version: 29.0.0 ocean jasper - joesandbox.com

ID: 285879Cookbook: browseurl.jbsTime: 18:47:07Date: 15/09/2020Version: 29.0.0 Ocean Jasper

2

44444444444556677777788899

101111111111111212122828282829303232323334343434343434

Table of Contents

Table of ContentsAnalysis Reporthttps://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814

OverviewGeneral InformationDetectionSignaturesClassification

StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

No static file infoNetwork Behavior

Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 6888 Parent PID: 796GeneralFile ActivitiesRegistry Activities

Copyright null 2020 of 35

35353535

35

Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888GeneralFile ActivitiesRegistry Activities

Disassembly


Analysis Report https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814…

Overview

General Information

Sample URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814

Analysis ID: 285879

Most interesting Screenshot:

Detection

Score: 0

Range: 0 - 100

Whitelisted: false

Confidence: 80%

Signatures

No high impact signatures.

Classification

Malware Configuration

Yara Overview

Sigma Overview

No Sigma rule has matched

Signature Overview

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

iexplore.exe (PID: 6888 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6936 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6888 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

No configs have been found

No yara matches

Startup


• Networking

• System Summary

Click to jump to signature section

There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

CommandandControl

NetworkEffects

RemoteServiceEffects Impact

ValidAccounts

WindowsManagementInstrumentation

PathInterception

ProcessInjection 1

Masquerading 1 OSCredentialDumping

File andDirectoryDiscovery 1

RemoteServices

Data fromLocalSystem

ExfiltrationOver OtherNetworkMedium

EncryptedChannel 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

ModifySystemPartition

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

ProcessInjection 1

LSASSMemory

ApplicationWindowDiscovery

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

Non-ApplicationLayerProtocol 1

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

DeviceLockout

DomainAccounts

At (Linux) Logon Script(Windows)

LogonScript(Windows)

Obfuscated Filesor Information

SecurityAccountManager

QueryRegistry

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

ApplicationLayerProtocol 2

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

DeleteDeviceData

Behavior Graph


Behavior Graph

ID: 285879

URL: https://sites.google.com/si...

Startdate: 15/09/2020

Architecture: WINDOWS

Score: 0

iexplore.exe

21 87

started

iexplore.exe

3 73

started

googlehosted.l.googleusercontent.com

172.217.22.33, 443, 49723, 49724

GOOGLEUS

United States

storageonnet.top

104.27.187.2, 443, 49729, 49730

CLOUDFLARENETUS

United States

2 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Screenshots


Source Detection Scanner Label Link

https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814

0% Avira URL Cloud safe

No Antivirus matches

No Antivirus matches


storageonnet.top 1% Virustotal Browse


https://accounts.googl 0% URL Reputation safe


Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs


https://www.virustotal.com/gui/url/713bcc5a124e60b4bde8e64bb5168ac33b5c185d12e5d860a6c0ff9078bd2245/detection/u-713bcc5a124e60b4bde8e64bb5168ac33b5c185d12e5d860a6c0ff9078bd2245-1599404571


https://sites.gooRoot 0% Avira URL Cloud safe

https://sites.gooom/site/id500382349/googledrive/share/downloadsrarchyRoot 0% Avira URL Cloud safe

https://www.google.%/ads/ga-audiences? 0% URL Reputation safe



https://sites.goo 0% Avira URL Cloud safe

https://sites.gooTRST 0% Avira URL Cloud safe

https://sites.gooom/site/id500382349/googledrive/shareRoot 0% Avira URL Cloud safe

https://sites.gooom/site/id500382349/system/app/pages/sitemap/hierarchyRoot 0% Avira URL Cloud safe

https://storageonnet.top/alt.php&st=e%3DAIHE3cChECCcycniJ5AqKYXc7mgj%252F7zhE02BLqJaxB90SqyU%252F9mL

0% Avira URL Cloud safe

https://sites.google.c 0% Avira URL Cloud safe

www.wikipedia.com/ 0% Virustotal Browse

www.wikipedia.com/ 0% URL Reputation safe



https://storageonnet.top/alt.php 1% Virustotal Browse

https://storageonnet.top/alt.php 0% Avira URL Cloud safe


Name IP Active Malicious Antivirus Detection Reputation

storageonnet.top 104.27.187.2 true false 1%, Virustotal, Browse unknown

googlehosted.l.googleusercontent.com 172.217.22.33 true false high

tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com

unknown unknown false high

www-sites-opensocial.googleusercontent.com unknown unknown false high

Name Source Malicious Antivirus Detection Reputation

www.apache.org/licenses/LICENSE-2.0 jot_min__en[1].js.2.dr false high

https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p

ifr[1].htm.2.dr false high

www.nytimes.com/ msapplication.xml4.1.dr false high

https://accounts.googl {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://sites.gooRoot {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr

false Avira URL Cloud: safe unknown

https://www.youtube.com/embed/ jot_min__en[1].js.2.dr false high

https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html

cb=gapi[1].js.2.dr false high

https://1367816443-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_

home[1].htm.2.dr false high

www.amazon.com/ msapplication.xml.1.dr false high


googledrive[1].htm.2.dr false high


share[1].htm.2.dr false high

https://sites.gooom/site/id500382349/googledrive/share/downloadsrarchyRoot

{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr



storage[1].htm.2.dr false high

www.metacafe.com/embed/ jot_min__en[1].js.2.dr false high

www.twitter.com/ msapplication.xml6.1.dr false high

Domains and IPs

Contacted Domains

URLs from Memory and Binaries


https://www.virustotal.com/gui/url/fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205/detection/u-fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205-1600171733

https://www.virustotal.com/gui/url/1df5e613c4812eec3dda05c948c4f1365fd1041df5d86c3589c9d8fad451c893/detection/u-1df5e613c4812eec3dda05c948c4f1365fd1041df5d86c3589c9d8fad451c893-1597161087

https://www.virustotal.com/gui/url/713bcc5a124e60b4bde8e64bb5168ac33b5c185d12e5d860a6c0ff9078bd2245/detection/u-713bcc5a124e60b4bde8e64bb5168ac33b5c185d12e5d860a6c0ff9078bd2245-1599404571

https://tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=ht


false high

https://www.google.%/ads/ga-audiences? ga[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

low

https://sites.goo {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr


https://stats.g.doubleclick.net/j/collect? ga[1].js.2.dr false high

https://sites.gooTRST {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr


https://sites.gooom/site/id500382349/googledrive/shareRoot{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr


www.youtube.com/ msapplication.xml8.1.dr false high

https://googledrive.com/thumb/ jot_min__en[1].js.2.dr false high

https://sites.gooom/site/id500382349/system/app/pages/sitemap/hierarchyRoot



https://lh3.googleusercontent.com/a/default-user js[1].js0.2.dr, js[1].js1.2.dr false high

https://storageonnet.top/alt.php&st=e%3DAIHE3cChECCcycniJ5AqKYXc7mgj%252F7zhE02BLqJaxB90SqyU%252F9mL




hierarchy[1].htm.2.dr false high

https://sites.google.c {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr


www.wikipedia.com/ msapplication.xml7.1.dr false 0%, Virustotal, BrowseURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://490905689-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_i

downloads[1].htm.2.dr false high

www.live.com/ msapplication.xml3.1.dr false high

www.metacafe.com/fplayer/ jot_min__en[1].js.2.dr false high

https://storageonnet.top/alt.php {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr

false 1%, Virustotal, BrowseAvira URL Cloud: safe

unknown

www.reddit.com/ msapplication.xml5.1.dr false high

Name Source Malicious Antivirus Detection Reputation

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

Contacted IPs

Public


https://www.virustotal.com/gui/url/fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205/detection/u-fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205-1600171733

https://www.virustotal.com/gui/url/1df5e613c4812eec3dda05c948c4f1365fd1041df5d86c3589c9d8fad451c893/detection/u-1df5e613c4812eec3dda05c948c4f1365fd1041df5d86c3589c9d8fad451c893-1597161087

General Information

Joe Sandbox Version: 29.0.0 Ocean Jasper

Analysis ID: 285879

Start date: 15.09.2020

Start time: 18:47:07

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 6m 24s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: browseurl.jbs

Sample URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814

Analysis system description: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

Number of analysed new started processes analysed: 24

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: CLEAN

Classification: clean0.win@3/57@3/2

Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://sites.google.com/site/id500382349/homeBrowsing link: https://sites.google.com/site/id500382349/googledriveBrowsing link: https://sites.google.com/site/id500382349/googledrive/shareBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/sitemap/hierarchyBrowsing link: https://sites.google.com/site/id500382349/googledrive/share/downloadsBrowsing link: https://accounts.google.com/ServiceLogin?continue=https://sites.google.com/site/id500382349/googledrive/share/downloads/storage&service=jotspotBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/recentChangesBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/reportAbuseBrowsing link: http://sites.google.com/site

IP Country Flag ASN ASN Name Malicious

104.27.187.2 United States 13335 CLOUDFLARENETUS false

172.217.22.33 United States 15169 GOOGLEUS false


Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exeExcluded IPs from analysis (whitelisted): 51.143.111.7, 52.158.208.111, 104.108.39.131, 216.58.206.14, 172.217.22.99, 216.58.212.132, 172.217.16.174, 216.58.205.232, 51.11.168.160, 172.217.23.110, 108.177.15.189, 152.199.19.161, 23.210.248.85, 92.122.213.194, 92.122.213.247, 172.217.22.14, 67.27.158.126, 8.248.131.254, 8.253.207.120, 67.26.83.254, 8.253.95.121, 52.155.217.156Excluded domains from analysis (whitelisted): umwatson.trafficmanager.net, docs.google.com, ssl.gstatic.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, www.google.com, ssl-google-analytics.l.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, plus.l.google.com, ie9comview.vo.msecnd.net, sites.google.com, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, 93.docs.google.com, gg.google.com, ssl.google-analytics.com, umwatsonrouting.trafficmanager.net, browserchannel-sites.l.google.com, play.google.com, go.microsoft.com.edgekey.net, apis.google.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.

No simulations

No context

No context

No context

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN


No context

No context

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\4A3WNSQA\sites.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Size (bytes): 13

Entropy (8bit): 2.469670487371862

Encrypted: false

MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966

SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB

SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED

Malicious: false

Reputation: low

Preview:<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A24E1E12-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 39000

Entropy (8bit): 1.9181697180192554

Encrypted: false

MD5: B34AC03DB8FD52DA3FE9FD010109AA95

SHA1: 7B17875F02CD6958BCB81964025AA1DBD7E999AB

SHA-256: A700868E76569AF3ED0CC34C65154B3144D3E252827E08765561B80AFA734A9A

SHA-512: DE6D9038182BA40284C4BCC6C00A5505B6E292283E9ADB69EF8E0053CF8D4CE39FD020F66AA5CBC0F15AB16E0FBC27D5148D12482140B5A4E67A7E01A283DFFA

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 204226

Entropy (8bit): 2.768936334017072

Encrypted: false

MD5: 4F62719AA391357ED551D656EAD31397

SHA1: B0EBC7AE0760C4D610BEA33BD53F054681377B74

SHA-256: 38D39FE126EA72689EB10471F32F9316B65EB5F1A9E7CCBFB3BAAE3267D6A67F

SHA-512: 4A8264F0A4FF7CE6B4158C96C60468385D4CD1DD9D3D7A92BBCCB1310FDBA63EEB5269D9857801D9361519541CC78C221D8C1DDF533B064ED40A4EFFDED65475

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E15-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe

JA3 Fingerprints

Dropped Files

Created / dropped Files



Size (bytes): 19032

Entropy (8bit): 1.5836332489591933

Encrypted: false

MD5: 6BCCA7E68A0850216D1A6E4BC8D123BB

SHA1: 169352C1247CF232507F9A9D6BBFC0718EACF0C2

SHA-256: 477AE947E540B593C56D8493477A93018F6F40FAAA59BB9AB291CFFFDD18040E

SHA-512: F5FE8A2C11FFEE465BF7DFF72A242548B453EC40DAFFC3FA81DE72AB32CBDBEA98CDA5FC988C6050B1605A6D67D37636F953DB9972BE06A93CEEDADA7873B38D

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E15-F7BE-11EA-90E8-ECF4BBEA1588}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.084409096049204

Encrypted: false

MD5: CF1C572BC4E300A119432129F5F519A0

SHA1: 7F39401DFA0713FF9103F8A95D03175FB6B46B09

SHA-256: A5E84A571473B2B882D871A8DF6114FADE31C100355C42DD4B7A304E35864259

SHA-512: 74316EB261B73D3EA4F92C458D81B937B1EDBCD12002E14FD46B0E912AE938EE62AF62B46422DC727201CDCA21680F15FCC47C3047184D82ACA9505A1E22B684

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.13743418283882

Encrypted: false

MD5: 0C9EC6BBFBD7FEEA85D58FCBD8A25B48

SHA1: 328FAAB5451D4FB4CD47246691B59EE3B20177B1

SHA-256: 6137BAE32619EEC3F06A3A3474B1416FFE299557B49FE5B52ECD7312EA29BFE4

SHA-512: 33A1CE3775C4D226CF5EEB349183A2A3C56C93DBE47867ACA0C3C92EC74DBE98515D0D62ABB7DE479C6799E4E791DC2FFC3B032CBC7D0A151E009AAA975E1558

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x790489ec,0x01d68bcb</date><accdate>0x790489ec,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x790489ec,0x01d68bcb</date><accdate>0x7906ec42,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..



Size (bytes): 662

Entropy (8bit): 5.1048169198669635

Encrypted: false

MD5: 19D71201B2B81DBE38DDEDDD0DA881B4

SHA1: D631AF7BDCE700712B07270660B1B4291AD348CD

SHA-256: 6926896C2A76157D685739D7DAFC9D9EC04664B5DBE5DF6AE675C2F6C1E9D053

SHA-512: 0C641E01B06C09C426C9DFC0B71360B7FB7C71A5BEFCA899DC2FE58E4DECBCB9B89F45E1A2174C2F564306981FD5970DFD0B4410860349159C41B551EA41A50F

Malicious: false

Reputation: low


Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml



Size (bytes): 410

Entropy (8bit): 5.166001961014589

Encrypted: false

MD5: CE3080C498C81561C8F694307C613141

SHA1: 656A5A5D42ABE13431B9D5C6EA31FCF823B20363

SHA-256: 2AF3691D90991CD473900FBDE666F557DB9B2B638934D6FCE527F78F4706408C

SHA-512: 3F5634444747D18EF8D44C3BD2E7F542B9C492A48BEA5CCF6D065A5F90E0FDBC2A428B9E939C0249800D00561EBC0A3BD4BD59FEE7C7570B7011A4F875B1371A

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x259f0d0f,0x01d52d14</date><accdate>0x790bb111,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/><selection>\lowres.png</selection></tile></msapplication></browserconfig>..



Size (bytes): 647

Entropy (8bit): 5.1041243066665665

Encrypted: false

MD5: 286C08E8B0F9EEA328365BE2C66E2C23

SHA1: E7BEDDE2C284A53EFBB57D834E5DE7C009061339

SHA-256: 3BC61BC85D6833C66C9D6C52CF6D277F0523E0EFB0ACBA7ADC5B4CF1E9AA5083

SHA-512: 77805E77512AB3C65F5D6F7FF6C8EF7F26BAD68ABF0EB99673537302A0CB7822F0722A808CBD9B81791C2E01AE9EA16D0345EA91744419994F3FD70DE71D749F

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..



Size (bytes): 656

Entropy (8bit): 5.11182969463792

Encrypted: false

MD5: A114615727E488C4EB8E7A511BC720F6

SHA1: 48830EE3E1DC0B66D20711C572B5779ED295CB94

SHA-256: 255B46B0BAFA55AB8317CB975159C564F1DCE4A1C8A2FF6DEA89EE609CD311A0

SHA-512: 81734E52B8BFC2ED9B91521E662A1DECD5043A520DB13AC48CC7A8AE6E1239226EAF1A2825D2851AE5376BE6EAF5FDC16B0E1D1637720E146FB450C45C5910B5

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x791ec3d6,0x01d68bcb</date><accdate>0x791ec3d6,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x791ec3d6,0x01d68bcb</date><accdate>0x791ec3d6,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.088127585935523

Encrypted: false


MD5: 192FD5FDED66C58607AD80D914168F8C

SHA1: 0C90F8BADB49352824BC5F3FA71F554B4B1A49B0

SHA-256: 5E762C2E57BDB72B57E2F6C9D97F2E2D041AD68F98BACC9FD7F50ED2D6F170CD

SHA-512: 22F119AE5AC7DCC814A2E104673BC58D10BED135A5A9CDC731A7A7E8AC805182D4C210481966B8EE2792BAAF686E360EEE67686535602B0E37E7BD80E40F5A35

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 656

Entropy (8bit): 5.128369826228533

Encrypted: false

MD5: 568678ABCA3C85844BCA7A4E9DAEA458

SHA1: 10AD3EC8654BA96B94DFD5CB7EB07E3FB6D8771D

SHA-256: 25402E91CB6699F784EEC5E5CB00FBE23AF112F5CC7BD3DFEAB6FA8EF1E88B1C

SHA-512: 9FC2C46D28692908A8D67DF2FD59C3A720971FF4A39E42738499D6425BAF37BC1492F51B76370D5A141C07D58D15A16534CD7565150AA3CFFC9E254613649778

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..



Size (bytes): 659

Entropy (8bit): 5.10889016178522

Encrypted: false

MD5: 28FA91DDDA844C239FA6CE370A812051

SHA1: 58796E822BF2C775AA35368F01A5A78E8EA86891

SHA-256: FA8C0627F1725DCFB857641CD27184E7FACE3C7189BBEDBCA2FC5B19632BD392

SHA-512: 2D1F2D47D0C9C863DCAD699BFB0151E8BEB2279BF41C133F842D4D3A8216AEEEFD842888138333209B6C0CD7DB9BE23644DB00D7F66B74CDCE4EAD3497894328

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x790e1363,0x01d68bcb</date><accdate>0x790e1363,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x790e1363,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.098074218984521

Encrypted: false

MD5: 73BF9EB680B2E098AF746DB73DE67305

SHA1: A6B25DA854A358D50384FF48A95502CF8BE54362

SHA-256: 43A2CB5C24D381742C4DAEE3ECED210FBF8D8F2DEB5F00378230CAF2D454507D

SHA-512: E015414A545135B9ACEF8333BA505BCBADAC853542F24E9FB522571557E2096DE185A3D799DE5F5EB9C2C9DB5413053D5EB98C5F9C8A56947068DF159B397676

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x79153a5a,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x79153a5a,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 5736

Entropy (8bit): 2.166986963437441

Encrypted: false

MD5: BD6B53ABAC99207AC3D194ECE491B7A3

SHA1: E1582042522CA46AB3C946C4E8738F5B1103F735

SHA-256: 5314699A897741E5881A2A2F2F1A8A2D3EFCE3C31B5FD7F746AC3C3A29A7672E

SHA-512: 634AA4190E3619F1442B114473679506426A0757FFD001B35BDF3A9A664F8C80A141C5B7329243F7B74A45961472DDE9BE4565DAFF5EFE8333E168D7FF8A9FFB

Malicious: false

Reputation: low

Preview:8.h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.i.m.a.g.e.s./.i.c.o.n.s./.p.r.o.d.u.c.t./.s.i.t.e.s.-.1.6...i.c.o.~............... .h.......(....... ..... ..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B.............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\allthemes-view[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 2225

Entropy (8bit): 4.5074157444177105

Encrypted: false

MD5: 0CE4597C3D5C4B16737347634F71EEA7

SHA1: 6A14E51B59036EF6F598133231C2C98EBCEBD174

SHA-256: 3CA333C8F9FB68D7B657F593D01059FF8B060126E5BD21644CF1A554BB1C920F

SHA-512: 2C4694689DDA053490AE8260DA2EC135E892A2222D0732DE55CEA3D3483350BE37D81941693D409A76AAA49E6C189950A68D509879EE07D74290565E80AF75C5

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/css/camelot/allthemes-view.css

Preview:.goog-tree-row{padding-bottom:8px}.goog-tree-row .goog-tree-item-label{vertical-align:bottom}.goog-tree-row .goog-tree-icon,.goog-tree-root>.goog-tree-row .goog-tree-icon{background:url('../../images/camelot.png') no-repeat;margin-left:6px}.goog-tree-root>.goog-tree-row .goog-tree-icon{background-position:-208px 0;margin-left:2px;height:15px;width:15px;position:relative;top:-1px}.goog-tree-row .goog-tree-file-icon,.goog-tree-row .goog-tree-expanded-folder-icon,.goog-tree-row .goog-tree-collapsed-folder-icon,.sites-delete-items-subtree .goog-tree-root>.goog-tree-row .goog-tree-icon{margin-left:0;width:0}div .goog-tree-row .goog-tree-expand-icon-tplus,div .goog-tree-row .goog-tree-expand-icon-tminus,div .goog-tree-row .goog-tree-expand-icon-lplus,div .goog-tree-row .goog-tree-expand-icon-lminus{width:11px;margin-left:5px}div .goog-tree-row .goog-tree-expand-icon-t,div .goog-tree-row .goog-tree-expand-icon-l{background-position:-275px 0;width:8px;margin-left:8px}.site-rtl div .goog-tree-r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3

Size (bytes): 453

Entropy (8bit): 5.019973044227213

Encrypted: false

MD5: 20F0110ED5E4E0D5384A496E4880139B

SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255

SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B

SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A

Malicious: false

Reputation: low

Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... [email protected].%...m..D.25...T...F.........p......A..........BP..qD.([email protected]?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\camelot[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 842 x 17, 8-bit/color RGBA, non-interlaced

Size (bytes): 3827

Entropy (8bit): 7.897599275600258

Encrypted: false

MD5: 5B8D3E2247DD46B3C38304417E37EEEB

SHA1: 336776F4039D1CE46A76C31C78CC514AADB78C69

SHA-256: 249F0F77045CAF964DC7728262B357F7EC91BBA35B6FB9E3BBCC053088A73640

SHA-512: 263A99C0567EFA684D205A0DB74CF8D714F5CEE84D954231A732AF93E2EB67B923D59AAE79DBDFD959F9D839A103FE3FBBA79A48FB86F075F93E1671D52E84D2

Malicious: false

Reputation: low


IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/camelot.png

Preview:.PNG........IHDR...J..........{\D....IDATx..[.U...I.M..S|.y. ..1..}h.K.E...P).C... B...4..qZ.(^....4.C.DKL+.......(H.J..Z-.pu}.o.Yg.u..s....c....{.....!....D...@T......:._.x..X.....S..._....{.9..eC.R^.{I..C.wq.G..]a>".....1jq..+..u.i8......l.x...x.-.Z...:q.1}hh..b.rk.X...].-..c.X].W.A..yq...c9.+...=<.]s1..'ORp. .>.)...gD.......,Y...;{,...m.s,>{l.l...C.....N....s..cJ.......5....Y`,C>F.....B..X5x....X..V./^......z.-Z...E.w./.7.cz3...H7..C.i.........CE.$...c....~:c......w9.#.......J..`.....L..y.f..a...f=}-....+.^.7a..a..T19.).L.$z..R.....5.4.......L.i.,.V. ..4b]...X.....5k....J.7.q.v|-E......(.s0.AI.O:..$...R|H"2(1....+.]....(P....O.J.../.r..I..T.?.~..';v....qI!.2.....K.....o.....)] ...!.|...(.1.g../.................p.{[email protected]:>>...j...... .....9..n.}..5._.......K9.%_E'TQR)?.(.....(.*N.&...K...j..OP..(MUP:.y. ...(z..z-5([email protected].:u.OM.%....\.].(!..a....@.........%.5.....1......K......~~....MH.....6.j...^.D.#.(.0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\camelot[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 4720

Entropy (8bit): 5.164796203267696

Encrypted: false

MD5: D65EC06F21C379C87040B83CC1ABAC6B

SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B

SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F

SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E

Malicious: false

Reputation: low

Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jot_min_view__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines


Entropy (8bit): 5.447881784379425

Encrypted: false

MD5: 0DD58F1BBF5E9AEB53EE139C817E3E62

SHA1: 6326C193E97F57AF07EED2212A64BE8572183E43

SHA-256: C5730DC7D6FC2464179F63CFF7A850349A924F7C49719FEAB1E31F7E1931CAFA

SHA-512: 12DD27C919D2302DC3F952CD111301D295DF26F2B314CC88A69A2593A456554F413270A37A20E59992FEA5F4248AF92C8741DAFFDF867601128AB6DF8253B473

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/js/jot_min_view__en.js

Preview:/* Copyright 2008 Google. */ (function() { /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa=" apps-actiondatawidget-content-element",ba='" class="',ca='" tabindex="0" role="button">',d='">',da='"></div>',ea='"><a target="keyboard_shortcuts_help_window" href="',fa='"><div class="',ha='"><span id="',ia='"><table cellpadding="0" class="',ja="' of type ",ka="-caption",la="-content",ma="-default",na="-disabled",pa="-dropdown",qa="-inner-box",ra="-outer-box",sa="</div>",ta="</h3></th></tr>",ua="</td></tr>",va='</td><td class="',wa='<div class="',xa='<span aria-label="',ya='<span class="',.za='<tr><td class="',Aa='<tr><th colspan="2"><h3 class="',Ba="Application",Da="BUTTON",Ea="CSS1Compat",Fa="CSS_APP_TABLE",Ga="CSS_SHORTCUTS_HELP_POPUP_CONTENT_ELEMENT",Ha="CSS_SHORTCUTS_HELP_POPUP_CONTENT_HEADER",Ia="CSS_SHORTCUTS_HELP_POPUP_HEADER_TABLE_ELEMENT",Ja="CSS_SHORTCUTS_HELP_POPUP_TEAROFF_LINK",Ka="Compatible spreadsheet shortcut",La="Component already re

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\overlay[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 2790

Entropy (8bit): 4.553469987986986

Encrypted: false

MD5: D1FCCD26A463FAFD6C91780EB768A16B

SHA1: B75C0A6AD11127049B83EFE09DE40F44C4A53C3C

SHA-256: 1FF941D5340A2E53989931C6A0B91C21315E234CC52E68E62DBD72B3C861AC1C

SHA-512: 752F90B962FB63AE35C5624268A1A8AFFCC59759E441F4856E54D06B1FB40B7B7113735136E89872532F845505BDBEA0CFD7336D3FA0E152D115EB62968B9AB9

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/css/overlay.css?cb=microlite1a150goog-ws-nonenone30themedefaultstandard

Preview:.sites-chrome-header-valign-top{vertical-align:top!important}.sites-chrome-header-valign-top h2 a{vertical-align:top!important}.sites-chrome-header-valign-top h2 a img{vertical-align:top!important}.sites-layout-searchbox .sites-chrome-header-valign-top{vertical-align:top!important}#sites-chrome-everything #sites-chrome-header .sites-logo.sites-chrome-header-valign-top{float:none}.sites-chrome-header-valign-bottom{vertical-align:bottom!important}.sites-chrome-header-valign-bottom h2 a{vertical-align:bottom!important}.sites-chrome-header-valign-bottom h2 a img{vertical-align:bottom!important}.sites-layout-searchbox .sites-chrome-header-valign-bottom{vertical-align:bottom!important}#sites-chrome-everything #sites-chrome-header .sites-logo.sites-chrome-header-valign-bottom{float:none}.sites-chrome-header-valign-middle{vertical-align:middle!important}h2 a .sites-chrome-header-valign-middle{vertical-align:middle!important}h2 a img .sites-chrome-header-valign-middle{vertical-align:middle!impo


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rpc[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 24457

Entropy (8bit): 5.371008401416112

Encrypted: false

MD5: B434B7E86C2C528F720C217006FB80FB

SHA1: E71CD371BB4E94BDCCB6BF85CEC8C8ABEA2DE339

SHA-256: 8A9977AB6CB178753C6CEEDE4125A3D771757BF835824028C2E4446331B8415F

SHA-512: DFB88497331469AB01A5E4E3FFAAC630AC0E04FEE2910A437B4A56865E145598789AACE493874466E0AC9A687B3CE3F888E56CE20C6FE24E673F8AE5CB0C7AAE

Malicious: false

Reputation: low

IE Cache URL: https://www-sites-opensocial.googleusercontent.com/gadgets/js/rpc.js?container=enterprise&nocache=0&debug=0&c=1&v=e7d0babcaee54af0bb39e14e45519bdd&sv=10

Preview:window['___jsl'] = window['___jsl'] || {};(window['___jsl']['ci'] = (window['___jsl']['ci'] || [])).push({"rpc":{"disableForceSecure":true,"passReferrer":"p2c:query","parentRelayUrl":"/rpc_relay.html"}});window['___jsl']=window['___jsl']||{};(window['___jsl']['ci'] = (window['___jsl']['ci'] || [])).push({"rpc":{"disableForceSecure":true,"passReferrer":"p2c:query","parentRelayUrl":"/rpc_relay.html"}});./* [start] feature=taming */.var safeJSON=window.safeJSON;.var tamings___=window.tamings___||[];.var bridge___;.var caja___=window.caja___;.var ___=window.___;;../* [end] feature=taming */../* [start] feature=gapi-globals */.var gapi=window.gapi||{};gapi.client=window.gapi&&window.gapi.client||{};.;.;../* [end] feature=gapi-globals */../* [start] feature=globals */.var gadgets=window.gadgets||{},shindig=window.shindig||{},osapi=window.osapi=window.osapi||{};.;../* [end] feature=globals */../* [start] feature=core.config.base */.window['___cfg'] = window['___cfg'] || window['___gcfg'];;.if

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\share[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Size (bytes): 20860

Entropy (8bit): 5.332971777452247

Encrypted: false

MD5: 851DFB04207A2C9D15BAD5DAEA81376E

SHA1: 256770112C628276A21330CC8E61B2327A7CA1AB

SHA-256: 9F47EDD20B859428897F000A83AE46036A131DA558C867F64B49ECE62756EFF8

SHA-512: 949427A6F3667B3B3DEFE91E8502072387B828A5CED3D80FC7C763D0EA46C86C0D0078662743DEF7636087D0C813E668255A04B1F3E8E853AD7C23D5E5D81C8F

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share

Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\standard-css-microlite-ltr-ltr[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.067860958241399

Encrypted: false

MD5: 10F8EB1603E72A02F45D168CD1728723

SHA1: D432E49253BDCAE6AE5408F06B223C1C40D6504B

SHA-256: FCEA28CF7BE5609AEA3A506104118ECAE08B5FAE22768EB70E1312C3E53575D6

SHA-512: 7411F3421B24B8D87F09AD4B1232503706A588F9ACEDBCDD64DB6B1221377D04399C5306A0858993DDFF02DA2295E0C1F638251FD8EED7ED121D3191B417F526

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/themes/microlite/standard-css-microlite-ltr-ltr.css

Preview:/* Copyright 2020 Google Inc. All Rights Reserved. */..goog-tab{position:relative;padding:4px 8px;color:#00c;text-decoration:underline;cursor:default}.goog-tab-bar-top .goog-tab{margin:1px 4px 0 0;border-bottom:0;float:left}.goog-tab-bar-top:after,.goog-tab-bar-bottom:after{content:" ";display:block;height:0;clear:both;visibility:hidden}.goog-tab-bar-bottom .goog-tab{margin:0 4px 1px 0;border-top:0;float:left}.goog-tab-bar-start .goog-tab{margin:0 0 4px 1px;border-right:0}.goog-tab-bar-end .goog-tab{margin:0 1px 4px 0;border-left:0}.goog-tab-hover{background:#eee}.goog-tab-disabled{color:#666}.goog-tab-selected{color:#000;background:#fff;text-decoration:none;font-weight:bold;border:1px solid #6b90da}.goog-tab-bar-top{padding-top:5px!important;padding-left:5px!important;border-bottom:1px solid #6b90da!important}.goog-tab-bar-top .goog-tab-selected{top:1px;margin-top:0;padding-bottom:5px}.goog-tab-bar-bottom .goog-tab-selected{top:-1px;margin-bottom:0;padding-top:5px}.goog-tab-bar-start

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\downloads[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 21267

Entropy (8bit): 5.335830136584567


Encrypted: false

MD5: F2A3BBC47F820ECE4E7EB08EAC524AA6

SHA1: BC0CC9F5DECC0B8CA641D46234498B2AD8F9C274

SHA-256: 8EBCB72C5312EE90990282954196AFAADEE2C0846170676BACE30BE09EE039FD

SHA-512: ED3DCC880872D7B9D4392F596F672F8B7A6B4D797B5BA32C38309146F3B368C2262997064A918C363879723949E5791791AA2011708160569D967E659A8C9888

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share/downloads


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\downloads[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\hierarchy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 21230

Entropy (8bit): 5.321578399197326

Encrypted: false

MD5: C1CA13F1493756E66DDFFFBAAFAC6C64

SHA1: 8F5032A5BA88D09330ED342298B5E869EDC2F6EF

SHA-256: 6C8C18AD67BED52C68DD17C0E4F667AF22C83A78041B4EA0C3E3FC2491BB616F

SHA-512: F6698A5FABE84CFA2745A62261BDBEF62FA68B65F93A1EB14C702FAF865670A3280D0E323F6F5A101261E5BF00E50446954EFDB953C562481A44FA9CCC701EAE

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/system/app/pages/sitemap/hierarchy


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\home[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19494

Entropy (8bit): 5.321831300688893

Encrypted: false

MD5: 5ED24E184D8EFCA442EBF81203A950C7

SHA1: 815E61267E7A6FB33A73CD1E0F321AB6FE35C895

SHA-256: BA7FF3BD23C7E58536190A203CD29E22D0EB00E0EA3206A21F9FC0F757D19376

SHA-512: 716FDC5D03BCE8374ECE90CE44216F8A0D6D9E505C73979145CF94DC6DEEDF01B8D6EF46AB21547FE68C73CDCA4C1E01D6FDBD519E03938B42396F982C0AE682

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/home


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\host[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.523143819457407

Encrypted: false

MD5: 20EB18C5E06A1A404303875DEC6D017F

SHA1: 3AC308ECEEF1AAEF70C70BA135F4FA52803FE3F6

SHA-256: FD8CC606DAAD49676667896FC31D5C8C8A035B5D0AE7D5D9E14F21B0965320B0


SHA-512: 35EAFB71E9EE437DE482DF00DADC147A3C4893A78FE1A09B5ABDC0E0A7DA5C6524C0836B8E88150BB9E5E6C8E139CDCD6CDC8E6C1101033C16280C0F71D10CC9

Malicious: false

Reputation: low

IE Cache URL: https://93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/js/host?token

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="//www.google.com/images/cleardot.gif",ba="CUSTOM",ca="Client failure. ",da="Component already rendered",ea="Content-Type",fa="Create session failed",ha="Creating session",ia="DIV",ja="Edge",la="Error in protected function: ",ma="GuidedHelpResume",na="Invalid listener argument",oa="Not available",pa="Opera",qa="POST",ra="SCRIPT",sa="SETUP",ta="SETUP_ACK",ua="SETUP_ACK_NTPV2",va="Symbol.iterator",wa="Transient error",xa="Trying to send a request without a request sender for - ",ya="Unable to set parent component",.za="X-Goog-Upload-Status",Aa="about:invalid#zClosurez",Ba="absolute",Ca="activedescendant",Da="aria-activedescendant",Ea="arraybuffer",Fa="base64",Ga="boolean",Ha="border-box",Ia="checked",Ja="complete",Ka="contextmenu",La="crosswindowmessaging.channel",Ma="document",h="function",Na="goog-inline-block ",Oa="goog-menu-button",Pa="goog-menuheader",Qa="goog-menuseparator",Ra="go

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\host[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ifr[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19830

Entropy (8bit): 5.4407794192913155

Encrypted: false

MD5: 1E8C29B2F4E11D89A62EA8AD7585AD94

SHA1: B0E8B28C08BDB50346BCF2DB1E895BDCDB684EFD

SHA-256: B0B3DBF6EB94D9AF925DCEF11147609DEC7A47E18A0320F98A51FD9FDD226891

SHA-512: 3754BB01EB54F4A8A96D5CA9E2A048EB6E5DF277FF457C581469EA19601BD061EC2449E635436A2E0084565FDDB8CEB828FAD50E173AA3F891B6A4ED61475F6E

Malicious: false

Reputation: low

IE Cache URL: https://tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=hosting.gmodules.com/ig/gadgets/file/106581606564100174314/iframe.xml&container=enterprise&view=default&lang=en&country=ALL&sanitize=0&v=875834562a0de6ec&libs=core:dynamic-height&mid=66&parent=https://sites.google.com/site/id500382349/googledrive/share/downloads/storage

Preview:<html><head><script>(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,m,f){var n=void 0!=f?f:(new Date).getTime();this.t[h]=[n,m];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(q){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var p=0<d?new e(d):new e;window.jstiming={Timer:e,load:p};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load;.0<b&&d>=b&&(c.tick("_wtsrt",void 0,b),c.tick("wtsrt_","_wtsrt",d),c.tick("tbsd_","wtsrt_"))}try{var k=window.top!=window.self,l=window.location.href;a=null;window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),c&&0<b&&(c.tick("_tbnd",void 0,window.chrome.csi().startE),c.tick("tbnd_","_tbnd",b)));null==a&&window.gtbExternal&&(a=k?window.gtbExternal.frameT(l)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\info_48[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 4113

Entropy (8bit): 7.9370830126943375

Encrypted: false

MD5: 5565250FCC163AA3A79F0B746416CE69

SHA1: B97CC66471FCDEE07D0EE36C7FB03F342C231F8F

SHA-256: 51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859

SHA-512: E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134

Malicious: false

Reputation: low

Preview:.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,[email protected]...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.576425766974725

Encrypted: false

MD5: 66B8F3CB8EF2D9E99068803156D54F1A

SHA1: 4B043F0C309071F07A8F29EC7F4EFD66D5EB4A9C

SHA-256: 51A5ABC3783E773FBB4245C50C4550383D6CA32FD35A91B42D7E79649015B643

SHA-512: 267D579F71D353F4F123DA727D9373811D310BA69A6467723FDCC77D8A2071D91C909E5613FC28F67E61B830C5641FC471A24BB553D80A627B1D6444F6E4710E

Malicious: false


Reputation: low

IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/api/js?anon=true&pref=2

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" role="heading">',oa='" style="display: none">',pa='" style="display: none"></div>',qa='" style="display: none"></div><div class="',ta='" style="display: none"><div class="',.ua='" style="display:none"></span></div>',va='" style="width: ',wa='"/><label for="',g='">',xa='"></div>',ya='"></div></div>',za='"></div></div></div>',Aa='"></div></div></div><div class="',Ba='"></div></div><div class="',Ca='"></div><div class="',Da='"><div class="',Ea='"><span class="',Fa='"><table><tr><td class="',Ga="#d6MZcd",Ha="+1 this comment",Ia="+redo",Ja="+undo",Ka="-dcs-bh",La="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\js[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\navcancl[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 2713

Entropy (8bit): 4.1712007174415895

Encrypted: false

MD5: 4BCFE9F8DB04948CDDB5E31FE6A7F984

SHA1: 42464C70FC16F3F361C2419751ACD57D51613CDF

SHA-256: BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228

SHA-512: BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E

Malicious: false

Reputation: low

Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="res://ieframe.dll/ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... <title>Navigation Canceled</title>.... <script src="res://ieframe.dll/errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="res://ieframe.dll/httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:navCancelInit(); ">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="res://ieframe.dll/info_48.png" id="infoIcon" alt="Info icon">..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sites-16[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel

Size (bytes): 5430

Entropy (8bit): 1.8780892524229225

Encrypted: false

MD5: 4AA8578194259BE060C3720E63E479D5

SHA1: 47A3F3BCB90A64C6B8F54247F9798D0DD7B4AD8C

SHA-256: 5E735E6799CBF83EAF812A4A576FE6ACBC88728B609C2195B30FF84DFE24ABC7

SHA-512: 2676EB950A787E3BD4DD5185EBA80779E3FA3F781F6F9620C90B664CCF749CDF1FDA04F84A255744E2D22DD72B52C9406EEE3369B2336D3B7DACFF26D8D74494

Malicious: false

Reputation: low

IE Cache URL: https://www.google.com/images/icons/product/sites-16.ico

Preview:............ .h...&... .... .........(....... ..... ..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..................................................B..B..B..B..................................................B..B..B..B..B..B..B..B..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 2168

Entropy (8bit): 5.207912016937144

Encrypted: false

MD5: F4FE1CB77E758E1BA56B8A8EC20417C5

SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0

SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F

SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436

Malicious: false

Reputation: low

Preview:.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\I-ltr[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 19 x 16, 1-bit colormap, non-interlaced

Size (bytes): 156

Entropy (8bit): 5.111825357233761

Encrypted: false

MD5: 756573A38596F5CB2A9442B9BE899818

SHA1: 4876A0EA3A799F87CF6B289150B407396641F52B

SHA-256: B15A0563AF7BE6A8AA2CCBA2C79F7C9AAC38DD569E91048456EE45404B23EA1A

SHA-512: 0A893FC014EFBF17E5C0E7C6FEB202F41A4636A5E2083DD45C928AE13771B0FE4B87603C0C6DCEB4B9C943A3B5FCAED2C8E5B8F21495C6607E7048C85FA1C26C

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/I-ltr.png

Preview:.PNG........IHDR................!....PLTE.....{.I`[email protected]....../EF......IDAT..c`h`[email protected]`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_drop_down_black_24dp[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced

Size (bytes): 119

Entropy (8bit): 5.814957860914293

Encrypted: false

MD5: 8B3CD55119F7B68259B4E2641EAADE67

SHA1: 9AA4C66C429459BFCAA5EB703BC66B1C7B27BF67

SHA-256: C2400587512148D67ACEA10A41F7AAFB81F61D88009E3530EBC81E2F446504FD

SHA-512: A32B2B5FF3F87E66D3A453540A9C65449A2BFF915E0DC067874DB67DAC04BF54FBE94FDDB72811B1728F00930F2F15AA204E7BDD234D4012B8C8798B30685566

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/images/icons/material/system/2x/arrow_drop_down_black_24dp.png

Preview:.PNG........IHDR...0...0.......1....>IDATx.........._.v..\.`.K...< I.0.".G.....p....wQ........$.J....c...4?....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bullet[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 447

Entropy (8bit): 7.304718288205936

Encrypted: false

MD5: 26F971D87CA00E23BD2D064524AEF838

SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9

SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D

SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15

Malicious: false

Reputation: low

Preview:.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<[email protected]..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.522199577071377

Encrypted: false

MD5: 8B773C71FB35982D018A9EA47AFC9C3D

SHA1: 8088F90986012147830CAED261FB0B47DCA4D18C

SHA-256: 56C0E58BA16FF5C2FF98EC98CBA21990666E9B0028323D039D300D881CF86D68

SHA-512: 801B19A2C197157ACF566DD184710E991399E3CD6866CF1AD15754CB1A4A2A0E9E42AEEC9F6DD40DD93D4A245E1FF49B6C0F2CE339014A1F533BAAFF8A196FAB

Malicious: false

Reputation: low

IE Cache URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0


Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,ma,ta,wa,ya,Ba,Ia,Oa;_.ca=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ma="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};wa=ta(this);ya=function(a,b){if(b)a:{var c=wa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ma(c,a,{configurable:!0,writable:!0,value:b})}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\core_dynamic-height[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 63620

Entropy (8bit): 5.533542275178059

Encrypted: false

MD5: 1666FAA0FDE18009FA5251432107DF52

SHA1: 3EC0DC8586D7FF065BABE8820896C116ABFFCA1D

SHA-256: F5160A48E4498BD3637453A91DB66D748E7A10FCB8A7E6AFEDDD8F671A7420E0

SHA-512: 8CD978D5C3BD69BEB8B9CCE119B0B3F7C4F9AC57442A116C5F54FD8CC64315EDC2FFE02477A72165D1CD76D686017A4FF74E7ED83ECDC2947B9B8CD060ECE76B

Malicious: false

Reputation: low

IE Cache URL: https://www-sites-opensocial.googleusercontent.com/gadgets/js/core:dynamic-height.js?container=enterprise&nocache=0&debug=0&c=0&v=2018a9863f10adbd8aabed12351b5e7a&sv=10&jsload=0

Preview:./* [start] feature=taming */.var safeJSON=window.safeJSON;.var tamings___=window.tamings___||[];.var bridge___;.var caja___=window.caja___;.var ___=window.___;;../* [end] feature=taming */../* [start] feature=gapi-globals */.var gapi=window.gapi||{};gapi.client=window.gapi&&window.gapi.client||{};.;.;../* [end] feature=gapi-globals */../* [start] feature=globals */.var gadgets=window.gadgets||{},shindig=window.shindig||{},osapi=window.osapi=window.osapi||{};.;../* [end] feature=globals */../* [start] feature=core.config.base */.window['___cfg'] = window['___cfg'] || window['___gcfg'];;.if(!window.gadgets["config"]){gadgets.config=function(){var f;.var h={};.var b={};.function c(j,l){for(var k in l){if(!l.hasOwnProperty(k)){continue.}if(typeof j[k]==="object"&&typeof l[k]==="object"){c(j[k],l[k]).}else{j[k]=l[k].}}}function i(){var j=document.scripts||document.getElementsByTagName("script");.if(!j||j.length==0){return null.}var m;.if(f.u){for(var k=0;.!m&&k<j.length;.++k){var l=j[k];.i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ga[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 46274

Entropy (8bit): 5.48786904450865

Encrypted: false

MD5: E9372F0EBBCF71F851E3D321EF2A8E5A

SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C

SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F

SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F

Malicious: false

Reputation: low

IE Cache URL: https://ssl.google-analytics.com/ga.js

Preview:(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/$/g,"%28").replace(/$/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googledrive[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 20664

Entropy (8bit): 5.329787071921112

Encrypted: false

MD5: A7F8120C3276D46D11B6E3FDDEFCBFD7

SHA1: 93A9090629CB26D78DA3924F29445CF41C4A4112

SHA-256: 14D7E2941588F9F915429F641DAC8324BFBA6B836C50C91181D13B45668DE201

SHA-512: EA0BFF100A59ACF23E55D7BE63570FBAE465EE4EF7CC7DFA53022476178013FF893A6E06887737FE9C55A316F5E65F3496BCB654A9A7AA104A966500C917B6B3

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/googledrive



C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googledrive[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.57645950503005

Encrypted: false

MD5: F69BCA01575D2B32B21A44B45EDDDB24

SHA1: 165D8C89F157078176073CF90AAF114E4A3F7135

SHA-256: 345248F71DD5D52A2EBAD4B9FCA7C3E27533F5F743BD2FEC9B6F6AF3B9626F24

SHA-512: F773E0772F3BEAD351CC7FFCE3D3B5933E390860B10AB925ECA88114121BE826DC92B96DB48D3C6FBB75FE70515BA27571FBC17C81F9B4EC430832FD00CE306A

Malicious: false

Reputation: low

IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq-U6TXCCndcCjMbADNBg2SIauQJdC3HV98XKU5ku_uNesQf0AWAYHnQFIFf7EVedBBnXAt0Hlh34UoUYPJtloFwHTZHv/api/js?anon=true&pref=2

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" role="heading">',oa='" style="display: none">',pa='" style="display: none"></div>',qa='" style="display: none"></div><div class="',ta='" style="display: none"><div class="',.ua='" style="display:none"></span></div>',va='" style="width: ',wa='"/><label for="',g='">',xa='"></div>',ya='"></div></div>',za='"></div></div></div>',Aa='"></div></div></div><div class="',Ba='"></div></div><div class="',Ca='"></div><div class="',Da='"><div class="',Ea='"><span class="',Fa='"><table><tr><td class="',Ga="#d6MZcd",Ha="+1 this comment",Ia="+redo",Ja="+undo",Ka="-dcs-bh",La="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\storage[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 23055

Entropy (8bit): 5.392441322857199

Encrypted: false

MD5: B48A237EAF4644EC0A1A7B7714BD2212

SHA1: C682EB32BCF2B982D5C40192C7084C78A65B327F

SHA-256: 3C630A2CB7BCDB4F466650EA1D78C0B9238BB706533480A93A1FCEFB89650961

SHA-512: B619E4A16C6FC45FD0C3B52FDFB3B75D421A9D052C6B50799A97BB0B0D644CC927FB68044467AE27B54A3D541B2C68D2E4A78F4D5CF4778C6EEFAE108D8C8058

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xpc[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with no line terminators

Size (bytes): 2178

Entropy (8bit): 5.616515783638584

Encrypted: false

MD5: 6916F76897B8621E3C95D54C787E1D10

SHA1: 3D975847CA1269F9EF6486455DC8F227265E6829

SHA-256: AF981C3592408F4A440B038F6034C5967456494E20D228DDF2E1918F731E225B

SHA-512: 66ED7583D3B72AFD15910F31E59E8278F71C2AD0E1377570A8851F27D47FCA8A506D20B7F759E618E106FACDC03EA2E82438314DC34E3036B7394ACBED4880BF

Malicious: false

Reputation: low


Preview:<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge;"><title>Docos Host</title><script type="text/javascript" src="https://93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/js/host?token" nonce="cjJSX7LVu3GnH/9mUeNXUA"></script></head><body><script type="text/javascript" nonce="cjJSX7LVu3GnH/9mUeNXUA">var host = _docosCreateHost(["//93.docs.google.com/static/comments/client/js/3929654422-docos_binary_i18n.js",["","","","",""],0,null,null,"",[null,0],1,["Anonymous",null,"//ssl.gstatic.com/docs/common/blue_silhouette96-0.png","ANONYMOUS_105250506097979753968",1,null,1],1,"AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL",1,null,null,null,null,1,1,1,0,"https://93.93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xpc[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\blue_silhouette96-0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 431

Entropy (8bit): 7.224094314845388

Encrypted: false

MD5: 4E1088D15A99D3B8778DAD2187D67D29

SHA1: E4925DFF976E1E6A0C18A9FE37F864E0895B1B52

SHA-256: 2218219F38411B92BADA34D14C7FD231B87DC42347257769737F98ACF9034C83

SHA-512: 2DE86064B7D3909E48F35FA763F1A138984BFAE1D2F58B22E4D233270BA603E17AA2CD7E8DC50FFA9A2684BD14959135AA40DEBBC846FE1ECFC6F86A70BDE9AB

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/docs/common/blue_silhouette96-0.png

Preview:.PNG........IHDR...`...`.......j.....PLTE............d..Ct.8m.`.Cq...UIDATx....N.1....$..x.$.A......?g...#.J..q....~...3......=.Gv\=..r...o$. ...~..dK\....T....r. [email protected]...[....B.[.4......doS........3...5dm}-.4...-.>,.=..4I....K....%}."K.Ui."..drH.#c".@..<.E..SGf...........C..v...%..r.._C../.7SO*?....I...Z.n....d.t.[....~.rr.W..).0,...GN.6.(..E.7........%.PVu.4P........t7..............IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\camelot[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 3827

Entropy (8bit): 7.897599275600258

Encrypted: false

MD5: 5B8D3E2247DD46B3C38304417E37EEEB

SHA1: 336776F4039D1CE46A76C31C78CC514AADB78C69

SHA-256: 249F0F77045CAF964DC7728262B357F7EC91BBA35B6FB9E3BBCC053088A73640

SHA-512: 263A99C0567EFA684D205A0DB74CF8D714F5CEE84D954231A732AF93E2EB67B923D59AAE79DBDFD959F9D839A103FE3FBBA79A48FB86F075F93E1671D52E84D2

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/images/camelot.png

Preview:.PNG........IHDR...J..........{\D....IDATx..[.U...I.M..S|.y. ..1..}h.K.E...P).C... B...4..qZ.(^....4.C.DKL+.......(H.J..Z-.pu}.o.Yg.u..s....c....{.....!....D...@T......:._.x..X.....S..._....{.9..eC.R^.{I..C.wq.G..]a>".....1jq..+..u.i8......l.x...x.-.Z...:q.1}hh..b.rk.X...].-..c.X].W.A..yq...c9.+...=<.]s1..'ORp. .>.)...gD.......,Y...;{,...m.s,>{l.l...C.....N....s..cJ.......5....Y`,C>F.....B..X5x....X..V./^......z.-Z...E.w./.7.cz3...H7..C.i.........CE.$...c....~:c......w9.#.......J..`.....L..y.f..a...f=}-....+.^.7a..a..T19.).L.$z..R.....5.4.......L.i.,.V. ..4b]...X.....5k....J.7.q.v|-E......(.s0.AI.O:..$...R|H"2(1....+.]....(P....O.J.../.r..I..T.?.~..';v....qI!.2.....K.....o.....)] ...!.|...(.1.g../.................p.{[email protected]:>>...j...... .....9..n.}..5._.......K9.%_E'TQR)?.(.....(.*N.&...K...j..OP..(MUP:.y. ...(z..z-5([email protected].:u.OM.%....\.].(!..a....@.........%.5.....1......K......~~....MH.....6.j...^.D.#.(.0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hd-bg[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: GIF image data, version 89a, 1 x 30

Size (bytes): 46

Entropy (8bit): 3.4106608821459092

Encrypted: false

MD5: D8111CDA1B07450750B802863B34F9DC

SHA1: 262BEB5406EDFF4C5B5C870B04AC1DB93D1FC929

SHA-256: 7838BFC03AE0716262D2B405EBBEF5D7AC2EA60B4E04337AB996D0D4B2B062D2

SHA-512: D8D9C5B33DFB92B3233DF3964E81B744306A83BB031C9CC14DED2E2A1BF6BC80304A676DD7567BC46ED7F79859AF56ECE4B13B8C6E8F95FB8244877658A5354E

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/themes/microlite/hd-bg.gif

Preview:GIF89a.............!.......,..............k..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 12105


Entropy (8bit): 5.451485481468043

Encrypted: false

MD5: 9234071287E637F85D721463C488704C

SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152

SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649

SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384

Malicious: false

Reputation: low

Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jot_min__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.496235475233488

Encrypted: false

MD5: D7300833A65271ECDA78A8A29DD941F4

SHA1: 89646B2DC1EEED463E700269D98EECC24ABC9190

SHA-256: 3B1ABC2DEFDE3A97B7162B1C4498889DCAD44A968ABDB779B4F1F2C2A39EF129

SHA-512: 6D2C5F06E6DD1A566460D04B5986694A4D4FA562A8C51C993CAF7A6C512CBABDED01FD342BDC398E7C6363D7A7F92E99F4349EC0C26EBC8EC3268F405C4C2B4D

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/js/jot_min__en.js

Preview:/* Copyright 2008 Google. */ (function() { var aa=" and communicationType=",ba=" and hash=",ca=" apps-actiondatawidget-content-element",da=" checked",ea=' checked="checked"',fa=" goog-inline-block",ha=" picker-navpaneitem-not-clickable",ia=" selected",ja=' style="ime-mode:disabled"',la='" aria-label="',ma='" class="',oa='" data-tooltip-unhoverable="true"',qa='" dir="',ra='" is not registered',sa='" style="margin-left: 6px">',ta='" tabindex="0" role="button">',ua='" title="',va='" with value "',wa='"/></td><td><p><strong>',xa='"/><div class="',.ya='"/><p style="color: gray">',za='">',Aa='"> </span>',Ba='"></div>',Ca='"></div><div class="',Da='"></iframe>',Ea='"></span></a></p>',Fa='"></span><span class="',Ga='"><a target="keyboard_shortcuts_help_window" href="',Ha='"><div class="',Ia='"><span id="',Ja='"><table cellpadding="0" class="',Ka='"><tr><td class="',La="&&&START&&&",Ma="' not supported in V2",Na="' of type ",Oa="-10000px",Pa="-caption",Qa="-content",Ra="-default",Sa="-disa

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.575128622176692

Encrypted: false

MD5: 72E20FCB76D847B37224F3457ACABC2D

SHA1: 5BDA65386C571D628FAB927909409EB236712F59

SHA-256: 681DC5FF9AA678121A662F7D3010853D9D3CD8BA8906229AF431E8F6A8B0C20C

SHA-512: A48C3537BDD106D8BD59972D767D7829772585F7F0B115D03F258EC2D98C534CD7CA4CF18E707FBCBAC41BD69F1C326CF96D0545E0ED2A2E5F542102CD7F226A

Malicious: false

Reputation: low

IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdqyGyf0ezGhg0XztCqEy3tTpHyNow3YnrI8DSDE-0kfL_bzJEG0zqeHluldYAkqZnjh5NLPwaxkPdrmesXaDlz7jCi5e5/api/js?anon=true&pref=2

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" style="display: none">',oa='" style="display: none"></div>',pa='" style="display: none"></div><div class="',sa='" style="display: none"><div class="',ta='" style="display:none"></span></div>',.ua='" style="width: ',va='"/><label for="',g='">',wa='"></div>',xa='"></div></div>',ya='"></div></div></div>',za='"></div></div></div><div class="',Aa='"></div></div><div class="',Ba='"></div><div class="',Ca='"><div class="',Da='"><span class="',Ea='"><table><tr><td class="',Fa="#d6MZcd",Ga="+1 this comment",Ha="+redo",Ia="+undo",Ja="-dcs-c",Ka="-dcs-ff-dcs-ke",La="-dcs

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\platform[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 50447

Entropy (8bit): 5.546374912689089

Encrypted: false

MD5: 1229ECD9451BC380316E852E4A02BF0D

SHA1: 070B37FCB4839870EE53856F599EF83318E04C4E

SHA-256: 092F3201317B7EF608F6A899D395D36CFFCCA4D6824F00BC50120E84341C76F2


SHA-512: 4347FC0917CC65080129471A2C7ABD7045EFF115C96DF2D799EADEFE505C826D2302584F329B05728418E4D9B8C09659491EC90DB2DEF5A61E4AFB08D9F628D5

Malicious: false

Reputation: low

IE Cache URL: https://apis.google.com/js/platform.js

Preview:var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ea=ba(this),fa=function(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<.a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}},ha=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};.fa("Symbol",function(a){if(a)return a;var b=function(e,f){this.ea=e;aa(this,"description",{c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\platform[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tree_ltr[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: GIF image data, version 89a, 248 x 49

Size (bytes): 2473

Entropy (8bit): 7.393961922467035

Encrypted: false

MD5: FDEDBD3DF3491CE6E7B01EF235EEFDCD

SHA1: 9E6F5F95EBD486328A9E29EEC2EBC1ECBCD58539

SHA-256: F705C251089785679AE5D3587943C9E54AACC4DF64798226B12A04DD24C3ABEF

SHA-512: B4A0879B8CD0FED4D77129CAAB69B7E1BC16AF494069302BD45B3AD7FB335AAFB5AA9D6BEF2459123A5FC7E88A17C669E66B403D0A99B195B843930996362FD1

Malicious: false

Reputation: low

IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/tree_ltr.gif

Preview:GIF89a..1..........5o!;r"""'@~(f.)@q-J.0)&0M.5U.6M{8Q|94)9S.:\.;[email protected]`.C\.DDDF..Jd.Jl.Mh.Nh.TF?Tk.UUUVk.Ww.ZZZ]p.^x.bv.f..h|.h..lmkm~.m..p..p..q..q..s..v..y..z..{..|}.~........................................................................X$...........//.......23..........99.............`(.......CC....s..GG.dl....}L..........V....ru.d....................v..|...........................................................................................................................................................................................................................................................................................................................................................................!.......,......1........H......*..c....B..p"E../....?. C..I..H.(S.\......9....8o..Y3gN.0.2d.cQ.G/&..T.L.6}.|J3.T.B.j...K.=.R..U..<i.M..#.i...e.w..%.V.M.W..5.U `.{..L,.1b..!?..tf...O....F..p:^,.R.s.>M).h.D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tz[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Size (bytes): 205

Entropy (8bit): 5.256454414535407

Encrypted: false

MD5: 759A6D8E314BADBEE016C4AAEDE8AD8A

SHA1: C896AB25F8D2A30DB2024B6A91B4B8CC2608730F

SHA-256: A4A57B289EF1E7D9FB6152435D66D09EF392420BF586B660BF12A956335069A6

SHA-512: 409995A548548DCD8D303E5C291EC1CB33A3696A4E60B9F7273342D1481F774C76207B218D39196C70B2C9EBDD4768F5DAFD726103EEAB94C89DF207399B4A38

Malicious: false

Reputation: low

IE Cache URL: https://sites.google.com/site/id500382349/_/tz?jot.xtok=undefined&afjstz=wg1E0r1g1A4r2g1E0r2g1A4r8

Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml"><body>America/Los_Angeles</body></html>.

C:\Users\user\AppData\Local\Temp\~DF40C30D7E0224DBC5.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 13077

Entropy (8bit): 0.5092737690342094

Encrypted: false

MD5: 4CAA681084CA68E0CA55CF79FA1728C5

SHA1: E6BC62C6E946B3BDE467CEB14EDADEA4CAA1A689

SHA-256: 0E3B32417CE83B13DD1B302D177812D1CED9D6379A0C74B6CAF865EDD926530E

SHA-512: 92E04E9B2C7F7483D92A3EC307853A83C804F7EB056AE3C5F95F90768D3E31D4A4CE02FE561081838AECA7EEED588F85921AFE514E9E18EF62A0BEBC60F5B932

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................


Static File Info

No static file info

Network Port Distribution

C:\Users\user\AppData\Local\Temp\~DF47B0568FF82688E9.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 29745

Entropy (8bit): 0.34180041404448935

Encrypted: false

MD5: D4C00C2478D9E5F284F2621B6BF8485B

SHA1: C51A3B6488CACE4E8F4D0B55226057A6D95D3688

SHA-256: 292640AD6F55E52CD00075304325AE12D2532C1F764BB4DFADB964CF02D61E65

SHA-512: 3501544E24E60E4FEFCA0BAE80E41DE62C0A2F71FDAB636E6FF2C634D7405C037E9F0F3DCED2F49D2964E5DCC421CE422214DBFC2F290C04B31240D6460C221E

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF599F0070536B1B07.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data


Entropy (8bit): 1.3789969254130263

Encrypted: false

MD5: 58F9DB499DD3134770103FC34A31C33C

SHA1: DBDEE693F5A4CEB508A3172EC5B8862B78C8C9CB

SHA-256: 999014765B97A47879FA8F2EF241DD99DA1EDC660B8EC20CD4EF9C28E722ACDB

SHA-512: E10C07B1A4832CD851E3B0F02FDF03F3AF92E0B8D0E9078BE243E8547CC6A7D968226AF58C3FE627E4E154B5ED24A8407E3F3FE30A3516070F99C2A363E52C98

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D3V5O1VVFGLN580XOIJE.tempProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 3440

Entropy (8bit): 3.1824604906254796

Encrypted: false

MD5: 109CE24328515FA56AD163A1C803C30C

SHA1: B8A411DDD0AE6AAABC950908CC1D50080818A596

SHA-256: 69D965EB0037BC5824C56775F600415D5AE988D816E5FF174868D2771F48FB26

SHA-512: 5814574B007A4F4B2702A6E5E24D89ADB614B5FC54248D89A77FF8EBCCB66E4285BD2B9B9E898BD833F705856821F3A37DB17F988026082E519C4CB57B2790BE

Malicious: false

Reputation: low

Preview:...................................FL..................F.@.. .....@.>......d.....?.c................................P.O. .:i.....+00.../C:\.....................1......Qt?..PROGRA~1..t......L..Qt?....E...............J.........P.r.o.g.r.a.m. [email protected].,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.0Q................................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J0Q.......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......]..............{.....C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I

Network Behavior


Total Packets: 93

• 53 (DNS)

• 443 (HTTPS)

Timestamp Source Port Dest Port Source IP Dest IP

Sep 15, 2020 18:47:55.690987110 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.691286087 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.707022905 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.707123041 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.707237005 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.707305908 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.709959984 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.710859060 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.725639105 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.726524115 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.732995987 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733035088 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733062029 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733072042 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733088970 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733107090 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733135939 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733165979 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733721018 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733768940 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733795881 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733810902 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733820915 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733845949 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.733855963 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.733894110 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.745122910 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.745511055 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.745821953 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.746299028 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.746711969 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.761179924 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.761214018 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.761267900 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.761295080 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.761372089 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.761418104 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762239933 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762270927 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762310028 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762345076 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762563944 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762617111 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762618065 CEST 443 49724 172.217.22.33 192.168.2.4

TCP Packets


Sep 15, 2020 18:47:55.762660027 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762664080 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762696981 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762706995 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762733936 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.762737989 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.762778044 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.763462067 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.763515949 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.763535023 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.763561010 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.763787985 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.764250994 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.764278889 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.764302969 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.764326096 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.764676094 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.764722109 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.769175053 CEST 49724 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.784282923 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.785144091 CEST 443 49724 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:55.785728931 CEST 49723 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:55.806607962 CEST 443 49723 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.183621883 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.183656931 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.199415922 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.199461937 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.199541092 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.199590921 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.200628042 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.200782061 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.217101097 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.217139959 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224281073 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224359035 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224359989 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224397898 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224409103 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224435091 CEST 443 49726 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224438906 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224473000 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224483013 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224510908 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224559069 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224570036 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224587917 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224597931 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.224600077 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.224656105 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.232004881 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.232579947 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.232783079 CEST 49725 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.233166933 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.233975887 CEST 49726 443 192.168.2.4 172.217.22.33

Sep 15, 2020 18:47:56.248075962 CEST 443 49725 172.217.22.33 192.168.2.4

Sep 15, 2020 18:47:56.248119116 CEST 443 49725 172.217.22.33 192.168.2.4



Sep 15, 2020 18:47:49.022228956 CEST 61585 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:49.045855045 CEST 53 61585 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:49.996522903 CEST 63540 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:50.020499945 CEST 53 63540 8.8.8.8 192.168.2.4

UDP Packets


Sep 15, 2020 18:47:54.020509958 CEST 50757 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:54.054280043 CEST 53 50757 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:55.158193111 CEST 59058 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:55.190318108 CEST 53 59058 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:55.638793945 CEST 53809 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:55.647849083 CEST 52224 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:55.679241896 CEST 53 53809 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:55.687756062 CEST 53 52224 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:56.128097057 CEST 57637 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:56.168015957 CEST 53 57637 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:56.492638111 CEST 63419 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:56.524523973 CEST 53 63419 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:56.638776064 CEST 54357 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:56.763195038 CEST 53 54357 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:57.505275011 CEST 60328 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:57.545432091 CEST 53 60328 8.8.8.8 192.168.2.4

Sep 15, 2020 18:47:57.816082001 CEST 49936 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:47:57.849301100 CEST 53 49936 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:11.716038942 CEST 52456 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:11.739912033 CEST 53 52456 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:15.502826929 CEST 65061 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:15.526535988 CEST 53 65061 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:16.377235889 CEST 58776 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:16.417547941 CEST 53 58776 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:16.553303003 CEST 52994 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:16.595835924 CEST 53 52994 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:22.032012939 CEST 56954 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:22.072313070 CEST 53 56954 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:24.018898010 CEST 63252 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:24.042655945 CEST 53 63252 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:24.749752045 CEST 63343 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:24.784117937 CEST 53 63343 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:25.034807920 CEST 63252 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:25.066817999 CEST 53 63252 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:25.800040960 CEST 63343 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:25.832098007 CEST 53 63343 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:26.033946037 CEST 63252 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:26.066056013 CEST 53 63252 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:26.291357040 CEST 49290 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:26.365127087 CEST 53 49290 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:27.342248917 CEST 63343 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:27.366125107 CEST 53 63343 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:28.051222086 CEST 63252 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:28.083138943 CEST 53 63252 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:29.332897902 CEST 63343 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:29.356615067 CEST 53 63343 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:30.838701963 CEST 58969 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:30.870826006 CEST 53 58969 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:32.059391022 CEST 63252 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:32.083072901 CEST 53 63252 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:32.609025002 CEST 60749 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:32.648963928 CEST 53 60749 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:33.527977943 CEST 63343 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:33.560332060 CEST 53 63343 8.8.8.8 192.168.2.4

Sep 15, 2020 18:48:38.662096024 CEST 60322 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:48:38.685915947 CEST 53 60322 8.8.8.8 192.168.2.4

Sep 15, 2020 18:49:58.400036097 CEST 52297 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:49:58.482831955 CEST 53 52297 8.8.8.8 192.168.2.4

Sep 15, 2020 18:49:58.897221088 CEST 49932 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:49:58.929349899 CEST 53 49932 8.8.8.8 192.168.2.4

Sep 15, 2020 18:49:59.319366932 CEST 57715 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:49:59.351455927 CEST 53 57715 8.8.8.8 192.168.2.4

Sep 15, 2020 18:49:59.958955050 CEST 60858 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:50:00.020360947 CEST 53 60858 8.8.8.8 192.168.2.4



Sep 15, 2020 18:50:00.432188034 CEST 60271 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:50:00.466459990 CEST 53 60271 8.8.8.8 192.168.2.4

Sep 15, 2020 18:50:00.755445957 CEST 56323 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:50:00.787507057 CEST 53 56323 8.8.8.8 192.168.2.4

Sep 15, 2020 18:50:01.081192970 CEST 62062 53 192.168.2.4 8.8.8.8

Sep 15, 2020 18:50:01.113362074 CEST 53 62062 8.8.8.8 192.168.2.4


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Sep 15, 2020 18:47:55.647849083 CEST 192.168.2.4 8.8.8.8 0x5799 Standard query (0)

www-sites-opensocial.googleusercontent.com

A (IP address) IN (0x0001)

Sep 15, 2020 18:47:56.128097057 CEST 192.168.2.4 8.8.8.8 0x7d35 Standard query (0)

tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com

A (IP address) IN (0x0001)

Sep 15, 2020 18:47:56.638776064 CEST 192.168.2.4 8.8.8.8 0xed0d Standard query (0)

storageonnet.top A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Sep 15, 2020 18:47:55.687756062 CEST

8.8.8.8 192.168.2.4 0x5799 No error (0) www-sites-opensocial.googleusercontent.com


CNAME (Canonical name)

IN (0x0001)

Sep 15, 2020 18:47:55.687756062 CEST

8.8.8.8 192.168.2.4 0x5799 No error (0) googlehosted.l.googleusercontent.com

172.217.22.33 A (IP address) IN (0x0001)

Sep 15, 2020 18:47:56.168015957 CEST

8.8.8.8 192.168.2.4 0x7d35 No error (0) tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com


CNAME (Canonical name)

IN (0x0001)

Sep 15, 2020 18:47:56.168015957 CEST

8.8.8.8 192.168.2.4 0x7d35 No error (0) googlehosted.l.googleusercontent.com

172.217.22.33 A (IP address) IN (0x0001)

Sep 15, 2020 18:47:56.763195038 CEST

8.8.8.8 192.168.2.4 0xed0d No error (0) storageonnet.top 104.27.187.2 A (IP address) IN (0x0001)

Sep 15, 2020 18:47:56.763195038 CEST


Sep 15, 2020 18:47:56.763195038 CEST


Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Sep 15, 2020 18:47:55.733107090 CEST

172.217.22.33 443 192.168.2.4 49724 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Sep 03 08:40:15 CEST 2020 Thu Jun 15 02:00:42 CEST 2017

Thu Nov 26 07:40:15 CET 2020 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

DNS Queries

DNS Answers

HTTPS Packets


Code Manipulations

Sep 15, 2020 18:47:55.733845949 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Sep 15, 2020 18:47:56.224435091 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Sep 15, 2020 18:47:56.224600077 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Sep 15, 2020 18:47:56.826143026 CEST

104.27.187.2 443 192.168.2.4 49729 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US

CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Thu Aug 06 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020

Fri Aug 06 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Jan 27 13:48:08 CET 2020

Wed Jan 01 00:59:59 CET 2025

Sep 15, 2020 18:47:56.827517986 CEST

104.27.187.2 443 192.168.2.4 49730 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US

CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Thu Aug 06 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020

Fri Aug 06 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Jan 27 13:48:08 CET 2020

Wed Jan 01 00:59:59 CET 2025

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest


Statistics

Behavior

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 15/09/2020

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff7e0be0000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 6888 Parent PID: 796Analysis Process: iexplore.exe PID: 6888 Parent PID: 796

General


Disassembly

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 15/09/2020

Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6888 CREDAT:17410 /prefetch:2

Imagebase: 0x1250000

File size: 822536 bytes

MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888

General


version: 29.0.0 ocean jasper - joesandbox.com

Documents