Upload
khangminh22
View
0
Download
0
Embed Size (px)
Citation preview
24444444444455667777778889
1011111112121313131313131335353535363739404343435353535353
Table of Contents
Table of ContentsAnalysis Report http://130.211.40.170
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublicPrivate
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 5764 Parent PID: 800Copyright Joe Security LLC 2021 Page 2 of 55
535454
54545454
55
GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 5836 Parent PID: 5764GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2021 Page 3 of 55
Analysis Report http://130.211.40.170
Overview
General Information
Sample URL: 130.211.40.170
Analysis ID: 417378
Infos:
Most interesting Screenshot:
Detection
Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
Found iframes
Found iframes
Found iframes
Found iframes
Found iframes
Found iframes
Found iframesFound iframes
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Signature Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 5764 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 5836 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5764 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright Joe Security LLC 2021 Page 4 of 55
• Phishing
• Compliance
• Networking
• System Summary
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects
Drive-byCompromise 1
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
ApplicationWindowDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 3
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Local Accounts At (Windows) Logon Script(Mac)
LogonScript(Mac)
Binary Padding NTDS SystemNetworkConfigurationDiscovery
DistributedComponentObject Model
InputCapture
ScheduledTransfer
IngressToolTransfer 1
SIM CardSwap
Behavior Graph
Copyright Joe Security LLC 2021 Page 5 of 55
Behavior Graph
ID: 417378
URL: http://130.211.40.170
Startdate: 19/05/2021
Architecture: WINDOWS
Score: 0
iexplore.exe
5 52
started
iexplore.exe
8 99
started
stats.l.doubleclick.net
108.177.15.157, 443, 49745, 49746
GOOGLEUS
United States
www.patternbyetsy.com
130.211.40.170, 443, 49715, 49716
GOOGLEUS
United States
37 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright Joe Security LLC 2021 Page 6 of 55
Source Detection Scanner Label Link
130.211.40.170 3% Virustotal Browse
130.211.40.170 0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
130.211.40.170/ 0% Avira URL Cloud safe
https://redux.js.org/api/store#subscribelistener 0% Avira URL Cloud safe
https://130.211.40.170/P 0% Avira URL Cloud safe
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright Joe Security LLC 2021 Page 7 of 55
www.moonrisecreek.com 0% Avira URL Cloud safe
www.bohemiancoding.com/sketch 0% URL Reputation safe
www.bohemiancoding.com/sketch 0% URL Reputation safe
www.bohemiancoding.com/sketch 0% URL Reputation safe
www.foxtailjewelry.com 0% Avira URL Cloud safe
www.habitablesdesigns.com/ 0% Avira URL Cloud safe
https://cct.google/taggy/agent.js 0% URL Reputation safe
https://cct.google/taggy/agent.js 0% URL Reputation safe
https://cct.google/taggy/agent.js 0% URL Reputation safe
www.milkandhoneytees.com 0% Avira URL Cloud safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://www.google.%/ads/ga-audiences 0% URL Reputation safe
https://130.211.40.170/Root 0% Avira URL Cloud safe
Source Detection Scanner Label Link
Name IP Active Malicious Antivirus Detection Reputation
star-mini.c10r.facebook.com 185.60.216.35 true false high
www.google.de 216.58.207.163 true false high
dart.l.doubleclick.net 216.58.214.198 true false high
stats.l.doubleclick.net 108.177.15.157 true false high
web.btncdn.com 143.204.98.55 true false unknown
awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
34.250.6.2 true false high
dg2iu7dxxehbo.cloudfront.net 143.204.94.161 true false high
tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
54.154.208.108 true false high
insight-566961044.eu-west-1.elb.amazonaws.com 99.80.189.193 true false high
googleads.g.doubleclick.net 172.217.20.2 true false high
system.etsy.com 35.227.203.198 true false high
www.patternbyetsy.com 130.211.40.170 true false unknown
dualstack.pinterest.map.fastly.net 151.101.112.84 true false unknown
photos-ugc.l.googleusercontent.com 142.250.185.225 true false high
d2pbcviywxotf2.cloudfront.net 143.204.98.44 true false high
www.facebook.com unknown unknown false high
js.adsrvr.org unknown unknown false high
yt3.ggpht.com unknown unknown false high
9910951.fls.doubleclick.net unknown unknown false high
www.dwin1.com unknown unknown false unknown
www.etsy.com unknown unknown false high
img0.etsystatic.com unknown unknown false high
resources.xg4ken.com unknown unknown false high
ct.pinterest.com unknown unknown false high
d.agkn.com unknown unknown false high
static.doubleclick.net unknown unknown false high
8666735.fls.doubleclick.net unknown unknown false high
stats.g.doubleclick.net unknown unknown false high
insight.adsrvr.org unknown unknown false high
s.pinimg.com unknown unknown false high
pt.ispot.tv unknown unknown false high
www.youtube.com unknown unknown false high
Name Malicious Antivirus Detection Reputation
130.211.40.170/ false Avira URL Cloud: safe unknown
https://130.211.40.170/ false unknown
https://www.etsy.com/pattern false high
Domains and IPs
Contacted Domains
Contacted URLs
Copyright Joe Security LLC 2021 Page 8 of 55
Name Source Malicious Antivirus Detection Reputation
https://www.etsy.com/your/shops/me/dashboard?ref=pattern_mktg_faqs_shop_manager_link_v2
pattern[1].htm.2.dr false high
https://www.etsy.com/dac/common/web-toolkit/scoped/scoped_responsive_base.20210511151213
pattern[1].htm.2.dr false high
https://www.etsy.com/pattern ~DF02FE87FC2BF4D029.TMP.1.dr false high
https://site.etsystatic.com/ac/primary/js/en-US/custom-shops/marketingpage/v2/bootstrap.a3a1a2401906
bootstrap.a3a1a24019068d0f1cb8[1].js.2.dr
false high
https://www.etsy.com/ac/primary/js/en-US/ pattern[1].htm.2.dr false high
https://careers.etsy.com pattern[1].htm.2.dr false high
youtube.com/streaming/otf/durations/112015 base[1].js.2.dr false high
https://www.etsy.com/dac/custom-shops/marketingpage/main.20210511151213
pattern[1].htm.2.dr false high
youtube.com/streaming/metadata/segment/102015 base[1].js.2.dr false high
https://youtu.be/ base[1].js.2.dr false high
https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/milk-and-honey-mandy-standalo
pattern[1].htm.2.dr false high
https://www.etsy.com/your/shops/me/pattern/home?ref=pattern_mktg_hero_cta_v2#shop-name
pattern[1].htm.2.dr false high
https://s.pinimg.com/ct/core.js gtm[1].js.2.dr false high
https://admin.youtube.com base[1].js.2.dr false high
https://www.etsy.com/ac/primary/js/en-US/common/web-toolkit/base-marketing.d85c4d584a15035f72ed.js
pattern[1].htm.2.dr false high
https://www.etsy.com/paula/v3/polyfill.min.js?etsy-v=v2&flags=gated&ua-hash=f27a70fef65ab50236291e16
pattern[1].htm.2.dr false high
https://www.etsy.com/ac/primary/js/en-US/corelibs-with-preact.e3458f772b35f14d3a1a.js
pattern[1].htm.2.dr false high
https://www.etsy.com/p {931783FA-B8A7-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false high
https://insight.adsrvr.org/track/up activityi;src=8666735;type=count0;cat=etsy_000;ord=1;num=1982017633415;gtm=2wg5c1;auiddc=1619319603.1621431568;~oref=https___www.etsy[1].htm.2.dr
false high
https://site.etsystatic.com/ac/primary/js/en-US/corelibs-with-preact.e3458f772b35f14d3a1a.js.LICENSE
corelibs-with-preact.e3458f772b35f14d3a1a[1].js.2.dr
false high
https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/milk-and-honey-shop.201904241
pattern[1].htm.2.dr false high
https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high
https://www.etsy.com/legal/cookies pattern[1].htm.2.dr false high
https://api.usebutton.com button[1].js.2.dr false high
https://www.etsy.com/legal/privacy pattern[1].htm.2.dr false high
https://www.etsy.com/ac/primary/js/en-US/custom-shops/marketingpage/v2/bootstrap.a3a1a24019068d0f1cb
pattern[1].htm.2.dr false high
https://redux.js.org/api/store#subscribelistener base[1].js.2.dr false Avira URL Cloud: safe unknown
https://www.youtube.com/generate_204?cpn= base[1].js.2.dr false high
https://130.211.40.170/ ~DF02FE87FC2BF4D029.TMP.1.dr false unknown
https://www.etsy.com/images/favicon.ico imagestore.dat.2.dr false high
https://youtube.com/api/drm/fps?ek=uninitialized base[1].js.2.dr false high
https://d.agkn.com/iframe/10898/?che=1621431566&gauid=537941259.1621431569
~DF02FE87FC2BF4D029.TMP.1.dr false high
https://130.211.40.170/P ~DF02FE87FC2BF4D029.TMP.1.dr false Avira URL Cloud: safe unknown
www.moonrisecreek.com pattern[1].htm.2.dr false Avira URL Cloud: safe unknown
https://insight.adsrvr.org/track/up?adv=r09jr34&ref=https%3A%2F%2Fwww.etsy.com%2Fpattern&upid=c6e9qn
~DF02FE87FC2BF4D029.TMP.1.dr false high
https://www.etsy.com/pattern/chrome/static/images/favicons/browserconfig.xml
~DF02FE87FC2BF4D029.TMP.1.dr false high
https://www.youtube.com/embed/K68K26xqWd0 ~DF02FE87FC2BF4D029.TMP.1.dr, pattern[1].htm.2.dr
false high
www.bohemiancoding.com/sketch pattern-logo-cropped[1].svg.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.etsy.com/your/shops/me/pattern/home?ref=pattern_mktg_video_cta_v2#shop-name
pattern[1].htm.2.dr false high
https://web.usebutton.com button[1].js.2.dr false high
https://www.etsy.com/ac/primary/js/en-US/common/web-toolkit/base.0f8b62cf0f30b17dead8.js
pattern[1].htm.2.dr false high
URLs from Memory and Binaries
Copyright Joe Security LLC 2021 Page 9 of 55
https://www.etsy.com/legal/policy/pattern-policy/42449288897?ref=pattern_mktg_faqs_terms_and_conditi
pattern[1].htm.2.dr false high
www.foxtailjewelry.com pattern[1].htm.2.dr false Avira URL Cloud: safe unknown
https://site.etsystatic.com/ac/primary/js/en-US/common/web-toolkit/base.0f8b62cf0f30b17dead8.js.LICE
base.0f8b62cf0f30b17dead8[1].js.2.dr false high
https://www.etsy.com/pattern/success-center?ref=pattern_mktg_faqs_resources_link_v2
pattern[1].htm.2.dr false high
www.habitablesdesigns.com/ pattern[1].htm.2.dr false Avira URL Cloud: safe unknown
https://site.etsystatic.com/ac/primary/js/en-US/common/web-toolkit/base-marketing.d85c4d584a15035f72
base-marketing.d85c4d584a15035f72ed[1].js.2.dr
false high
youtube.com/yt/2012/10/10 base[1].js.2.dr false high
https://cct.google/taggy/agent.js gtm[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/habitables-manuel-standalone.
pattern[1].htm.2.dr false high
https://www.etsy.com/your/shops/me/pattern/home?ref=pattern_mktg_nav_cta_v2#shop-name
pattern[1].htm.2.dr false high
www.milkandhoneytees.com pattern[1].htm.2.dr false Avira URL Cloud: safe unknown
https://www.etsy.com/your/shops/me/pattern/home?ref=pattern_mktg_steps_cta_v2#shop-name
pattern[1].htm.2.dr false high
https://www.etsy.com/help/article/493 pattern[1].htm.2.dr false high
https://9910951.fls.doubleclick.net/activityi;src=9910951;type=remarkt;cat=unive0;ord=9318951860178;
~DF02FE87FC2BF4D029.TMP.1.dr false high
https://www.etsy.com/ac/primary/css/site-chrome/site-chrome.20210512215551.css
pattern[1].htm.2.dr false high
https://github.com/Financial-Times/polyfill-service/issues/317
polyfill.min[1].js.2.dr false high
https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
low
www.youtube.com/videoplayback base[1].js.2.dr false high
https://www.etsy.com/legal/cookies-and-tracking-technologies
pattern[1].htm.2.dr false high
ogp.me/ns# pattern[1].htm.2.dr false high
https://130.211.40.170/Root {931783FA-B8A7-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://8666735.fls.doubleclick.net/activityi;src=8666735;type=count0;cat=etsy_000;ord=1;num=1982017
~DF02FE87FC2BF4D029.TMP.1.dr false high
https://www.etsy.com/p/P {931783FA-B8A7-11EB-90EB-ECF4BBEA1588}.dat.1.dr
false high
youtube.com/drm/2012/10/10 base[1].js.2.dr false high
https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/foxtail-jewelry-betsy-standal
pattern[1].htm.2.dr false high
https://site.etsystatic.com/ac/primary/js/en-US/base.cbd54fd6794cfe4ca3f9.js.LICENSE
base.cbd54fd6794cfe4ca3f9[1].js.2.dr false high
https://s.pinimg.com/ct/lib/main.174fc5ea.js core[1].js.2.dr false high
https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/moonrise-creek-lauren-standal
pattern[1].htm.2.dr false high
https://www.etsy.com/ac/primary/js/en-US/base.cbd54fd6794cfe4ca3f9.js
pattern[1].htm.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Contacted IPs
Copyright Joe Security LLC 2021 Page 10 of 55
General Information
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Domain Country Flag ASN ASN Name Malicious
130.211.40.170 www.patternbyetsy.com United States 15169 GOOGLEUS false
216.58.214.198 dart.l.doubleclick.net United States 15169 GOOGLEUS false
108.177.15.157 stats.l.doubleclick.net United States 15169 GOOGLEUS false
143.204.94.161 dg2iu7dxxehbo.cloudfront.net
United States 16509 AMAZON-02US false
54.154.208.108 tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
142.250.185.225 photos-ugc.l.googleusercontent.com
United States 15169 GOOGLEUS false
143.204.98.55 web.btncdn.com United States 16509 AMAZON-02US false
99.80.189.193 insight-566961044.eu-west-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
34.250.6.2 awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
185.60.216.35 star-mini.c10r.facebook.com
Ireland 32934 FACEBOOKUS false
216.58.207.163 www.google.de United States 15169 GOOGLEUS false
35.227.203.198 system.etsy.com United States 15169 GOOGLEUS false
151.101.112.84 dualstack.pinterest.map.fastly.net
United States 54113 FASTLYUS false
143.204.98.44 d2pbcviywxotf2.cloudfront.net
United States 16509 AMAZON-02US false
IP
192.168.2.1
Public
Private
Copyright Joe Security LLC 2021 Page 11 of 55
Joe Sandbox Version: 32.0.0 Black Diamond
Analysis ID: 417378
Start date: 19.05.2021
Start time: 15:38:17
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 3m 50s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: 130.211.40.170
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 3
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: EGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean0.win@3/67@22/15
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://130.211.40.170/Browsing link: https://www.patternbyetsy.com/
Warnings:Exclude process from analysis (whitelisted): ielowutil.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.43.193.48, 104.42.151.234, 88.221.62.148, 2.20.218.46, 92.122.145.40, 142.250.186.72, 172.217.20.238, 172.217.23.14, 172.217.23.46, 172.217.23.78, 172.217.22.206, 172.217.22.238, 216.58.207.142, 216.58.207.174, 142.250.186.110, 204.79.197.200, 13.107.21.200, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 2.20.84.189, 172.217.19.100, 172.217.20.2, 172.217.19.102, 152.199.19.161, 142.250.186.163Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, e8634.dscb.akamaiedge.net, j.sni.global.fastly.net, adservice.google.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, 2-01-37d2-0006.cdx.cedexis.net, go.microsoft.com, www.googletagmanager.com, 2-01-37d2-0018.cdx.cedexis.net, bat.bing.com, www.google.com, watson.telemetry.microsoft.com, e6449.a.akamaiedge.net, www.google-analytics.com, www-google-analytics.l.google.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, fonts.gstatic.com, www-googletagmanager.l.google.com, i-dsa.etsystatic.com.edgekey.net, static-doubleclick-net.l.google.com, skypedataprdcolcus15.cloudapp.net, www.pinterest.com.edgekey.net, skypedataprdcoleus17.cloudapp.net, e8520.b.akamaiedge.net, youtube-ui.l.google.com, bat-bing-com.a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, www.etsy.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Simulations
Behavior and APIsCopyright Joe Security LLC 2021 Page 12 of 55
No simulations
No context
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.etsy[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 1070
Entropy (8bit): 4.999472858698188
Encrypted: false
SSDEEP: 24:W0UNXqVFo3qVDUNXqVFo3qVx/qVyoqVDUNXqVFo3qVx/qVyoqVB:0NKFoqINKFoqxiyhINKFoqxiyhB
MD5: 8265FBE74DCA1765D352132FE7D56471
SHA1: 8948F24712BAC890D626CF273891D15B8D67A03D
SHA-256: 83816DDB2D73EC3A4A6C34D2D09C5CB3D151BA4FB20A1730C4A7D2FA813D6880
SHA-512: 32537D9B6D614795A863D6E1EDD50FE32CEB8EB545EF86B4B254548547F9515C823CDB25BED6936221708971CC5168A8B6C431E0E959EF8F8E1242896D87073C
Malicious: false
Reputation: low
Preview:<root></root><root></root><root><item name="_uetsid" value="a3385c20b8a711ebbfa04f49ddb41125" ltime="1693846768" htime="30887092" /><item name="_uetsid_exp" value="Thu, 20 May 2021 13:39:30 GMT" ltime="1693846768" htime="30887092" /></root><root><item name="_uetsid" value="a3385c20b8a711ebbfa04f49ddb41125" ltime="1693846768" htime="30887092" /><item name="_uetsid_exp" value="Thu, 20 May 2021 13:39:30 GMT" ltime="1693846768" htime="30887092" /><item name="_uetvid" value="a33a56e0b8a711eba7615b612bb8504e" ltime="1693846768" htime="30887092" /><item name="_uetvid_exp" value="Fri, 04 Jun 2021 19:39:30 GMT" ltime="1693846768" htime="30887092" /></root><root><item name="_uetsid" value="a3385c20b8a711ebbfa04f49ddb41125" ltime="1693846768" htime="30887092" /><item name="_uetsid_exp" value="Thu, 20 May 2021 13:39:30 GMT" ltime="1693846768" htime="30887092" /><item name="_uetvid" value="a33a56e0b8a711eba7615b612bb8504e" ltime="1693846768" htime="30887092" /><item name="_uetvid_exp" value="Fri, 0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\www.youtube[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 57291
Entropy (8bit): 4.993996748590424
Encrypted: false
SSDEEP: 96:Iaud4yE0C7sLNHS/Q0Ru1yS/Q0RuE8XS/Q0RRquS/Q0RkrS/Q0RnSGrS/Q0RTpW8:UH8H/HTHxHzHPHPHPHoPHorrxH4vB
MD5: 037D16DB6124E33458642EAFCFCD5110
SHA1: F7E6C9FFE06F96473C2133BAE8F991D86B302993
SHA-256: 917E61A5F1414F1E57CE0A78B84B5911D656DF94ECF1A2441B8E9198C53C51F9
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright Joe Security LLC 2021 Page 13 of 55
SHA-512: 58516CDFD60AAA312D12BF49F398785364EA477A53C117BBB8682E0F352AA5227D908D162842D9B84C633C539521DA33033B4AFF0D44AC962641B63B385811A1
Malicious: false
Reputation: low
Preview:<root></root><root></root><root></root><root><item name="__sak" value="1" ltime="1721386768" htime="30887092" /></root><root></root><root><item name="__sak" value="1" ltime="1812616768" htime="30887092" /></root><root></root><root><item name="yt.innertube::nextId" value="{"data":2,"expiration":1621517982161,"creation":1621431582165}" ltime="1813296768" htime="30887092" /></root><root><item name="yt.innertube::nextId" value="{"data":2,"expiration":1621517982161,"creation":1621431582165}" ltime="1813296768" htime="30887092" /><item name="yt.innertube::requests" value="{"data":{"1":{"method":"log_event","request":{"context":{"client":{"hl":"en","gl":"GB","clientName":56,"clientVersion":"1.20210517.1.1","configInfo":{"appInstallData":"CJCqlIUGEI6V/RI="}}},"ev
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\www.youtube[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{931783F8-B8A7-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 30296
Entropy (8bit): 1.8576492879595399
Encrypted: false
SSDEEP: 192:rtZTZZ2MWQt7ifWztzMHFBC/DzsfczAjX:rD1Ib0cr3A+l
MD5: 52BAA3859A5C7BFAF69BA61F865BA003
SHA1: B504279690B65DC82201302538D68134C7A201E0
SHA-256: 920FB71C054C5AA06DEC3D10BCBB20036BB146253B442D3B1674157AA68E436B
SHA-512: 624147F1D80D656052FF1A81783FBF038B3FC4BBA37072829BF81BB41DD33B31083E2CE0B43826822123D3A03F002E7C02E48E464579E5509AF05A9C91DDF0D0
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{931783FA-B8A7-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 60626
Entropy (8bit): 2.5992901817162317
Encrypted: false
SSDEEP: 192:rsZ0Qs6OkxjQ2YWzMPgNzLDaU61FV41I3AXV3zhRQNn1uN7XUQuyXe6eheysRQNX:rs93vNnPwI5LGf1H0+2V1RQd9sRQdXn
MD5: B29BFC1EF29E6BEDEA38484941FB5A27
SHA1: 282D084CB5B6F6454194DE21DC06F43B96386776
SHA-256: E6E2A84AA973C486534C4E6F06F445543E349D89A9947DAE5DEF4EB92D241860
SHA-512: 6C605B0BC03A8EF439CCDDCB5BE049AC2ADB04304E4B3B5B2E07129402039F889AD785B3AE29037398F8ADD13530B1A50820001CF3FEE82737F2923C57677DE6
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{931783FB-B8A7-11EB-90EB-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 16984
Entropy (8bit): 1.5667771811946174
Encrypted: false
SSDEEP: 48:Iw0GcprpGwpa+G4pQSGrapbSXGQpKhG7HpRFTGIpG:roZDQ+6UBShAQTTA
MD5: FA81BDE68CA1ED7C3AD71D89AB427BA2
SHA1: 94ED99534789DA03A3F785ED347960DFF1EA99E0
SHA-256: B3C921A9DE18E51CEF7563FA7D61FCFBAF35823309C5A42CE7567C8D37DFB514
SHA-512: FCA2A0EBF986121154ABC4CB4A9186922C90C6A9761F38F8C1ADFF70E5FE1B3F5DC9B05D11C36222ECBF87897D19465676ECB64742F8A84E2FF98C6C21D95BC3
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 14 of 55
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{931783FB-B8A7-11EB-90EB-ECF4BBEA1588}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: modified
Size (bytes): 4402
Entropy (8bit): 2.6461355543699234
Encrypted: false
SSDEEP: 12:cYi+plFEZvj/5R1HUzxAW86tdQ810uQ8SKt8jdyMdldJdJdV81S808NJ1K8u8wy/:cjQCZ7eeq6u3cnN9S3t
MD5: 10A6AE3A57DEEDB5E188C0B97D79760B
SHA1: F19366C0E7C6C031C82930B59D011B2181715389
SHA-256: 20D8EBFEB0F5770FFAE203F929B1FFD2E7B16997CE3E7E6DA1C62AF2BC102630
SHA-512: 07071AD199D4E5601C11F01D6FC73440F84A84588AD55466EA69BEC4CFFDF7047537EF43807BEB22CBD1DE814584630D22602B053284965C87B5001FA5FD9DFE
Malicious: false
Reputation: low
Preview:'.h.t.t.p.s.:././.w.w.w...e.t.s.y...c.o.m./.i.m.a.g.e.s./.f.a.v.i.c.o.n...i.c.o........... .... .........(... ...@..... ...... ...................d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d..................................................................................8....d...d...d...d...d...d...d...d...d...d...d..k...............................................................................Q....d...d...d...d...d...d...d...d...d...d...d...d...d...k..................k....k...d...d...d...d...d...d...k..Q.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\6220[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: C source, ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 24435
Entropy (8bit): 5.401776430480101
Encrypted: false
SSDEEP: 384:eepAuo+tISNf2QBDU8I4paKafJapEaTaxaCaVfeaCDJz1URUYgzwcwOfic7r4cda:hppoANf2QBDUl4paKaBa6aTaxaCa1elm
MD5: 3AA52D51800F12CCDF6889303DA507DD
SHA1: ADD531590ECBFEDC0E7A68508D44B34BEE5E9A36
SHA-256: DBE51E42FC8646A7A674FF5B8869ACBECF7743D1B40CE695998AFA5BF49467D3
SHA-512: A52134D134EB350430ECC992A645ABB6E580F5C341A1C34951DE87DCC6542985F3736C3C05F2FA6D3532E7914A5D2C249EE3AB1A1047136CC54A89A354FA3421
Malicious: false
Reputation: low
IE Cache URL: https://www.dwin1.com/6220.js
Preview:var AWIN=AWIN||{};AWIN.Tracking=AWIN.Tracking||{},AWIN.sProtocol="https:"==location.protocol?"https://":"http://",AWIN.iScriptCount=0,AWIN.Tracking.device9Url="https://the.sciencebehindecommerce.com/d9core",AWIN.tldDomains=["com","org","edu","gov","uk","net","ca","de","jp","fr","au","us","ru","ch","it","nl","se","no","es","mil","gw","ax","wf","yt","sj","mobi","eh","mh","bv","ap","cat","kp","iq","um","arpa","pm","gb","cs","td","so","aero","biz","coop","info","jobs","museum","name","pro","travel","ac","ad","ae","af","ag","ai","al","am","an","ao","aq","ar","as","at","aw","az","ba","bb","bd","be","bf","bg","bh","bi","bj","bm","bn","bo","br","bs","bt","bw","by","bz","cc","cd","cf","cg","ci","ck","cl","cm","cn","co","cr","cu","cv","cx","cy","cz","dj","dk","dm","do","dz","ec","ee","eg","er","et","eu","fi","fj","fk","fm","fo","ga","gd","ge","gf","gg","gh","gi","gl","gm","gn","gp","gq","gr","gs","gt","gu","gy","hk","hm","hn","hr","ht","hu","id","ie","il","im","in","io","ir","is","je","jm","jo",
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\activityi;src=9910951;type=remarkt;cat=unive0;ord=9318951860178;gtm=2wg5c1;auiddc=1619319603.1621431568;u2=_pattern;u3=undefined;~oref=https___www.etsy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 389
Entropy (8bit): 5.466999998152392
Encrypted: false
SSDEEP: 12:hnMQbwuOaxyCkv4AEH76AItW0n7IZb0Ji4:hMiRO9yIkOsW
MD5: 29C138B0ECBF5565D62086CBDE8291E7
SHA1: C0A7EF136665FE5ADADA5DAC87C4DF020B2595F8
SHA-256: C9958D15EE81C481F1F5CCD4D133934052C4FD271F27A63D9100F71D5E2CBE63
SHA-512: D91D06E8B4B6B2E594A7308C316D68E886B4BB83365EDA9DD90E9274F537C59ABFB25DC2CE93DD79861E36C0C869C4ED0448FE88DCEB6EAD481D3FD71B079620
Malicious: false
Reputation: low
IE Cache URL:https://9910951.fls.doubleclick.net/activityi;src=9910951;type=remarkt;cat=unive0;ord=9318951860178;gtm=2wg5c1;auiddc=1619319603.1621431568;u2=%2Fpattern;u3=undefined;~oref=https%3A%2F%2Fwww.etsy.com%2Fpattern?
Copyright Joe Security LLC 2021 Page 15 of 55
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://adservice.google.com/ddm/fls/z/src=9910951;type=remarkt;cat=unive0;ord=9318951860178;gtm=2wg5c1;auiddc=*;u2=%2Fpattern;u3=undefined;~oref=https%3A%2F%2Fwww.etsy.com%2Fpattern"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\activityi;src=9910951;type=remarkt;cat=unive0;ord=9318951860178;gtm=2wg5c1;auiddc=1619319603.1621431568;u2=_pattern;u3=undefined;~oref=https___www.etsy[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ad_status[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 29
Entropy (8bit): 4.142295219190901
Encrypted: false
SSDEEP: 3:lZOwFQvn:lQw6n
MD5: 1FA71744DB23D0F8DF9CCE6719DEFCB7
SHA1: E4BE9B7136697942A036F97CF26EBAF703AD2067
SHA-256: EED0DC1FDB5D97ED188AE16FD5E1024A5BB744AF47340346BE2146300A6C54B9
SHA-512: 17FA262901B608368EB4B70910DA67E1F11B9CFB2C9DC81844F55BEE1DB3EC11F704D81AB20F2DDA973378F9C0DF56EAAD8111F34B92E4161A4D194BA902F82F
Malicious: false
Reputation: low
IE Cache URL: https://static.doubleclick.net/instream/ad_status.js
Preview:window.google_ad_status = 1;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\base.20210512215551[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 96198
Entropy (8bit): 5.106292290165535
Encrypted: false
SSDEEP: 768:l0i5agwI+I0bQjIscalHYtjGRM5alBkwli+Zdxj9SzpMEBYHe7JDIxLd56JR5HZV:l0i5agsSAL5aEb40D9
MD5: D813455BDCC4CAFC4509E972601618A3
SHA1: 85B323CB6A1AD37A4E1ACEEE6B70A16C1AA822D8
SHA-256: CFB93ED1D605724D846BC05710E270458A58E39B58281EA7A7B40477ECBC03AD
SHA-512: A09305F9C500E7F13C6C6B034025FACD42E0442CCD3E1EB3CA5A141389A4A5C913F3A40FC2EAE9930E41F6C6AE171DC73B98AD334CFCEB9DB41A5F8F3730ACAE
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/css/error/base.20210512215551.css
Preview:@charset "utf-8";.@font-face{font-family:"Guardian-EgypTT";src:url("/assets/type/StagCyr-Light-Web.woff2?v=20210506") format("woff2"),url("/assets/type/StagCyr-Light-Web.woff?v=20210506") format("woff");font-style:normal;font-weight:300;font-stretch:normal;font-display:swap;unicode-range:U400 -4FF;ascent-override:96%;descent-override:23%;}@font-face{font-family:"Guardian-EgypTT";src:url("/assets/type/Guardian-EgypTT-Light.woff2?v=2") format("woff2"),url("/assets/type/Guardian-EgypTT-Light.woff?v=2") format("woff");font-style:normal;font-weight:300;font-stretch:normal;font-display:swap;ascent-override:96%;descent-override:23%;}@font-face{font-family:"Graphik Webfont";src:url("/assets/type/GraphikCyr-Regular-Web.woff2?v=20210506") format("woff2"),url("/assets/type/GraphikCyr-Regular-Web.woff?v=20210506") format("woff");font-weight:400;font-style:normal;font-stretch:normal;font-display:swap;unicode-range:U400 -4FF;ascent-override:92%;descent-override:22%;}@font-face{font-family:"Graphik W
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\beeswax-texture-YIR-6-a[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x300, frames 3
Category: downloaded
Size (bytes): 13149
Entropy (8bit): 7.940968349727128
Encrypted: false
SSDEEP: 384:woG6jTVtoKwG9xJrFP4uRY8BMwS+yIM+S5VzgaG:woG63oKwcxBFQuv6IzS8X
MD5: 85637E90E9A132F71954F5361E0FF1B2
SHA1: 7864BF7C7D4C7A7ACDEC25BBE10C5FE77BC56F6A
SHA-256: 44A211EBEDD1753E08AB35C3A48F8C72652C10854AFFCDE0295E9C3AC247EEDE
SHA-512: 7B064658C719778C3713461B945F10FC2975618D89293243D6113184B2D7025E8CCCC470FDEC4A1A472862DC321CCA3F5FCB14827EB9F0497E163138FB3B46D6
Malicious: false
Reputation: low
IE Cache URL: https://img0.etsystatic.com/site-assets/brand-refresh/textures/beeswax/300px/beeswax-texture-YIR-6-a.jpg
Copyright Joe Security LLC 2021 Page 16 of 55
Preview:......JFIF.....H.H..............................................................................................................................................,.,.."................................................)....u.#....../......B.x ...Ke.F...@;..e0...m.Y....h..<[email protected].'N.....S.i../.U...2..F..a..H.+...j.u.).............+.L./"Me..)n.g.......*G......D...OD.-./.9.8..=.+S5T.i...jdy.n}3.8.!..L....u,...$1).X.....|..s.00+.....s..R.,U)j.p+..s.,3...)..........dn.,mrL.>.%]l.m.]....z[vt.......}y.;..B.r.S.......=...v.t...W.D.0y.....ee.....}....>O...j\.,l.=&[email protected].~Q. .{p@.~2...6z......8...8S..2|......\Z....d.{B.[..!....?..1....g5...{....:.6.....c.z....../..|.. ....8..TR..............n.2...u....=.m..W3.m..[.r.(...X5~..q}U..[5.*.l*3.h.P|....w......o+.U.>.....Uu.....w....K...'.~g...h..2.....M......S.g]s.....2.-~{.M.wT.a..\.....T\...]...Cs..9-t;).......tnD..K.T.v<...N.>....;sm.Y..I.V...Ktf......x...l..T~a...f...-...!....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\beeswax-texture-YIR-6-a[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\embed[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 25226
Entropy (8bit): 5.512142196378094
Encrypted: false
SSDEEP: 384:hYRgyq+e8LUeupy46cOP4KWcXC9Aw/ihEEqXYC2kex7VhWpP6kbpSm/DdHg5r1:x+1Ie3bcLjSC3e8XH2G16Qdo
MD5: 9C4A973DB4F0206EB2F5030B0BD725D8
SHA1: 75BC8458A42E7CF1CA06F22578B629CC784164EF
SHA-256: 5367B985D0E7260BE2AD1A7DCF0578DA95C507BA93B57F0FACB134374FD4DA4F
SHA-512: 5453DB7A22E357B341AAC6564BCEFA4F51DAB3CBA91F43CB6D53AE31B524B071BD141B7B2A59C417849BB8F60796C42C44987FA40D67220F656EA64FAEA43E6B
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/player_ias.vflset/en_US/embed.js
Preview:(function(g){var window=this;'use strict';var tJa=function(a,b){var c=(b-a.i)/(a.l-a.i);if(0>=c)return 0;if(1<=c)return 1;for(var d=0,e=1,f=0,h=0;8>h;h++){f=g.Hn(a,c);var l=(g.Hn(a,c+1E-6)-f)/1E-6;if(1E-6>Math.abs(f-b))return c;if(1E-6>Math.abs(l))break;else f<b?d=c:e=c,c-=(f-b)/l}for(h=0;1E-6<Math.abs(f-b)&&8>h;h++)f<b?(d=c,c=(c+e)/2):(e=c,c=(c+d)/2),f=g.Hn(a,c);return c},x3=function(){return{D:"svg",.U:{height:"100%",version:"1.1",viewBox:"0 0 110 26",width:"100%"},S:[{D:"path",Mb:!0,K:"ytp-svg-fill",U:{d:"M 16.68,.99 C 13.55,1.03 7.02,1.16 4.99,1.68 c -1.49,.4 -2.59,1.6 -2.99,3 -0.69,2.7 -0.68,8.31 -0.68,8.31 0,0 -0.01,5.61 .68,8.31 .39,1.5 1.59,2.6 2.99,3 2.69,.7 13.40,.68 13.40,.68 0,0 10.70,.01 13.40,-0.68 1.5,-0.4 2.59,-1.6 2.99,-3 .69,-2.7 .68,-8.31 .68,-8.31 0,0 .11,-5.61 -0.68,-8.31 -0.4,-1.5 -1.59,-2.6 -2.99,-3 C 29.11,.98 18.40,.99 18.40,.99 c 0,0 -0.67,-0.01 -1.71,0 z m 72.21,.90 0,21.28 2.78,0 .31,-1.37 .09,0 c .3,.5 .71,.88 1.21,1.18 .5,.3 1.08,.40 1.68,.40 1.1,0 1.99,-0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\foxtail-jewelry-betsy-standalone.20190424142746[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2600x746, frames 3
Category: downloaded
Size (bytes): 42914
Entropy (8bit): 7.3307011223108995
Encrypted: false
SSDEEP: 768:4t3xdIcD2+FdOpbw/sXvrEzzMEoEiJp2ifnsweaoKA+VwSPW2:bg6w/GvzElYCKA+VwGN
MD5: D25071F9196E19FAF4CB0FEB622CA073
SHA1: 4807B26A6793D47B3645EA7B5C941BA17AEB2B05
SHA-256: 44ED5C78E20FE03B355EE5EBD5EA6369CB11ED55D4B4012534F71602F390CED7
SHA-512: 6D51D3198FFAEF1377DA6337A641A7A94A57D5627D9C76FB4179F67EDAD6C19E390748FB935682F179BC5F32BA32EDD8B2E058E503B046C032483114BE2041BB
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/foxtail-jewelry-betsy-standalone.20190424142746.jpg
Preview:......JFIF.............C...................... ....&"((&"%$*0=3*-9.$%5H59?ADED)3KPJBO=CDA...C...........A,%,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA........(.................................................................................;...................V..(.,[email protected].......@(,.X..(.....P............( .H...................!.. ..............T............".B... .......................... (...... ...........).......@,*[email protected]..*..............( .H..........B.........B!D@.................. ..@(..@...,.......................................@...@..........@.@(,*..........................( J.......(........@@D..............T........P *..`(X.@.......................... ......(...........3)@P........PXU...J. ).................).P@............ .. ...X..............*...)A@([email protected].............................@.......@......<=c.7.j.Z.}v5...RU...........X.....B...............P@..%..@ ..........@.@@.................T........P.(..A.P..............
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\foxtail-jewelry-shop[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 792 x 756, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 104539
Entropy (8bit): 7.97342927540746
Encrypted: false
SSDEEP: 1536:FSv8xXGnV80wOrrbReW8sHjdGcmmoNB17HALHDaFshZLnRs3IoW5P7xNz1/It3zU:MU12V80wOrrbkWP1toNB178tZMmPJKzU
MD5: 8E4342A651900D4004ACB37AB157F105
SHA1: D032D7B753FB852B31A7CA27550007486AF5890F
SHA-256: 8A19EC1CDA4B76EF9B1FF5D8624CE8E2D4DA98CEA7D06BA53EF3A8A2E2B27F85
SHA-512: A4A0550085938019588103FD5C5E1FBDABE3BBD36950ED3A225A40E61AF3507668F33C9D007EFB831E9BCB2D2B20EB9A87211E4EB149ED17B92DD28DC1894046
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/marketing-page/v2/foxtail-jewelry-shop.png
Copyright Joe Security LLC 2021 Page 17 of 55
Preview:.PNG........IHDR..............Ra.....PLTEmmm///***(((..................................*............................................................................................................................................................................................................................(1.",.......................?84./>............OIFC>;.........ICA....TNM82.......dq.5-&........%...........b^_lil.....{y|WSS.~.0(!utxpos[Y[...................ddh?4,...............J>3.........\I2...-#.............`WSyrn...kca....~r..................u..dV>tH...K.....Q..~.a..s.t.....dxk[.ucqaK.|<......tU2..uf9..bA.|S.|e..e..|U:$......w.^+.pS........l.......oB)..C-.-9B.R..b........S&..........9...u&... 9............<IP....9Y;Ur...|..d............`.....tRNS....Z.NN.Y.z.p^[email protected]........,IwAV.^.....o..}.^....JC.<.....y..T9[....d......@Tr.."{y....&3...Z.s@......*...iX.(...Nya...y6.D..*x...u..i...\...i\..-.@J
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\foxtail-jewelry-shop[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\moonrise-creek-lauren-standalone.20190424142746[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2600x746, frames 3
Category: downloaded
Size (bytes): 66530
Entropy (8bit): 7.670765517955433
Encrypted: false
SSDEEP: 1536:farI7V4W4ZSXo9pTmf2KwdV2NG6JMybXjGxQHmelMvrKHLaZRgpWKs:YI76W499pTO2KUV2/JMBx6memzKH8Rgy
MD5: AF093089B1B227A1EAB96F3C774D4382
SHA1: AFA8701E191F26E6DBFCB584E01AD6897BBDC6D9
SHA-256: 75F6579319E0322693E0823BC494B1B3C775A9C50AF2E4B71D13486A958DF435
SHA-512: 55BF132815CD88607B0C3FB1063547F7E408D27063F8226A657A58D0E9E10C59642752C64E0A706B7046295704CE24948CBE6D5ECA35F848D0EA2064C5A13161
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/moonrise-creek-lauren-standalone.20190424142746.jpg
Preview:......JFIF.............C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;........(..................................................................................N;..@.,..)KT..R..KV.&E...X..(...R.....(P................................................................................. ".... [email protected]"...S"...(.........d.dP...@..............................................................................@%....@+................. .<"([email protected])b...)@...D.J..........................................................................................a.b"...(H.!....!` .........aIJe..)j.E..).QV)iB.(.......U.J........................................................................................B.."...*D.P.)..a. "..@.(..... *..T.JZ.).j.\.Y..b..)[email protected]..(P................................................................................ ..,. 1.*......),H....!a........(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\overrides.20210511151213[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 383578
Entropy (8bit): 5.0717550310266795
Encrypted: false
SSDEEP: 1536:LVuR5v1fZI8KDt5Rxl3zF5IDH3Xsa3eMUmGJSGge5rTZUxuWKt5x2SAzSAMSAysN:Le1fZJvMoK7rzKI
MD5: 3C5A5157E3DF4789C307DFD2FB5F8574
SHA1: 093C00146A605D023851FC8AA64FE42989578319
SHA-256: 5703B91C7AE365C549E16DBC32AA9FB80988C4704093CCBFDDDF41149A456D9B
SHA-512: CBDDCC45B19BBAC45923C3339D89A60D984A4A436E2B22DDBD41CD373AD51BC0F105F2A20BAB2693B8001F44449964C482DCE86878AB7D9D3A6BA9D9C18755CB
Malicious: false
Reputation: low
Preview:@charset "utf-8";.@-webkit-keyframes web-toolkit-spinner-rotate{from{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg);}to{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg);}}@-moz-keyframes web-toolkit-spinner-rotate{from{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg);}to{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg);}}@-ms-keyframes web-toolkit-spinner-rotate{from{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:rotate(0deg);}to{-webkit-transform:rotate(360deg);-ms-transform:rotate(360deg);-moz-transform:rotate(360deg);transform:rotate(360deg);}}@keyframes web-toolkit-spinner-rotate{from{-webkit-transform:rotate(0deg);-ms-transform:rotate(0deg);-moz-transform:rotate(0deg);transform:r
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pattern[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 99440
Entropy (8bit): 4.814985884359433
Encrypted: false
SSDEEP: 1536:fAcKtDRJaiNoRoW565omTjIRpOmqQwbUuUEKMmUbkRLF3xfR1p01:fAbFJjIJqQwbUuUEKMmUbkRLF3xfRT01
MD5: C15AD43B209F44A8BE97470BB6CBDED2
SHA1: 8B448355EB4B5F9F066CD5207A7E7A2CD394E66A
SHA-256: 7AC7FDDD1FD1FE1AD693F5AC7A10F90174C366453010A269052AC9660676F2E9
SHA-512: 1D88302050B9E0B7ADE6868B1EE1AF316F8694B8D258A13F8E1BC681E06753B7D3DCEAF91A5D06A38E92C76C1B7173AF2EEBC55D6C21987728B2504B16BB51FB
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 18 of 55
Preview:<!DOCTYPE html>.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US". xmlns:og="http://ogp.me/ns#". xmlns:fb="https://www.facebook.com/2008/fbml". class="ui-toolkit". >.<head>. <meta http-equiv="content-type" content="text/html; charset=UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=1024" />. <meta name="X-Recruiting" content="Is code your craft? https://careers.etsy.com" />. . <meta name="pinterest" content="nosearch">. <meta name="csrf_nonce" content="3:1621431566:ooN5fQ0LghuBpdrVCCtwU0FxCUob:eaf4edeaacd3236a639c5261974f191a128719cac6f271d1b425f1b5d2aea264" />. <meta name="uaid_nonce" content="3:1621431566:OTCrbM258SY2iRD2DXSY-VpjaBWE:d49a8bfe1d40eb283ae2bcbc2d9f85ad2b9e583b2271ae5fddd6e2bbc44389a3" />. <meta property="fb:app_id" content="89186614300" />. <meta property="og:site_name" content="Etsy" />. <meta property="og:locale" c
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pattern[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\polyfill.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: downloaded
Size (bytes): 82752
Entropy (8bit): 5.292078224567017
Encrypted: false
SSDEEP: 768:g+x/DnBqhoBVDahILVNHM24OoE/IUK+aS+12Zl/7bn+yLYOYmfQ01MRP+F/cTxkX:Zr7LI2KOK+XDlexyQ01MRooGZvOxcFn
MD5: 21E46A4326AAA1B9C15C4B24CC059829
SHA1: 445819D62C08DF1080A652501202D7AAB74891E2
SHA-256: C01F1C3D2F3DAA1278B267AB2812AD03776908E9FC56D918D9BB9C6A5B4D4596
SHA-512: C90CD2B56AC55801E56C167F9F2F38259246844F4C61365F75DBACA028922729CDD26CADA5AA0FB5B869AEBA72B593C114B932E61DAC06A8B768AD735C21016F
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/paula/v3/polyfill.min.js?etsy-v=v2&flags=gated&ua-hash=f27a70fef65ab50236291e1635e268f3&features=Array.from%2CArray.of%2CArray.prototype.@@iterator%2CArray.prototype.copyWithin%2CArray.prototype.fill%2CArray.prototype.find%2CArray.prototype.findIndex%2CArray.prototype.flatMap%2CArray.prototype.includes%2CCustomEvent%2CElement.prototype.classList%2CElement.prototype.matches%2CElement.prototype.remove%2CMap%2CNodeList.prototype.@@iterator%2CNodeList.prototype.forEach%2CNumber.Epsilon%2CNumber.MAX_SAFE_INTEGER%2CNumber.MIN_SAFE_INTEGER%2CNumber.isFinite%2CNumber.isInteger%2CNumber.isNaN%2CNumber.isSafeInteger%2CNumber.parseFloat%2CNumber.parseInt%2CObject.assign%2CObject.entries%2CObject.getOwnPropertyDescriptors%2CObject.is%2CObject.preventExtensions%2CObject.setPrototypeOf%2CObject.values%2CPromise%2CPromise.prototype.finally%2CRegExp.prototype.flags%2CSet%2CString.fromCodePoint%2CString.prototype.@@iterator%2CString.prototype.anchor%2CString.prototype.codePointAt%2CString.prototype.endsWith%2CString.prototype.includes%2CString.prototype.padEnd%2CString.prototype.padStart%2CString.prototype.repeat%2CString.prototype.startsWith%2CString.raw%2CSymbol%2CSymbol.hasInstance%2CSymbol.isConcatSpreadable%2CSymbol.iterator%2CSymbol.match%2CSymbol.replace%2CSymbol.search%2CSymbol.species%2CSymbol.split%2CSymbol.toPrimitive%2CSymbol.toStringTag%2CSymbol.unscopables%2CURL%2CWeakMap%2Cfetch%2Clocation.origin%2CmatchMedia
Preview:/* Disable minification (remove `.min` from URL path) for more info */..(function(self, undefined) {var _DOMTokenList=function(){var n=!0,t=function(t,e,r,o){Object.defineProperty?Object.defineProperty(t,e,{configurable:!1===n||!!o,get:r}):t.__defineGetter__(e,r)};try{t({},"support")}catch(e){n=!1}return function(n,e){var r=this,o=[],i={},a=0,c=0,f=function(n){t(r,n,function(){return u(),o[n]},!1)},l=function(){if(a>=c)for(;c<a;++c)f(c)},u=function(){var t,r,c=arguments,f=/\s+/;if(c.length)for(r=0;r<c.length;++r)if(f.test(c[r]))throw t=new SyntaxError('String "'+c[r]+'" contains an invalid character'),t.code=5,t.name="InvalidCharacterError",t;for(o="object"==typeof n[e]?(""+n[e].baseVal).replace(/^\s+|\s+$/g,"").split(f):(""+n[e]).replace(/^\s+|\s+$/g,"").split(f),""===o[0]&&(o=[]),i={},r=0;r<o.length;++r)i[o[r]]=!0;a=o.length,l()};return u(),t(r,"length",function(){return u(),a}),r.toLocaleString=r.toString=function(){return u(),o.join(" ")},r.item=function(n){return u(),o[n]},r.conta
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\site-chrome.20210512215551[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 267944
Entropy (8bit): 5.146692225497317
Encrypted: false
SSDEEP: 1536:l0i5agoS/pv9nJvlHYCki3NF8rgnQGg4YAL5aEb40xN8htbcIXPyzZMnezkP5NKl:oDAL5aEb4wkPCdTuewuT/HYIKuZF
MD5: A8824FC0A9C4347F5EC6BAAC8FF5B65B
SHA1: D6588981EC528F43F360C8B069443645AECA2729
SHA-256: EE7B264C2BB946883D1A04B2D44DFB5AA58835CE1C34AA2EA53A55AEE1986A6D
SHA-512: 4B039E284C8C293B888074571767BAA341B34B07789FC720052013B5FAA1C79B9E5B54EBA982C7F499085BA932307F8EEC3FF188014F847214626EAB597C15B2
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/css/site-chrome/site-chrome.20210512215551.css
Preview:@charset "utf-8";.@font-face{font-family:"Guardian-EgypTT";src:url("/assets/type/StagCyr-Light-Web.woff2?v=20210506") format("woff2"),url("/assets/type/StagCyr-Light-Web.woff?v=20210506") format("woff");font-style:normal;font-weight:300;font-stretch:normal;font-display:swap;unicode-range:U400 -4FF;ascent-override:96%;descent-override:23%;}@font-face{font-family:"Guardian-EgypTT";src:url("/assets/type/Guardian-EgypTT-Light.woff2?v=2") format("woff2"),url("/assets/type/Guardian-EgypTT-Light.woff?v=2") format("woff");font-style:normal;font-weight:300;font-stretch:normal;font-display:swap;ascent-override:96%;descent-override:23%;}@font-face{font-family:"Graphik Webfont";src:url("/assets/type/GraphikCyr-Regular-Web.woff2?v=20210506") format("woff2"),url("/assets/type/GraphikCyr-Regular-Web.woff?v=20210506") format("woff");font-weight:400;font-style:normal;font-stretch:normal;font-display:swap;unicode-range:U400 -4FF;ascent-override:92%;descent-override:22%;}@font-face{font-family:"Graphik W
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tr[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 44
Entropy (8bit): 2.8317663774021287
Copyright Joe Security LLC 2021 Page 19 of 55
Encrypted: false
SSDEEP: 3:CU9yltxlHhn:mn
MD5: B798F4CE7359FD815DF4BDF76503B295
SHA1: F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5
SHA-256: 10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
SHA-512: 921944DC10FBFB6224D69F0B3AC050F4790310FD1BCAC3B87C96512AD5ED9A268824F3F5180563D372642071B4704C979D209BAF40BC0B1C9A714769ABA7DFC7
Malicious: false
Reputation: low
IE Cache URL: https://www.facebook.com/tr?uuid=1621431566&id=114623403312281&ev=PageView&ud[em]=%27%27%22
Preview:GIF89a.............!.......,...........D..;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\tr[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\www-player[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 367191
Entropy (8bit): 5.243557921699515
Encrypted: false
SSDEEP: 1536:BDQI0irpHrpj/fn8Mq5G0jDrzltP3Su3EMFfybOP5FRrDJciM/ByDE4E6D6S7eTd:T4Drzz1tg9yxjFLk
MD5: B9A049D5C70532CA5A9CFCA92B81BC18
SHA1: DFCCB8882978F6CFABDAF01C7C3FCD49E83AB72B
SHA-256: A58A43E1391BA6B40E4E1187A1A09415CDD8099D29D6DEDB5926B949786A241B
SHA-512: 1BBCD81634CD767D80712F6652E85270442225AE0C7A244EACF9E695F37A376C9DB196F161A77E9CB0E352B44B9DFEC48F2F6C9EC177CD2A207ED0A904FF06CE
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/www-player.css
Preview:.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Graphik-Medium-Web[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 45868, version 0.0
Category: downloaded
Size (bytes): 45868
Entropy (8bit): 7.989236558154739
Encrypted: false
SSDEEP: 768:KKbXZW4A38zR4WEwwjxNOpc84x7/39hZ0kkBRZ+NyiK0/oCt6TKT4Vu50R:fZWfAWRNoc84R9hZFyRZ+NxKsoCoTKTa
MD5: 3BDC9671ADCA3867691F1C2C04F743F7
SHA1: FA8B6F20F58482DACF232AEFADF45B0F66E68B35
SHA-256: ADEE39E67BA516CA0305E4D54D42FD8CC5116529BA9039642C4EC1814E45351E
SHA-512: 953AE54283B10A44889064604D6CEC0347E2F08A6FCAB266085B511D6D1BA6F3ED0A2100DB63D91A0847B2F5B346C0C3D61D25827191CACC11FD89641D21F6BF
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/Graphik-Medium-Web.woff
Preview:wOFF.......,......t........$....... ........GPOS...x..#_..\(.I&.GSUB.......L...P.-..LTSH..............].OS/2...$...U...`f.sHVDMX...D............cmap........... . ..cvt .......T...T....fpgm...|...;....w. .gasp...l............glyf...l..f.....*Q.hdmx........... ....head.......6...6.j.khhea.......!...$....hmtx...|.......Pc.W.loca...T.......*...maxp....... ... .2..name..}H.......+..).post.......~.....@`.prep.......G....x#j=........{..._.<.........................n.c............x.c`d``......2...I.<...2`...|.............d...\...............0....x.c`f.e..............B3.e0b....fcffbbcb..3 .g.__.....LL7..100w2\Q``...c.f:........3...x..Mh\U...sn%...I.ib.&.d...4Qci......R!.D.[]..............."..F.)...qe.)b..'..h.(A..srn..]........V.wc..j;.VsCM.eU....mIy;....g..~.Zc..?k...N.*.6M.&e.Q..T..S.\R.....2QF{.j.5..c.J.....1.Uof4`2.2..U..z..0..vV..55.Z..6..{Z...:LN#..{..wi.r.nVC........5.~.,@......q...2w...,.. .C..~&.E...;.{.W*...+...c.9.8..t.,....[.[.Y..........y.|....?.o.u."
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Graphik-Regular-Web[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 42372, version 0.0
Category: downloaded
Size (bytes): 42372
Entropy (8bit): 7.988786064172614
Encrypted: false
SSDEEP: 768:rqTGVeA9uQVe6A8o2ialSbviOsm+2lLruDWdVAMYNSuRMtdVx:xJR1o0wbvi3m+4/gWrALNSmMdx
MD5: BE8BBBF342A020BD5F0D2E7B1FF63BF4
SHA1: BB0820D0576C9ED9ABF89299566A1D1BE7E05DA2
Copyright Joe Security LLC 2021 Page 20 of 55
SHA-256: CA40D291ADF66E0C74FD9B2777A434C222522BDD1ED18548600FF3AF3F2EDC7A
SHA-512: 83439B5DFB47FD1B08182D3BBD0467C98BD23D1228B1DA513A217FC0C95AA9FE0694A3AE81A51FF2B852E5AEE553F5153220A8C66970E745BF9860A55AF3C355
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/Graphik-Regular-Web.woff
Preview:wOFF..............c8.......|....... ........GPOS.......\..J...8BGSUB...(...Q...f..LTSH............g..OS/2...$...U...`e.r=VDMX...............;cmap...<...q.......!cvt .......L...L.F..fpgm.......;....g.\.gasp................glyf...d..c7...?I..hdmx...\....... x...head.......6...6.. .hhea.......!...$....hmtx...|.......PLHr.loca...L.......,.W&.maxp....... ... .3.Aname..y........+..C.post..|@........hTW.prep...............6........w..#_.<..........u........... .$.J.Y............x.c`d``......R._.....P..0...x.............d...c...............x....x.c`f.b..............B3.e0b....feffbbcb..3 .g.__.....LL7..100w2\Q``...c.f:......!.....x..mH.U.....1..(3..j>?_.WMD7m.:.....2u..9.d..U.A.Fo...c...U..._E.A.bD....^U....t..s..f..~.....{[email protected].....{B.vEM....Y...U...3..."..}.q.K#fK........+..... ..Y. ...3!-...h._...r....gR.5......;.....O....?..;..sJ..\.l.....]&.C.V-.F.0g...P..W..)j.5...\.9...s.}..{=.7...Z..z....*..Ua..De..[j&...v..6\U5..3..k_.N
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Graphik-Regular-Web[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\GraphikCyr-Medium-Web[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 16067, version 0.0
Category: downloaded
Size (bytes): 16067
Entropy (8bit): 7.96210967605791
Encrypted: false
SSDEEP: 384:z3m8f/nk6PATXxIGUUtxxAl/PImtpp4b0qgw:zrHnnZOWl/Amt/Vw
MD5: 01693C125B86DF3794E7ECD83273663A
SHA1: 304370F734C0A08A8309DF1EB6003C412C4C74EF
SHA-256: A7C882A2C8273A39129EE7208DF0379C14C4AA2627F75EDAA700D8535771BE9E
SHA-512: ADBE5D29AFCDC4A9C1BFB955A68FD68F9F8200ACA6FCEA06142E87DA0DA2477E2705E301C6A378FED2D87AE51285F4BF9505BD6FF48C789D8F9E73AC7F2A4680
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/GraphikCyr-Medium-Web.woff?v=20210506
Preview:wOFF......>...............=.................GPOS..6....V....F.MGSUB..=$........F.E.OS/2.......T...`l...cmap.......K...dG.L.cvt .......H...H....fpgm...8.......s.Y.7gasp..6.............glyf......,...ax....head...l...6...6...hhea...........$...whmtx...8............loca.......D...D....maxp....... ... ....name..4$..........Epost..6........ ...2prep...<...N.............Uq.._.<..................A.....n.c............x.c`d``......2...I.<..*X..}...........d...\....................x.c`f2a..............B3.e0b....fcffbbcb......../........z....W.........N3(.!.....|x.=...^A...v_m.m.m...j....Qm.n.....d.....gJ...`WT.6..=Su.J.......*k.......1[...E....jb5T...uT..G....e.....T>...p..!.G6V...^..rh>B{..:...U@[email protected]{......../p.....&.z...V.....U....7..z<?*mg.....d'.....5.o.d ...>.?.tR..Sy...'.....9u...fm.....?\.#[email protected]._.w.G...x#u.n.C..&....^...~j.H%....Z%C..>.GD....m...w....w....!.QQk...*....Gml.8/K.#.jw|?<...\.El.SU..s......4o.8..F...P.|..C.}T(.=.R.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\GraphikCyr-Regular-Web[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 15843, version 0.0
Category: downloaded
Size (bytes): 15843
Entropy (8bit): 7.959552562019395
Encrypted: false
SSDEEP: 384:8y+j41FrZ+2g334bIODM+iLIgosIHe6WtHZ9kpq3w:8j81FQ2gI1YIgosCe6Qbw
MD5: AFA5D87184F66779C0403BAEFDEDAEAB
SHA1: 34C17F3758355A7DCCD4268247B501A8A9F842FF
SHA-256: D5831ADA7F5B7E2A195606608604B424259A16CD9E2C866A8A1763AFAAD5D6D7
SHA-512: C5ACB501A8C5581F84160893C752E8244B39A2AB76FDFEE0791504AD94B33FE7B372434A609FE82BA803AD79286E89CCAA8CCCAA47A173FAD27957A999A1EA1C
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/GraphikCyr-Regular-Web.woff?v=20210506
Preview:wOFF......=...............<.................GPOS..6....).......GSUB..<D........FzE.OS/2.......T...`k..scmap...h...K...dG.L.cvt .......H...H.F..fpgm...........s...7gasp..6.............glyf...p..*...c.tC./hdmx.......[........head.......5...6..G.hhea...........$...`hmtx...L........~w%~loca...,...D...D0.H!maxp....... ... ...Aname..3p........:..Bpost..5........ ...2prep.......(...x.K..x.c`d`....s...6_.$._0...R...}g.+....UX.X".\N.&.(.K......x.c`d``......R._....P..,..yx.]........d...c...............x....x.c`f.`..............B3.e0b....feffbbcb......../........z....W.........N3(.!..sY..x..Q...A....m..`x.m{....S....p..1.m.S...?iz..k..o~.}&..<.".`.?..].g.L.7.Q.u.e......mA.[..=.6..........=.c.p.B.|S.wi).b*..m...`./' .u.He...)..u&V...?s.%.....)6T.E.}/.h.... ...S.Yn...\.JDs...+..3.$~*...n....\.=.ikQ...Si..a....w.js!...E>>.5..N.Z.`...q.......h.....8...@.+........UN.....1..RF ......l..c._.8e....F.........5..a.<.8..i.2i..G./..u....$eW"....}....PJ.....O.d...9:....E.y.....!.>.g..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\K68K26xqWd0[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 50526
Entropy (8bit): 5.818058192701158
Encrypted: false
SSDEEP: 768:ayK7f2Dan8V/W0FNPzisJWBczXzeGTS4MhXT+uodFBRdZhymZ1LnC:4XkzOczyv9XTKhyqnC
MD5: A839383C8A956F39A582F193B3F8AC29
SHA1: 7D60996FA44B57050DD4594DE6800F51EFB1E3DF
SHA-256: 8F3AB9195284BA5DF622D4EF1F9AA795FE10CC620934CDCF8BCAB22B3E510568
Copyright Joe Security LLC 2021 Page 21 of 55
SHA-512: 3A10D5210F6092C56349D72B2265194D992F69B764CED36AA99E41CC4CA032498247F60C7DDECAB02672B1879C0FA4FF83E5A4397C59347CCC7D02B4F261CD75
Malicious: false
Reputation: low
Preview:<!DOCTYPE html><html lang="en" dir="ltr" data-cast-api-enabled="true"><head><meta name="viewport" content="width=device-width, initial-scale=1"><style name="www-roboto" nonce="Fu5wBb1aQBXdAdVQ0T6ZNA">@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)format('woff');}</style><script name="www-roboto" nonce="CKCNBNpjCR/i1AsRqCB0mg">if (document.fonts && document.fonts.load) {document.fonts.load("400 10pt Roboto", "E"); document.fonts.load("500 10pt Roboto", "E");}</script><link rel="stylesheet" href="/s/player/fba90263/www-player.css" name="www-player" nonce="Fu5wBb1aQBXdAdVQ0T6ZNA"><style nonce="Fu5wBb1aQBXdAdVQ0T6ZNA">html {overflow: hidden;}body {font: 12px Roboto, Arial, sans-serif; background-color: #000; color: #fff; height: 100%; width: 100%; overflow: hidden; position: absolute; margin: 0; padding: 0;}#player {width: 100%; height: 100%;}h1 {text-align: center; color: #fff;}h3 {margin-top: 6px; margi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\K68K26xqWd0[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\activityi;src=8666735;type=count0;cat=etsy_000;ord=1;num=1982017633415;gtm=2wg5c1;auiddc=1619319603.1621431568;~oref=https___www.etsy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: downloaded
Size (bytes): 833
Entropy (8bit): 5.250526517999166
Encrypted: false
SSDEEP: 12:hnMQbwuOaxyCkv4AKbPhPJmIOIqJmronuWcaAYWx0tWdFWdcS8mcMrH77rTe4vRI:hMiRO9Chw3xuWcgWwWdFWrqMP7rSMRI
MD5: A49EB0AF8B8334BF714C5BCA1C6B9978
SHA1: 36B47810D872D1BFCD294CEBD33FF235CBDB20CA
SHA-256: 58A5A4CDA2F0E4E707E6096ACC3584D45A2535732374938B9A2725D792BE4A51
SHA-512: 4BEAEAB70CCA805D1919D0F3A80BF6C1B5DEE5C9C2A60E3350B562750E9AA0EA65A25B9DE067D33BAD70A751825BFA40FAA90EB6928CA722BAB3EC3CA5CC3BA4
Malicious: false
Reputation: low
IE Cache URL:https://8666735.fls.doubleclick.net/activityi;src=8666735;type=count0;cat=etsy_000;ord=1;num=1982017633415;gtm=2wg5c1;auiddc=1619319603.1621431568;~oref=https%3A%2F%2Fwww.etsy.com%2Fpattern?
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><script src="https://js.adsrvr.org/up_loader.1.1.0.js" type="text/javascript"></script>. <script type="text/javascript">. ttd_dom_ready( function() {. if (typeof TTDUniversalPixelApi === 'function') {. var universalPixelApi = new TTDUniversalPixelApi();. universalPixelApi.init("r09jr34", ["c6e9qnb"], "https://insight.adsrvr.org/track/up");. }. });. </script><img src="https://adservice.google.com/ddm/fls/z/src=8666735;type=count0;cat=etsy_000;ord=1;num=1982017633415;gtm=2wg5c1;auiddc=*;~oref=https%3A%2F%2Fwww.etsy.com%2Fpattern"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\analytics[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 49153
Entropy (8bit): 5.520906949461031
Encrypted: false
SSDEEP: 768:/yR3fYFBLbfs5sP5XqY3TyPnHpl1WY3SoavFVv6PU+CgYUD0lgEw0stZM:/y9gZfl5h3UHpaY3SoRCw0sk
MD5: 6DF1787C4BE82D1BB24F8BFFA10C7738
SHA1: 3634E839429E462E49C5F42B75FBFB4BA318AF6D
SHA-256: 2CB09C7B3E19BFC41743CA3624EF81C3258D56525647FEAC76AA757E0292627A
SHA-512: CB3CE2BCEB61F390298C21E470423CCEB6DD93E648A7DD0467195B11FEF30BF7A086DFF47C4494E2533498D1448C1A22AAB1414C14FD73278F1C92E0F7BC3F94
Malicious: false
Reputation: low
IE Cache URL: https://www.google-analytics.com/analytics.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q={},r=function(){q.TAGGING=q.TAGGING||[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListener(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\core[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 1142
Entropy (8bit): 5.053891853697797
Encrypted: false
SSDEEP: 24:Xcw6BmAVFGa94c6o/dmSdHlc4/1zJ96I6ak5TSVHZxkRWZor6D6L:MdVie/dVdZg/akQCwgv
MD5: BD6BC0EE8C67107934EF9487B4AFC41D
Copyright Joe Security LLC 2021 Page 22 of 55
SHA1: 4163AD299354A6AACB26D08B4F147F1939BA0B3D
SHA-256: 337C5824E8502220398B84BA82AC409C2139BEBA4083B7F9D430911F6038B69F
SHA-512: A5D160D0E63C5B29A7E583665CCDDFC32CB4D962AFE69696A65CDB3397B8B42232B1A928FE7BD9111C8F7C03DEE77DF83B56B84F6263FA3EF0DCC6231D04E497
Malicious: false
Reputation: low
IE Cache URL: https://s.pinimg.com/ct/core.js
Preview:!function(e){var r={};function u(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,u),t.l=!0,t.exports}u.m=e,u.c=r,u.d=function(n,t,e){u.o(n,t)||Object.defineProperty(n,t,{enumerable:!0,get:e})},u.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"e",{value:!0})},u.t=function(t,n){if(1&n&&(t=u(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.e)return t;var e=Object.create(null);if(u.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var r in t)u.d(e,r,function(n){return t[n]}.bind(null,r));return e},u.n=function(n){var t=n&&n.e?function(){return n.default}:function(){return n};return u.d(t,"a",t),t},u.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},u.p="",u(u.s=0)}([function(n,t){!function(n,t){var e=n.createElement("script");e.async=!0,e.src="https://s.pinimg.com/ct/lib/main.174
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\core[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category: downloaded
Size (bytes): 4286
Entropy (8bit): 2.5369531650259916
Encrypted: false
SSDEEP: 12:Gvj/5R1HUzxAW86tdQ810uQ8SKt8jdyMdldJdJdV81S808NJ1K8u8wyAUUzmMBVl:G7eeq6u3cnN9
MD5: 334646AD0308B69A24FF4D607C193DD0
SHA1: B5169F56AA13767F13E14AE2DA83460E1F73E8EC
SHA-256: BF449CCEA57C0FE1C3491B0CA5B4EA71CEE4017A50324C8A51633EEFB11E85ED
SHA-512: 6C36626CCDBDE7FCE81509AB2D5A16485F2E530D70B26A0E8651318954A2454F44A7471025914AA2DCADBB1269C6A0F0564DADD50099C409C8FD8FDC4E2532B2
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/favicon.ico
Preview:...... .... .........(... ...@..... ...... ...................d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d...d..................................................................................8....d...d...d...d...d...d...d...d...d...d...d..k...............................................................................Q....d...d...d...d...d...d...d...d...d...d...d...d...d...k..................k....k...d...d...d...d...d...d...k..Q...............k....d...d...d...d...d...d...d...d...d...d...d...d...d...d............
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\gtm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 261206
Entropy (8bit): 5.515362102009047
Encrypted: false
SSDEEP: 6144:psKCiDJZR3qd/ltR8uVguDXujvuyIueIuo9uzZwA99Y7q1s2Htqacj:yG+X8f
MD5: B7CB520F4B9E899FC6BBD597C59F8253
SHA1: 66D6863C451CB82636FA1CE93E764BEC5415CBD9
SHA-256: 6F3D8B888599885C8C86D4512AE55B6AFBCAE1DFE65CA1362DF4595BAAEFB998
SHA-512: 1C9CB3F50DA653B6378C5E87CC49ABF02C034BFC2E124015238E2CD407BDCF99160EBB555D93505F53D60AA44725437E5795B49F4C89569845C50EE13102853F
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-KWW5SS
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"411",. . "macros":[{. "function":"__v",. "vtp_name":"eventCategory",. "vtp_dataLayerVersion":1. },{. "function":"__v",. "vtp_name":"eventAction",. "vtp_dataLayerVersion":1. },{. "function":"__e". },{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"eventNonInt",. "vtp_dataLayerVersion":1. },{. "function":"__v",. "vtp_name":"eventLabel",. "vtp_dataLayerVersion":1. },{. "function":"__v",. "vtp_name":"eventValue",. "vtp_dataLayerVersion":1. },{. "function":"__c",. "vtp_value":"auto". },{. "function":"__c",. "vtp_value":"34186700". },{.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\habitables-manuel-standalone.20190424142746[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2600x746, frames 3
Category: downloaded
Size (bytes): 69056
Entropy (8bit): 7.786353861760679
Encrypted: false
SSDEEP: 1536:Nw3G9HqdAz9MDHY3Uha53F/BUPzF4ouxHBY/QhLkJatfDRLPpK:NmY2s93PUPKnHm/QIOV4
MD5: E8A1C46F7A81EC5BAA129B1604081D4E
Copyright Joe Security LLC 2021 Page 23 of 55
SHA1: 0F48D2E58F9D44AA400F8057B80D6ADC4E00E30F
SHA-256: 220AD40F4F411F60BDEB4C055B17C65708E04F702A05981A46E7E1FCCA5C0FD1
SHA-512: D61A250E65DE361A5623EF1FD7C0DBBE6A775683E89DF59636B61D0FE0773BA98C4FE842BD6631FC47204E5C5F8B52DBC75F765848B1CA04A63F169687D755BE
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/habitables-manuel-standalone.20190424142746.jpg
Preview:......JFIF.............C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;........(.................................................................................... ..@[email protected] .P...-.........T(......P(..............(........... .@ ,...(..PU.)......,B. .....(....................... .. ....*.I....R...A..%$.........P([email protected]...@Q".(,..j2...B..@......@..............".......... .@ ,...(...J".....@.........(...P...................... .h@ .. ".,.P.....RR.*@...P..@[email protected]@.P....P...-.e.T*..E..*..HP...P*..*............P..........R.......".d......5.J..e.. !.D...(...@...(..................KB..... ..J.I.....@HT ...)..........R%Q..D............(..2.P.VJ....E..(.@.(.......P...............@...)....`...EJ..().{>fk............Y...B..) [email protected]...... .BP.A...Q.$*.R,..H ..E ..J....P. ............D(......U..%.(.!@*..@......(.........U.................H.*.....|._.....t..n.i.Yz5...>.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\habitables-manuel-standalone.20190424142746[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ktag[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: C source, ASCII text, with very long lines
Category: downloaded
Size (bytes): 12096
Entropy (8bit): 5.508987121724822
Encrypted: false
SSDEEP: 192:7KBb/rD8e81I4c9JAer6AkNnSbToc3fqFhHr51FvH/lGPMfuu6FHtl/sfcZd90U+:7QHA5ASITZ3qFPtdepFHt1sfcZd90Uby
MD5: 194C8D61DF851FC78058367E9E0B3759
SHA1: ED2A531F6121769FCEC3098BFDAEB7C89D458BCF
SHA-256: 8C5F4006B343F0B4AEEBFF7CDC5FDE3AB0EC012AA124C3457E3CE326A15F72F1
SHA-512: 3C0BAF26C6BE6CBD574756FB1A2D1DB933B9F56D03839B499BBD328A9BD38D2B64689B742BC74848B8472886E164223646BD03743E64914D6FA2AD2C28B5F640
Malicious: false
Reputation: low
IE Cache URL: https://resources.xg4ken.com/js/v2/ktag.js?tid=KT-N3E88-3EB
Preview:/* ktag.js - 2021-04-12 */.var Ktag_Constants=function(){return{KENSHOO_GCLID_NAME:"ken_gclid",GOOGLE_CLICK_ID_PARAM_NAME:"gclid",BING_CLICK_ID_PARAM_NAME:"msclkid",DOMAIN_DEVICE_ID_COOKIE_NAME:"ken_xd",NO_PUBLISHER_CLICK_ID_PARAM_NAME:"npclid",AMP_CHANNEL_CLICK_ID_COOKIE_NAME:"ken_amp_gclid",AMP_LINKER_PARAM_NAME:"linker",CUSTOM_DOMAIN_TRACKING_COKIE_NAME:"ken_hgclid",UNIVERSAL_CHANNEL_PARAM_NAME:"kclid",UNIVERSAL_CHANNEL_COOKIE_NAME:"ken_uc"}}(),Ktag_Toggles=function(){return{isCrossDevice:function(){return!1},isSendCrossDeviceMatchEvent:function(){return!1},isParseAmpLinkerParameters:function(){return!1},isUseNpclid:function(){return!0},getCustomDomainTrackingDomains:function(){return""},getCustomDomainTrackingUrl:function(){return"https://kmeasure.{domain}/v1/cookie?name={name}&value={value}&max_age={max_age}"},isSupportFloodlightTag:function(){return!1},getFixelId:function(){return""},isDummyEnabled:function(){return!0},isDummyDisabled:function(){return!1},isDummyEnabledForDummyTi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\main.174fc5ea[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 49602
Entropy (8bit): 5.564618097626608
Encrypted: false
SSDEEP: 768:Er5fbKpllNuDrCrDFhohKwcXfX7GYK76BrBh4IlmlSu9irrseDbcF4xEYie1aHrz:5NuyFhoAwtYbFu9i0xWxEY5g/qk
MD5: 289234684434963E2B1FF6D168C53430
SHA1: 28B1FD0B3D3DD4D504E06C124A432ECAACE3EAB6
SHA-256: 1A6D2C0675A46C16261AB620E5EDA102FDFB5D085391347DB3306BF872A90664
SHA-512: FE557AAFB0D42E28BAAA29E1838D90BF321016AF44E90518E10A3F00D37F72D4DFE92AA1AAF7588CB61AF0DF203CCBBB1A201D9BBF6D985E6F379CB553E98E85
Malicious: false
Reputation: low
IE Cache URL: https://s.pinimg.com/ct/lib/main.174fc5ea.js
Preview:!function(r){var i={};function e(t){if(i[t])return i[t].exports;var n=i[t]={i:t,l:!1,exports:{}};return r[t].call(n.exports,n,n.exports,e),n.l=!0,n.exports}e.m=r,e.c=i,e.d=function(t,n,r){e.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:r})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"u",{value:!0})},e.t=function(n,t){if(1&t&&(n=e(n)),8&t)return n;if(4&t&&"object"==typeof n&&n&&n.u)return n;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:n}),2&t&&"string"!=typeof n)for(var i in n)e.d(r,i,function(t){return n[t]}.bind(null,i));return r},e.n=function(t){var n=t&&t.u?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},e.p="",e(e.s=5)}([function(t,C,n){"use strict";(function(t){var i=n(15),o=n(16),s=n(17);function r(){return c.TYPED_ARRAY_SUPPORT?214
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\remote[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 99888
Entropy (8bit): 5.4457422922969645
Encrypted: false
SSDEEP: 3072:NR9Y3T3qOHdKGIt+CtqvARzJgbYLDPJvya21UAGH0Uebu:O3TRHdKGIgCgoRzJgbYLDPJvya21UAG7
Copyright Joe Security LLC 2021 Page 24 of 55
MD5: 9FF29E7885E6E98664A5B00270EB68C8
SHA1: F3ABAB45DB77051DC73BD49BDF5CE831759D4BC0
SHA-256: 187B2130CDD7857365F314352097DD414D0BEA425B98DFB3D0423D7D184D6197
SHA-512: 3D786C1462B36316763B9E5290C82B77FC9D755A13798FA851BC78BFA1AD4AEBA49AFF9A4A04ECDA51BA4AC3EC8A52E7087A7F30AB0716DA9CE29BB2211149D3
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/player_ias.vflset/en_US/remote.js
Preview:(function(g){var window=this;'use strict';var uKa=function(a,b){return g.Lb(a,b)},vKa=function(a){if(a instanceof g.Wi)return a;.if("function"==typeof a.yh)return a.yh(!1);if(g.La(a)){var b=0,c=new g.Wi;c.next=function(){for(;;){if(b>=a.length)throw g.Fn;if(b in a)return a[b++];b++}};.return c}throw Error("Not implemented");},wKa=function(a,b,c){if(g.La(a))try{g.zb(a,b,c)}catch(d){if(d!==g.Fn)throw d;.}else{a=vKa(a);try{for(;;)b.call(c,a.next(),void 0,a)}catch(d){if(d!==g.Fn)throw d;}}},O4=function(a,b,c){a.l.set(b,c)},P4=function(a){O4(a,"zx",Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^g.Ra()).toString(36));.return a},Q4=function(a,b,c){Array.isArray(c)||(c=[String(c)]);.g.Ym(a.l,b,c)},xKa=function(a,b){var c=[];.wKa(b,function(d){try{var e=g.Vn.prototype.l.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.Un(e)&&c.push(d)},a);.return c},yKa=function(a,b){b=xKa(a,b);.g.zb(b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\remote[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\tr[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 44
Entropy (8bit): 2.8317663774021287
Encrypted: false
SSDEEP: 3:CU9yltxlHhn:mn
MD5: B798F4CE7359FD815DF4BDF76503B295
SHA1: F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5
SHA-256: 10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
SHA-512: 921944DC10FBFB6224D69F0B3AC050F4790310FD1BCAC3B87C96512AD5ED9A268824F3F5180563D372642071B4704C979D209BAF40BC0B1C9A714769ABA7DFC7
Malicious: false
Reputation: low
IE Cache URL: https://www.facebook.com/tr?uuid=1621431566&id=297472060462208&ev=PageView&ud[em]=%27%27%22
Preview:GIF89a.............!.......,...........D..;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\_tLlB4bhNr2Y7XlJlVjYZ60rlYaQJEAzAxjxzyOIXL8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 37873
Entropy (8bit): 5.631012623350315
Encrypted: false
SSDEEP: 768:ux07+vl6ZDJrCZx71nRMnTZ9YzZqTpFrey:P7SYIxfMnV95P
MD5: 0A53810927FDD303D648C79A46D1B80E
SHA1: CCBF5544006A1B154B4EF072265FC2A237B76E2A
SHA-256: FED2E50786E136BD98ED79499558D867AD2B9586902440330318F1CF23885CBF
SHA-512: 7F034F64C6FE310FDF35EEDC70EEDD88B596B14E1D65AAA622B58AC28895D82E33B4E3DC26C26DD65D99E4705BAF7A148E66E533199239C88AACC478CCC00B8E
Malicious: false
Reputation: low
IE Cache URL: https://www.google.com/js/th/_tLlB4bhNr2Y7XlJlVjYZ60rlYaQJEAzAxjxzyOIXL8.js
Preview:(function(){function R(f){return f}var K=this||self,V=function(f){return R.call(this,f)},k=function(f,u,A,g,a){if(!(a=(g=A,K.trustedTypes),a)||!a.createPolicy)return g;try{g=a.createPolicy(u,{createHTML:V,createScript:V,createScriptURL:V})}catch(h){if(K.console)K.console[f](h.message)}return g};(0,eval)(function(f,u){return(u=k("error","ad",null))&&1===f.eval(u.createScript("1"))?function(A){return u.createScript(A)}:function(A){return""+A}}(K)(Array(7824*Math.random()|0).join("\n")+'(function(){var gn=function(A,f,a,R,g,K,u,V,h,k,H){if(!((f<<2)%((f^342)%5||(H=k=function(){if(K.I==K){if(K.N){var J=[fM,u,R,void 0,V,h,arguments];if(2==g)var w=(b(25,0,J,K),AK(0,a,K,a,true));else if(g==A){var F=!K.O.length;(b(9,0,J,K),F)&&AK(0,a,K,a,true)}else w=Ra(6,4,K,J);return w}V&&h&&Z(0,64,h,k,V)}}),5))){for(A=[];a--;)A.push(255*Math.random()|0);H=A}return(f+1)%8||(H=(u=R[g]<<a,K=R[A*~g+(g^1)+2*(~g|1)]<<16,(u|0)-(u&~K)+(u^K))|R[(g|2)-~g+(~g|2)]<<8|R[2*(g|3)-A+(g^3)+2*(~g^3)]),H},d=function(A,f,a,R,g,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\base[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 1664178
Entropy (8bit): 5.582072806560297
Encrypted: false
SSDEEP: 12288:196IW6PjkCBPBQf/POoi+JNXPerS3JpbUZM7vk3oMwTdiuk9:mI1BPBQfXmuNXPe+5pbUZMA3U8uk9
MD5: D296D7FFE050A40490FB84E164C501C5
SHA1: 0E6D7D5AF6358C07883044355FF57C0FB69D1233
SHA-256: 6356DAB2C76E9E8B9B9FE33F36EFFC4B58D2268854E1F4D2609204C4752A765A
Copyright Joe Security LLC 2021 Page 25 of 55
SHA-512: FD0A48CEA5852C99626E8B0417DC20AE6375A060774D544C67596D33886556D6DC9B87FAC4656B7F0511ACD3303A584C7BB0FDF02A23ECA16677051C3F789208
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/player_ias.vflset/en_US/base.js
Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var ba,da,Baa,ia,ka,la,pa,qa,ra,ta,ua,va,wa,xa,Caa,Daa,ya,Aa,Jaa,Ba,Ca,Da,Ea,Fa,Ja,Ka,Laa,Maa,Ta,Ua,Wa,Naa,Oaa,Xa,Paa,Za,$a,Qaa,Raa,bb,ib,Saa,pb,qb,Taa,vb,sb,Uaa,tb,Vaa,Waa,Xaa,Db,Fb,Gb,Hb,Kb,Mb,Nb,Qb,Wb,Yb,ac,bc,ec,gc,hc,$aa,ic,jc,mc,uc,vc,xc,Cc,Kc,Lc,Rc,Pc,dba,gba,hba,iba,Vc,Wc,Yc,Xc,$c,cd,jba,kba,bd,lba,hd,id,jd,kd,ld,od,pd,qd,rd,oba,sd,td,xd,yd,zd,Ad,Bd,Cd,Dd,Ed,Gd,Id,Jd,Nd,Od,Pd,qba,Qd,Sd,rba,Ud,Vd,Wd,Xd,Yd,Zd,fe,he,ke,oe,pe,ue,ve,ye,we,Ae,De,Ce,Be,wba,me,Te,Re,Se,Ve,Ue,le,We,yba,.$e,bf,Ze,df,ef,ff,gf,hf,jf,kf,lf,mf,nf,zba,wf,of,yf,Bf,Cf,Aba,Ef,If,Hf,Jf,Kf,Lf,Mf,Nf,Of,Pf,Qf,Rf,Tf,Sf,Uf,Vf,Dba,Fba,Gba,Iba,Yf,Zf,$f,bg,cg,dg,fg,hg,ng,og,rg,Jba,ug,tg,vg,Kba,Dg,Gg,Hg,Lba,Ig,Jg,Kg,Lg,Mg,Ng,Og,Mba,Pg,Qg,Rg,Nba,Oba,Sg,Ug,Tg,Wg,Xg,$g,Yg,Qba,Zg,ah,bh,dh,ch,Sba,Rba,eh,Uba,Tba,Vba,hh,Wba,jh,kh,lh,ih,mh,Xba,nh,Yba,Zba,ph,cca,qh,rh,sh,dca,uh,wh,Bh,Eh,Gh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\base[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bat[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 30235
Entropy (8bit): 5.300707636186169
Encrypted: false
SSDEEP: 384:otKVCwh9wC22xo5MB4K6WhbwM05Jkr9qNHfs9nB/wDSliNqCET8zT7QAEqnyJYys:ZCwhBRWDOZwDhzT7QSnSYyeh
MD5: E293A9BF71C8D0C0FF17648523FDABBC
SHA1: B6DCFA29739D64B2F365D219E6AF6DFEB6EF0573
SHA-256: 3183481F09352EADE87E53D32AC3C1F6AB5B853E2B5BDE4035834680B53D9299
SHA-512: 29365E47A948F13D7A86F492E1C5526CF886ED1219ECDA56BF3E80B6BBB0BEC3D5184863FD03B29DA1D2ECA357FF7601D1F95E1F927C5A7A3D32FF5F069D5887
Malicious: false
Reputation: low
IE Cache URL: https://bat.bing.com/bat.js
Preview:function UET(o){this.stringExists=function(n){return n&&n.length>0};this.domain="bat.bing.com";this.URLLENGTHLIMIT=4096;this.pageLoadEvt="pageLoad";this.customEvt="custom";this.pageViewEvt="page_view";o.Ver=o.Ver!==undefined&&(o.Ver==="1"||o.Ver===1)?1:2;this.uetConfig={};this.uetConfig.consent={enabled:!1,adStorageAllowed:!0,adStorageUpdated:!1,hasWaited:!1,waitForUpdate:0};this.beaconParams={};this.supportsCORS=this.supportsXDR=!1;this.paramValidations={string_currency:{type:"regex",regex:/^[a-zA-Z]{3}$/,error:"{p} value must be ISO standard currency code"},number:{type:"num",digits:3,max:999999999999},integer:{type:"num",digits:0,max:999999999999},hct_los:{type:"num",digits:0,max:30},date:{type:"regex",regex:/^\d{4}-\d{2}-\d{2}$/,error:"{p} value must be in YYYY-MM-DD date format"},"enum":{type:"enum",error:"{p} value must be one of the allowed values"},array:{type:"array",error:"{p} must be an array with 1+ elements"}};this.knownParams={event_action:{beacon:"ea"},event_category:{be
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\button[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 8437
Entropy (8bit): 5.32185123885264
Encrypted: false
SSDEEP: 192:MX5xNknE1B958RfQFXQyQUhMRT/6o1RLxS5jHy:MpxNknE1udOl1MTF1ZUpHy
MD5: 67DAC94100DE2F74F142D76BC6E79E66
SHA1: B5DA57E035C7B24A7B0D9BEEF0A69DDEE199D045
SHA-256: 683CF81B16E97BB3A065B448D73A310FB4E5B462C2D98077D843FB3189D4C60F
SHA-512: AEB66E0A2C6A9781A7C5405631C6E930FC571E05E96F8E8C9A02E0BA56A311A8DB8C45665F1CF5A7FB87BA4DC91B491BDE213AFF7EF5FAEA4E0B1107F78A9340
Malicious: false
Reputation: low
IE Cache URL: https://web.btncdn.com/v1/button.js
Preview:(function(){try{var g=this;function k(a,b){var c=l;return!!a||(c.log(b),!1)}function m(a){return a}function n(a,b){for(var c=b.split(".");c.length&&a;)a=a[c.shift()];return a}function p(a,b){if(!Array.isArray(a))return!1;b=b||m;for(var c=0,d=a.length;c<d;c++)if(!0===b(a[c]))return!0;return!1}function q(a,b,c){a=n(a,b);return"string"===typeof a?a:c||""}function r(a,b){var c=n(a,b);return Array.isArray(c)?c:[]}function t(a,b){for(var c=r(a,b),d=[],e=0,h=c.length;e<h;e++)d.push(u(c[e])?c[e]:{});return d}.function u(a){return!(!a||a.constructor!==Object)};function v(a,b){var c=(g.ButtonWebConfig||{})[a];return void 0===c?b:c}function w(a,b){var c=v(a,b);return"string"===typeof c?c:b||""}function x(a,b){var c=v(a,b);return"boolean"===typeof c?c:b||!1}function y(a){a=v(a);if("function"===typeof a)return a};function z(a,b){"function"===typeof a&&a.apply(g,Array.prototype.slice.call(arguments,1))};var A=void 0;function B(){return"try{"+w("siteCatalyst","s")+".tl(true,'e','usebutton')}catch(e){
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\denim-dark-texture-YIR-8-c[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x300, frames 3
Category: downloaded
Size (bytes): 29140
Entropy (8bit): 7.974090142622713
Encrypted: false
SSDEEP: 768:pxos7mdjP0PN+AoaeB5d2UdZ6CUGmo+n1t/:/oTjP0PxoaeB5BHIo+nH
MD5: 415BCD73AF6786B600AA0FA2781C8163
Copyright Joe Security LLC 2021 Page 26 of 55
SHA1: 626A2375235B5EF20ADBC1DEC68B97B76082D730
SHA-256: 67158DAA061D239D817722FBBA55965153014EC40CC2C8809D76461D328D5C56
SHA-512: CBEED57DC1B43DCD98A96CFE22F03CBA26A2F4B4B6D3A1C015991D08954CE4D47645AC65B3CB1C7167A897B53D5B7D1C3305A8CBFB3C7A48ED29B0C0AE87A417
Malicious: false
Reputation: low
IE Cache URL: https://img0.etsystatic.com/site-assets/brand-refresh/textures/denim-dark/300px/denim-dark-texture-YIR-8-c.jpg
Preview:......JFIF.....H.H..............................................................................................................................................,.,..".....................................................3..Y..C..."k.\.-H.U..sHU.d.....*.QB^...F.k<..l....*.9c.#.{.^..O..T.E..O...KDX..7...8.....r^|hlz?;h_...h..c.j.j..........g.X.c9.yd.....x...X...uPI......u?....q1.a.......Rc.q.Y...~.....Z./.4..{...n...%.A~s..+....+XIt.+..hk..yL..F_eH.u.XfF.5^....F.#8c.....Azm.Hq.1..*%....P.*9..?...k.jw.>.....f.L4x......P.1X..!b...b%E&...+...F.....q.wn...-5.....$......a@RW!.d.=....D....m./..H.y.a.9.6,.$...]..=)..t.......cr....H....q...L....Z.^..m.H%.Lf.M6.`[email protected]^5b.d..-a."ED23../....C....1]....n..'.....u....U..... (....U.-...w*..9.>.{.q.~u.8..P...e...Xl....0....k...."%3..a...|8UU/..".^..(mi...Y..h(.^.*r.]..6Sa.R......w[..v.`2`K~..`....A.:3....S..^-.@....}rA....J.~.#.U.Djke...s<..@.}.Fz..]......V....K..D..../V..f..`1qR...!...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\denim-dark-texture-YIR-8-c[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fetch-polyfill[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Pascal source, ASCII text, with very long lines
Category: downloaded
Size (bytes): 8543
Entropy (8bit): 5.238064281324506
Encrypted: false
SSDEEP: 192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
MD5: 04E3CC8A9641B3F9F9C9370F4E9B5BDD
SHA1: 9602A891F583094BB04FD407B253ABCAFFB8C8D0
SHA-256: DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
SHA-512: 58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/fetch-polyfill.vflset/fetch-polyfill.js
Preview:/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\habitables-shop[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 790 x 756, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 94293
Entropy (8bit): 7.9670315259334705
Encrypted: false
SSDEEP: 1536:2v3Mczsj58lTpN7w1zWq3TCdcIoUa8whd2s8OqAv3FC9vo/Zx8EFfBD6H:iJ85ypqxWq3eShX2s8OqAPF82lDG
MD5: DA04442C4FDA8AA77EECD0A5BB1CDF19
SHA1: 33F571CAACEDC021E77378A126A8F294F9457DA2
SHA-256: BC08DB9DBE47CAA3BEB952BD77493CD7CEABCD1DCF6050FF3E8B70321E0F364B
SHA-512: 7178A304B7CBEE17970E5B2FACBE0A1BA9F4B2806187C2B1E1D73D96C7CF9DEFC7FBC262E86F285C8A08336CB22D5C224D5CB5884B13915B00C55B630B099A4F
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/marketing-page/v2/habitables-shop.png
Preview:.PNG........IHDR...............Q.....PLTEGGG+++(((.........t....................................................................................................................................................................................!!!..|.....x............l...zZE.......p.....n.......x..s.....r.....k..m.dW..r...~i..v..}.~h..u..q..&&&.gY..i.^H....k].{g.dL+,+........r`..nQA...wdtUA..|cV.xe.....k^..rtVH...sa.{l..z..s.jQ...iM=.p^._O.xg...nW..{..~w^N.sW....o232..........bH:K7/.t797...NA<..k........IJI......w\^].{..m..~xxvORQkWJ..v=>=WXW........}}{[email protected]>...bMD>-(...........th.......lom.~]hih.....add...3# ....d........UKH..................................u.....oaX...D;7......................s.z......[s.m............p.*`....tRNS...ANN?..eu.....l.IDATx...An.0...>5....z'V6..l.=u.U....JKh.c.3x....V...89.:[email protected]'N....3.#-.f0=.p(...~8....20&.1S..(.pT........d,.o*.\..p|...C}14
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\hero-mobile[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 960 x 627, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 273068
Entropy (8bit): 7.993266667465334
Encrypted: true
SSDEEP: 6144:p3HhMUYPvduj77mReBixAQk1iYS7E9J/rxFjo8nCTX0:Bmzlw77eSoAQkMf7AJ/aTE
MD5: 9D4ED1014BB96F00CBD024230CA1B461
Copyright Joe Security LLC 2021 Page 27 of 55
SHA1: 5634B75ED96447FE6C3D8E1A1B673C77071E34BE
SHA-256: 486F07AD5F1E4C08CA3BE7B8E5281B554E9C26CEEFC4163B16CCF6F5926BF70D
SHA-512: A729809E01398E7FD2D1C0A9272B991048DE77745111EB8328EB4240D14EFC49892743B8AF3E7182808CE221CECBA8249005C94B611FA8DAB20C66099FA7B249
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/marketing-page/v2/hero-mobile.png
Preview:.PNG........IHDR.......s......!......PLTE...........@BKEFODDL>@H...BEN019EHRGJS=<C34<...ILVBAH56>99?9;C;>G0/6,.5@?ELNY"#*()/..!......IHP$&...%....!'....`69B......KKS-,1(+3....dOR\65:...427(&+.............................\...............HFKQPX.....OMT.............\\f...aajVT[.............ZYa.................fen......................SWa...jis.............nmx........sr}....~hxw.......$......}|.....ub...........%.h...JDB.WRKH....?:8....R6.*[email protected]\@6+.kV.mV.L.jZD.]J...\QC.G..WD.....{e[RrX0cP7O>&..A..i.}..i..;....w5...r0'...r............n..iXe_aaI&...rgY.wygC.pUE*....wa~sj.......d1.c&....pA.}u&..|ZK/....M.~X...rJ..zB......V...[9..cQ.....y..x..d..`..Q....p.....f.....E;g0,X...........c{.......Vku...l.....u........+Ub3is.....a...'..SXW|....'gIDATx..[h#_..W..i25.....xKuV.n...kDq"Ad1O]}.E.E..Q|.QB&..&D.C!....00./2ZK.Xl....f...]..?.....wff'm]o'.3gf.,.?....x...'.E{...A..........g..a<.^M..Nx5..Z<..?...?..C/n.....w9.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\hero-mobile[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\hero[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 3840 x 1476, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2888578
Entropy (8bit): 7.994390715052987
Encrypted: true
SSDEEP: 49152:+qHg7GiZFvExKnz7ZVZ4gQmkDTKPmTMSuMfrnvKjtronfWGMMUcyjBca8PESTPt8:/Hps8x4z1VZJobMbAvE+fBMMIVch1TF8
MD5: 56A867AD0D402495D369FB3F30163C85
SHA1: D0A1C34CEE92D31409C383A2A86B09B748FE74B5
SHA-256: 8B6C40947F5AA3CA41F885F0DFA425DEDC1E3BB4EF01C693AFF58A6674744B26
SHA-512: AAE5A4372DE3B8CA1CECD0815B74CEAFBCC0B0B933817DDB4A9532A6247A0199EBB90A7BE67B04F2FC866BA62338ADCF9345E26D5D419722C712B0D92105735A
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/marketing-page/v2/hero.png
Preview:.PNG........IHDR.............G.....8]iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreateDate>2017-05-15T11:28:18-04:00</xmp:CreateDate>. <xmp:ModifyDate>2017-05-15T11:43:16-04:00</xmp:ModifyDate>. <xmp:MetadataDate>2017-05-15T11:43:16-04:00</xmp:MetadataDate>. <xmp:CreatorTool>Adobe Photoshop
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\milk-and-honey-mandy-standalone.20190424142746[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2600x746, frames 3
Category: downloaded
Size (bytes): 71732
Entropy (8bit): 7.852442673543017
Encrypted: false
SSDEEP: 1536:o3ONKTXsTRlWUIrDDYl+pbbEgmsSkZJVl6IeB1jpatE9TwO:STXoRlW5EzsDFlBk1jpatEiO
MD5: 0DBA99DD4B675536863ADA859DE73BA4
SHA1: 1D5CF8C713F7713363A5EF3B52DBF4997BD61FA6
SHA-256: CB01A838C3C5776B1232A1ECB65D5F481648116C574FA972CA9BFE2B42C40E58
SHA-512: CC1E76D3877DB83CFBB7AF2C3DF29A22054289A3015058A11B009B4FA66B4B6CB7D80060BC4776C2C52E0D8A1BA480A6B0A04A0338EB2F08BDA944ECE18661A7
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/milk-and-honey-mandy-standalone.20190424142746.jpg
Preview:......JFIF.............C.............................! ....#'2*#%/%..+;,/35888!*=A<6A2785...C...........5$.$55555555555555555555555555555555555555555555555555........(..................................................................................... ..R....X...IEKhB..PR..2.)E...AA`......@......(.B..........@...(.....B..........PJ.( )....$*.......A..HPB.,)D.P.(...X..$)( (...................... %"..1 %#.... K....P.....$..B...E ...UR.T..,R......)A@.).Q...............).....R.B.(.........*.R.P@..).HP@)..........*..-"....!@..*...).....)[email protected].........!HB...........X.Q)[email protected].(......((QP.T..)K......)J..)[email protected][email protected]@..........([email protected]...).I...d.A*. B......@..(.... .....,YE(1.....!@.."U. .B....H.......% @@B..*.......D.X.B.(!@.... .....U%P.V....()R.@... )@(.)[email protected].....@.............. [email protected]..<..j...y.e...J...!HU.....U...)[email protected].,@)..)*[email protected][email protected].*.R.)AJ[,......*[email protected]......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\milk-and-honey-shop.20190424142746[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 792 x 756, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 140720
Entropy (8bit): 7.991182895229305
Encrypted: true
SSDEEP: 3072:NOslpnQ3p34pIfcinFAO/WJSLrqBVZcylF5VKSkWq:N1pa4pkaO/WJSaTRlF3PU
Copyright Joe Security LLC 2021 Page 28 of 55
MD5: 480257866230123125D9DFCA2CB0FEBA
SHA1: 1818D6FAC5774A7EC450EDD411D16057CDB19CD5
SHA-256: 4B51CAEF1F1A8F774F2509666E9E7E23D6AB6910F614F1D37F318FCEB5E24BB6
SHA-512: 94201063B534348ABD5CB7E078A59DFF67E52E20470A87B541BCF873E4DA6E7775A8A79F9C7A62EF1229A0008002AE06F3BD673E4BEB707BE0034F5FACB16FDB
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/dist/images/custom-shops/marketing-page/v2/milk-and-honey-shop.20190424142746.png
Preview:.PNG........IHDR..............Ra.....PLTEIII+++(((....>8-..............................................................................................................................&&&**+......"""......../................................323..................668........................Uq.Ph.........yqV...}uYsjOPk.......qgK?O^vnRLe~McyGGG..e...Xu...........H_xl_A.|`...CTe.x[DZrGYl9EP;99J^rkbHAVkUn..y`g\@28A>Qd[y.pcG...fO5...r[A?>?mX=ONOQn.aJ1K7.jS:\D+...7?HgZ8aT69JZS=$DBCZM4...]}.jiiv`F...?JV......bV=b....h{oQZK&...B/.bab~}}...|gaR-zgKUTV....m.....qpq..l..d...TB.zt_...RE...y*0;..\\[\h.......uxww6$..~QH8$.....qwi<}qD.xK..~.....W......smX....................leQ..r.....o^1..lc[J...2>M....nQ.........XOE....s...Rs.j..9,!.............w...xZ..........jy.............wM.o...}..;b.!8m........tRNS....ZNNNMM.Y........"QIDATx...A..0..q...*...%...b.m7=.7.*..A..3.;......,!..H|..!........rUqrn...4T..XY7...M.u.....w...X]uL....?W&..+k....og..xY\..sQy!.....U.E........q..<....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\milk-and-honey-shop.20190424142746[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\moonrise-creek-shop[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 792 x 756, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 154588
Entropy (8bit): 7.995628689581076
Encrypted: true
SSDEEP: 3072:KqfaQPHCWZTmlu8W9J6i17R3nStaMlZrZ8h8qX23nCJOflNmjKpXVdEkAaEjwycc:BPiJuf9J6iphwaMh8hmCUtIuBENjN
MD5: 1E9B11A5A4F0625FE02F07C446D738D8
SHA1: CF2B3B21A7E7F97D1DDD22968C6FE378943741BF
SHA-256: CE8E85489E11B9CA304DB457A8FD1270193BBF5E1141F2306EC31E278BDC0E52
SHA-512: 639C27B8B8CC0ADBA20C71739E6BF9FC61CC7980D434AF93726BE76F6D6A67A4C50B7249AAA8A471AF9644B38B324FF6CAB56516BBB12DDEAACAD09F4728ED95
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/marketing-page/v2/moonrise-creek-shop.png
Preview:.PNG........IHDR..............Ra.....PLTEPPP///)))(((.........^qNVgJ...u{p...ctS..._rN...............................".................... .!%.11+$' 970/.&,,$55-$$.<;483*HE<(( URK@:1CB;#!....I@8...'[email protected]@6+*.OF>>6-OPIWWQ\VJo~]][PB<75/&a]Uge\...WQC((.1+ qodmi^SJEvtkhjf_bYgaVG<0......IKF.&.;?:YZYyyth[O.!.5:522%nbUWI>.../52...AEB<2#MM4|qcGG0...mnm~~.-$..ykRD7......-1.vj[*.*ggJ...Z]>\MH...A@*;;'.~t...aSOcTDOTS..pUS9\gG..zMY<DQ67+.`N:.....{...=H1OA/...57"a_bomO...qsuD7'......x.....c^D.....~}].zdlvT.........`j`wuU...ox....................d......"........R_E.........enzr]I...u.z...3A)......|eP........p...lwk.....lU_i.......mY........*8#EMQ.....^D.O9'59B[cw.........nT>........yIQcl`lTKSFAJ......Zn........!*...D-...v.....%-;..........o..c...........9CT.sV[Pi..c...}i.BWz..l....Y9.y.%9].u...!....tRNS....NZ..[.)...S.c..X~IDATx...?j.`...J&(1~...{..:./`r.M...@O`......`....]r....K.dWy)D...HC.M.._..c........F....xZ..9|.......<Ng...*....pC.o.O...2...vN..$.....{.8....t.7.;..2..4.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\orange-light-texture-YIR-3-b[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x300, frames 3
Category: downloaded
Size (bytes): 37214
Entropy (8bit): 7.9811923575647805
Encrypted: false
SSDEEP: 768:Kj+qSYbefEOXzZ8f8w8M+Ow1yQ1jV2BKjIYJLEKsPUOX:GV3+ZP//V28jFqKs8OX
MD5: 6438C45006A1E37D42EF7443932AA0C6
SHA1: F0007887C30BC0F1A29B2DDF0DBF5B5C85FB5615
SHA-256: 4119DCD97292E42C67B8551065A9C6A049A864A3C2E80F30DE9BB8C95FBBB821
SHA-512: 8572294536DD4F221C642AF3D3558CEDB8C484F94A38C751BAEAFD5C11D736AB052CB43496E2461FA878916B38DC2A6237AA326C21B0C1C968E935F1211F1E19
Malicious: false
Reputation: low
IE Cache URL: https://img0.etsystatic.com/site-assets/brand-refresh/textures/orange-light/300px/orange-light-texture-YIR-3-b.jpg
Preview:......JFIF.....H.H..............................................................................................................................................,.,.."..................................................\..5.z.6..'..!.M..L...7.3.`......=.F..(c|h...z...........2....K}.p<.j/.+....N..Ito(..>X........b ..3.MQ.l..,...5[."...1...v...Px..B....l.mS7...U...kc..r..q...l-.3JB..G%...$...6...C$.2.Z..d.5....%P...Nd-.U3(V......<j.....I...........c..:....}..]...O...<e...s.+r..:.3.J..+|...zA.1....A....9].J.*. ...v.Qg7.W.....9...@...!}|?@..'vR....U~..3njV.[&#Vv}.{...7.H_lqk...:.i.D..............%.d..u.UN.W9....A..m.t"x%..es.9....6..c.q.rW.A.f.....jMI....!l..Z.k........d..k.g....g...d.......*>......-$:]Z..f2.....V...#<.}X.]{#.t[.wg.r.......I..V.O....a...Z......60...Q.X"...Ds.o.....!..3Tm1+f.kS.cj...;...'$g...:Z.TBL[.p..6-f.0.P.... j*...s.TX..a.S.....Q.p.m.h...%n.[...h....w..T{.&.P!...Ez;.S..V....%>`...^!.-Q....'R.g..8..5.Bc.',.h......^d.7.G)}...9.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\10898[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: dropped
Size (bytes): 223
Entropy (8bit): 5.311677015965872
Encrypted: false
Copyright Joe Security LLC 2021 Page 29 of 55
SSDEEP: 6:B8FQtJCc4svmo9cLzLOqCrOdxs6Oqt7uRzT4Qb:BMQtJOo9vt2xsK+zsQb
MD5: 61BE0E1270DD68ABAA035BBE8EC9DD7D
SHA1: 3927A4D9A6C64E37996D74400ADACE6443472940
SHA-256: 52A1D0F52F460E327988C355867521B4DE4AF61472D94935AFB22DD20CFEA935
SHA-512: 36A8F049E4CD41DBDD3F1BD95B13A171F48B48821DD3863121D3851144E950800292F3349D0158681167FAB30EECED84376C2350B9D9CF70446469A56056821D
Malicious: false
Reputation: low
Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">.<html>.<head>.<meta http-equiv="pragma" content="no-cache">.</head>.<body style="border: 0; margin: 0; padding: 0;">.</body>.</html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\10898[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Guardian-EgypTT-Light[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 29500, version 1.131
Category: downloaded
Size (bytes): 29500
Entropy (8bit): 7.986029430206379
Encrypted: false
SSDEEP: 768:OFozwWhevWeAVjc9fGiBd0jIq6rwGoCxq+VZ:OuzoqQ9+i+IVcYd7
MD5: EE3DE6B16F1B79B20D081D39542E2DEA
SHA1: 803235EE36AE962F38B219C09E372B757A05EA46
SHA-256: 70C6B908A5FE9A13BE621337BA1A8DFBDE1983BC7B84B9EE41B8CE9C7718D616
SHA-512: 43F7F71EF6A0ECDC9E2AEF42DAA6D4BB917AB318FCBAB59F31D43CD07B82E1C19B5A9EDDBDBC556AFCF01532FDD06C3C12CAD71BA06333E6BAB4E570C5A57793
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/Guardian-EgypTT-Light.woff?v=2
Preview:wOFF......s<................................GPOS..b.......6:.8.kGSUB..q...._...r.3..OS/2..O....U...`i+mFcmap..]........,.{M.cvt ..a............}fpgm.._p.......s...7glyf...l..I}....8MO>hdmx..PH...t....A,..head..M....6...6....hhea..O....!...$....hmtx..MT...w.....}$.loca..K...........4.maxp..J.... ... .!..name..a .......~M.5Jpost..a........ ...2prep..`t........1...x....`$.0...9.<.<..F.QN..+..I+iw....,.%-..I......6..........M0.>.e|gc..6.;.q:..h..W..3J.............z..5G.:.....Y..p.r...<.}..s....A..z..{....o.fK..*._......-r.\.<..)N.wr.>hU....I.9.$.....>.Y....-p.)...PC..h-.....\.+.N{.T6+.vM....xvb..(.&..,.<...V.....x.[Z..K...d.\..........Ah=...Z.~.[O..0w~J...s.8l}n...K.....Z..............znb..4..b..cpR.71:.5.......+.rN...Z.......{.L.hW.M..n3..H<Q..bSK.9.!0..kz....aO..n..yrjM.=:>4s....Bz~.!.4....R...........JQ..a/U`F....q9..u....-........R....8.Z\C;..Og..Z..aVN...nR;/; ..../57.g... uc.S.E6..7.F.....6..............y.l.6`.....q...8rx(.U}N.}[email protected][email protected].....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19824, version 1.1
Category: downloaded
Size (bytes): 19824
Entropy (8bit): 7.970306766642997
Encrypted: false
SSDEEP: 384:ozNCb8EbW9Wg166uwroOp/taiap3K6MC4fsPPuzt+7NCXzS65XZELt:K4zbWcDVwt230hfs+x+Bb65X2
MD5: BAFB105BAEB22D965C70FE52BA6B49D9
SHA1: 934014CC9BBE5883542BE756B3146C05844B254F
SHA-256: 1570F866BF6EAE82041E407280894A86AD2B8B275E01908AE156914DC693A4ED
SHA-512: 85A91773B0283E3B2400C773527542228478CC1B9E8AD8EA62435D705E98702A40BEDF26CB5B0900DD8FECC79F802B8C1839184E787D9416886DBC73DFF22A64
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:wOFF......Mp.......P........................GDEF.......G...d....GPOS...............hGSUB............7b..OS/2.......R...`tq#.cmap...........L....cvt .......T...T+...fpgm.......5....w.`[email protected]..:+..j.....hdmx..Fx...g........head..F....6...6.j.zhhea..G........$....hmtx..G8...]......Vlloca..I.........?.#.maxp..Kt... ... ....name..K........t.U9.post..Ld....... [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R.....2.x.....[....#N..m.m.m.mfm....SP..NuM..9]..=.U..!...[........w...|......^p....H......;...)..........;..EoDo....E.E.D...`.0.GG.aA.H.V.Mx\xA....../..d3.Eb_.J...R.^v........\^ob.}.z..k.x).v$f$..O)+.2..*....y}6`C6b.6cs...l...........!.........<..|.|..|..|..|.|....o....I%.4.L.SI.&C.6..!`...{...c..\.J.(.2.C....V.A..?.M<nG......v..m.;..R.C..aj.H...=..{.>.:.....}i_Y......:....o.&k..KY.2..6k....i]..{,.p}../.....VO3.o].fJ....R-TZ..;...RN..&V...C...3.?.......&..z.s&.D....r,.I...t.R..a$k..Mm..Y.U...+b.%kQ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\StagCyr-Light-Web[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 15509, version 0.0
Category: downloaded
Size (bytes): 15509
Entropy (8bit): 7.961050850261247
Encrypted: false
SSDEEP: 192:jHHd4RDAAiRV3HjUA5K+CwQXgw7Xjbvz35FGSGg5eng3iTO3a663nZ7khQeC9yLK:jdgkAOD18+CwezLD5iF3FkCNXI6NgCf
MD5: 5E778262ABFD760C89127C9E7EAA6E6D
SHA1: 44815B19C63B451B72E1DC4850C9FC9AB7C63E64
SHA-256: FF134EFEB07093667336D26470485B943F248475EECD00D1BFF0B34D0631F5B8
SHA-512: F8046E736E69BAC4E4796E9D922AEEDF39D0FF0F37885E8F3D9DE1E40C638C0D628134C6585C967C66698D40CF34CFBE5002A8832C923002D623B4949C6F56FC
Copyright Joe Security LLC 2021 Page 30 of 55
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/assets/type/StagCyr-Light-Web.woff?v=20210506
Preview:wOFF......<.......z.......;........&........GPOS..0.........7.).GSUB..:.............OS/2.......Q...`j..2cmap............D.\.cvt .............r..fpgm...d.......s...7gasp..0.............glyf...T..&...L0...head...l...6...6./..hhea...........$.}..hmtx...8.......|{...loca.......@[email protected]....... ... ...vname..-X.........4)&post../........ ....prep...l.........../.......Bc..._.<..........g........;.S.D...8............x.c`d``...........`[email protected]`f2g.a`e``...........2.1...2.1..(..4.............=...N.+....ArL\L{.....x.cs.D...x.=Q3.^Q....>[...*.m;..Q.wi..ob.N..F.t.....b.9..... GlA..#+.P....%h.....q...C....C.. .#-........J...H..k...J.22..f?..xo.y.f..TO..9l1}.\N.2g..>G.g..AM..e.&..Y..:...j.......^!c........xN&..2.....u.....]-.Os.4R..w...3...C...3.)y....!&....I.....Z...n..c}}P/.........)d.!De!*uV.W9p...e2.3)u....47o.....".......LV.l.7......y..#"...../:l'.....F..+.X....;...E.w.B;Y}P..<...n.6r....3......7.\.x.U.SBF.....=..=.;.O.m.[.%k+...~......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\StagCyr-Light-Web[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\base-marketing.d85c4d584a15035f72ed[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 58146
Entropy (8bit): 5.208629135220802
Encrypted: false
SSDEEP: 768:U9Xydw7GUQLhGObwSY//Xr3pWmQqbrlL3EfextZ/9jQoS6FOk85nW0QU3BWG:8GRLhc//XrgYjEmkoS6FOk8hWEh
MD5: 0E6CBBCF142C15F40954704777150128
SHA1: 99F403ECCA1B50456C0CDE8EC9BF771BDCF6872A
SHA-256: 233C2604219F671B567DAF7EBC054226B537B4AA052D2D3A39524CDDB789F58C
SHA-512: 6F8B6DEB7C7B3B47CAC456EA03775D9A50CA972B3D57274309168BFEA0AFA2D364D15F55DA5FBE47123596ADF47480EDEF0CEF28D7F1E2E6EAA6D0DE67EC7037
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/js/en-US/common/web-toolkit/base-marketing.d85c4d584a15035f72ed.js
Preview:// For license information, please see: https://site.etsystatic.com/ac/primary/js/en-US/common/web-toolkit/base-marketing.d85c4d584a15035f72ed.js.LICENSE.(function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:false,exports:{}};e[r].call(i.exports,i,i.exports,n);i.l=true;return i.exports}n.m=e;n.c=t;n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:true,get:r})};n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"});Object.defineProperty(e,"__esModule",{value:true})};n.t=function(e,t){1&t&&(e=n(e));if(8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);n.r(r);Object.defineProperty(r,"default",{enumerable:true,value:e});if(2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r};n.n=function(e){var t=e&&e.__esModule?function t(){return e["default"]}:function t(){return e};n.d(t,"a",t);return t};
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\base.0f8b62cf0f30b17dead8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 69028
Entropy (8bit): 5.248277956544143
Encrypted: false
SSDEEP: 1536:V9kJbB2NZf4/EyMWtgs0+3sGDyiqDrvKN0Ayb7mtvjxV3L+iLWlvZ:UJbB2NZfZDrSW9Z
MD5: B620BC11809272C478EB08CB29FB5664
SHA1: 39800B45843BF4D758A9FD50CC3B42E72BF19444
SHA-256: 5EA3B28B858090CAEDB72A3F70F83CEB41B0A11FDB802B09D00548931DC58331
SHA-512: CBB6057850FEE74ED20F675803887EB07B0B106A120F774AAE5B1C59A00F7668808FE7E0074518DC9C34751688429EEBB342BBFCAD97FC26837F3C8264D4D27D
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/js/en-US/common/web-toolkit/base.0f8b62cf0f30b17dead8.js
Preview:// For license information, please see: https://site.etsystatic.com/ac/primary/js/en-US/common/web-toolkit/base.0f8b62cf0f30b17dead8.js.LICENSE.(function(t){var e={};function n(a){if(e[a])return e[a].exports;var i=e[a]={i:a,l:false,exports:{}};t[a].call(i.exports,i,i.exports,n);i.l=true;return i.exports}n.m=t;n.c=e;n.d=function(t,e,a){n.o(t,e)||Object.defineProperty(t,e,{enumerable:true,get:a})};n.r=function(t){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"});Object.defineProperty(t,"__esModule",{value:true})};n.t=function(t,e){1&e&&(t=n(t));if(8&e)return t;if(4&e&&"object"===typeof t&&t&&t.__esModule)return t;var a=Object.create(null);n.r(a);Object.defineProperty(a,"default",{enumerable:true,value:t});if(2&e&&"string"!=typeof t)for(var i in t)n.d(a,i,function(e){return t[e]}.bind(null,i));return a};n.n=function(t){var e=t&&t.__esModule?function e(){return t["default"]}:function e(){return t};n.d(e,"a",e);return e};n.o=functi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\base.cbd54fd6794cfe4ca3f9[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 367887
Entropy (8bit): 5.311164631963667
Encrypted: false
SSDEEP: 6144:7k3NLOdBhMFTR/j7WnGUmORr7guRhXw5Szr3jQBiqWAu4LH:7k3lRj7WYs7XIV
MD5: FBCE9A29CC00AB1C391352067CA58FB0
SHA1: 69EDBD691E4B9541D5BD23D0F673B77306F7AE49
SHA-256: 92976626CB1C6F1FA508B0A86371A892F6A0C8040B2EC23B729308E6C8E7FDCC
SHA-512: 3FE3685635E3D9BB811F6D44462A972F64487836A53D060521509F21CA3D217C38CF8B16670AD3742C4CC6077F0321F098B066827BE0F97E17EB10CE5E85AEAD
Copyright Joe Security LLC 2021 Page 31 of 55
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/js/en-US/base.cbd54fd6794cfe4ca3f9.js
Preview:// For license information, please see: https://site.etsystatic.com/ac/primary/js/en-US/base.cbd54fd6794cfe4ca3f9.js.LICENSE.(function(e){function t(t){var n=t[0];var a=t[1];var i,o,s=0,c=[];for(;s<n.length;s++){o=n[s];Object.prototype.hasOwnProperty.call(r,o)&&r[o]&&c.push(r[o][0]);r[o]=0}for(i in a)Object.prototype.hasOwnProperty.call(a,i)&&(e[i]=a[i]);l&&l(t);while(c.length)c.shift()()}var n={};var r={base:0,"auto/base-modules/header":0,"auto/bootstrap/category-nav/v2/mobile/nav":0,"common/etsy.loader":0,"etsy/eventpipe":0};function a(e){return i.p+"async/common-entrypoints/"+({"Chat/Loader":"Chat/Loader","conversations/chat-dialog/dialog":"conversations/chat-dialog/dialog","auto/listing/buy-box":"auto/listing/buy-box"}[e]||e)+"."+{"Chat/Loader":"d80b5b6518fac2412f1f","conversations/chat-dialog/dialog":"9f1fe2dada173ff13a3c","auto/listing/buy-box":"c6b22fdaedde0357b23a"}[e]+".js"}function i(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:false,exports:{}};e[t].call(r.exports,r,r.ex
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\base.cbd54fd6794cfe4ca3f9[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bootstrap.a3a1a24019068d0f1cb8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 341686
Entropy (8bit): 5.371166708091656
Encrypted: false
SSDEEP: 3072:4Fp2NLTCeEfrZX88v+4CnbBciW8RtrtBw7fV8O:4prxVv+dnblMDr
MD5: 985C41747B368518FEB4C42F69A489D8
SHA1: E8AE2212B22A28DDD59775294BC59D6F32326210
SHA-256: 463A169E2A4A818D69D1FC3B8BD42B24FA2648E713666FCA014E60336CBACFBD
SHA-512: 3A9478B6A4D3D98C343A4BF4C3C14474597B726302520D8BA5B3F41CF129AA93A888825A57A8181FFCB055382D4A74680C5E3BBDCFDA4AA9503F8C01621AC518
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/js/en-US/custom-shops/marketingpage/v2/bootstrap.a3a1a24019068d0f1cb8.js
Preview:// For license information, please see: https://site.etsystatic.com/ac/primary/js/en-US/custom-shops/marketingpage/v2/bootstrap.a3a1a24019068d0f1cb8.js.LICENSE.(function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:false,exports:{}};e[n].call(o.exports,o,o.exports,r);o.l=true;return o.exports}r.m=e;r.c=t;r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:true,get:n})};r.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"});Object.defineProperty(e,"__esModule",{value:true})};r.t=function(e,t){1&t&&(e=r(e));if(8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var n=Object.create(null);r.r(n);Object.defineProperty(n,"default",{enumerable:true,value:e});if(2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n};r.n=function(e){var t=e&&e.__esModule?function t(){return e["default"]}:function t(){return e};r.d(t,"a",t);retu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\corelibs-with-preact.e3458f772b35f14d3a1a[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 143279
Entropy (8bit): 5.2696599561421245
Encrypted: false
SSDEEP: 1536:BDoNOQeFxEwn5t2XczVYiOhvGmyQXny/TxVwvSpKci9Q8saE1KfA96VC4ESpxLJJ:B0AQlu5t0sBMPJOiriAiqKn8uj+H
MD5: 47594044B833716536C8B6053C51811B
SHA1: 9839C393FA4756FCB38FBAF67847EAB16E837BF4
SHA-256: 4C57CCCF177265785F35670FCC17AD45F1CEA3C36AF6416F29BB8F0FD9EC4B2F
SHA-512: D8851C039ECF0A29FF27C76893E309482FF23F124BD551C895784CF62C0109E7C79AFC0033F3ED11390735938C1820A0D08D5AE561C093F53E80B43F0D7C6CBE
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/ac/primary/js/en-US/corelibs-with-preact.e3458f772b35f14d3a1a.js
Preview:// For license information, please see: https://site.etsystatic.com/ac/primary/js/en-US/corelibs-with-preact.e3458f772b35f14d3a1a.js.LICENSE.(function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:false,exports:{}};e[r].call(i.exports,i,i.exports,n);i.l=true;return i.exports}n.m=e;n.c=t;n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:true,get:r})};n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"});Object.defineProperty(e,"__esModule",{value:true})};n.t=function(e,t){1&t&&(e=n(e));if(8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);n.r(r);Object.defineProperty(r,"default",{enumerable:true,value:e});if(2&t&&"string"!=typeof e)for(var i in e)n.d(r,i,function(t){return e[t]}.bind(null,i));return r};n.n=function(e){var t=e&&e.__esModule?function t(){return e["default"]}:function t(){return e};n.d(t,"a",t);return t};n.o=function(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pattern-logo-cropped[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 2509
Entropy (8bit): 4.7718138498567555
Encrypted: false
SSDEEP: 48:cgxH6V4l1EMThWEOvSSpx0A05Mg5Gp+5q/4UX1ycoUw1TmakGTng4dmzNW:NpRhWDSSpxiCge+5qPOUw1Tm6PdmzM
MD5: DE10426C2E650B4D8C24B28CED361994
SHA1: F381A966AFA63F8E997F229BDD14949CF9EDE346
SHA-256: 8328C2E286F4F40EF4D5BF43A29EDB0305E653D91201148A377B133BD8235E96
SHA-512: 34756A47163B87AF3B0BC8F97F3581CDAA3CA71F282215D4551BF8D73622AA2ACC0863A32B183BEA8D1B4160D84D97258B1F6F87B4FBEC93F6C9B2E3CAFBCB06
Copyright Joe Security LLC 2021 Page 32 of 55
Malicious: false
Reputation: low
IE Cache URL: https://www.etsy.com/images/custom-shops/pattern-logo-cropped.svg
Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg width="84px" height="20px" viewBox="0 0 84 20" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">. Generator: Sketch 3.5.2 (25235) - http://www.bohemiancoding.com/sketch -->. <title>pattern-logo-cropped</title>. <desc>Created with Sketch.</desc>. <defs></defs>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">. <g id="pattern-logo-cropped" sketch:type="MSLayerGroup" fill="#E24301">. <path d="M70.5,19.7 L74.3,19.7 L74.3,11.8 C74.3,9.8 75.5,8.8 77.2,8.8 C78.9,8.8 79.6,9.7 79.6,11.6 L79.6,19.8 L83.4,19.8 L83.4,11 C83.4,7.3 81.5,5.7 78.8,5.7 C76.5,5.7 75,6.8 74.3,8.2 L74.3,6 L70.5,6 L70.5,19.7 L70.5,19.7 Z M60.9,19.7 L64.7,19.7 L64.7,12.8 C64.7,10.2 66.3,9.3 69.1,9.3 L69.1,5.8 C66.9,5.8 65.5,6.8 64.7,8.6 L64.7,6 L60.9,6 L60.9,19.7 L60.9,19.7 Z M49.3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pattern-logo-cropped[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tr[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 44
Entropy (8bit): 2.8317663774021287
Encrypted: false
SSDEEP: 3:CU9yltxlHhn:mn
MD5: B798F4CE7359FD815DF4BDF76503B295
SHA1: F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5
SHA-256: 10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA
SHA-512: 921944DC10FBFB6224D69F0B3AC050F4790310FD1BCAC3B87C96512AD5ED9A268824F3F5180563D372642071B4704C979D209BAF40BC0B1C9A714769ABA7DFC7
Malicious: false
Reputation: low
IE Cache URL: https://www.facebook.com/tr?id=395490361516997&ev=PageView&cd[order_id]=537941259.1621431569
Preview:GIF89a.............!.......,...........D..;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\unnamed[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 68x68, frames 3
Category: downloaded
Size (bytes): 1801
Entropy (8bit): 7.493553313605124
Encrypted: false
SSDEEP: 24:i6D/htPIr3H6qenZ7YJokPeaWa/ax1Ow+WxaSJVPdRTwLzyzeqw5XrLSPXhckCrQ:ZjoeqokPeja/M1XxLRELzynw9Kuj7Sz
MD5: 476DE5D89074FBAD7124CF9024CFD2C9
SHA1: 4E48BA642FD0793E42AE64EE03450936E68BA7BD
SHA-256: BE54DEE4A643BC045E4E5688F0EBB4BFA88AC56135CE73BFF9718C2F72E19EA1
SHA-512: E709D378770594E113A298EF2E5AE845CF4F3993DCFBCC6021052A3D1DA970B2082288088C6D7B3138E5048FB85C80B4846AC1973359BB01D904842DEFA4D71B
Malicious: false
Reputation: low
IE Cache URL: https://yt3.ggpht.com/ytc/AAUvwnjD2FVe_d3e-ZwKwFDqF6B0rURrnik02mXQEp2DAw=s68-c-k-c0x00ffffff-no-rj
Preview:......JFIF.............~Exif..II*.......1.......&...i...............Google............0220....................X.................R98.........0100................................................................................................................................................D.D...........................................1........................!...1"AQaq.....RSb.#23C.................................3........................!1.."AQa....2q...RS.BC...............?..~>..J"Q...D.%.(.DJ"Q...D.%.(.DJ"Q....z. c?..C.....w.3V#g\....&..S..h............gLJ.A'.Bp.rq!8.vu.g.7......G/......U..V..D.%.(.D]/..s..'.4gsv.U.'..v....:..{.$...\].fQ...Q.0j..-}xE....$.4K...,ps...z.5^(...D.\.=#_.ejn(m'>.Z.].u....!Kr.,[.K..p..cv....#`..wm..m.Q..kkD.T......>[email protected].\D.@c."z.5....TW32.....bmL..H....,.0...T.v.yyk..L.....%Z.u&.k.EJ.....9...:..O[..-..r.......N5...Ck. [email protected]#6...@:.O.].....vN.......j......U..,p.FXH.../..}.;.?%.m..n|...v.?d..u..Y....-H.r...bsO.H..u.?
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\up_loader.1.1.0[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 4593
Entropy (8bit): 5.241800621451044
Encrypted: false
SSDEEP: 96:eNfkJ6pvMuLZxG/e8EfcH5+FP/3a2KjovC:qt5Bl8EfxDKEvC
MD5: 98D98B3499058B76D58073CF8EDE2F10
SHA1: 2EC5BC839A187C2A4D93499567E8FFF091A6BCC4
SHA-256: EE3A7301FE1E0C0F6BF6ACFF0D7A8D107F5CB3F62A2566740C0416D8E61F00B9
SHA-512: DC185D5287645B2D8578FAD706446FC337DB7A34DDFF4CE2A473FC09EC4B85CB13ADE474EDCDC8C973E4E407853A6FCFBBDCB4E58E5376E37F173150BCD1D066
Malicious: false
Reputation: low
IE Cache URL: https://js.adsrvr.org/up_loader.1.1.0.js
Copyright Joe Security LLC 2021 Page 33 of 55
Preview:var ttd_dom_ready=function(){var t,n,o={"[object Boolean]":"boolean","[object Number]":"number","[object String]":"string","[object Function]":"function","[object Array]":"array","[object Date]":"date","[object RegExp]":"regexp","[object Object]":"object"},l={isReady:!1,readyWait:1,holdReady:function(e){e?l.readyWait++:l.ready(!0)},ready:function(e){if(!0===e&&!--l.readyWait||!0!==e&&!l.isReady){if(!document.body)return setTimeout(l.ready,1);if((l.isReady=!0)!==e&&0<--l.readyWait)return;t.resolveWith(document,[l])}},bindReady:function(){if(!t){if(t=l._Deferred(),"complete"===document.readyState)return setTimeout(l.ready,1);if(document.addEventListener)document.addEventListener("DOMContentLoaded",n,!1),window.addEventListener("load",l.ready,!1);else if(document.attachEvent){document.attachEvent("onreadystatechange",n),window.attachEvent("onload",l.ready);var e=!1;try{e=null==window.frameElement}catch(e){}document.documentElement.doScroll&&e&&r()}}},_Deferred:function(){var a,n,d,c=[],u=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\up_loader.1.1.0[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\web-toolkit-marketing.20210511151213[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 33104
Entropy (8bit): 5.09594805610116
Encrypted: false
SSDEEP: 768:5KeePtlICyrKdwiJM/t0YkA7tgbitAHOszmhWZsLOBETZsTCQqnZj29s8EW:5KeeLkhxVnZj29s8EW
MD5: 4671C3566ABE7F44A086C190F401D70D
SHA1: 3F7D41FC5CCA267E1CCB7697F9B505C2E6676C5E
SHA-256: F47E03041BB4A1AE01BC34A8D06EE7F74701032B807F7992308BDB981EA1A28E
SHA-512: 9E036FB17F8DD5CC0BD2F4830B6C37E39FAD20149B3D660BCBC31445AD7402C412F71774636A11D4486C48D0FF5B5307843798261BED57E3ADCA7645A542B805
Malicious: false
Reputation: low
Preview:@charset "utf-8";..ui-toolkit .section-hero .text-headline{font-family:"Graphik Webfont",-apple-system,"Helvetica Neue","Droid Sans",Arial,sans-serif;font-size:48px;line-height:1.1;}@media only screen and (min-width: 0) and (max-width: 1399px){.ui-toolkit .section-hero .text-headline{font-size:42px;}}@media only screen and (min-width: 0) and (max-width: 1199px){.ui-toolkit .section-hero .text-headline{font-size:32px;}}@media only screen and (min-width: 1400px){.ui-toolkit .section-hero .text-headline{font-size:64px;}}.ui-toolkit .section-hero .text-description{line-height:1.4;}@media only screen and (min-width: 900px) and (max-width: 1199px){.ui-toolkit .section-hero .text-description{font-size:16px;}}@media only screen and (min-width: 1400px){.ui-toolkit .section-hero .text-description{font-size:24px;}}.ui-toolkit .section-hero .hero-full-bleed{height:40vw;}@media only screen and (min-width: 0) and (max-width: 899px){.ui-toolkit .section-hero .hero-full-bleed{height:65vw;}}@media only
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\www-embed-player[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 195093
Entropy (8bit): 5.597833313328305
Encrypted: false
SSDEEP: 3072:zqtIEic+oOdpZhDavCxDyG9Z2L2Ou6S9VKwhllXD5RXj:l3lpDDavCxD99Zy2Ou6shll3
MD5: F28CCF07CD416F68865F95DEDDC8692F
SHA1: F269C271D0263E4EDA9F2E90243E904C93BB31A5
SHA-256: E581ACC738CBA51DEAD610202C58D80A9AB824BBDA760B8764D82D0CD5949015
SHA-512: D80034AC128CE0B05C0BADB3EAE7A7297CFAC92F87D3C69BD08B588A5922EA06039A97959AE7D33A6D660D840462E884F95A5629CE92985AB5184F7CADE1232D
Malicious: false
Reputation: low
IE Cache URL: https://www.youtube.com/s/player/fba90263/www-embed-player.vflset/www-embed-player.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var m;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var da=ca(this);function r(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e+
C:\Users\user\AppData\Local\Temp\~DF02FE87FC2BF4D029.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 69752
Entropy (8bit): 1.3348565276497926
Encrypted: false
SSDEEP: 384:kBqoxKAuqR+Jn1kHrbS1II1FDbSRQdnRQd:Hg
MD5: 472B50043F4B19AFCB704E904AEC9C99
SHA1: 77EDD6DA4AC9A8F18F59B36B6488069498348866
SHA-256: 81CAC7FE4AB34619D1ED741AB444A40F8A6468EC231D3F8B18B5F59D1EADF114
SHA-512: 24B196095CF8FE920B93049CC6A36E0884724FF1A26F02C079AEE27A0776491B5846953C74279648F94FAE098460605274051799C538B0FD1CE02598C6E2B8FD
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 34 of 55
Static File Info
No static file info
Network Port Distribution
Total Packets: 104
• 53 (DNS)
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF02FE87FC2BF4D029.TMP
C:\Users\user\AppData\Local\Temp\~DF38805ECE9FF3FB30.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 25441
Entropy (8bit): 0.27918767598683664
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5: AB889A32AB9ACD33E816C2422337C69A
SHA1: 1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256: 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512: BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFCCF81EEE387774DA.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 13029
Entropy (8bit): 0.47866497640571043
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lo69loq9lWpV8I/a4:kBqoIlTf/
MD5: 8D31F0BCE33F503596160B4A4658ECB4
SHA1: 7541AFCED0D56BA7F9E08E2DB9ADA4C67331BBD3
SHA-256: 058204E6B0989C83FE0393A5739891223FF50A901AC1BAC621454BBAB032F0AF
SHA-512: 147495368E0FC784E19EB06D34B95B64932D62E4999628C3FDEFFB8B9C294E33F9EE4069395FBFA6DF24E92A223D9E6F3344A0F94574B81A92957CA3F3F48754
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Network Behavior
Copyright Joe Security LLC 2021 Page 35 of 55
• 443 (HTTPS)
• 80 (HTTP)
Timestamp Source Port Dest Port Source IP Dest IP
May 19, 2021 15:39:06.244781017 CEST 49715 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.245999098 CEST 49716 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.268975019 CEST 80 49716 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.269099951 CEST 49716 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.269752979 CEST 49716 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.270819902 CEST 80 49715 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.270925999 CEST 49715 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.294641972 CEST 80 49716 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.294684887 CEST 80 49716 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.294769049 CEST 49716 80 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.301124096 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.327074051 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.327241898 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.340213060 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.366058111 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.479372978 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.479415894 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.479435921 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.479485989 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.479520082 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.506783009 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.532737017 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.637725115 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.637816906 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.638433933 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.665877104 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927615881 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927650928 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927671909 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927696943 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927705050 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.927720070 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927732944 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.927741051 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.927782059 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.929347992 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.929378033 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.929431915 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.929462910 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.931185007 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.931205988 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.931272984 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.932985067 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.933068991 CEST 49717 443 192.168.2.4 130.211.40.170
TCP Packets
Copyright Joe Security LLC 2021 Page 36 of 55
May 19, 2021 15:39:06.942302942 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.942338943 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.942462921 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.943087101 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.943171978 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.943506956 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:06.943583965 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:06.979346037 CEST 49717 443 192.168.2.4 130.211.40.170
May 19, 2021 15:39:07.005230904 CEST 443 49717 130.211.40.170 192.168.2.4
May 19, 2021 15:39:07.145661116 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.146692038 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.169107914 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.169326067 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.169569969 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.169662952 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.172728062 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.172914982 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.195756912 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.195909977 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197112083 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197149038 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197170973 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197280884 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.197321892 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.197674036 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197700977 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197721958 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.197757006 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.197793007 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.228866100 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.229496956 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.229819059 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.252372026 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.252481937 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.252506971 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.252568960 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.252646923 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.252702951 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.253366947 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.253665924 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.254014969 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.258671045 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.276642084 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.276748896 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.276804924 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.276823044 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.276835918 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.276868105 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.276882887 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.277499914 CEST 49720 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.306994915 CEST 443 49720 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.359920025 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.359957933 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.359975100 CEST 443 49719 35.227.203.198 192.168.2.4
May 19, 2021 15:39:07.360084057 CEST 49719 443 192.168.2.4 35.227.203.198
May 19, 2021 15:39:07.360116005 CEST 49719 443 192.168.2.4 35.227.203.198
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
May 19, 2021 15:38:56.815721035 CEST 49182 53 192.168.2.4 8.8.8.8
May 19, 2021 15:38:56.838973045 CEST 53 49182 8.8.8.8 192.168.2.4
May 19, 2021 15:38:57.616305113 CEST 59920 53 192.168.2.4 8.8.8.8
May 19, 2021 15:38:57.643810034 CEST 53 59920 8.8.8.8 192.168.2.4
UDP Packets
Copyright Joe Security LLC 2021 Page 37 of 55
May 19, 2021 15:38:58.330136061 CEST 57458 53 192.168.2.4 8.8.8.8
May 19, 2021 15:38:58.353342056 CEST 53 57458 8.8.8.8 192.168.2.4
May 19, 2021 15:38:59.061690092 CEST 50579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:38:59.086210966 CEST 53 50579 8.8.8.8 192.168.2.4
May 19, 2021 15:38:59.790374994 CEST 51703 53 192.168.2.4 8.8.8.8
May 19, 2021 15:38:59.816803932 CEST 53 51703 8.8.8.8 192.168.2.4
May 19, 2021 15:39:00.777663946 CEST 65248 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:00.803507090 CEST 53 65248 8.8.8.8 192.168.2.4
May 19, 2021 15:39:01.600815058 CEST 53723 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:01.625282049 CEST 53 53723 8.8.8.8 192.168.2.4
May 19, 2021 15:39:02.561809063 CEST 64646 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:02.587814093 CEST 53 64646 8.8.8.8 192.168.2.4
May 19, 2021 15:39:03.559082985 CEST 65298 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:03.582634926 CEST 53 65298 8.8.8.8 192.168.2.4
May 19, 2021 15:39:04.302227974 CEST 59123 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:04.325581074 CEST 53 59123 8.8.8.8 192.168.2.4
May 19, 2021 15:39:05.101885080 CEST 54531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:05.146538973 CEST 53 54531 8.8.8.8 192.168.2.4
May 19, 2021 15:39:05.353635073 CEST 49714 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:05.389204025 CEST 53 49714 8.8.8.8 192.168.2.4
May 19, 2021 15:39:06.521065950 CEST 58028 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:06.547209024 CEST 53 58028 8.8.8.8 192.168.2.4
May 19, 2021 15:39:07.081496000 CEST 53097 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:07.082477093 CEST 49257 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:07.118540049 CEST 53 53097 8.8.8.8 192.168.2.4
May 19, 2021 15:39:07.129446983 CEST 53 49257 8.8.8.8 192.168.2.4
May 19, 2021 15:39:07.310602903 CEST 62389 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:07.344106913 CEST 53 62389 8.8.8.8 192.168.2.4
May 19, 2021 15:39:08.432173014 CEST 49910 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:08.458574057 CEST 53 49910 8.8.8.8 192.168.2.4
May 19, 2021 15:39:09.171566963 CEST 55854 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:09.197925091 CEST 53 55854 8.8.8.8 192.168.2.4
May 19, 2021 15:39:09.919797897 CEST 64549 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:09.944348097 CEST 53 64549 8.8.8.8 192.168.2.4
May 19, 2021 15:39:26.269109011 CEST 63153 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:26.303422928 CEST 53 63153 8.8.8.8 192.168.2.4
May 19, 2021 15:39:27.958978891 CEST 52991 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:27.982386112 CEST 53 52991 8.8.8.8 192.168.2.4
May 19, 2021 15:39:28.048994064 CEST 53700 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:28.075201988 CEST 53 53700 8.8.8.8 192.168.2.4
May 19, 2021 15:39:28.974677086 CEST 51726 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:28.997809887 CEST 53 51726 8.8.8.8 192.168.2.4
May 19, 2021 15:39:29.085433960 CEST 56794 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:29.103497982 CEST 56534 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:29.128523111 CEST 53 56794 8.8.8.8 192.168.2.4
May 19, 2021 15:39:29.141576052 CEST 53 56534 8.8.8.8 192.168.2.4
May 19, 2021 15:39:29.638242006 CEST 56627 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:29.671817064 CEST 53 56627 8.8.8.8 192.168.2.4
May 19, 2021 15:39:29.803148031 CEST 56621 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:29.844037056 CEST 53 56621 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.746954918 CEST 63116 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.764756918 CEST 64078 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.775549889 CEST 64801 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.783657074 CEST 61721 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.785259008 CEST 53 63116 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.798530102 CEST 51255 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.806408882 CEST 53 64078 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.811269045 CEST 53 61721 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.813251019 CEST 53 64801 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.831363916 CEST 53 51255 8.8.8.8 192.168.2.4
May 19, 2021 15:39:30.844449997 CEST 61522 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:30.876759052 CEST 53 61522 8.8.8.8 192.168.2.4
May 19, 2021 15:39:31.010267019 CEST 52337 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.049936056 CEST 53 52337 8.8.8.8 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2021 Page 38 of 55
May 19, 2021 15:39:31.061517954 CEST 55046 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.100779057 CEST 53 55046 8.8.8.8 192.168.2.4
May 19, 2021 15:39:31.426739931 CEST 49612 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.430548906 CEST 49285 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.461344957 CEST 53 49612 8.8.8.8 192.168.2.4
May 19, 2021 15:39:31.467081070 CEST 53 49285 8.8.8.8 192.168.2.4
May 19, 2021 15:39:31.503637075 CEST 50601 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.512870073 CEST 60875 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:31.539048910 CEST 53 50601 8.8.8.8 192.168.2.4
May 19, 2021 15:39:31.554569006 CEST 53 60875 8.8.8.8 192.168.2.4
May 19, 2021 15:39:32.862026930 CEST 56448 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:32.885643005 CEST 53 56448 8.8.8.8 192.168.2.4
May 19, 2021 15:39:32.915796041 CEST 59172 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:32.956235886 CEST 53 59172 8.8.8.8 192.168.2.4
May 19, 2021 15:39:33.031747103 CEST 62420 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:33.074294090 CEST 53 62420 8.8.8.8 192.168.2.4
May 19, 2021 15:39:35.151655912 CEST 60579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:35.171097040 CEST 50183 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:35.174810886 CEST 53 60579 8.8.8.8 192.168.2.4
May 19, 2021 15:39:35.194211960 CEST 53 50183 8.8.8.8 192.168.2.4
May 19, 2021 15:39:35.910213947 CEST 61531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:35.942054987 CEST 53 61531 8.8.8.8 192.168.2.4
May 19, 2021 15:39:36.153851032 CEST 60579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:36.178380966 CEST 53 60579 8.8.8.8 192.168.2.4
May 19, 2021 15:39:36.914266109 CEST 61531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:36.948571920 CEST 53 61531 8.8.8.8 192.168.2.4
May 19, 2021 15:39:37.157830954 CEST 60579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:37.180995941 CEST 53 60579 8.8.8.8 192.168.2.4
May 19, 2021 15:39:39.210851908 CEST 60579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:39.236308098 CEST 53 60579 8.8.8.8 192.168.2.4
May 19, 2021 15:39:39.338361025 CEST 61531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:39.361774921 CEST 53 61531 8.8.8.8 192.168.2.4
May 19, 2021 15:39:41.342235088 CEST 61531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:41.366812944 CEST 53 61531 8.8.8.8 192.168.2.4
May 19, 2021 15:39:43.156008005 CEST 49228 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:43.182498932 CEST 53 49228 8.8.8.8 192.168.2.4
May 19, 2021 15:39:43.214337111 CEST 60579 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:43.237392902 CEST 53 60579 8.8.8.8 192.168.2.4
May 19, 2021 15:39:45.350665092 CEST 61531 53 192.168.2.4 8.8.8.8
May 19, 2021 15:39:45.374088049 CEST 53 61531 8.8.8.8 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
May 19, 2021 15:39:07.081496000 CEST 192.168.2.4 8.8.8.8 0xee8 Standard query (0)
www.etsy.com A (IP address) IN (0x0001)
May 19, 2021 15:39:07.082477093 CEST 192.168.2.4 8.8.8.8 0xc76e Standard query (0)
system.etsy.com A (IP address) IN (0x0001)
May 19, 2021 15:39:07.310602903 CEST 192.168.2.4 8.8.8.8 0x6594 Standard query (0)
img0.etsystatic.com
A (IP address) IN (0x0001)
May 19, 2021 15:39:26.269109011 CEST 192.168.2.4 8.8.8.8 0x90d5 Standard query (0)
www.patternbyetsy.com
A (IP address) IN (0x0001)
May 19, 2021 15:39:28.048994064 CEST 192.168.2.4 8.8.8.8 0x9982 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
May 19, 2021 15:39:29.085433960 CEST 192.168.2.4 8.8.8.8 0x86d9 Standard query (0)
8666735.fls.doubleclick.net
A (IP address) IN (0x0001)
May 19, 2021 15:39:29.103497982 CEST 192.168.2.4 8.8.8.8 0x4e0d Standard query (0)
www.dwin1.com A (IP address) IN (0x0001)
May 19, 2021 15:39:29.638242006 CEST 192.168.2.4 8.8.8.8 0xe501 Standard query (0)
www.facebook.com
A (IP address) IN (0x0001)
May 19, 2021 15:39:29.803148031 CEST 192.168.2.4 8.8.8.8 0x7852 Standard query (0)
stats.g.doubleclick.net
A (IP address) IN (0x0001)
May 19, 2021 15:39:30.746954918 CEST 192.168.2.4 8.8.8.8 0x2a1c Standard query (0)
s.pinimg.com A (IP address) IN (0x0001)
May 19, 2021 15:39:30.764756918 CEST 192.168.2.4 8.8.8.8 0x805e Standard query (0)
9910951.fls.doubleclick.net
A (IP address) IN (0x0001)
DNS Queries
Copyright Joe Security LLC 2021 Page 39 of 55
May 19, 2021 15:39:30.775549889 CEST 192.168.2.4 8.8.8.8 0xefdf Standard query (0)
web.btncdn.com A (IP address) IN (0x0001)
May 19, 2021 15:39:30.798530102 CEST 192.168.2.4 8.8.8.8 0xeef2 Standard query (0)
resources.xg4ken.com
A (IP address) IN (0x0001)
May 19, 2021 15:39:30.844449997 CEST 192.168.2.4 8.8.8.8 0xae29 Standard query (0)
pt.ispot.tv A (IP address) IN (0x0001)
May 19, 2021 15:39:31.010267019 CEST 192.168.2.4 8.8.8.8 0xe92e Standard query (0)
d.agkn.com A (IP address) IN (0x0001)
May 19, 2021 15:39:31.061517954 CEST 192.168.2.4 8.8.8.8 0x41d8 Standard query (0)
ct.pinterest.com A (IP address) IN (0x0001)
May 19, 2021 15:39:31.430548906 CEST 192.168.2.4 8.8.8.8 0x133 Standard query (0)
js.adsrvr.org A (IP address) IN (0x0001)
May 19, 2021 15:39:31.503637075 CEST 192.168.2.4 8.8.8.8 0x4ef3 Standard query (0)
www.google.de A (IP address) IN (0x0001)
May 19, 2021 15:39:32.862026930 CEST 192.168.2.4 8.8.8.8 0x690e Standard query (0)
insight.adsrvr.org A (IP address) IN (0x0001)
May 19, 2021 15:39:32.915796041 CEST 192.168.2.4 8.8.8.8 0xd06d Standard query (0)
googleads.g.doubleclick.net
A (IP address) IN (0x0001)
May 19, 2021 15:39:33.031747103 CEST 192.168.2.4 8.8.8.8 0xbd5c Standard query (0)
static.doubleclick.net
A (IP address) IN (0x0001)
May 19, 2021 15:39:43.156008005 CEST 192.168.2.4 8.8.8.8 0xbbe9 Standard query (0)
yt3.ggpht.com A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
May 19, 2021 15:39:07.118540049 CEST
8.8.8.8 192.168.2.4 0xee8 No error (0) www.etsy.com www.etsy.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:07.129446983 CEST
8.8.8.8 192.168.2.4 0xc76e No error (0) system.etsy.com 35.227.203.198 A (IP address) IN (0x0001)
May 19, 2021 15:39:07.344106913 CEST
8.8.8.8 192.168.2.4 0x6594 No error (0) img0.etsystatic.com
i-dsa.etsystatic.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:26.303422928 CEST
8.8.8.8 192.168.2.4 0x90d5 No error (0) www.patternbyetsy.com
130.211.40.170 A (IP address) IN (0x0001)
May 19, 2021 15:39:28.075201988 CEST
8.8.8.8 192.168.2.4 0x9982 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:29.128523111 CEST
8.8.8.8 192.168.2.4 0x86d9 No error (0) 8666735.fls.doubleclick.net
dart.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:29.128523111 CEST
8.8.8.8 192.168.2.4 0x86d9 No error (0) dart.l.doubleclick.net
216.58.214.198 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.141576052 CEST
8.8.8.8 192.168.2.4 0x4e0d No error (0) www.dwin1.com d2pbcviywxotf2.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:29.141576052 CEST
8.8.8.8 192.168.2.4 0x4e0d No error (0) d2pbcviywxotf2.cloudfront.net
143.204.98.44 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.141576052 CEST
8.8.8.8 192.168.2.4 0x4e0d No error (0) d2pbcviywxotf2.cloudfront.net
143.204.98.111 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.141576052 CEST
8.8.8.8 192.168.2.4 0x4e0d No error (0) d2pbcviywxotf2.cloudfront.net
143.204.98.59 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.141576052 CEST
8.8.8.8 192.168.2.4 0x4e0d No error (0) d2pbcviywxotf2.cloudfront.net
143.204.98.39 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.671817064 CEST
8.8.8.8 192.168.2.4 0xe501 No error (0) www.facebook.com
star-mini.c10r.facebook.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:29.671817064 CEST
8.8.8.8 192.168.2.4 0xe501 No error (0) star-mini.c10r.facebook.com
185.60.216.35 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.844037056 CEST
8.8.8.8 192.168.2.4 0x7852 No error (0) stats.g.doubleclick.net
stats.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:29.844037056 CEST
8.8.8.8 192.168.2.4 0x7852 No error (0) stats.l.doubleclick.net
108.177.15.157 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.844037056 CEST
8.8.8.8 192.168.2.4 0x7852 No error (0) stats.l.doubleclick.net
108.177.15.155 A (IP address) IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2021 Page 40 of 55
May 19, 2021 15:39:29.844037056 CEST
8.8.8.8 192.168.2.4 0x7852 No error (0) stats.l.doubleclick.net
108.177.15.156 A (IP address) IN (0x0001)
May 19, 2021 15:39:29.844037056 CEST
8.8.8.8 192.168.2.4 0x7852 No error (0) stats.l.doubleclick.net
108.177.15.154 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.785259008 CEST
8.8.8.8 192.168.2.4 0x2a1c No error (0) s.pinimg.com s-pinimg-com.gslb.pinterest.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.785259008 CEST
8.8.8.8 192.168.2.4 0x2a1c No error (0) s-pinimg-com.gslb.pinterest.com
2-01-37d2-0006.cdx.cedexis.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.785259008 CEST
8.8.8.8 192.168.2.4 0x2a1c No error (0) dualstack.pinterest.map.fastly.net
151.101.112.84 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.806408882 CEST
8.8.8.8 192.168.2.4 0x805e No error (0) 9910951.fls.doubleclick.net
dart.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.806408882 CEST
8.8.8.8 192.168.2.4 0x805e No error (0) dart.l.doubleclick.net
216.58.214.198 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.813251019 CEST
8.8.8.8 192.168.2.4 0xefdf No error (0) web.btncdn.com 143.204.98.55 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.813251019 CEST
8.8.8.8 192.168.2.4 0xefdf No error (0) web.btncdn.com 143.204.98.9 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.813251019 CEST
8.8.8.8 192.168.2.4 0xefdf No error (0) web.btncdn.com 143.204.98.81 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.813251019 CEST
8.8.8.8 192.168.2.4 0xefdf No error (0) web.btncdn.com 143.204.98.20 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) resources.xg4ken.com
resourcesgeo.sat4ken.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) resourcesgeo.sat4ken.com
resources-prd-elb-ir.xg4ken.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) resources-prd-elb-ir.xg4ken.com
awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
34.250.6.2 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
54.246.169.130 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.831363916 CEST
8.8.8.8 192.168.2.4 0xeef2 No error (0) awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
54.228.170.24 A (IP address) IN (0x0001)
May 19, 2021 15:39:30.876759052 CEST
8.8.8.8 192.168.2.4 0xae29 No error (0) pt.ispot.tv j.sni.global.fastly.net CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) d.agkn.com data.agkn.com CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) data.agkn.com tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
54.154.208.108 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 41 of 55
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
52.210.122.93 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
34.248.220.207 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
34.254.30.93 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
99.81.89.44 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
52.19.235.191 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
34.252.89.26 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.049936056 CEST
8.8.8.8 192.168.2.4 0xe92e No error (0) tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com
99.81.110.184 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.100779057 CEST
8.8.8.8 192.168.2.4 0x41d8 No error (0) ct.pinterest.com www.pinterest.com CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.100779057 CEST
8.8.8.8 192.168.2.4 0x41d8 No error (0) www.pinterest.com
www-pinterest-com.gslb.pinterest.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.100779057 CEST
8.8.8.8 192.168.2.4 0x41d8 No error (0) www-pinterest-com.gslb.pinterest.com
2-01-37d2-0018.cdx.cedexis.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.467081070 CEST
8.8.8.8 192.168.2.4 0x133 No error (0) js.adsrvr.org dg2iu7dxxehbo.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:31.467081070 CEST
8.8.8.8 192.168.2.4 0x133 No error (0) dg2iu7dxxehbo.cloudfront.net
143.204.94.161 A (IP address) IN (0x0001)
May 19, 2021 15:39:31.539048910 CEST
8.8.8.8 192.168.2.4 0x4ef3 No error (0) www.google.de 216.58.207.163 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight.adsrvr.org
insight-566961044.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
99.80.189.193 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
52.50.64.214 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
34.254.108.170 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 42 of 55
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
34.255.138.57 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
34.254.127.126 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
52.213.189.245 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
52.31.175.99 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.885643005 CEST
8.8.8.8 192.168.2.4 0x690e No error (0) insight-566961044.eu-west-1.elb.amazonaws.com
54.77.48.133 A (IP address) IN (0x0001)
May 19, 2021 15:39:32.956235886 CEST
8.8.8.8 192.168.2.4 0xd06d No error (0) googleads.g.doubleclick.net
172.217.20.2 A (IP address) IN (0x0001)
May 19, 2021 15:39:33.074294090 CEST
8.8.8.8 192.168.2.4 0xbd5c No error (0) static.doubleclick.net
static-doubleclick-net.l.google.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:43.182498932 CEST
8.8.8.8 192.168.2.4 0xbbe9 No error (0) yt3.ggpht.com photos-ugc.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
May 19, 2021 15:39:43.182498932 CEST
8.8.8.8 192.168.2.4 0xbbe9 No error (0) photos-ugc.l.googleusercontent.com
142.250.185.225 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
130.211.40.170
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.4 49716 130.211.40.170 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 19, 2021 15:39:06.269752979 CEST
134 OUT GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 130.211.40.170Connection: Keep-Alive
May 19, 2021 15:39:06.294684887 CEST
135 IN HTTP/1.1 302 FoundCache-Control: privateContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerLocation: https://130.211.40.170/Content-Length: 220Date: Wed, 19 May 2021 13:39:06 GMTData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 31 33 30 2e 32 31 31 2e 34 30 2e 31 37 30 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://130.211.40.170/">here</A>.</BODY></HTML>
HTTP Request Dependency Graph
HTTP Packets
HTTPS Packets
Copyright Joe Security LLC 2021 Page 43 of 55
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
May 19, 2021 15:39:06.479435921 CEST
130.211.40.170 443 192.168.2.4 49717 CN=*.patternbyetsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 07 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020
Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,10-11-13-35-16-23-24-65281,29-23-24,0
1c8f6068d3351ed3651b33bd2625bcdd
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Sep 24 02:00:00 CEST 2020
Tue Sep 24 01:59:59 CEST 2030
May 19, 2021 15:39:07.197170973 CEST
35.227.203.198 443 192.168.2.4 49720 CN=*.etsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Feb 14 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 30 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
May 19, 2021 15:39:07.197721958 CEST
35.227.203.198 443 192.168.2.4 49719 CN=*.etsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Feb 14 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 30 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
May 19, 2021 15:39:22.624068975 CEST
130.211.40.170 443 192.168.2.4 49729 CN=*.patternbyetsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 07 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020
Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,10-11-13-35-23-65281,29-23-24,0
51c64c77e60f3980eea90869b68c58a8
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Sep 24 02:00:00 CEST 2020
Tue Sep 24 01:59:59 CEST 2030
May 19, 2021 15:39:25.015237093 CEST
130.211.40.170 443 192.168.2.4 49730 CN=*.patternbyetsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 07 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020
Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,10-11-13-35-16-23-24-65281,29-23-24,0
1c8f6068d3351ed3651b33bd2625bcdd
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Sep 24 02:00:00 CEST 2020
Tue Sep 24 01:59:59 CEST 2030
Copyright Joe Security LLC 2021 Page 44 of 55
May 19, 2021 15:39:26.462264061 CEST
130.211.40.170 443 192.168.2.4 49732 CN=*.patternbyetsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 07 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020
Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Sep 24 02:00:00 CEST 2020
Tue Sep 24 01:59:59 CEST 2030
May 19, 2021 15:39:26.472739935 CEST
130.211.40.170 443 192.168.2.4 49731 CN=*.patternbyetsy.com, O="Etsy, Inc.", L=Brooklyn, ST=New York, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 07 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020
Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Sep 24 02:00:00 CEST 2020
Tue Sep 24 01:59:59 CEST 2030
May 19, 2021 15:39:29.609236002 CEST
143.204.98.44 443 192.168.2.4 49739 CN=*.dwin1.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Dec 04 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Mon Jan 03 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 45 of 55
May 19, 2021 15:39:29.649194002 CEST
143.204.98.44 443 192.168.2.4 49740 CN=*.dwin1.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Dec 04 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Mon Jan 03 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
May 19, 2021 15:39:29.677139997 CEST
216.58.214.198 443 192.168.2.4 49742 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon May 03 10:59:06 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Mon Jul 26 10:59:05 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:29.714610100 CEST
185.60.216.35 443 192.168.2.4 49743 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 06 02:00:00 CEST 2021 Tue Oct 22 14:00:00 CEST 2013
Sun Jul 04 01:59:59 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
May 19, 2021 15:39:29.714670897 CEST
185.60.216.35 443 192.168.2.4 49744 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 06 02:00:00 CEST 2021 Tue Oct 22 14:00:00 CEST 2013
Sun Jul 04 01:59:59 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 46 of 55
May 19, 2021 15:39:29.719233036 CEST
216.58.214.198 443 192.168.2.4 49741 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon May 03 10:59:06 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Mon Jul 26 10:59:05 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:29.901196957 CEST
108.177.15.157 443 192.168.2.4 49745 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Apr 13 12:11:12 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Jul 06 12:11:11 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:29.909677029 CEST
108.177.15.157 443 192.168.2.4 49746 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Apr 13 12:11:12 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Jul 06 12:11:11 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:30.848850012 CEST
151.101.112.84 443 192.168.2.4 49748 CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
May 19, 2021 15:39:30.850392103 CEST
151.101.112.84 443 192.168.2.4 49747 CN=*.pinterest.com, O="Pinterest, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Jul 16 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 04 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 47 of 55
May 19, 2021 15:39:30.868232012 CEST
143.204.98.55 443 192.168.2.4 49750 CN=*.btncdn.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Thu May 06 02:00:00 CEST 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Jun 05 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
May 19, 2021 15:39:30.868571997 CEST
143.204.98.55 443 192.168.2.4 49749 CN=*.btncdn.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Thu May 06 02:00:00 CEST 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Jun 05 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
May 19, 2021 15:39:30.913336039 CEST
216.58.214.198 443 192.168.2.4 49754 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon May 03 10:59:06 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Mon Jul 26 10:59:05 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 48 of 55
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:30.913652897 CEST
216.58.214.198 443 192.168.2.4 49753 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon May 03 10:59:06 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Mon Jul 26 10:59:05 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 19, 2021 15:39:30.929454088 CEST
34.250.6.2 443 192.168.2.4 49755 CN=*.xg4ken.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Mon Sep 14 14:50:49 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004
Sat Oct 16 14:50:49 CEST 2021 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Tue May 03 09:00:00 CEST 2011
Sat May 03 09:00:00 CEST 2031
CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Wed Jan 01 08:00:00 CET 2014
Fri May 30 09:00:00 CEST 2031
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Tue Jun 29 19:06:20 CEST 2004
Thu Jun 29 19:06:20 CEST 2034
May 19, 2021 15:39:30.983582973 CEST
34.250.6.2 443 192.168.2.4 49756 CN=*.xg4ken.com, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Mon Sep 14 14:50:49 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004
Sat Oct 16 14:50:49 CEST 2021 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Tue May 03 09:00:00 CEST 2011
Sat May 03 09:00:00 CEST 2031
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 49 of 55
CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Wed Jan 01 08:00:00 CET 2014
Fri May 30 09:00:00 CEST 2031
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Tue Jun 29 19:06:20 CEST 2004
Thu Jun 29 19:06:20 CEST 2034
May 19, 2021 15:39:31.142667055 CEST
54.154.208.108 443 192.168.2.4 49760 CN=*.agkn.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sat Jul 25 02:00:00 CEST 2020 Mon Nov 06 13:23:33 CET 2017 Fri Nov 10 01:00:00 CET 2006
Sun Sep 18 14:00:00 CEST 2022 Sat Nov 06 13:23:33 CET 2027 Mon Nov 10 01:00:00 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Nov 10 01:00:00 CET 2006
Mon Nov 10 01:00:00 CET 2031
May 19, 2021 15:39:31.148205042 CEST
54.154.208.108 443 192.168.2.4 49759 CN=*.agkn.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sat Jul 25 02:00:00 CEST 2020 Mon Nov 06 13:23:33 CET 2017 Fri Nov 10 01:00:00 CET 2006
Sun Sep 18 14:00:00 CEST 2022 Sat Nov 06 13:23:33 CET 2027 Mon Nov 10 01:00:00 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Nov 10 01:00:00 CET 2006
Mon Nov 10 01:00:00 CET 2031
May 19, 2021 15:39:31.526804924 CEST
143.204.94.161 443 192.168.2.4 49765 CN=*.adsrvr.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Thu Mar 18 23:45:32 CET 2021 Tue Jul 28 02:00:00 CEST 2020 Wed Mar 18 11:00:00 CET 2009
Wed Apr 20 00:45:32 CEST 2022 Sun Mar 18 01:00:00 CET 2029 Sun Mar 18 11:00:00 CET 2029
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Tue Jul 28 02:00:00 CEST 2020
Sun Mar 18 01:00:00 CET 2029
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 50 of 55
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Wed Mar 18 11:00:00 CET 2009
Sun Mar 18 11:00:00 CET 2029
May 19, 2021 15:39:31.536470890 CEST
143.204.94.161 443 192.168.2.4 49767 CN=*.adsrvr.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Thu Mar 18 23:45:32 CET 2021 Tue Jul 28 02:00:00 CEST 2020 Wed Mar 18 11:00:00 CET 2009
Wed Apr 20 00:45:32 CEST 2022 Sun Mar 18 01:00:00 CET 2029 Sun Mar 18 11:00:00 CET 2029
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Tue Jul 28 02:00:00 CEST 2020
Sun Mar 18 01:00:00 CET 2029
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Wed Mar 18 11:00:00 CET 2009
Sun Mar 18 11:00:00 CET 2029
May 19, 2021 15:39:31.591003895 CEST
216.58.207.163 443 192.168.2.4 49768 CN=www.google.de CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Apr 13 12:41:49 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Jul 06 12:41:48 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
May 19, 2021 15:39:31.592133045 CEST
216.58.207.163 443 192.168.2.4 49769 CN=www.google.de CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Apr 13 12:41:49 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Jul 06 12:41:48 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 51 of 55
May 19, 2021 15:39:32.973284960 CEST
99.80.189.193 443 192.168.2.4 49772 CN=*.adsrvr.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Thu Mar 18 23:45:32 CET 2021 Tue Jul 28 02:00:00 CEST 2020 Wed Mar 18 11:00:00 CET 2009
Wed Apr 20 00:45:32 CEST 2022 Sun Mar 18 01:00:00 CET 2029 Sun Mar 18 11:00:00 CET 2029
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Tue Jul 28 02:00:00 CEST 2020
Sun Mar 18 01:00:00 CET 2029
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Wed Mar 18 11:00:00 CET 2009
Sun Mar 18 11:00:00 CET 2029
May 19, 2021 15:39:32.976316929 CEST
99.80.189.193 443 192.168.2.4 49773 CN=*.adsrvr.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Thu Mar 18 23:45:32 CET 2021 Tue Jul 28 02:00:00 CEST 2020 Wed Mar 18 11:00:00 CET 2009
Wed Apr 20 00:45:32 CEST 2022 Sun Mar 18 01:00:00 CET 2029 Sun Mar 18 11:00:00 CET 2029
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Tue Jul 28 02:00:00 CEST 2020
Sun Mar 18 01:00:00 CET 2029
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Wed Mar 18 11:00:00 CET 2009
Sun Mar 18 11:00:00 CET 2029
May 19, 2021 15:39:43.253894091 CEST
142.250.185.225 443 192.168.2.4 49780 CN=*.googleusercontent.com CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Apr 13 12:41:17 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Jul 06 12:41:16 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 52 of 55
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
May 19, 2021 15:39:43.257833958 CEST
142.250.185.225 443 192.168.2.4 49781 CN=*.googleusercontent.com CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Apr 13 12:41:17 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Jul 06 12:41:16 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSLClientFingerprint JA3 SSL Client Digest
Start time: 15:39:03
Start date: 19/05/2021
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Analysis Process: iexplore.exe PID: 5764 Parent PID: 800Analysis Process: iexplore.exe PID: 5764 Parent PID: 800
General
Copyright Joe Security LLC 2021 Page 53 of 55
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff662350000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 15:39:04
Start date: 19/05/2021
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5764 CREDAT:17410 /prefetch:2
Imagebase: 0xe50000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 5836 Parent PID: 5764Analysis Process: iexplore.exe PID: 5836 Parent PID: 5764
General
Copyright Joe Security LLC 2021 Page 54 of 55