6	8.8.8.8	0x3b18	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.212449074 CEST	192.168.2.6	8.8.8.8	0x6c46	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.828021049 CEST	192.168.2.6	8.8.8.8	0xa25d	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:33.291605949 CEST	192.168.2.6	8.8.8.8	0x61f5	Standard query (0)	www.ziadieinsurance.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.601337910 CEST	192.168.2.6	8.8.8.8	0xc6bf	Standard query (0)	agentmethods-production.s3.amazonaws.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.621011972 CEST	192.168.2.6	8.8.8.8	0x6acf	Standard query (0)	d2wy8f7a9ursnm.cloudfront.net	A (IP address)	IN (0x0001)
May 4, 2021 20:30:35.650073051 CEST	192.168.2.6	8.8.8.8	0x3ddc	Standard query (0)	sessions.bugsnag.com	A (IP address)	IN (0x0001)
May 4, 2021 20:30:35.685650110 CEST	192.168.2.6	8.8.8.8	0x3a2e	Standard query (0)	www.quotit.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 4, 2021 20:30:06.574223042 CEST	8.8.8.8	192.168.2.6	0xa3db	No error (0)	ziadieinsurance.eb-sites.com		143.110.228.35	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.612873077 CEST	8.8.8.8	192.168.2.6	0x4005	No error (0)	d2p078bqz5urf7.cloudfront.net		13.35.253.54	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.612873077 CEST	8.8.8.8	192.168.2.6	0x4005	No error (0)	d2p078bqz5urf7.cloudfront.net		13.35.253.88	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.612873077 CEST	8.8.8.8	192.168.2.6	0x4005	No error (0)	d2p078bqz5urf7.cloudfront.net		13.35.253.55	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.612873077 CEST	8.8.8.8	192.168.2.6	0x4005	No error (0)	d2p078bqz5urf7.cloudfront.net		13.35.253.6	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.634085894 CEST	8.8.8.8	192.168.2.6	0xe1c6	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.634085894 CEST	8.8.8.8	192.168.2.6	0xe1c6	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.634780884 CEST	8.8.8.8	192.168.2.6	0xd35b	No error (0)	stackpath.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.634780884 CEST	8.8.8.8	192.168.2.6	0xd35b	No error (0)	stackpath.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.825690985 CEST	8.8.8.8	192.168.2.6	0xe13b	No error (0)	cdn2.eb-pages.com	d3w29h23ietttc.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:07.825690985 CEST	8.8.8.8	192.168.2.6	0xe13b	No error (0)	d3w29h23ietttc.cloudfront.net		13.32.21.90	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.825690985 CEST	8.8.8.8	192.168.2.6	0xe13b	No error (0)	d3w29h23ietttc.cloudfront.net		13.32.21.41	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.825690985 CEST	8.8.8.8	192.168.2.6	0xe13b	No error (0)	d3w29h23ietttc.cloudfront.net		13.32.21.89	A (IP address)	IN (0x0001)
May 4, 2021 20:30:07.825690985 CEST	8.8.8.8	192.168.2.6	0xe13b	No error (0)	d3w29h23ietttc.cloudfront.net		13.32.21.81	A (IP address)	IN (0x0001)
May 4, 2021 20:30:09.030118942 CEST	8.8.8.8	192.168.2.6	0x2a6e	No error (0)	app.engagebay.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:09.030118942 CEST	8.8.8.8	192.168.2.6	0x2a6e	No error (0)	ghs.googlehosted.com		142.250.184.243	A (IP address)	IN (0x0001)
May 4, 2021 20:30:27.064696074 CEST	8.8.8.8	192.168.2.6	0x9606	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)
May 4, 2021 20:30:30.849812031 CEST	8.8.8.8	192.168.2.6	0x9dc0	No error (0)	fitnessfortravel.top		31.210.20.74	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.243829966 CEST	8.8.8.8	192.168.2.6	0xacbf	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:31.263345003 CEST	8.8.8.8	192.168.2.6	0x3b18	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.263345003 CEST	8.8.8.8	192.168.2.6	0x3b18	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
May 4, 2021 20:30:31.272469997 CEST	8.8.8.8	192.168.2.6	0x6c46	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:31.889746904 CEST	8.8.8.8	192.168.2.6	0xa25d	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:33.475260973 CEST	8.8.8.8	192.168.2.6	0x61f5	No error (0)	www.ziadieinsurance.com	app.agentmethods.com		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:33.475260973 CEST	8.8.8.8	192.168.2.6	0x61f5	No error (0)	app.agentmethods.com	933-646-029.cloud66.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:33.475260973 CEST	8.8.8.8	192.168.2.6	0x61f5	No error (0)	933-646-029.cloud66.net	fox.agentmethods-0820.c66.me		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:33.475260973 CEST	8.8.8.8	192.168.2.6	0x61f5	No error (0)	fox.agentmethods-0820.c66.me		100.25.4.145	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.661562920 CEST	8.8.8.8	192.168.2.6	0xc6bf	No error (0)	agentmethods-production.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 20:30:34.661562920 CEST	8.8.8.8	192.168.2.6	0xc6bf	No error (0)	s3-1-w.amazonaws.com		52.217.89.76	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.690661907 CEST	8.8.8.8	192.168.2.6	0x6acf	No error (0)	d2wy8f7a9ursnm.cloudfront.net		13.32.23.123	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.690661907 CEST	8.8.8.8	192.168.2.6	0x6acf	No error (0)	d2wy8f7a9ursnm.cloudfront.net		13.32.23.168	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.690661907 CEST	8.8.8.8	192.168.2.6	0x6acf	No error (0)	d2wy8f7a9ursnm.cloudfront.net		13.32.23.106	A (IP address)	IN (0x0001)
May 4, 2021 20:30:34.690661907 CEST	8.8.8.8	192.168.2.6	0x6acf	No error (0)	d2wy8f7a9ursnm.cloudfront.net		13.32.23.60	A (IP address)	IN (0x0001)
May 4, 2021 20:30:35.698697090 CEST	8.8.8.8	192.168.2.6	0x3ddc	No error (0)	sessions.bugsnag.com		35.190.88.7	A (IP address)	IN (0x0001)
May 4, 2021 20:30:35.865483999 CEST	8.8.8.8	192.168.2.6	0x3a2e	No error (0)	www.quotit.net		208.90.88.30	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www.ziadieinsurance.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49768	100.25.4.145	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
May 4, 2021 20:30:33.613840103 CEST	5000	OUT	GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.ziadieinsurance.com Connection: Keep-Alive
May 4, 2021 20:30:33.774645090 CEST	5002	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Status: 301 Moved Permanently Cache-Control: no-cache Referrer-Policy: strict-origin-when-cross-origin X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 1; mode=block X-Request-Id: 50e25ea8-b5ef-4bc0-a2ec-9bb0ac2fd77f Location: https://www.ziadieinsurance.com/ X-Download-Options: noopen X-Runtime: 0.021014 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Date: Tue, 04 May 2021 18:30:33 GMT Set-Cookie: _agentmethods_session=Vk9LcTNDSWlEdi9aS01CZzBmWkZPMXVuUEhlY2NCZ2p3QjhoNnVVdGhmeXErSjlCc0RLbmFxNWo5elRHWXlNNGtKcFFhUlgxSGZ0RTBEZC9kWi8zaUR3eW9ZbXhZYUNibXY5enR1QnQ0MkVaUE55WDh5MWdLemhpMFJaalREclMtLU5xbTJPNjMwbDB1QTc4MEhtWUh1THc9PQ%3D%3D--7e897cbf694304b41621a467a576002c03160e6c; path=/; HttpOnly X-Powered-By: Phusion Passenger 6.0.5 Server: nginx + Phusion Passenger 6.0.5 X-Powered-By: cloud66 Data Raw: 36 32 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 7a 69 61 64 69 65 69 6e 73 75 72 61 6e 63 65 2e 63 6f 6d 2f 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 62<html><body>You are being <a href="https://www.ziadieinsurance.com/">redirected</a>.</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 4, 2021 20:30:06.994406939 CEST	143.110.228.35	443	192.168.2.6	49713	CN=*.eb-sites.com CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Feb 24 17:44:03 CET 2021 Thu Feb 20 11:00:00 CET 2014 Tue Sep 01 14:00:00 CEST 1998	Mon Mar 28 18:44:03 CEST 2022 Tue Feb 20 11:00:00 CET 2024 Fri Jan 28 13:00:00 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Thu Feb 20 11:00:00 CET 2014	Tue Feb 20 11:00:00 CET 2024
					CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Sep 01 14:00:00 CEST 1998	Fri Jan 28 13:00:00 CET 2028
May 4, 2021 20:30:06.996067047 CEST	143.110.228.35	443	192.168.2.6	49714	CN=*.eb-sites.com CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Feb 24 17:44:03 CET 2021 Thu Feb 20 11:00:00 CET 2014 Tue Sep 01 14:00:00 CEST 1998	Mon Mar 28 18:44:03 CEST 2022 Tue Feb 20 11:00:00 CET 2024 Fri Jan 28 13:00:00 CET 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Thu Feb 20 11:00:00 CET 2014	Tue Feb 20 11:00:00 CET 2024
					CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Tue Sep 01 14:00:00 CEST 1998	Fri Jan 28 13:00:00 CET 2028
May 4, 2021 20:30:07.802064896 CEST	13.35.253.54	443	192.168.2.6	49721	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.834417105 CEST	13.35.253.54	443	192.168.2.6	49717	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.839668036 CEST	13.35.253.54	443	192.168.2.6	49719	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.841516018 CEST	13.35.253.54	443	192.168.2.6	49718	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.844866037 CEST	13.35.253.54	443	192.168.2.6	49722	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.847408056 CEST	13.35.253.54	443	192.168.2.6	49720	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:07.943664074 CEST	104.18.11.207	443	192.168.2.6	49724	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.943664074 CEST	104.18.11.207	443	192.168.2.6	49724	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.981231928 CEST	104.16.19.94	443	192.168.2.6	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.981231928 CEST	104.16.19.94	443	192.168.2.6	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.984127045 CEST	104.16.19.94	443	192.168.2.6	49725	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.984127045 CEST	104.16.19.94	443	192.168.2.6	49725	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.984169006 CEST	104.18.11.207	443	192.168.2.6	49726	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:07.984169006 CEST	104.18.11.207	443	192.168.2.6	49726	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:08.044940948 CEST	13.32.21.90	443	192.168.2.6	49727	CN=*.eb-pages.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat Sep 05 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Tue Oct 05 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 4, 2021 20:30:08.046996117 CEST	13.32.21.90	443	192.168.2.6	49728	CN=*.eb-pages.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat Sep 05 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Tue Oct 05 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 4, 2021 20:30:09.239196062 CEST	142.250.184.243	443	192.168.2.6	49737	CN=*.engagebay.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon Dec 09 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004	Thu Jan 27 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
					CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:09.239309072 CEST	142.250.184.243	443	192.168.2.6	49738	CN=*.engagebay.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon Dec 09 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004	Thu Jan 27 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
					CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:09.246417046 CEST	142.250.184.243	443	192.168.2.6	49739	CN=*.engagebay.com, OU=EssentialSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon Dec 09 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019 Thu Jan 01 01:00:00 CET 2004	Thu Jan 27 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
					CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:30.968497992 CEST	31.210.20.74	443	192.168.2.6	49749	CN=fitnessfortravel.top CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue May 04 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Tue Aug 03 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:30.969592094 CEST	31.210.20.74	443	192.168.2.6	49750	CN=fitnessfortravel.top CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue May 04 02:00:00 CEST 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Tue Aug 03 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:31.623231888 CEST	104.18.11.207	443	192.168.2.6	49762	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:31.623231888 CEST	104.18.11.207	443	192.168.2.6	49762	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:31.624628067 CEST	104.18.11.207	443	192.168.2.6	49761	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:31.624628067 CEST	104.18.11.207	443	192.168.2.6	49761	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.123205900 CEST	100.25.4.145	443	192.168.2.6	49769	CN=www.ziadieinsurance.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 25 04:27:15 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Jun 23 05:27:15 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.123205900 CEST	100.25.4.145	443	192.168.2.6	49769	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.807704926 CEST	13.32.23.123	443	192.168.2.6	49779	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:34.893507004 CEST	13.32.23.123	443	192.168.2.6	49780	CN=*.cloudfront.net CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global CA G2, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Feb 22 01:00:00 CET 2021 Thu Aug 01 14:00:00 CEST 2013 Mon Nov 06 01:00:00 CET 2017	Tue Feb 22 00:59:59 CET 2022 Tue Aug 01 14:00:00 CEST 2028 Sun Nov 06 00:59:59 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert Global CA G2, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Tue Aug 01 14:00:00 CEST 2028
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US	Mon Nov 06 01:00:00 CET 2017	Sun Nov 06 00:59:59 CET 2022
May 4, 2021 20:30:34.953299046 CEST	52.217.89.76	443	192.168.2.6	49777	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.953299046 CEST	52.217.89.76	443	192.168.2.6	49777	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.955854893 CEST	52.217.89.76	443	192.168.2.6	49775	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.955854893 CEST	52.217.89.76	443	192.168.2.6	49775	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.959973097 CEST	52.217.89.76	443	192.168.2.6	49778	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.959973097 CEST	52.217.89.76	443	192.168.2.6	49778	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.960515976 CEST	52.217.89.76	443	192.168.2.6	49773	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.960515976 CEST	52.217.89.76	443	192.168.2.6	49773	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.960625887 CEST	52.217.89.76	443	192.168.2.6	49776	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.960625887 CEST	52.217.89.76	443	192.168.2.6	49776	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.961292982 CEST	52.217.89.76	443	192.168.2.6	49774	CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015	Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:34.961292982 CEST	52.217.89.76	443	192.168.2.6	49774	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		9e10692f1b7f78228b2d4e424db3a98c
May 4, 2021 20:30:35.786021948 CEST	35.190.88.7	443	192.168.2.6	49783	CN=*.bugsnag.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Wed May 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
May 4, 2021 20:30:35.808263063 CEST	35.190.88.7	443	192.168.2.6	49784	CN=*.bugsnag.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Wed May 19 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 3084 Parent PID: 792

General

Start time:	20:30:04
Start date:	04/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 3028 Parent PID: 3084

General

Start time:	20:30:05
Start date:	04/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3084 CREDAT:17410 /prefetch:2
Imagebase:	0xe60000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Network device logs, Network intrusion detection system, Packet capture, Process use of network, SSL/TLS inspection, Web proxy
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://ziadieinsurance.eb-sites.com/5518707892682752

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 3084 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 3028 Parent PID: 3084

General

Disassembly