version: 29.0.0 ocean jasper
TRANSCRIPT
ID: 237804Cookbook: browseurl.jbsTime: 20:28:15Date: 11/06/2020Version: 29.0.0 Ocean Jasper
24444444444455667777788899
1112121313131414141414144343444444454747515152616161626262
Table of Contents
Table of ContentsAnalysis Report https://overview.mail.yahoo.com/?.src=iOS
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature Overview
Mitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 5568 Parent PID: 688General
Copyright null 2020 Page 2 of 63
6262
62626263
63
File ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 5668 Parent PID: 5568GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright null 2020 Page 3 of 63
Analysis Report https://overview.mail.yahoo.com/?.src=iOS…
Overview
General Information
Sample URL: https://overview.mail.yahoo.com/?.src=iOS
Most interesting Screenshot:
Detection
Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
No high impact signatures.
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Signature Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 5568 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 5668 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5568 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2020 Page 4 of 63
• Networking
• System Summary
Click to jump to signature section
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
ValidAccounts
Graphical UserInterface 2
WinlogonHelper DLL
ProcessInjection 1
Masquerading 1 CredentialDumping
File andDirectoryDiscovery 1
Remote FileCopy 1
Data fromLocalSystem
DataCompressed
StandardCryptographicProtocol 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ReplicationThroughRemovableMedia
ServiceExecution
PortMonitors
AccessibilityFeatures
ProcessInjection 1
NetworkSniffing
ApplicationWindowDiscovery
RemoteServices
Data fromRemovableMedia
ExfiltrationOver OtherNetworkMedium
StandardNon-ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
ExternalRemoteServices
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit InputCapture
QueryRegistry
WindowsRemoteManagement
Data fromNetworkSharedDrive
AutomatedExfiltration
StandardApplicationLayerProtocol 3
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Drive-byCompromise
ScheduledTask
SystemFirmware
DLL SearchOrderHijacking
Obfuscated Filesor Information
Credentialsin Files
SystemNetworkConfigurationDiscovery
LogonScripts
InputCapture
DataEncrypted
Remote FileCopy 1
SIM CardSwap
Behavior Graph
Copyright null 2020 Page 5 of 63
Behavior Graph
ID: 237804
URL: https://overview.mail.yahoo...
Startdate: 11/06/2020
Architecture: WINDOWS
Score: 0
s.yimg.com edge.gycpi.b.yahoodns.net
iexplore.exe
5 74
started
iexplore.exe
6 198
started
s.twitter.com
104.244.42.195, 443, 49727, 49728
unknown
United States
t.co
104.244.42.197, 443, 49725, 49726
unknown
United States
40 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright null 2020 Page 6 of 63
Source Detection Scanner Label Link
https://overview.mail.yahoo.com/?.src=iOS 0% Virustotal Browse
https://overview.mail.yahoo.com/?.src=iOS 0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
fam-geo-atsv2.prod.media.g03.yahoodns.net 0% Virustotal Browse
src.san1.g01.yahoodns.net 0% Virustotal Browse
spdc-global.pbp.gysm.yahoodns.net 0% Virustotal Browse
ds-geoycpi-uno-lite.gycpi.b.yahoodns.net 0% Virustotal Browse
verizonmedia.com 0% Virustotal Browse
www.google.co.uk 0% Virustotal Browse
ds-oob-fo-media-router1.prod.media.g01.yahoodns.net 0% Virustotal Browse
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
Copyright null 2020 Page 7 of 63
edge.gycpi.b.yahoodns.net 0% Virustotal Browse
www.verizonmedia.com 0% Virustotal Browse
adservice.google.co.uk 0% Virustotal Browse
Source Detection Scanner Label Link
Source Detection Scanner Label Link
https://verizonmedia.com/policies/br/pt/verizonmedia/privacy/topics/security/index.html 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/policies/xw/en/verizonmedia/privacy/intl/index.htmlNPage 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/products/communications/index.html0% Virustotal Browse
https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/products/communications/index.html0% Avira URL Cloud safe
https://adservice.google.co.uk/ddm/fls/i/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for0% Avira URL Cloud safe
https://www.verizonmedia.com/accessibility/captioning/ 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/licies/xw/en/verizonmedia/privacy/intl/index.htmlition&af_sub20% Avira URL Cloud safe
https://verizonmedia.com/policies/uk/en/verizonmedia/terms/otos/paid/services/cancellation/form/inde0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/tVerizon 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/policies/xwRoot 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/policies/xw/en/verizonmedia/privacy/intl/index.htmlition&af_su0% Avira URL Cloud safe
https://verizonmedia.com/policies/ie/de/oath/terms/additionalterms/index.html 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/policies/xw 0% Avira URL Cloud safe
https://www.verizonmedia.com/ 0% Virustotal Browse
https://www.verizonmedia.com/ 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/policies/xw/en/veri 0% Avira URL Cloud safe
https://verizonmedia.com/policies/ie/it/verizonmedia/terms/additionalterms/index.html 0% Avira URL Cloud safe
https://www.verizonmedia.com/policies/xw/en/verizonmedia/terms/otos/index.htmlndex.htmlition&af_sub20% Avira URL Cloud safe
https://mail.yahoo.comyahoo.com/?.src=iOS/hoo.com/?.src=iOSRoot 0% Avira URL Cloud safe
Name IP Active Malicious Antivirus Detection Reputation
star-mini.c10r.facebook.com 31.13.92.36 true false high
fam-geo-atsv2.prod.media.g03.yahoodns.net 188.125.72.139 true false 0%, Virustotal, Browse low
dart.l.doubleclick.net 216.58.206.6 true false high
pagead46.l.doubleclick.net 172.217.23.98 true false high
src.san1.g01.yahoodns.net 212.82.100.151 true false 0%, Virustotal, Browse low
s.twitter.com 104.244.42.195 true false high
onelink-1664648862.eu-west-1.elb.amazonaws.com
52.30.124.1 true false high
spdc-global.pbp.gysm.yahoodns.net 212.82.100.181 true false 0%, Virustotal, Browse low
t.co 104.244.42.197 true false high
pagead.l.doubleclick.net 216.58.207.66 true false high
ds-geoycpi-uno-lite.gycpi.b.yahoodns.net 87.248.100.137 true false 0%, Virustotal, Browse low
verizonmedia.com 98.136.103.26 true false 0%, Virustotal, Browse unknown
www.google.co.uk 216.58.207.67 true false 0%, Virustotal, Browse low
ds-oob-fo-media-router1.prod.media.g01.yahoodns.net
212.82.100.157 true false 0%, Virustotal, Browse low
prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
34.250.69.144 true false high
edge.gycpi.b.yahoodns.net 87.248.118.22 true false 0%, Virustotal, Browse low
sp.analytics.yahoo.com unknown unknown false high
udc.yahoo.com unknown unknown false high
www.facebook.com unknown unknown false high
info.yahoo.com unknown unknown false high
geo.query.yahoo.com unknown unknown false high
9513459.fls.doubleclick.net unknown unknown false high
URLs
Domains and IPs
Contacted Domains
Copyright null 2020 Page 8 of 63
overview.mail.yahoo.com unknown unknown false high
www.verizonmedia.com unknown unknown false 0%, Virustotal, Browse unknown
adservice.google.co.uk unknown unknown false 0%, Virustotal, Browse low
geo.yahoo.com unknown unknown false high
s.yimg.com unknown unknown false high
analytics.twitter.com unknown unknown false high
beacon.krxd.net unknown unknown false high
mail.yahoo.com unknown unknown false high
policies.oath.com unknown unknown false high
ganon.yahoo.com unknown unknown false high
googleads.g.doubleclick.net unknown unknown false high
6589630.fls.doubleclick.net unknown unknown false high
mail.onelink.me unknown unknown false high
Name IP Active Malicious Antivirus Detection Reputation
Name Malicious Antivirus Detection Reputation
info.yahoo.com/relevantads/ false high
Name Source Malicious Antivirus Detection Reputation
https://s.yimg.com/nq/nr/img/favicon_kJCAOFliMOfdwulmDAg-b-Rr1cVzRHU8pkXZ517KhvQ_v1.ico~
imagestore.dat.2.dr false high
www.aol.jp/global/feedback/ index[2].htm0.2.dr false high
https://www.verizon.com/about/terms-conditions/terms-of-service
index[2].htm0.2.dr false high
www.bis.doc.gov/complianceandenforcement/liststocheck.htmindex[2].htm0.2.dr false high
https://s.yimg.com/cv/api/bcg/everywhere/images/go-further-1.0.5.jpg
signin_4ngZasu6f_INyp8JkI2YRy0WinjbhL7fizmRuEY7VCQ_v1[1].css.2.dr
false high
https://www.verizonmedia.com/policies/xw/en/verizonmedia/terms/otos/index.html
~DF7A00D077D99999BB.TMP.1.dr false unknown
https://ec.europa.eu/consumers/odr/ index[2].htm0.2.dr false high
https://overview.mail.yahoo.com/ies/xw/en/verizonmedia/terms/otos/index.html
~DF7A00D077D99999BB.TMP.1.dr false high
https://s.yimg.com/cv/apiv2/vzm/sites/css/vzm-policies-v2.91.min.css
index[2].htm0.2.dr false high
https://s.yimg.com/cv/apiv2/vzm/sites/vz-image-1.0.0.png
index[2].htm0.2.dr false high
https://adr.org/sites/default/files/Commercial%20Rules.pdfindex[2].htm0.2.dr false high
https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.eot?#iefix&v=4.4.0
combo[1].css.2.dr false high
https://s.yimg.com/zz/combo?ge/oath/policies/css/oathplcy_custom_min_v1.5.css&ge/oath/policies/css/c
index[2].htm0.2.dr false high
info.yahoo.com/legal/us/yahoo/utos/terms/ index[1].htm.2.dr false high
https://s.yimg.com/ge/toc/assets/safari-pinned-tab.svg index[2].htm0.2.dr false high
https://s.yimg.com/cv/apiv2/vzmsites/policies/js/cpqp_v2.jsindex[2].htm0.2.dr false high
https://s.yimg.com/ss/rapid-3.42.3.js MJ49R49K.htm.2.dr false high
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o2prc&events=%5B%5B%22pageview
ns[1].htm0.2.dr false high
https://s.yimg.com/cv/apiv2/vzmsites/policies/js/vzm-privacy-page-emea-v1.1.min.js
index[2].htm0.2.dr false high
https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.eot?v=4.4.0
combo[1].css.2.dr false high
https://6589630.fls.doubleclick.net/activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;ta
~DF7A00D077D99999BB.TMP.1.dr false high
https://s.yimg.com/cv/api/toc/ass/css/v2/tocCustom_min.cssindex[2].htm0.2.dr false high
https://verizonmedia.com/policies/br/pt/verizonmedia/privacy/topics/security/index.html
index[2].htm0.2.dr false Avira URL Cloud: safe unknown
https://it.aiuto.yahoo.com/kb/helpcentral index[2].htm0.2.dr false high
Contacted URLs
URLs from Memory and Binaries
Copyright null 2020 Page 9 of 63
https://s.yimg.com/cv/apiv2/vzm/sites/fav/favicon.ico~ imagestore.dat.2.dr false high
https://mail.yahoo.com/ ~DF7A00D077D99999BB.TMP.1.dr false high
https://s.yimg.com/ge/toc/ass/js/modernizr.min.js index[2].htm0.2.dr false high
https://overview.mail.yahoo.com/ies/xw/en/verizonmedia/terms/otos/index.htmlo
~DF7A00D077D99999BB.TMP.1.dr false high
help.yahoo.com index[1].htm.2.dr, index[2].htm.2.dr false high
https://overview.mail.yahoo.com 64IIADHH.htm.2.dr false high
https://www.verizonmedia.com/policies/policies/xw/en/verizonmedia/privacy/intl/index.htmlNPage
~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
https://overview.mail.yahoo.com?lang=bn-IN 64IIADHH.htm.2.dr false high
https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/products/communications/index.html
MJ49R49K.htm.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://beacon.krxd.net/event.gif?event_id=M-apL1NM&event_type=default>mcb=1419370984
ns[1].htm0.2.dr false high
https://policies.yahoo.com/us/en/yahoo/terms/directory/registration/index.htm?redirect=no
index[2].htm0.2.dr false high
https://adservice.google.co.uk/ddm/fls/i/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for
~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe low
https://fr-ca.aide.yahoo.com/kb/account index[2].htm0.2.dr false high
https://s.yimg.com/ge/toc/ass/js/3.7.3/html5shiv.js index[2].htm0.2.dr false high
https://overview.mail.yahoo.com?lang=kn-IN 64IIADHH.htm.2.dr false high
https://app.appsflyer.com/id577586159?pid=yahoo_admanager_plus_int&c=NorrinLaunch_Mar17&af_s
MJ49R49K.htm.2.dr false high
https://overview.mail.yahoo.com?lang=en-GB 64IIADHH.htm.2.dr false high
https://s.yimg.com/wm/bcg/norrin/images/icon-app-store-1.0.1.png
MJ49R49K.htm.2.dr false high
https://overview.mail.yahoo.com?lang=ml-IN 64IIADHH.htm.2.dr false high
https://www.verizonmedia.com/accessibility/captioning/ index[2].htm0.2.dr false Avira URL Cloud: safe unknown
https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.woff?v=4.4.0
combo[1].css.2.dr false high
https://in.help.yahoo.com/kb/yahoo-india-grievance-officer-sln28253.html
index[2].htm0.2.dr false high
https://s.yimg.com/nq/nr/css/signin_4ngZasu6f_INyp8JkI2YRy0WinjbhL7fizmRuEY7VCQ_v1.css
MJ49R49K.htm.2.dr false high
https://www.verizonmedia.com/policies/licies/xw/en/verizonmedia/privacy/intl/index.htmlition&af_sub2
~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10076255&conv_type=pageview&page_cat=ym6lp&page_na
ns[1].htm0.2.dr false high
https://verizonmedia.com/policies/uk/en/verizonmedia/terms/otos/paid/services/cancellation/form/inde
index[2].htm0.2.dr false Avira URL Cloud: safe unknown
www.reddit.com/ msapplication.xml5.1.dr false high
https://s.yimg.com/zz/combo?ge/oath/policies/v1/dist/scripts/aimdata-min.js&ge/policies/js/v2/redire
index[2].htm0.2.dr false high
https://es.ayuda.yahoo.com/kb/helpcentral index[2].htm0.2.dr false high
https://s.yimg.com/ss/rapid-3.41.3.js 64IIADHH.htm.2.dr false high
https://s.yimg.com/zz/combo?ge/toc/ass/js/2.2.4/jquery.min.js&ge/toc/ass/js/libs.min.js&ge/toc/ass/j
index[2].htm0.2.dr false high
https://sec.yimg.com/i/yahoo.gif index[1].htm.2.dr, index[2].htm.2.dr false high
https://s.yimg.com/wm/bcg/norrin/images/icon-google-app-1.0.2.png
MJ49R49K.htm.2.dr false high
https://www.verizonmedia.com/policies/tVerizon ~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
www.linotype.com/fontdesigners NHaasGroteskDSStd-75Bd[1].eot.2.dr false high
www.adr.org/ index[2].htm0.2.dr false high
https://www.verizonmedia.com/policies/policies/xwRoot {D1C8BA01-AC5C-11EA-AAE6-44C1B3FB757B}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.verizonmedia.com/policies/policies/xw/en/verizonmedia/privacy/intl/index.htmlition&af_su
~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
https://s.yimg.com/ge/toc/ass/js/1.4.2/respond.min.js index[2].htm0.2.dr false high
https://uk.help.yahoo.com/kb/account index[2].htm0.2.dr false high
https://overview.mail.yahoo.com?lang=fr-FR 64IIADHH.htm.2.dr false high
https://overview.mail.yahoo.com?lang=fil-PH 64IIADHH.htm.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright null 2020 Page 10 of 63
https://de.hilfe.yahoo.com/kb/helpcentral index[2].htm0.2.dr false high
https://overview.mail.yahoo.com?lang=id-ID 64IIADHH.htm.2.dr false high
www.yahoo.com index[2].htm.2.dr false high
https://www.verizonmedia.com/policies/policies/xw/en/verizonmedia/privacy/intl/index.html
~DF7A00D077D99999BB.TMP.1.dr false unknown
https://overview.mail.yahoo.com?lang=de-DE 64IIADHH.htm.2.dr false high
https://verizonmedia.com/policies/ie/de/oath/terms/additionalterms/index.html
index[2].htm0.2.dr false Avira URL Cloud: safe unknown
privacy.yahoo.com index[1].htm.2.dr false high
https://beacon.krxd.net/event.gif?event_id=M-apL1NM&event_type=default>mcb=857907770
ns[1].htm0.2.dr false high
https://www.verizonmedia.com/policies/policies/xw {D1C8BA01-AC5C-11EA-AAE6-44C1B3FB757B}.dat.1.dr
false Avira URL Cloud: safe unknown
https://login.yahoo.com/account/delete-user index[2].htm0.2.dr false high
https://s.yimg.com/wm/bcg/norrin/images/background1-1.0.3.jpg);
signin_4ngZasu6f_INyp8JkI2YRy0WinjbhL7fizmRuEY7VCQ_v1[1].css.2.dr
false high
docs.yahoo.com/docs/family/more/ index[1].htm.2.dr false high
https://s.yimg.com/zz/combo?ge/oath/policies/fonts/font_awesome_min_v1.1.css
index[2].htm0.2.dr false high
https://www.verizonmedia.com/ index[2].htm0.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://help.aol.com/ index[2].htm0.2.dr false high
search.yahoo.com/search index[1].htm.2.dr false high
www.linotype.com/licensehttp://www.linotype.com/licenseNeue
NHaasGroteskDSStd-75Bd[1].eot.2.dr, NHaasGroteskDSStd-55Rg[1].eot.2.dr
false high
https://ca.help.yahoo.com/kb/account index[2].htm0.2.dr false high
https://s.yimg.com/wm/bcg/norrin/images/scrolling-1.0.0.gif);
signin_4ngZasu6f_INyp8JkI2YRy0WinjbhL7fizmRuEY7VCQ_v1[1].css.2.dr
false high
https://s.yimg.com/wm/bcg/norrin/images/hightlight-big-yellow-module1-1.0.0.svg);
signin_4ngZasu6f_INyp8JkI2YRy0WinjbhL7fizmRuEY7VCQ_v1[1].css.2.dr
false high
www.youtube.com/ msapplication.xml8.1.dr false high
https://overview.mail.yahoo.com/?.src=iOS ~DF7A00D077D99999BB.TMP.1.dr false high
https://overview.mail.yahoo.com?lang=en-US 64IIADHH.htm.2.dr false high
https://www.verizonmedia.com/policies/policies/xw/en/veri~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
https://overview.mail.yahoo.com?lang=pt-BR 64IIADHH.htm.2.dr false high
https://s.yimg.com/cv/apiv2/oathsites/overlay/css/verizon-overlay-v1-min.css
index[2].htm0.2.dr false high
https://s.yimg.com/ge/default/691231/pcpndt.pdf index[2].htm0.2.dr false high
https://overview.mail.yahoo.com?lang=ta-IN 64IIADHH.htm.2.dr false high
https://verizonmedia.com/policies/ie/it/verizonmedia/terms/additionalterms/index.html
index[2].htm0.2.dr false Avira URL Cloud: safe unknown
https://overview.mail.yahoo.com?lang=ro-RO 64IIADHH.htm.2.dr false high
https://www.verizonmedia.com/policies/xw/en/verizonmedia/terms/otos/index.htmlndex.htmlition&af_sub2
~DF7A00D077D99999BB.TMP.1.dr false Avira URL Cloud: safe unknown
https://mail.yahoo.comyahoo.com/?.src=iOS/hoo.com/?.src=iOSRoot
{D1C8BA01-AC5C-11EA-AAE6-44C1B3FB757B}.dat.1.dr
false Avira URL Cloud: safe unknown
https://mail.yahoo.com/hoo.com/?.src=iOS ~DF7A00D077D99999BB.TMP.1.dr false high
Name Source Malicious Antivirus Detection Reputation
Contacted IPs
Copyright null 2020 Page 11 of 63
General Information
Joe Sandbox Version: 29.0.0 Ocean Jasper
Analysis ID: 237804
Start date: 11.06.2020
Start time: 20:28:15
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 4m 47s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
31.13.92.36 Ireland 32934 unknown false
87.248.118.22 United Kingdom 203220 unknown false
216.58.207.67 United States 15169 unknown false
216.58.207.66 United States 15169 unknown false
104.244.42.197 United States 13414 unknown false
87.248.118.23 United Kingdom 203220 unknown false
104.244.42.195 United States 13414 unknown false
216.58.208.34 United States 15169 unknown false
98.136.103.26 United States 36647 unknown false
188.125.72.139 United Kingdom 34010 unknown false
216.58.205.226 United States 15169 unknown false
34.250.69.144 United States 16509 unknown false
172.217.23.98 United States 15169 unknown false
212.82.100.157 United Kingdom 34010 unknown false
52.30.124.1 United States 16509 unknown false
212.82.100.181 United Kingdom 34010 unknown false
87.248.100.137 United Kingdom 34010 unknown false
216.58.206.6 United States 15169 unknown false
212.82.100.151 United Kingdom 34010 unknown false
Public
Copyright null 2020 Page 12 of 63
Sample URL: https://overview.mail.yahoo.com/?.src=iOS
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 9
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean0.win@3/166@23/19
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://mail.yahoo.com/Browsing link: https://mail.onelink.me/107872968?pid=landingpage&c=US_Acquisition_YMktg_YM6&af_sub1=Acquisition&af_sub2=US_YMktg&af_sub3=&af_sub4=&af_sub5=YM6GetItNow_Static_&af_c_id=0Browsing link: https://policies.oath.com/xw/en/oath/privacy/index.htmlBrowsing link: http://info.yahoo.com/relevantads/Browsing link: https://policies.oath.com/xw/en/oath/terms/otos/index.htmlBrowsing link: https://overview.mail.yahoo.com/
Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, ielowutil.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 88.221.62.148, 172.217.23.104, 172.217.23.132, 23.57.80.111, 152.199.19.161, 8.241.122.126, 67.27.234.126, 8.241.123.126, 67.27.159.126, 8.241.9.254Excluded domains from analysis (whitelisted): www.googleadservices.com, fs.microsoft.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, adservice.google.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, www.google.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.
No simulations
Show All
Simulations
Behavior and APIs
Joe Sandbox View / ContextCopyright null 2020 Page 13 of 63
No context
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\2NWC0UP7\www.verizonmedia[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 78
Entropy (8bit): 2.469670487371862
Encrypted: false
MD5: 58C9DFD4209A90228DFCDC0FE983FA26
SHA1: A59235ABB796C89EE12CDAFD0C359C0E59B4A48B
SHA-256: 560FE1B9696A8AFB5DD002C5ECEDD8A0CD8EE7389EC7E9DDC1F8584A2889F858
SHA-512: E9CE3112EB02400F7710E59E4EFC5F24A628FC2AB98C835B5FC6205AE909E32492F8C1B64D0E2014ED988ABFE3321966D411B30B0B3C48540711DFD2D2E07346
Malicious: false
Reputation: low
Preview:<root></root><root></root><root></root><root></root><root></root><root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZA21IYDR\overview.mail.yahoo[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 13
Entropy (8bit): 2.469670487371862
Encrypted: false
MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious: false
Reputation: low
Preview:<root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1C8B9FF-AC5C-11EA-AAE6-44C1B3FB757B}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 30296
Entropy (8bit): 1.852340110134
Encrypted: false
MD5: AA59510CE47AAB627CA72DBF59A89BC0
SHA1: 820CD3D894DE0CD8D33C4094F744D2F0BA1B7348
SHA-256: 995F87C605A3504A02778234B532556E258D9BB92B555AB8EA02BF07F80713E9
SHA-512: E101A3D40B566EDC487D63753A7F206F8DBEE1379A59988B186C2392BD87CD52365A607C49679698968B4AA853164AA139B2F45F41274329C3693D3823EF9133
Malicious: false
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright null 2020 Page 14 of 63
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1C8B9FF-AC5C-11EA-AAE6-44C1B3FB757B}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1C8BA01-AC5C-11EA-AAE6-44C1B3FB757B}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 116314
Entropy (8bit): 2.703853082656348
Encrypted: false
MD5: 828E1A40D8EBA5F80CFFEA6962620C0A
SHA1: A86E197F49065A6D88FCD8CE13F2E3AEFBFD3866
SHA-256: 973D1685A7DC739EEACBA696E293947C6548B8AE0FC8B5AC6EC10C959A80DACC
SHA-512: 8EBE88DA5CE9F0B093B9D68F6DF698C04203A0943F7DE7F5589F6315484C8EC2CB2824D7D218B48B56F8144CF28BE034783ED79C6A72A80F724B00AE9050FBAF
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBBE8B15-AC5C-11EA-AAE6-44C1B3FB757B}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.56539656527516
Encrypted: false
MD5: 447CA33D602078D6824386C14ADDAD81
SHA1: 77FC2A502A51B70F32857F7FAA6D5FB34862B353
SHA-256: E12F7CDD722DFC0A4CB32F5AACD007791CAE78B41D304B2E2E8C6C3A6B46FD1A
SHA-512: E92C6D2AA53C4AA0177EABF1DB1DA13D9AEEC769F5AEC29E64AE757E9741C5772416AE81C3EC2361FF09A466F28978232A0CC5FFCF09BC9A510BEE5FCC14BA00
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 657
Entropy (8bit): 5.099693783209898
Encrypted: false
MD5: FE0C655D501754BA1E5BCD8CCCE52D45
SHA1: CB9F87D727CB8CD939997D7FD5F2BB3161970C5B
SHA-256: 00405E5F2A761C08508218A9B33237AAA4D6AC84DED5DDB64D2BDA6808E19F8B
SHA-512: BE247853046629C6D3726B59674B4D149D0BC9E5EE15EBC4D427397505D22ED95B53D5A79FDA966FE5C8A03BEF82F522B13481B67921E981911D0B73F9C8500A
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3bbc1a5,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3bbc1a5,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 654
Entropy (8bit): 5.132710725369869
Encrypted: false
MD5: 2ADF8DBEDE4F7883CB1114CE89A37B0D
Copyright null 2020 Page 15 of 63
SHA1: 14B85E8D7A428A2FC5D5729E5CCE8B86DD920CDB
SHA-256: 5BAD88237A4C005B19F737FF76646B05B937645CCE7536A0E10B5C0322A8B8DD
SHA-512: 91199EA075727528D7A796B8D004545909706D92DD448A1C7C69E292A339D6CEDA215E76A11F3E508002F720DB996B8C28A07E4CC4BB22D8C8EC43A54FF0EDAB
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xb3a9b9df,0x01d64069</date><accdate>0xb3a9b9df,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xb3a9b9df,0x01d64069</date><accdate>0xb3af16d4,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 663
Entropy (8bit): 5.1211365997858165
Encrypted: false
MD5: AB47C44F4643EC350F8330250FAE2BF3
SHA1: A70B4F56A9A7F32304D2212B6D14773596AF5AAC
SHA-256: BC18CFD5222DCFD913235DEF0721FDE6FD400EA7F6E53FF4041B022EDA8AD873
SHA-512: 45233B2F4EB8E4177A869CAD8249E7637AB044EF9F6A123C096FB76C0CDA0A5DFEA505E789932F1746675921745CE17635A0DE31EC47C037A03488CF4BBAFC71
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3bbc1a5,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3be83d0,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 411
Entropy (8bit): 5.174971057555704
Encrypted: false
MD5: DB8CFFF09B6B764E5FF8249FE4B6C4D1
SHA1: 78128A153016F9E258FA2EFB5EB0CDFD33D0B900
SHA-256: C6EF65EF6E7E7CD90293F93F1B4A3EA4C58BE55A0454BE57A0058D882E51A99D
SHA-512: 7F051F665F56667C5A0C874E400146599D2DD923C3A704B49AD144B8CB23FFE002265EE8E07D583B503E409B3C30F059227837F0FA28A8D5131C9DE7F8D7C699
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x35975adb,0x01d5d7c0</date><accdate>0xb3b1b2e8,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/><selection>\lowres.png</selection></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 648
Entropy (8bit): 5.121416738210237
Encrypted: false
MD5: B2BD8A56BCAF9AF8F872166B1A6B02E4
SHA1: AE4F3EA1220C508D46431C97A49F44A4F5637652
SHA-256: C2908FE8BD6D2C58F20D8DF0B54867B42D001CC6C29202227FBEF222D327B0BA
SHA-512: 65D81B6E6A09274725F9CAB17B4E974F43F4B9331D42EC1F463DE03A78F4E89E0B448828FE5DAB377DEA92B8C9DDEDA43C9719FDCE829E55CB8075082FDCEF86
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xb3b68ac1,0x01d64069</date><accdate>0xb3b68ac1,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xb3b68ac1,0x01d64069</date><accdate>0xb3b94c30,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
Copyright null 2020 Page 16 of 63
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 657
Entropy (8bit): 5.1255157444580925
Encrypted: false
MD5: 86B027D3D69E0E7D2D00AB8AFB661DCC
SHA1: C501CAE550F2300795A0AC1B6588DFFBD6B15C7C
SHA-256: E3B5AC9483831572CFB13981312DDAE035BD63FA90045A54366F006AE6E8CDFF
SHA-512: 547D6471EC253FC0F87155E3DE9A57BB033E44695D8DD0177E10E4F81E2FA7289ED2589527396A6DA1A0F2F0BC2CA1324D03BBFD87EBFD25BFA769BC3AAC164F
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb3be83d0,0x01d64069</date><accdate>0xb3be83d0,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb3be83d0,0x01d64069</date><accdate>0xb3be83d0,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 654
Entropy (8bit): 5.10346659694211
Encrypted: false
MD5: 0D77F0B616565EA499DA5F231B055154
SHA1: 02BA89E04575DAC6E9AD78306B247F49B407A479
SHA-256: 93F0C5B2BD4E828C794CCA7D6CF26EFCBEEA8ACB888B8DCFA1CAAB5B96E7D8D4
SHA-512: 15A32F2EC54A1733BB5F62D40A427175EE3113F5D8214A4A39033FD80E40471A2888B2A02AA1317E59D1470D6631871BF4DD0D681D2A61AEC354F9E1F35B1A98
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3bbc1a5,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xb3bbc1a5,0x01d64069</date><accdate>0xb3bbc1a5,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 657
Entropy (8bit): 5.145012906907404
Encrypted: false
MD5: 5712E733B72ABEFF744DC95B8E46774C
SHA1: 072499C273D15C16089A0BD8B597C823D99C4BE5
SHA-256: A36F6D7F4CE5CB370219BCDCC180E57087318E1D8BDF0A3043E46A04FEA3DBB4
SHA-512: 20B7FC62505156EB0F66B4FCCDA58374060A4013798401527EA218704609D468C501A66734AB9036EAB761CF86DC0CC450D309EBA7965731762F21F0258430B0
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xb3b94c30,0x01d64069</date><accdate>0xb3b94c30,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xb3b94c30,0x01d64069</date><accdate>0xb3b94c30,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 660
Entropy (8bit): 5.141808815251958
Encrypted: false
MD5: 9EED0C818F07EE545F39C6BD25018D09
SHA1: FCB4E50F08F6339EE87F40DC930CF3BCA87D189A
SHA-256: E042ECA57137D285020F7871718F937740F9218F8640F2188F90B5A8591613BC
SHA-512: DD0EBE04C6EFEE66CA3C9ECD83B45F281A14798D1178BDA1D2C5F818D5096F3BCE41A39C75DECFAB33C60B4FC21A38CC62BF03E66FD390DF0281BBCEC7D90B3E
Malicious: false
Reputation: low
Copyright null 2020 Page 17 of 63
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xb3b41554,0x01d64069</date><accdate>0xb3b41554,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xb3b41554,0x01d64069</date><accdate>0xb3b41554,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 654
Entropy (8bit): 5.102831750312766
Encrypted: false
MD5: F154CCCC45687494B55C6156851753A4
SHA1: CD7665FB1E49EB080B3F14CD2B5D8D51CC0BF50E
SHA-256: C3D3F48FA9D09B311D482B7646BABE56751737C9A81C357AC50301B25F5E5416
SHA-512: 9A31AF429F6C5812532E267EDE65A5C8826B759FB03B070A41B683E63A044704506D7FF86ED47F1A648BAB1135DDF730BCBAF8D53A2805A740C45FBC4D0148A2
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xb3b68ac1,0x01d64069</date><accdate>0xb3b68ac1,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xb3b68ac1,0x01d64069</date><accdate>0xb3b68ac1,0x01d64069</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\r1ckxmj\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 11566
Entropy (8bit): 4.136673298988236
Encrypted: false
MD5: F2E9E613160D4B005D1ABA9F3AE43EBA
SHA1: 4E2131D1DC1EF2BA033F981481F19B2C10D18289
SHA-256: D8460FFEA182A1CC944C9990AFE178645EDB469F034F5BA29E2E59E6208CE9F9
SHA-512: 776E581F6B15D6A21B565FEC15BD67C113E162810A47DB332A0B8343C6D3A57E45019420A656F13D49E5B94817BF48D14A5E86D5FCEAAEF36EA7D425AC89933E
Malicious: false
Reputation: low
Preview:'.h.t.t.p.s.:././.s...y.i.m.g...c.o.m./.m.i./.y.a.h.o.o./.f.a.v.i.c.o.n...i.c.o........... ..............(... ...@.................................`...a...a...b...c...d...e...f...g...h...i...j...k...l...p...r.. s..$v..)y..+z...|..0}..6...9...;...A...K...L...P...R...T...X...Y...\...k...l...o...p...x...y...~.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\MJ49R49K.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 11720
Entropy (8bit): 5.141238827688377
Encrypted: false
MD5: D6C9C48019BE3AAB6552FE8693FDBBB9
SHA1: C583A811FB00B131561B2AF54ED8C47881907DBF
SHA-256: 8EC16F5ABB8663B401069EFDB5A5765246798D648A8225820E378E4229823B23
SHA-512: 4AEFA217880998A98C8BC3E7219AD4D7CBD9EC07B58D86CBAAFBF5A196F317E4B2C0EB1A438D9DB1DB285FF623E84381777BEEA313BA66237D27082971A82008
Malicious: false
Reputation: low
IE Cache URL: https://mail.yahoo.com/
Preview:<!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, initial-scale=1" />. <title>Yahoo Mail</title>. <meta name="description" content="Take a trip into an upgraded, more organized inbox. Sign in and start exploring all the free, organizational tools for your email. Check out new themes, send GIFs, find every photo you.ve ever sent or received, and search your account faster than ever." />. <link rel="shortcut icon" href="https://s.yimg.com/nq/nr/img/favicon_kJCAOFliMOfdwulmDAg-b-Rr1cVzRHU8pkXZ517KhvQ_v1.ico" />. <link href="https://mail.yahoo.com/?.lang=bg-BG" hreflang="bg-BG" rel="alternate" /><link href="https://mail.yahoo.com/?.lang=bn-BD" hreflang="bn-BD" rel="alternate" /><link href="https://mail.yahoo.com/?.lang=bn-IN" hreflang="bn-IN" rel="alternate" /><link href="https://mail.yahoo.com/?.lang=cs-CZ" hreflang="cs-CZ" rel="alternate" /><link href="https://mail.yahoo.com/?.lang=da-DK" hreflang="
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\Mail_pizza_1125x2436-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2436, frames 3
Size (bytes): 130656
Copyright null 2020 Page 18 of 63
Entropy (8bit): 7.756749337393168
Encrypted: false
MD5: 0BE2E3937F661682BDD07D7073A1F2F0
SHA1: D3BD05121F72CEBCFFB1F23B9959583C6E2FAB13
SHA-256: B8C068C86704EDF33F661E08FEC7BCFF9087BBAF41D229DA2D87C4872E7E2611
SHA-512: 8DC8D74E09ECB3509AE24013E3BDA3886EB06BC6C1D86AD2AE4BEACA74FBECAE4E17142BD63767E691D05AF5D540020BBE4BE5EB807144215FA1095D4B411113
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Mail_pizza_1125x2436-1.0.0.jpg
Preview:......Exif..II*.................Ducky.......-.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:23AA503BCBB811E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:23AA503CCBB811E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:23AA5039CBB811E99835B10FE7EFEA60" stRef:documentID="xmp.did:23AA503ACBB811E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\Mail_pizza_1125x2436-1.0.0[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\Mail_travel_1125x2436-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2436, frames 3
Size (bytes): 162387
Entropy (8bit): 7.764415329277147
Encrypted: false
MD5: ED0DB5182AB25C7C23DBCFA13563C5D5
SHA1: D322E3F595C7F90A1BCDA92261FA944FB8D4AD9B
SHA-256: 8A6540E4D34D2DB03BD400735A4CAB652E8DCD9F132705E26E7B56A3F092916C
SHA-512: E1370AC92796CBD673487980A4B47017BA0CC8FE93C28D4675BB7294C5E67F161044A9D2541EFE8BF0016CF8840D60733C7525C47856123EB59483C61B1CEC90
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Mail_travel_1125x2436-1.0.0.jpg
Preview:......Exif..II*.................Ducky.......-.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:5C52787CCBB711E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:5C52787DCBB711E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5C52787ACBB711E99835B10FE7EFEA60" stRef:documentID="xmp.did:5C52787BCBB711E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\activityi;src=9513459;type=ym6;cat=ym6lp;ord=857907770;~oref=https___overview.mail.yahoo[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 763
Entropy (8bit): 5.496312903417413
Encrypted: false
MD5: 92EF94909EA716D6A12CA382E5CB04DD
SHA1: 87F4D852BC689A55416649FBDF51D771F9544300
SHA-256: 730A83F6CA305755240B209B01294CF961F6375ADC4C7B527FBA71797E2BDD17
SHA-512: 477BE516173A3DE0755FDBCEF55FA16217EF9477E56B180E7F3F32A00B8B5F00BEC02ACA8CAF54F475487BD80B535ED8B0C4B86B399927F59B173F11D65290AF
Malicious: false
Reputation: low
IE Cache URL:https://9513459.fls.doubleclick.net/activityi;src=9513459;type=ym6;cat=ym6lp;ord=857907770;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3Fpid%3Dlandingpage%26c%3DUS_Acquisition_YMktg_YM6%26af_sub1%3DAcquisition%26af_sub2%3DUS_YMktg%26af_sub5%3DYM6GetItNow_Static_%26af_c_id%3D0?
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10100069"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092709"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092037"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092036"/><img src="https://adservice.google.com/ddm/fls/z/src=9513459;type=ym6;cat=ym6lp;ord=857907770;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3Fpid%3Dlandingpage%26c%3DUS_Acquisition_YMktg_YM6%26af_sub1%3DAcquisition%26af_sub2%3DUS_YMktg%26af_sub5%3DYM6GetItNow_Static_%26af_c_id%3D0"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\background1-1.0.3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, frames 3
Size (bytes): 150119
Entropy (8bit): 7.9712294389773115
Encrypted: false
Copyright null 2020 Page 19 of 63
MD5: 56DD0D0F7D99C51FE8567B2FA1945FFC
SHA1: 786E5DB9B0A2490C59D4CF32A268E51E4297F36A
SHA-256: 0FF1279354626C42A7A605A797C9A23A674E2242E9A6586C9E07F5D7C5AA8421
SHA-512: 1285167468B6884DE1C9008F83898FC210CB6A60AEA3A635EA5D5B30C6207EEDF44BF018745DE48C1FA6E95805D8D398320AF55E095BC91E951A8FC93ADB1483
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/background1-1.0.3.jpg
Preview:......Exif..II*.................Ducky.......&......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="4D63C674F67487DE6D38A82745425453" xmpMM:DocumentID="xmp.did:0AAB50D609B311E7BA3495CECC501084" xmpMM:InstanceID="xmp.iid:67BF4C00091811E7BA3495CECC501084" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6df862c1-b8e5-4ba8-85a8-60956ecff5d0" stRef:documentID="adobe:docid:photoshop:87c93e27-39dc-117a-b164-b6540e889c74"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...HPhotoshop 3.0.8BIM..........Z...%G........8BIM.%
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\background1-1.0.3[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\background6-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
Size (bytes): 200472
Entropy (8bit): 7.957293209550677
Encrypted: false
MD5: 79A350D29DAF9FEB920930FF0005543B
SHA1: 6E84FD1142132E4693A65AED9BC6B1A3072AC14F
SHA-256: 2FABF004CE67D752AAD583689525D6CBF59BDC1A7716D11174B081CD2D8D8C5C
SHA-512: A28AAD23B99D2011C506CE20E2BA934954EE16F7C65604539B0DF9ED660B3635D1799DD22991EE45143D3245E1AF4E328EB27B99F728A0F140A2A139D24A95CE
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/background6-1.0.0.jpg
Preview:......Exif..II*.................Ducky.......D.....3http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:19B3BEF0022F11E7980899FBBA2A2959" xmpMM:DocumentID="xmp.did:78DBBEE2023311E7980899FBBA2A2959"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:19B3BEEE022F11E7980899FBBA2A2959" stRef:documentID="xmp.did:19B3BEEF022F11E7980899FBBA2A2959"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.........................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\bg-Doc-1.04[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2000, frames 3
Size (bytes): 165031
Entropy (8bit): 7.963335894381588
Encrypted: false
MD5: F26292964EF794E773DC968889F94A5E
SHA1: F26E3CF4462D471C470BB54133F99DAF6A58BD12
SHA-256: 4652A5949C32E0248FF765BBC403EF64E809E9A10D455302A8C0113A8D237E76
SHA-512: 67C8015B6BB8D6F49BA869369A44DF7AEADB9AFB25FDB0CFE4DD652A56ED132B72114C202DB93DC09848708F11B887E871A7EB0A441FA25641511BD131A3E5D2
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/bg-Doc-1.04.jpg
Preview:......Exif..II*.................Ducky.......7.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:9B3E1364CB8111E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:9B3E1365CB8111E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B3E1362CB8111E99835B10FE7EFEA60" stRef:documentID="xmp.did:9B3E1363CB8111E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d................................................................##########................#################################
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\bg_pizza-1.0.3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2000, frames 3
Size (bytes): 186535
Entropy (8bit): 7.950313316995135
Encrypted: false
MD5: 5A72BD50CA2D659F1DCA6D9CDD600C96
SHA1: 579C9A99F9511833A662C4533974A16008148CCC
SHA-256: 1D9F1EA0CCB96706860A57F8355BD846FC54CB7BFC51896AD56BD5BBA1ED1DDE
Copyright null 2020 Page 20 of 63
SHA-512: 6FD3E7EE514A54E776B893DC5F9F6C273DB4E37428A32489C61DEB8920308C894391BE0F2EED488BAFB231964B1C651BE532CEFF4ED54169AD8C00699D5F36A1
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/bg_pizza-1.0.3.jpg
Preview:......Exif..II*.................Ducky.......7.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:CD6893A0CB6A11E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:CD6893A1CB6A11E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CD68939ECB6A11E99835B10FE7EFEA60" stRef:documentID="xmp.did:CD68939FCB6A11E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d................................................................##########................#################################
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\bg_pizza-1.0.3[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\bg_travel-1.0.3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2000, frames 3
Size (bytes): 165524
Entropy (8bit): 7.8113396856335475
Encrypted: false
MD5: 0BDA1030075157B52BB84300580386B7
SHA1: 5B07892CCC5F45FE9E9F43B26A1B283FC6E510BB
SHA-256: 60DB84358E9585AA94391E800ECA66FF5DFCC2D79529CB078CF6638AAF9A6918
SHA-512: 4FBEB8A941DF3907814D1B1060186765C9CF5F696AE42F950C972B9BFDB5DB74739788E56655EBF8BAF68A9ABDC0D958C1F6DC140405CC5E2648EE8B336E0F2A
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/bg_travel-1.0.3.jpg
Preview:......Exif..II*.................Ducky.......2.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:853E58A3CB6B11E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:853E58A4CB6B11E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:853E58A1CB6B11E99835B10FE7EFEA60" stRef:documentID="xmp.did:853E58A2CB6B11E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................#"""#''''''''''.................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\bundle[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 421360
Entropy (8bit): 5.28068123205881
Encrypted: false
MD5: 5B13A6D969CCC7C8B6A6BF44102512C5
SHA1: 8A2D4C32E73FE6E013B490DFD91BC36CAAC1F3D8
SHA-256: AF3A6E4A428EFBBFF7B1824A820BF54DC78E37BED886716080C87B75D7BD4111
SHA-512: 9F7920FB9FF129F20787BB1561AF91AB28535A6A2213896F11A2BE5DDB0E73DCEF5AF2309FA425ED28EEF38EF0DB4D881602D82A50DC53693047E69E17D9304E
Malicious: false
Reputation: low
IE Cache URL: https://overview.mail.yahoo.com/assets/mailsix/bundle.js
Preview:webpackJsonp([2],{0:function(e,t,a){a(76),e.exports=a(594)},23:function(e,t,a){"use strict";function i(e){return e&&e.__esModule?e:{default:e}}function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function s(e,t){if(!e)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!t||"object"!=typeof t&&"function"!=typeof t?e:t}function n(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Super expression must either be null or a function, not "+typeof t);e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,enumerable:!1,writable:!0,configurable:!0}}),t&&(Object.setPrototypeOf?Object.setPrototypeOf(e,t):e.__proto__=t)}Object.defineProperty(t,"__esModule",{value:!0}),t.HTMLPlaceholder=void 0;var o=function(){function e(e,t){for(var a=0;a<t.length;a++){var i=t[a];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}return function(t,a,i){retur
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\combo[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 4840
Entropy (8bit): 4.978513170899493
Encrypted: false
MD5: 352BE121CCE959F53399C7CBEA502128
SHA1: 1A2459353CE63005E14D900176DF082678CA2AFE
SHA-256: 7C9D9102F7E1BC13A2CBD55B22B4C6AB9531FAFAD8336CF2CDF99856FACA188A
SHA-512: 2C84DB47EC0E9241BFAA0B49CD11415CDA3A95234320583CC597852853B03A5615A5B0A71DACB1FA6A07BD4162D174908F0F8CEBB1D3164F1EDC65523CB404B3
Malicious: false
Reputation: low
Copyright null 2020 Page 21 of 63
IE Cache URL: https://s.yimg.com/zz/combo?ge/oath/policies/css/oathplcy_custom_min_v1.5.css&ge/oath/policies/css/ckeditor_min.css&ge/oath/policies/css/header_fixes_min_v1.2.css
Preview:.fa{float:right;font-weight:700}.fa:hover{color:black}.table th,.table td{font-size:1.6rem;vertical-align:middle;text-align:left;border:1px solid #000}.table th{font-weight:bold;padding:4rem 1rem}table{margin-top:2rem;border-collapse:collapse}table tbody tr:first-child>td{padding-top:2rem}table thead{background:black;color:white}table th{font-weight:bold;padding:4rem 1rem}.table td{white-space:normal !important}.topicImage{display:inline-block;margin-right:25px;vertical-align:middle}.topicImage img{width:50px}.rightrail a{color:#007bff}.rightrail ul{list-style-type:disc}.content-container a{color:#007bff}.content-container.entry__content ol li{font-size:1.6rem;line-height:1.1875;margin:1.25em 0;widows:3;orphans:3}.content-container.entry__content ul li{font-size:1.6rem;line-height:1.1875;margin:1.25em 0;widows:3;orphans:3}ol.multilevel{counter-reset:item}ol.multilevel li{display:block}ol.multilevel li:before{content:counters(item,".") " ";counter-increment:item}ul li{font-size:1.6rem;l
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\combo[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\combo[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 557
Entropy (8bit): 4.906515724022588
Encrypted: false
MD5: 779DA63BE7408E7CA5F39CAFE9713B69
SHA1: AE1149F95B96C2C02BAE629BCE1663D62B3F6836
SHA-256: 2F70FA2DF1A729ACF7537E151187776ABB8CDF14467E28F09C4ADE9A0D7C359E
SHA-512: 7940FA0C6466D01C4FD5638E9CD44D81F0A79196D0ED44AE53C5DBF13E9CCB60EFC4B97C0A106F41CC6FB7A7A7FB5BBBE54B23CF76BBEABE048A2D120CE00A88
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/zz/combo?ge/oath/policies/js/oathTableStyle_v1_min.js&ge/oath/policies/js/oathplcy_custom_min.js
Preview:$(function(){$("table").addClass("table");$("table").each(function(a,b){$(b).find("thead tr th").each(function(c){c+=1;$(b).find("tbody tr td:nth-child("+c+")").attr("data-title",$(this).text())})});$("td").each(function(){if(!$(this).text().trim()){$(this).css("background","#F1F1F1")}})});$(document).ready(function(){if($("nav")){if(($("nav").has("li").length)<1){$(".site-nav").css("display","none")}}var a=$("aside.rightrail").length;if(a<=0){var b=$(".privacyArticle");b.addClass("col-9-medium col-9-small").removeClass("col-6-small col-6-medium")}});
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\commons[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 1801332
Entropy (8bit): 5.814345608939764
Encrypted: false
MD5: 68B46E9CC62F92E70168146EA6AAF7DB
SHA1: 6F27FA0732794BC3653C1058A680E434DB58F782
SHA-256: FAC292EE8B1234488E6B784F719ACEF5E948838109E7F36919761B3A49C85DAB
SHA-512: 0ECE4A2607A2CCE2B68DCCC902377975659996A5A278B8C383C8AFB8803CFB21B6D3193224A756E3383A194568D7CDF1FEEE2ED8B7952F566F09F05ACB6A996A
Malicious: false
Reputation: low
IE Cache URL: https://overview.mail.yahoo.com/assets/commons.js
Preview:!function(e){function t(e){var t=document.getElementsByTagName("head")[0],a=document.createElement("script");a.type="text/javascript",a.charset="utf-8",a.src=m.p+""+e+"."+b+".hot-update.js",t.appendChild(a)}function a(e){if("undefined"==typeof XMLHttpRequest)return e(new Error("No browser support"));try{var t=new XMLHttpRequest,a=m.p+""+b+".hot-update.json";t.open("GET",a,!0),t.timeout=1e4,t.send(null)}catch(t){return e(t)}t.onreadystatechange=function(){if(4===t.readyState)if(0===t.status)e(new Error("Manifest request to "+a+" timed out."));else if(404===t.status)e();else if(200!==t.status&&304!==t.status)e(new Error("Manifest request to "+a+" failed."));else{try{var o=JSON.parse(t.responseText)}catch(t){return void e(t)}e(null,o)}}}function o(e){function t(e,t){"ready"===N&&i("prepare"),M++,m.e(e,function(){function a(){M--,"prepare"===N&&(S[e]||l(e),0===M&&0===k&&u())}try{t.call(null,o)}finally{a()}})}var a=O[e];if(!a)return m;var o=function(t){return a.hot.active?O[t]?(O[t].parents
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\go-further-1.0.5[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 2070x1415, frames 3
Size (bytes): 292727
Entropy (8bit): 7.9784163495487075
Encrypted: false
MD5: 46E05AA18F76C7DF259DCBC69F3FEC3C
SHA1: 6F8A6EF3704FA7FAEC60C98B58643F88301FD558
SHA-256: C75AF1998BBB55B97145788CA6FE246AE36DF60D2B3C471CD2CAB11290A01BE7
SHA-512: A66A82174C727C89B163C15C17D74AED2F5F14BF41FE25B35599E61BBAB8AB9732AB7F4B2E4EFA10E58486B24F1F05767A305BDB4013DFDA23E1CFDF606E8906
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/api/bcg/everywhere/images/go-further-1.0.5.jpg
Copyright null 2020 Page 22 of 63
Preview:......Exif..II*.................Ducky.......8.....!Adobe.d...................$..wu...........................................................""""""""""................"""""""""""""""""""""""""""""""""""""""""""""""""................................................................................................. [email protected].`p"..2#...B3$C4%......................!..1.. 0@AQa"Pq.`.....2r#BRb..p..3..CSs..c$.4.......................!.1.pQ [email protected].......................!1AQ.a [email protected]`.................~...($...H@.$!.........@(K..0G,[email protected]...."R.Q..../...J.Kn[B_....i.i.~7.Z....~....H"..e6..5L....(..&.;.td0..Yb1 .x+.B..!.B.....jd.......g.f...L.S..z..|q.<..]......._...y,.k....k..G=.QsZ....R.f..:..y..J2.Y...e.....YJ...,..J...B...d.-.VJiE.i...H)lK..$.iSc(..".a..6.Q...c...)@.$..@J0B@.....$J.*. ....G$=X0.."[email protected]*BX9ib.P.,...D..-..d\..URK.."..-.Fz_..\.\.V....gt./C..:I=...t.t.@.. *J(.Q-..... ..EX...+(B]#K.B..!.B..J.*.V.1.}..6..,{t....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\go-further-1.0.5[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 1-bit colormap, non-interlaced
Size (bytes): 410
Entropy (8bit): 3.1731795225387085
Encrypted: false
MD5: 288C201FF80F288D41EF1990D2D1DC89
SHA1: 474B685C858C8E87135A8887A0F8314986F89385
SHA-256: CCA3A989EBE0FF7FF624C93162657C17A9D1ED8A3C81F99F30E0B5036F94B3C4
SHA-512: 44C98E19D95A68151D44CE52986512369D2128E88F16D27DD6A764D2E53C8B4375F475DC896DE969049CFD0642ED90EC2EE727DF93183AA9A7F03889DA30C208
Malicious: false
Reputation: low
Preview:.PNG........IHDR.......8.......S.....PLTE....z=.....tRNS.@..f...EIDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUa........._.AUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.......A._.#T.............................IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 33328
Entropy (8bit): 7.870906795210602
Encrypted: false
MD5: 190C30E09D7D78CB2E7F0CE2F6E370FC
SHA1: BA3E948F39FE150F842DCCDFC9E0080D9628AD0B
SHA-256: A72961E58AC9C6B4030A61EA22DADDDECA00F39570EFB3659DA06EC646CA306A
SHA-512: 2D053CFDA6377A42206BABA43FC995ECD84BF0A7F041B4DF72D5D22B30723FBB4DA5DFB2C28D834216FCB410E3CF2C11F4006BA4DB864141F8FF46E90A300C09
Malicious: false
Reputation: low
Preview:.PNG........IHDR.......8.......1q....PLTE..................[[[jjf`__ddfpmm^^_ecaeba49?DDH[ZZ|{|q\.NPTkifkhg`n.=AE7:@FLO.~~.gP{yw9;>...DGK...t_...y........i.....~..!~\.......~\.{].............}].........................".._^]^[Y...(..ZXW...ca^|a................ba`.............../..&..}m^]]\WVVTRR...zjZ......ieclhe4"..~|....tgqqqmnpueU4%..pbedb...:'.+ .p`P.znubOvvugkotst..{..~.wj...zxw.."%%&ygTggh=,.}{y&..&).:63/--O.....zoe...||}@>>ug[...p]JF/.IECiZLdTEIKOI..-16......SMH.{w47;.........aej}.....}uo]K9plj........-%.......RA2G5$...laW........LRZ?EN.."......sx~.x....W\f...E...........uY...3:H...../....j......_........;0i...%&B..VC.K=...uaJ.....t.........r............u........EQk...ll..W........./tRNS......*<.iR...G......v\.y...{....>.......hg.......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUa...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 34775
Entropy (8bit): 7.899043118936262
Encrypted: false
MD5: 3846B414FB6249AE0DA108E33E117215
SHA1: 93C85F2851E69EA3BC4C116D1729301F40BB5754
SHA-256: 8E0ED9D209B6D4A18972F232598DDCA135B66135DAA25112712C6052E6994365
SHA-512: C02858C65ABB97C733F3B02B619919DA4950533D43911DF651FB3A3B7366857909634720C290796E11AB5052A4A847B09E9DC2C383468EA55D5D0584663386CB
Malicious: false
Reputation: low
Preview:.PNG........IHDR.......8.......1q....PLTE...vvv......@@@..1............555"%%......e`[dbb_[YVVZ?=AxY.{wwa`_;:HJJNsqqVE.rW.A?=H8.bJ....eO.--9..........}^.....[..........^[X...b^Zgb^....sW.jK.oP..}{b.QLHC?<.....w[...\XS..."..(.....VRN...YURJFBN7!Q;&......3+$.oS...+*)...^..kf`S..Y.......mmoO.....+".......bE10/......)&"@93.gN:4....!"#876...|xt.|xK...kU...oid}bJ.tS...fgiG..[B+usq.y].........|..6$.......{.`G.......v{]@..p......F3!......uoj........tb[T..e..vuU8.....m..%...y}...~@,..kU.eL[`g^I5.....n.i.....u_.w\OA4pu{.}f.|eeiq..^.....e4:E......._>..qYE....p...GMWhR@QW^?DM(-=.......$2...y..iK2...{k.u..ra..............X<...ycS..............O..g.....A:{.t......0/^...bk...s......bc...(Ml.....lL.....@x...$tRNS.....C..q.+Z..b.....>..............G......IDATx................................w................................................... ..FPUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU...@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_3[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 40765
Entropy (8bit): 7.913731257394965
Copyright null 2020 Page 23 of 63
Encrypted: false
MD5: 8EA915D1215D268D88F2209916E5B7B8
SHA1: 62E95C358857F91AC85C09B5AA39F940EF1ED490
SHA-256: C140E1004CED7BD80347E10F439A7AA4CD9990B5F52083C857F251017CE9F0C3
SHA-512: 960BB01B3EAC754CB0FB9163DBFEE23758FF7F44742EDCFEB6A42663E0F47B9571DB07F712A77DE1BE149015CBF450C192BD5E70443BEC7A4CEC62BC46C481DC
Malicious: false
Reputation: low
Preview:.PNG........IHDR.......8.......1q....PLTE.....~@@5...>88...'''......rbR......h]U.........q`T.........ecc.gJvsq.cG.lRuoj.}{......UPKPG>:3,...NGB.zb.y`7)....~^...........[....|`..............mN............D1..........S.....uX.rS.iJW..O.....[....K........y_ZVSG....r.....b^[.....K5!jfd....v[=,...%.u\.........}.nT.~b.....!&-TOK..........s......|(-6.|....mV...`..vpi.}w}vo5$...v..q.}fV[a.cD..u92/LQYCGN$....~..k......wsv{...;=A..i..|jns/[email protected]..^.......k]@(..|........k....zd{Z={[email protected]<5.|a...,(%}cM.bG.}f.s\...+..._@oO2oWEaL;..........p......5>T.........d.........}...........l.IKt......s.....iZ.tg^\T..v....|^.l\T...y_...s^..............._`.k...../........pm...Lq...s...^..Y...s.Fg.t..kJ...xy.f..~.?6.>...%tRNS....).; UA.q`..z........P........z......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_3[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_5[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 66805
Entropy (8bit): 7.940821757165975
Encrypted: false
MD5: 9D234DC2A03EE55DBAE09209A20EC169
SHA1: 1AB62FAC0E56004FDAA7193B9A53D32F9FA23C4E
SHA-256: E72601A5C7AA6E4DB7A766786CBE306C94A861B5085DE78C7960A6BBBBB51300
SHA-512: E53C82FFBC3143A7B5832A262D5B9B8AD11F87DF719D2F9BBBE7E218A75E6A27667C2A150FB9645466FD08F4707EBD1FFF34A527A4A943ABC5D84A68B178E6BC
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_5.png
Preview:.PNG........IHDR.......8.......1q....PLTE......@;7..{=11++#/++...!....{........."..pbQ?9572-l_Q.jS...qbR...YPIEA=82/......PJE.fI.......mQ.vZ..w.........}_..[.............pO0..x!.....tT5........xY;......~_A..i.hJ.oPjL/..........s............p.....b...rSlI'....z\....vY!..Y..S...!.I..N.......fH+..~531^?!eD#GEC_..8).jeab]X|vq......YUR......qlg....../*&(*..........RMI.....C2"vql..........|V8..lP.}w..D*..nWP=*..xZF3M2.8#..yd.|h.zb-............v..p....)......s\.v]..........gQ?....{.....h....wJNW..\_e.dM..!wz~.dI.........kms:=E.]@...r]K..p..][email protected]........{.........{),F.X=....j]u.....i7........}PY{}_......d.....^_..p.a..m...ti.@..:3peK...hi..t....qm...Is......y..Q=..;eu.....nP..yy.R...WVz....$tRNS.....$6.d....J[.....M..u.....M..l....IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.={Gi [email protected].
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\img_6[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 87517
Entropy (8bit): 7.955597067087726
Encrypted: false
MD5: A6F66BAACB6A8FAE8ED54599DD509374
SHA1: E65087D4395FFC507B97DB2F170E1F9BC4D556EC
SHA-256: CCF9571DD99171EAADAB241C38CDD9C935942050EC56C1700C0DE013E28321EB
SHA-512: 456A623D77418FF99A77459D81970D8B43446721606FCE4A3956D9D7287C4F0E477D5BF62475CB7078D767DF8654E3AEF6335798EF556020D34958E40FE6DCD2
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_6.png
Preview:.PNG........IHDR.......8.......1q....PLTE............$..........................aQB*'%OD:XMD;72;4/G;0....\.|_.......nO1..................y[>..........~...vW9.......p.............rS..xjM0......t..jI).lN..d.~b....y....z\..i...S8.qT7Z>$a@"" ....wZeH,.....mZ:.sP0YUR`D(RNK.pU.cF(........]?S..(&%.,+...!....tS4a]Y...O....;86.......dE.....{U6gD%X..Q4.K1.\..>'.J..5&....hM..........hc_......E,[email protected]!.A>;... ..............IHH..oje.pW...eQ?.zea..........z...NHCF..]J8.....t^..w.bG.......yvpl....~qXB.z..............~xs.{d....o.kT..l.s[uG+TA1..p..v.~l..^|..tbS....o......13:..ggip>/#..~J9*[^d<>DrtyLOWhYM....V9...cI....m]7.......................8......t...........u.Z(.}].f......._`.........tvl.JW.A2{...29Y.."...tn.?fIt...aI.nV..nOJ...``s..(.....X.C...H......tRNS...*>[email protected].]4..7HK...o......].'/~...1.N.Ph.B......;]..)u.2....S......T........P.Z.y++.Z.Z....Z[].+...q....k.52...kT]Y.?.L{..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\login-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 852x847, frames 3
Size (bytes): 37827
Entropy (8bit): 7.735581524591662
Encrypted: false
MD5: 80D002F32ABCFFD4F1898C08FBE7A3FE
SHA1: 9D82F1C7715FB33A821F15C7B42CE0951742394D
SHA-256: 729D6317ECD90A2B0652DC3A541D1A61EFAA63EC8755CB722B613DE18C50989F
SHA-512: 4C68F2261DAC71710E4C550AB7040065084D3CB9A275E8D9BA36DF6ED40BF2AEE708943AF256D6BA2272C1EE9B628D95E711C1080881967B282FFACB03BE5D22
Malicious: false
Copyright null 2020 Page 24 of 63
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/login-1.0.0.jpg
Preview:......JFIF.............C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......O.T......................................................................................A.........................................................................................................................................................................................................................................................................................................xR..z. ....................................."...6..V.5&.......................................X......ZM..O;...+.......................................?7....t].."....L......................................,q......&W.4.....8......7..........................................o..g...+.\n...^....L/3..Sp...................................Z..W#[email protected]{\..!k.;<...6..........g.Y.G;.*2..m_^.=.a
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\login-1.0.0[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\modernizr.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 11084
Entropy (8bit): 5.26714858103651
Encrypted: false
MD5: 65F1D21D5FCC9D21DA758ADABABD0C3C
SHA1: E0661D07D64C00008BC9D013D16EEC0A0F156DC7
SHA-256: D2B82E612D2A812E8BE2A57300DAB8923C4F2EDBE7A799E7DA70791B595646FE
SHA-512: DE7D7DC739CED2E6CFA52C1809144180787ADC3AD5F9B7597C72B9D9BD5EB2F21DE06B1FC12B5034F2458DE428B368772700A6665D3F2E02F148A300239E6183
Malicious: false
Reputation: low
Preview:window.Modernizr=function(e,t,n){function r(e){b.cssText=e}function o(e,t){return r(S.join(e+";")+(t||""))}function a(e,t){return typeof e===t}function i(e,t){return!!~(""+e).indexOf(t)}function c(e,t){for(var r in e){var o=e[r];if(!i(o,"-")&&b[o]!==n)return"pfx"==t?o:!0}return!1}function s(e,t,r){for(var o in e){var i=t[e[o]];if(i!==n)return r===!1?e[o]:a(i,"function")?i.bind(r||t):i}return!1}function u(e,t,n){var r=e.charAt(0).toUpperCase()+e.slice(1),o=(e+" "+k.join(r+" ")+r).split(" ");return a(t,"string")||a(t,"undefined")?c(o,t):(o=(e+" "+T.join(r+" ")+r).split(" "),s(o,t,n))}function l(){p.input=function(n){for(var r=0,o=n.length;o>r;r++)j[n[r]]=!!(n[r]in E);return j.list&&(j.list=!(!t.createElement("datalist")||!e.HTMLDataListElement)),j}("autocomplete autofocus list placeholder max min multiple pattern required step".split(" ")),p.inputtypes=function(e){for(var r,o,a,i=0,c=e.length;c>i;i++)E.setAttribute("type",o=e[i]),r="text"!==E.type,r&&(E.value=x,E.style.cssText="position:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\oathstyles_min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 768129
Entropy (8bit): 4.944415914042526
Encrypted: false
MD5: E8052B2416190E598710D92D72F50BC5
SHA1: 56481634D3A6D247891EC7E630C7C499CE50E38B
SHA-256: 9A40218D7A43FDB684AB018618D9B3B808E6404AA941D5B57B94A5024516301B
SHA-512: EE9611CE071F2986E499F03538918FEFC3FB4861AB9688C5F4F4CC681ACAEE3ECD697B708DA1E4C026030A7F29251167B1A23F9761C056F6DC136CB7BB0E61A6
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ge/oath/policies/css/oathstyles_min.css
Preview:/*! normalize.css v4.1.1 | MIT License | github.com/necolas/normalize.css */@import url("https://s.yimg.com/ge/oath/policies/fonts/oath-icons.css");html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block}audio:not([controls]){display:none;height:0}progress{vertical-align:baseline}template,[hidden]{display:none}a{background-color:transparent;-webkit-text-decoration-skip:objects}a:active,a:hover{outline-width:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:inherit}b,strong{font-weight:bolder}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background-color:#FF0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-0.25em}sup{top:-0.5em}img{border-style:none}svg:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\purple-bg-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1201, frames 3
Size (bytes): 42757
Entropy (8bit): 3.8483183714623155
Encrypted: false
MD5: E3D6A546DC34F974AF7B8D5313DA237E
SHA1: C9BA80750E4D20465B05B379C34101276DA5D79D
SHA-256: 07F1E670E9254B1FE0D6823A9C4424DBEAFADBA9ECEF2FEBFC393EF869E5880C
SHA-512: 52ABDEBB3A0AD5477CCACFD8EE938FC21725B9E8368F66533128967B17841A53789F162B48DED605EDA4A31DE94BB3A8126FBDC3B8BD336A5E10CCF7910EAFDD
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/purple-bg-1.0.0.jpg
Copyright null 2020 Page 25 of 63
Preview:......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:e7d7b2c0-ff55-4bb5-a330-5aa92fa39e6a" xmpMM:DocumentID="xmp.did:9E7D8EADD1D311E9BA9BDF071F0E91F2" xmpMM:InstanceID="xmp.iid:9E7D8EACD1D311E9BA9BDF071F0E91F2" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:eda9c665-2d06-4a2d-8214-3dc94c2332c2" stRef:documentID="adobe:docid:photoshop:b4ec9df3-b813-8e44-ab63-851e475b156a"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\purple-bg-1.0.0[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\rapid3[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 49255
Entropy (8bit): 5.367594339994862
Encrypted: false
MD5: 242459CBB266E5D415F4E4F8361799C7
SHA1: D80962DF9D1BCEEAC002C7622798287BD8601181
SHA-256: 9BEC866766DD9833DBAA15431EB567241198DEAE4DC0DA811AF8DE4009F09866
SHA-512: 52C48331F38E53A495DA3253F31E3CC24B6E841D9A62EA38E67F50BBF58D22139EA5FA7C07344B025783AD3FDD6A2D44F07C3F852A29EDAB3377343559ACA562
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ss/rapid3.js
Preview:!function(){"undefined"!=typeof YAHOO&&YAHOO||(YAHOO={}),YAHOO.i13n=YAHOO.i13n||{},YAHOO.i13n.EventTypes=function(){var e="richview";function t(e,t,n){this.yqlid=e,this.eventName=t,this.spaceidPrefix=n}t.prototype={getYQLID:function(){return this.yqlid},getEventName:function(){return this.eventName}};var n={pageview:new t("pv","pageview",""),simple:new t("lv","event","P"),linkview:new t("lv","linkview","P"),richview:new t(e,e,"R"),contentmodification:new t(e,"contentmodification","R"),dwell:new t("lv","dwell","D")};return{getEventByName:function(e){return n[e]}}}();var se="3.53.18",le="EVERGREEN-PROD",ce=[];YAHOO.i13n.__RAPID_INSTANCES__=ce,YAHOO.i13n.__RAPID_INFO__={version:se,comboName:le},YAHOO.i13n.Rapid=function(s){var h={};function e(){}function p(e){this.map={},this.count=0,e&&this.absorb(e)}function g(){this.map={},this.count=0}"undefined"!=typeof console&&void 0!==console.log||(console={log:function(){}}),void 0===console.error&&(console.error=console.log),void 0===console.war
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\spp[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 3.366634665454505
Encrypted: false
MD5: BFF56CE49DD485D195FDFA0A02342568
SHA1: 74FB4071DEAB7D3AB083562067B735DF32C43397
SHA-256: 0E4B1E428A2198EF747010C094101C257B568A97CDCC0F31ED5E9868CC835B39
SHA-512: 15BC2B5B57144C4F71DC203E16B0F7235EC5E659532D5BAFFD3E91D57CEC61D36CA1B7EA28156AB11A3FA46982FE252A58410D7ADF6693C93EDCCA2B2FA1ABB8
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\themes-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 968x816, frames 3
Size (bytes): 42943
Entropy (8bit): 7.792012576612941
Encrypted: false
MD5: A25456F6B042B5AD164B35429FFDDE6D
SHA1: 566676002CEEBBFDFA0E9FE03D59B1DF0DF3C2D8
SHA-256: 31512DB252902DD866091798AD7B5F74C1C5ADB3083DC31DAF9C127BAF8862CF
SHA-512: 26C365C14596E529E8B3A14148904352E0CC261E983585AED8D46084BFD5842154A60843E15E2930C321B19C68BC55F71C1C647D55D6F9E2DB8D37EDC2F7C57A
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/themes-1.0.0.jpg
Preview:......JFIF.............C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......0...................................................................................................Lwx:.z5[.[Z.......^=...rLv.z..j.)~............................................=....}.OE.{&4:5uy7.<>.^..G7.N..~...y............................................;..\^.k.......=.m.vq;.u7a...~.................................................^....Fr....7..}.L2.........................................m.zvS... ni....).._^..^M.........................................E.e..oO....._n..s..[n...8T.Zs....~.&r.0........................................vv.:tz5U..<4...sN.=...c^].].n.`..........................................F..:=......c_f .=.....G../K.~..z{.........................................2.......~..Y...,......>w_..<...6.8.9.|..p..\.Kf7<nK1.....1....@.................................>].....zx...ar.J.g...e..M1.a
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\verizon-logo-1.0.1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 266 x 68, 8-bit/color RGBA, non-interlaced
Copyright null 2020 Page 26 of 63
Size (bytes): 5942
Entropy (8bit): 7.940251438016195
Encrypted: false
MD5: D08523AF6E0FF1E9949862E74359BA0A
SHA1: FB2DE7780567190EEEDF0631D3C5F687D14BF4B7
SHA-256: 4A789AA38D8727B68577F18EED4B6FB2A5999647072D40ACD34203EB7996F799
SHA-512: 5319A304F53D516A5AB7CAD324AF367DE77C96536C41A04B0AFBCFA525CDF841320441CF2274E0BA3C8C6C2B017F123E8C946F83A4B20F5B348726EF05105839
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/mi/verizonmedia/assets/images/verizon-logo-1.0.1.png
Preview:.PNG........IHDR.......D.....y.{a....gAMA......a.....IDATx..]..T...{..g..A...q...5*..q.5.<y*....&1..5&_......=#.......%.D......0".6........M.Ps..v.....|..:K-...:U..u,X.t...N..p..V...W..MM.j....n..V..Z`Y..#...x.Hd..j.^1l.(z.........^........l3Yg....qf:<...p....4.k..Q..}.u.......M........([email protected].&..-.|S.m....[....zl..N.=.....AW...M....Qd.g.3{...D8...wE.?{fGm..X.:.0....X:u....-."..:..iv[.:....zV..p$..N!6.b.^.=.:h{.Y...U.r.A...1|......c".6ut.M.*8....{AY..;L.]..Y..tP<...........X..nX.....FB..... .1...\.\.L.d.F....C...J...80447{?js.....x.=..2t=V.gZ...a.0C.f.^e.....V....o...B.......:.....`.N..R.i._..sI=N....F..Q.<.8..G.....u......:A;.:[email protected][email protected][email protected]*.K....<..G..]|.;..y[y..O....\...6.pn......m4..z... P.EN. .=.&...>..K..I.O..YN0....e:7...=..3].$..T.j.....\. ......SM....t...f._.4.>2..t..~...t.......Q...Fc..R.....X...&....XZ.rR.n*......=.0...xdqe..>.^H2vG.".N'.V...|B....~..k....D.S.-..!;..?';W=..K L'..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\verizon-logo-1.0.1[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\verizon-overlay-v1-min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2460
Entropy (8bit): 4.961081278893715
Encrypted: false
MD5: 5E3F144E1B7C96B13B62AC0A3C202EA4
SHA1: AA7349DBCCF500FD781CDAAA56E9F6A297994659
SHA-256: 091E6A4B90E990E53B00BEE04489CA65FFEB57342ED0027E14A59C42146774BA
SHA-512: C070519B3BA4B2958939AFC6CBC8C1EEAB7C42F56636B4F11B451D977B1B5F6926DEAFFB9019068EE1738A07AC336E8ED7DA2944A5A1FFF23172A9AECA032C9A
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/oathsites/overlay/css/verizon-overlay-v1-min.css
Preview:.ol-bbar,.bc-desc{line-height:1.66em}.ol-bbar{margin-top:0}.fa{pointer-events:none !important}.bar-button:hover-out{pointer-events:none !important}.ol-container{width:100%;padding-right:10px;padding-left:10px;margin-right:auto;margin-left:auto}@media(min-width:550px){.ol-container{max-width:540px}}@media(min-width:768px){.ol-container{max-width:730px}}@media(min-width:1024px){.ol-container{max-width:960px}}@media(min-width:1280px){.ol-container{max-width:1600px}}.ol-container-fluid{width:100%;padding-right:10px;padding-left:10px;margin-right:auto;margin-left:auto}.ol-container{width:90%}@media(min-width:768px){.ol-container{width:95%}}.ol-row{display:flex;flex-wrap:wrap;margin-right:-10px;margin-left:-10px}.ol-col-12{flex:0 0 100%;max-width:100%}#bottom-bar{background-color:#000;z-index:9999;position:fixed;bottom:0;width:100%;transition:all .3s ease-in-out}#bottom-bar,#bottom-bar a,#bottom-bar a:active,#bottom-bar a:hover,#bottom-bar a:visited{color:#fff;text-decoration:none}#bottom-ba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\verizon-overlay-v3-min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 789
Entropy (8bit): 4.9298547941201445
Encrypted: false
MD5: 3116EC6BB86B6955FD004A2E6CBAF50D
SHA1: E590AA1D2D877106537CFC965913F7CB87CE014B
SHA-256: 02D54B0F8049496E19AB7E15B6EE3FD7F6D5A59BCE84659D0984E40228136C1E
SHA-512: 7BF4C1DE58498BFBB27312B5414D55E40FAE5FA7F37A2AEE5E00A87E7D483D4EEBF175D80EFF516007B18DEA29479896787DF55F8350AB899E1A5F9C69136A1C
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/oathsites/overlay/js/verizon-overlay-v3-min.js
Preview:var bc=$("#bottom-bar .bar-button");var bt=$("#bottom-bar");if($("#bottom-bar")){bc.click(function(){bt.toggleClass("active")})}var hideBar=false;function barhide(){$("#bottom-bar").css("bottom","-100px");$("#bottom-bar").css("opacity","0");hideBar=true;$(window).off("scroll",barscroll);$(window).off("click",barclick)}function barscroll(){if($(window).scrollTop()>25&&hideBar==false){$(barhide())}}function barclick(b){var a=$(b.target);if(!$(a).hasClass("bar-button")&&!$(a).hasClass("bbar")&&!$(a).hasClass("bar-link")&&!$(a).hasClass("fa")&&hideBar==false){$(barhide())}if(!$(event.target).closest(".bbar,.bar-button").length){$(barhide())}}if($(".bar-button").length){$(window).on("click",barclick)}$("body").css("cursor","pointer");$("body").on("click",function(){$(this).val("")});
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\vzm-policies-v2.91.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 6039
Entropy (8bit): 5.014110889550482
Encrypted: false
MD5: 65600F816D44E713C0BF379A81D8C6E6
SHA1: 9A12EE54F3110B14F941AA9C0045EA8D33CC91DA
SHA-256: 13DDD88B04ABD066E388FF813B5AD1001490A90E8B8E48412FB20CD58840BD91
Copyright null 2020 Page 27 of 63
SHA-512: 78940A9C3E0733CB25CFB137EA36B5E59BC3A504F5A8C1F98CB16E05DF06768B484C56405A43013EBD642397E8237D70462A5CA1B82BA043056301EC89BB1189
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/vzm/sites/css/vzm-policies-v2.91.min.css
Preview:body{cursor:default!important}.content-container.entry__content ol li{font-size:14px;line-height:18px}h1{font-size:32px;line-height:34px}h2{font-size:20px;line-height:24px}h4{font-size:20px;line-height:24px}h5{font-size:16px;line-height:19px}p{font-size:14px;line-height:18px}hr{border-color:#000!important;border-width:.5px!important}.content-container.entry__content ul li{font-size:14px;line-height:18px}.entry__content ul li{font-size:14px;line-height:18px}ul li{font-size:14px;line-height:18px}#products-page a,.content-container a{color:#000;text-decoration:underline}.rightrail a{color:#000}#products-page a:hover,.content-container a:hover{color:#006cb7}.rightrail a:hover{border-bottom:1px solid #d52b1e}.arrow-link{color:#000}.arrow-link:before{transition-duration:.3s}a.go-to-link:hover .arrow-link:before{transform:translateX(5px);color:#006cb7}#products-page .grid.grid-v-gutters>.grid-item{padding-bottom:5rem}table.table thead{background:0 0;color:#000}table.table th{padding-left:0;bo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\vzm-policies-v2.91.min[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\vzm-privacy-page-emea-v1.3.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 16227
Entropy (8bit): 5.12805161900764
Encrypted: false
MD5: 52C6E676638F7C20785D355C7D1B22EA
SHA1: F743663A28587CE4363DC7BC90C2F0BF187BC169
SHA-256: 188F23CABECA6C6F208A200FC8F6FDCB3A0805E69EF7E420EE9516004BB1FCE3
SHA-512: 68E98DE4987489409B1AF2E389A5601080DA8A665FC31408FF55B7CAC9B2D9127718F323D59E047EC8C823647A3FBCFE1A5D64290DEC135DF7E94CBC592BEA57
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/vzm/sites/css/vzm-privacy-page-emea-v1.3.min.css
Preview:#pcMainContainer .content-container a{color:#006cb7;text-decoration:none}#pcMainContainer .content-container a:hover{color:#006cb7}.privCenterTitle{display:flex;align-items:center;justify-content:space-between;margin-top:40px}.privCenterTitle h1{font-size:36px;line-height:44px;margin-bottom:0;margin-top:0}.pcTextXlrg strong{font-size:24px;line-height:32px}.pcTextLrg p{font-size:18px;line-height:26px}.content-container.entry__content .pcTextMed td ul li,.pcTextMed p,.pcTextMed td,.pcTextMed.pcList ul li{font-size:16px;line-height:24px}.mainSubAccordions [class*=mainSubAccordion_] strong,.subAccordions [class*=subAccordion_] strong{font-size:16px;line-height:19px}.nonAccordion .subAccordions.pcList p strong,.pcTextSml p,.pcTextSml.pcList ul li,.subAccordions.pcList ul li strong{font-size:14px;line-height:22px}.subColor p,.subColor td,.subColor ul li,.subColor ul li a{color:#4a4a4a}.announcement{padding-right:5px}.announcement p{padding:24px 0 32px 0;margin-top:0;margin-bottom:0}.privCent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\679IMQ3T.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 5038
Entropy (8bit): 5.2228671275041165
Encrypted: false
MD5: 2F74D06019F8454728CE97CA2B5CB3D5
SHA1: CA6832076574CB6996343E149A79A3190578F4B8
SHA-256: CECF28932D1316828AC8198E7AFA2E6E5D3AAC71577C2149EBB3F7FE208951F7
SHA-512: 3E01F998A2FB762948159B345DE85594640478D34C4A4F7C17EA4255E4EDBA103E9ADF7A253879938E0B2A82D44AF19B4AF02BB490E1205889E867EDE7339590
Malicious: false
Reputation: low
IE Cache URL: https://overview.mail.yahoo.com/?.src=iOS
Preview:<!DOCTYPE html>.<html lang="en-US">. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="google-site-verification" content="K7T1cKNcaN3iYgPzSl1cqovstKaZijbO4HQhERADtpU" />. <meta name="description" content="Take a trip into an upgraded, more organized inbox with Yahoo Mail. Login and start exploring all the free, organizational tools for your email. Check out new themes, send GIFs, find every photo you.ve ever sent or received, and search your account faster than ever.">. <link rel="shortcut icon" href="https://s.yimg.com/mi/yahoo/favicon.ico">. <link rel="canonical" href="https://overview.mail.yahoo.com">. <link rel="dns-prefetch" href="//s.yimg.com">. <link rel="dns-prefetch" href="//geo.yahoo.com">. <link rel="dns-prefetch" href="//geo.query.yahoo.com">. <link href="https://overview.mail.yahoo.com" hreflang="x-default" rel="alternat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\Mail_doc_1125x2436-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2436, frames 3
Size (bytes): 145218
Entropy (8bit): 7.963088274991811
Encrypted: false
MD5: 41347518017F5BFBCD35662D8C772605
SHA1: 3F4A7203B1A9ABA9BC5613A3A0109F8991CDDBBD
SHA-256: FA57F994C279AE2C9576B456187595F1F867C449FD3DB1FB2A77A85879748A0C
SHA-512: 2E403A21D1DBEBFFF3F9A512A5AE0A0E61180973389B3A0572A59C1DB8B5F40463F43E31A5BC2C8E07A4888262A3940F762E6F82C3F98357EA7027A8E651C0BE
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Mail_doc_1125x2436-1.0.0.jpg
Copyright null 2020 Page 28 of 63
Preview:......Exif..II*.................Ducky.......2.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:092FE701CBB611E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:092FE702CBB611E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:092FE6FFCBB611E99835B10FE7EFEA60" stRef:documentID="xmp.did:092FE700CBB611E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................#"""#''''''''''.................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\Mail_doc_1125x2436-1.0.0[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\Mail_people_1125x2436-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2436, frames 3
Size (bytes): 234702
Entropy (8bit): 7.96074353194167
Encrypted: false
MD5: 450AA95C22413A93D5F26246E2A375F7
SHA1: F7677CAC58A7C7D22E6B5668DC31D364EBA9ED3C
SHA-256: BB3542F1D9A1C0159AA0CA35595BD6DE506C8F7FECDCACBD93A5A52B874D494E
SHA-512: 2EA36D3297D9D902FFD01895E47A5A4C228EAAEB20FEFF8E5DE3C47FCD67B2C92943000DA126E0C517109484A9DB806119B92A4A1ECD566B958CFAE37C0B1BA3
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Mail_people_1125x2436-1.0.0.jpg
Preview:......Exif..II*.................Ducky.............1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:5C527874CBB711E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:5C527875CBB711E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:092FE703CBB611E99835B10FE7EFEA60" stRef:documentID="xmp.did:092FE704CBB611E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+55005
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\NHaasGroteskDSStd-55Rg[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), NHaasGroteskDSStd-55Rg family
Size (bytes): 102602
Entropy (8bit): 6.0640138047891705
Encrypted: false
MD5: 252AF5DDA5BA7FF554B32E2E7FC67AC0
SHA1: 68958A68E7091025D833CBF0E62060DD41F32041
SHA-256: 02BF12F527CADCF34449C47C024DADE57F0C314B33787E8B3443C00CDF5988FC
SHA-512: 5C169BACB2075E2D3C215FD95C5DE4B36E38DD5B4BA6FBE1022DB3442FFDC6CEEBA21706F67BF94EA71B0B64AFD9175D60F0A7424E5B76D269B6552024DB82D4
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ge/oath/policies/fonts/NHaasGroteskDSStd-55Rg.eot
Preview:................................LP................... ....Efn...................,.N.H.a.a.s.G.r.o.t.e.s.k.D.S.S.t.d.-.5.5.R.g.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1...,.N.H.a.a.s.G.r.o.t.e.s.k.D.S.S.t.d.-.5.5.R.g................ FFTMtB".........GDEF......:....BGPOSp..:..L...B.GSUB=.$...;.....OS/2u.........`cmap4...........cvt ...N...\...8fpgm../........egasp......:.....glyf5f+_........head......,...6hhea...q...d...$hmtx..{.........locaK[.d........maxp........... name..N....l....post..%...1....4prep.+.U...<... .......B.nfE_.<..........:............-...T.................T.-...9.......................w.....w.R...................N...............3.......3.......).s............................LINO.@. ...3.3...T.. ........#..... ...............E.......`.V...?...!...1...P.C.V.n...n.-...Z.z.m.z.Z...N.z.Z.3.!...Z...F.r.?...%...5.l./...Z.../...D...P...`...`...f.z.m...o...#...D./...&.....R.x.............R...........-.&...n...........=.R.....=.R.;.....-...-.C.p.....O.............=.^...3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\NHaasGroteskDSStd-75Bd[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), NHaasGroteskDSStd-75Bd family
Size (bytes): 104492
Entropy (8bit): 6.0271917801162385
Encrypted: false
MD5: 3254A40433CE8DA328AB28B51EB43C08
SHA1: F84BF17E64C403E1916CFA4967FB9C88D81364F1
SHA-256: 7E5731ACB277CB019949B269BF9D67E165060EB707DE09902288006AE234F1D7
SHA-512: 8F19173C4FC01416C6C207DE136FCBF86030C01999CD59EFFAD34EE630C581E0A284F9B25A475646331C6BC4FC85E922E76E56E66469733797AA8C1823CFE8B9
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ge/oath/policies/fonts/NHaasGroteskDSStd-75Bd.eot
Preview:,...P.............................LP................... .......+..................,.N.H.a.a.s.G.r.o.t.e.s.k.D.S.S.t.d.-.7.5.B.d.....B.o.l.d.....V.e.r.s.i.o.n. .1...0.1...,.N.H.a.a.s.G.r.o.t.e.s.k.D.S.S.t.d.-.7.5.B.d................ FFTMtB%B...4....GDEF......<X...BGPOS+..M..N...H.GSUB=.$...<.....OS/2w..8.......`cmap4...........cvt .J.........@fpgm../........egasp......<P....glyf.|.'.......Thead......,...6hhea.......d...$hmtxJOZ#........loca...........maxp........... name.e$.........post..%...3....4prep3D.....<...G.......B+..._.<..........:................{.................{.....&.......................w.....w.Q...................Y.......b.......3.......3......./.u............................LINO. . ...).)...{.. .............. ...............=.....`.f.T...1...!...)...-...T...u...#...?...R...B...B...B.~...9.1.?.5...-.......+......./.\.#...'...+...H...H...X...h...`.l...E.F.....^.d...)...d...d...d...+...d.5.f.\.....d...d...d...d...(.7.d...).^.d.3.....#.|.Z.5...........M.../.5./.w.~.../.F
Copyright null 2020 Page 29 of 63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\Organic-QR-Code-1.0.0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1024 x 1024, 1-bit colormap, non-interlaced
Size (bytes): 1839
Entropy (8bit): 6.648582879532817
Encrypted: false
MD5: 6D22A2BB70962CB49DC6F8033C6EC789
SHA1: E23D31FA25F7C90D57C8626002F3ED032219FE07
SHA-256: A2B330E3E53E361565697B7A721134E6D4747887FC2D1A85E7986B3FFBA5808F
SHA-512: E6488F06CAAF6B9209B87BA427DE69576F693E1D337D36A59AAAF267A62B1B411354438B637C0A657975636D2C97F70DB075ADBA24E9E610C5C8C6002C85CD2D
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Organic-QR-Code-1.0.0.png
Preview:.PNG........IHDR.............E......PLTE.............IDATx...Qn. ...HY@..{Io.........../.6s.7..n%.}........K.vv.n...}......g|...m..s..........`.....|c..3Wt.|'....q...t..........2}.....f..$../m.Fk36@...............=`[email protected].]...W..u..........V..?8....b..[[email protected]}.1...qL.v..`.E.@]..........X...k9..2..O.[0.){]..7...........k..(..3?....f......L.............5.'...v.r..,.m]...C............(.l.L..*Ks...B.K..%.D...........Gt.c...1..\...m0...........`[email protected]=..\[email protected]_.._..-l..u..;_.........X...qwv..........I............)D[...$....7....................'..6n.&[email protected]]I...R.s0t.........5..W.$...*..7QL...U................}v..$.i.u.6.6..........`8.8U..bj^.e.....i.............}...~.K.^..D..F.......A.. ...#.Hsu.,RFv......f.j...........`.@....?.....Z...(.....+..............9....m.....EZ..I.........=.....[...+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4495189158826[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 353
Entropy (8bit): 5.351340125017069
Encrypted: false
MD5: 8E10ABFC5ADDF1FE0ACC066566DF4292
SHA1: F81E58851578EDA7F244D2D471353DF3898FEF13
SHA-256: 613D5B0AF18E53ABF2AEC1A7EF28EF0412A31D509E7C93E0331F7A809F25224D
SHA-512: 70C67AD3E6516B9F84CDDFF0680BB983728EDE067F762D287F2B8FD4601A13818F363572C1152B6EC32BBBFEE27E05DD401AB23950BFD748A3A4800F102ED770
Malicious: false
Reputation: low
IE Cache URL: https://6589630.fls.doubleclick.net/activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4495189158826.926
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://adservice.google.com/ddm/fls/z/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4495189158826.926"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5537313201273[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 353
Entropy (8bit): 5.344641745479957
Encrypted: false
MD5: F70BA5E8A74E08BCB1443325DC705280
SHA1: 4049E3B2C0510FFB2A2E16E7B58AF01A6D5C277F
SHA-256: 4A6D7377F1DF7A9F051D69D19AB3D22F89280EE5D68E41D46EE50EF854E09743
SHA-512: 2908520D9D4AA2CA016CF5F02FD4D4286B5E92D93354986AD5B40F90A7C897A6D6398A451C381448F391955DF7B6FCDE5B1770329F6370BB7C2713CA3FEE7565
Malicious: false
Reputation: low
IE Cache URL: https://6589630.fls.doubleclick.net/activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5537313201273.317
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://adservice.google.com/ddm/fls/z/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5537313201273.317"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\activityi;src=9513459;type=ym6;cat=ym6lp;ord=1419370984;~oref=https___overview.mail.yahoo[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 622
Entropy (8bit): 5.294891697690073
Encrypted: false
MD5: 3FD77AC6D00A2955F33D95ABF2CAE12C
SHA1: E3C4F9B4C9A1F0FC8C4E1448F7774442CB5B10D6
SHA-256: 62ADD29147923EAFFA6B2758B5D9D3A4D4F19EC1166F7D6D4B4F3835DCE7FC9E
Copyright null 2020 Page 30 of 63
SHA-512: 32DEF630C9F288A3ED34639446C0C64B6DC056F6212E9F65E239C52B51A04A3C2C437A7FDFCBEE312FB5ADA83668BD63CAF9FC3F1BFC3FEB695AA12F9780C2D3
Malicious: false
Reputation: low
IE Cache URL: https://9513459.fls.doubleclick.net/activityi;src=9513459;type=ym6;cat=ym6lp;ord=1419370984;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F?
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10100069"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092709"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092037"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092036"/><img src="https://adservice.google.com/ddm/fls/z/src=9513459;type=ym6;cat=ym6lp;ord=1419370984;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\activityi;src=9513459;type=ym6;cat=ym6lp;ord=1419370984;~oref=https___overview.mail.yahoo[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\arrow-1.0.1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 23 x 40, 8-bit/color RGBA, non-interlaced
Size (bytes): 1981
Entropy (8bit): 6.390807909783503
Encrypted: false
MD5: 4996ED3E161C03712D8E5CFF345A4DD2
SHA1: 64013733610E6543615B171B679FFB441AEA39ED
SHA-256: EBF4DC7F7D31C85B85F629167C053F6C85325D9A2719AE2FA3101C9E48967187
SHA-512: FD1FF19D9D935F87BB1FF0A986AE8CAAE549192D7EE0E969EBBB49FECFF6B7967E1DF132ECE6291BCD6BBB02637758A75F13D8ACB156E6D1A71C68B646DB31B4
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/arrow-1.0.1.png
Preview:.PNG........IHDR.......(.......a.....pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmp:CreateDate="2019-09-11T21:59-10:00" xmp:ModifyDate="2019-09-11T21:59:25-10:00" xmp:MetadataDate="2019-09-11T21:59:25-10:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:8c895131-b95e-4a76-9359-d55148a81ffe" xmpMM:DocumentID="adobe:docid:photoshop:2afbee42-1ffe-fd47-83a3-e12392838a80
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\arrow_left-1.0.1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 23 x 40, 8-bit/color RGBA, non-interlaced
Size (bytes): 1996
Entropy (8bit): 6.40168233079749
Encrypted: false
MD5: 9ECA1E74A4FA325569E54F0CF8961B1E
SHA1: DA28791F09637EC88264CC97F2909BC007465C02
SHA-256: 7D46A9981F00AE42DB15F23F393C5E9CE851189068F809D94728240D3560A784
SHA-512: F0E97C2A5FCFE0E17CAD4B8433CFB31D4EFCC1D815E5D8C146DBFAB869F3D7884DE6D03141D75F002E6E70F5601C0E5C74A3A3DA8F6FE8A35E878300E201D84B
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/arrow_left-1.0.1.png
Preview:.PNG........IHDR.......(.......a.....pHYs...#...#.x.?v....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmp:CreateDate="2019-09-11T21:58:34-10:00" xmp:ModifyDate="2019-09-11T21:59:36-10:00" xmp:MetadataDate="2019-09-11T21:59:36-10:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:fc341464-e8f8-4230-a637-6a1d4e7e3af4" xmpMM:DocumentID="adobe:docid:photoshop:e011d6b6-f271-e64c-a5b8-d38224e66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\bg-people-1.04[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2000, frames 3
Size (bytes): 247330
Entropy (8bit): 7.975858373432844
Encrypted: false
MD5: 95DC2F5F468C3AAB7688DE338D8E96EB
SHA1: 923AAA5578D454F7D6E305E8E94084280453E033
SHA-256: 70959DD535E9ECFCD2AE3230A8ABDED375528B2CFAF08701997C96F4F2085DFD
SHA-512: F26B55FAB844243384C100FA3A5B9C8065C861C141F1AC6713F55CAAA59105ED116CBE6A527F6EEAC9F2316E70E8154C811B9151371C07A3808C23FDD268A506
Malicious: false
Reputation: low
Copyright null 2020 Page 31 of 63
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/bg-people-1.04.jpg
Preview:......Exif..II*.................Ducky.......(.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:9B3E1368CB8111E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:9B3E1369CB8111E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9B3E1366CB8111E99835B10FE7EFEA60" stRef:documentID="xmp.did:9B3E1367CB8111E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\bg-people-1.04[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\boom-pophand-1.0.3[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 639 x 814, 8-bit colormap, non-interlaced
Size (bytes): 73359
Entropy (8bit): 7.972389272459081
Encrypted: false
MD5: 7F2CBE21F3DD73F94FA55550D16E54AF
SHA1: 329F4AE349D24E0B0D5D52885711366E610A0EFD
SHA-256: F463497DEE801CF8FA81FAF20C3BF55D8EE9468B031B07E6342F7345399650A9
SHA-512: C6E6598EC54A794D08D7E685A4058F6FE26FE5345CD1CA3EAE3CC2420D17A97AA5D301EA2B5F70E4C7684C3E6CF5FFC7857350936D0849751D767CD9427E7AB8
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/boom-pophand-1.0.3.png
Preview:.PNG........IHDR............._5./....PLTE........w................../(#.......(#.k[...MC;;51QF<^PDeXMSIA.o_...~^...........................lN/..v....|..q.sU...sR2..........oP0xZ=....y[jI*xV7sU7....d..i...S6..}a..lfG(_A$......cE......lN...cD&Y:.M..Z>"N2.S../ .6%....;87PLJ}\>$"!Y...pTA?=H..(....IFC......-,F,.b]Y.....='..hK)('[VS432....._A..._...}hhc_.kN....oje..y....VRO.....pWdP>..q.......yb........................vpl.........z......"........t\.xs]I7......z.cHnWC..R?/....f...~xX.pN...p.m.cfl.lT......}..gD..t]D3&OQV..g.....}ux}Y\amotuH+CFL...4...aD...V9......[.eL....8....o.........r^L.zh...!$0........o..tcW.rb.....B)}.|cO...rY.u.....'%I...M?......DC.......88i..............`L...t;h.g..N..y..F..W....w...y.g......Zy...b.r.G..Ng.jL..b.*`c....O..X5.r..\?.A...t....tRNS...6M}g...............+...+IDATx............................................f.|^...8..........07...qn..lXX$.....z......Bn]..$...{ .T(.R(9y.......I.Z.V..O.G........ .. .. .. .
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Size (bytes): 7406
Entropy (8bit): 4.304484757023122
Encrypted: false
MD5: 1DE25C615C80AA0F5BF507B14A7DA5EE
SHA1: 756ADD33DF521F2ED53B11B1666759C419DA886C
SHA-256: 03B386FF2E3D6308D4E789A9FD21A8CA7445D37EECC4446D257BA5E5D02351BF
SHA-512: 0F9188A43C302C6B7CD5234D719A455D3FCC891141B2E655B919EF546059CE253B0D1125A40ECCB2FAB0AF9A3575DA1C19C218C6049F64508B9FA41B22D710FB
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/vzm/sites/fav/favicon.ico
Preview:......00..........6... ......................h.......(...0...`.......................................SSS.............................EEE.............\\\. .................sss.....NNN.........eee.....))).........@@@.................WWW.........nnn.222.............III.....$$$.........www.................iii.---.........DDD.........................rrr.666.....MMM.........ddd.(((.....{{{.............VVV.............111.........HHH........."" .....___.###.nt......vvv.....pw..........QQQ.............,,,.............CCC.............ZZZ.............555.............LLL.............ccc.'''.....>>>.............UUU.............000.........................^^^.""".........uuu.999.........................ggg.+++.........~~~.BBB.........YYY.............444.................KKK.............bbb.&&&.....}...............................kkk.///.........FFF.............]]].!!!.............888.V]..........OOO.............fff.***.............}}}.AAA.............XXX.............ooo.333.........JJJ.....aaa.%%
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\fg-Package-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x873, frames 3
Size (bytes): 41424
Entropy (8bit): 7.5613589695269585
Encrypted: false
MD5: 33E5B2032E7E0AD0DFEA9F25560F9096
SHA1: 075EB0778E29C59C9FEFC0E89C6473D66FAFEF95
SHA-256: EBD4C2B671514128665725DD5360504787694C4DB0CE4453D6CEAB60BE893BF0
SHA-512: 6FBF0DB0D07B33E609782C8ABC25575F2CE8B4B62CCD0520A209025DEFBE9200D230D62904D7675409017BDBEAE3B1486144D5DCF65884ECBB3210B64ECB2D10
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/fg-Package-1.0.0.jpg
Preview:......JFIF.............C...........................%!'&$!$#).;2),8,#$3F48=?BCB(1HMH@M;AB?...C...........?*$*??????????????????????????????????????????????????......i.e............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................'...............%'{...k........@....
Copyright null 2020 Page 32 of 63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\fg-Unsubscribe-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x873, frames 3
Size (bytes): 53585
Entropy (8bit): 7.715541549246402
Encrypted: false
MD5: 730E54E8EB7786F7142F7108DB07075B
SHA1: 824E9D1BF6F7E7A7126D24C3BE6E7BB8C733E432
SHA-256: 83B9A143EEF6ADAB8FDBA1B7A90CDB6ECDD69FC75B382E8541F01444FAEBCFCA
SHA-512: F2E8AFBCEEB067F69DE5BFF46E192DE864B1E5F31E0DF385AB4C2F971B691D8CF72B1D886E66C57477F8D2CD7ADBF461CBD5040FEAEBD24F645155695443B5F9
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/fg-Unsubscribe-1.0.0.jpg
Preview:......JFIF.............C...........................%!'&$!$#).;2),8,#$3F48=?BCB(1HMH@M;AB?...C...........?*$*??????????????????????????????????????????????????......i.e....................................................................................[|...................j....<....}[email protected].,@......*P..h...&....k..u...A .!.R`...zq.;.fSup............................P..{[email protected].;.;C.H.'[email protected]....*P........l....,l...c:..op.Z..|....u3w._..x.S................................U..^L.f}l..".W...7d.1.X.+.c9.9....].................3.1gc..9......OY.Z.k...}....!..)h.,|L...............................<.........co.../`.....Z.ky<H....f8.7. [email protected]@.y.y........h............................^.[.y.z..Z... [email protected]...............................]6},.ge..@.....! ...H.........$.>...&[email protected].]N.t.RdV..@..$$..................)0.....3e.................................c..z.v[....>[7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\fg-desktop-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x873, frames 3
Size (bytes): 67692
Entropy (8bit): 7.868190556807736
Encrypted: false
MD5: 7A460158F6A792C3BAE5AA0AB38199E8
SHA1: 0016FB78817ACEF720F048EECCDBD920BDEF7DFA
SHA-256: 40D921372FBD365479419218D0391376343ED32BBCDF8D7CE8AB537E72753407
SHA-512: B127C802B13FEBD106B5ADD1610087D74421B6F3F0C5CE2A667AF7162C2B98708FCF0453CCA081FD838903D1499799F30D7708DCFA2134C4EA9DE62501029229
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/fg-desktop-1.0.0.jpg
Preview:......JFIF.............C...........................%!'&$!$#).;2),8,#$3F48=?BCB(1HMH@M;AB?...C...........?*$*??????????????????????????????????????????????????......i.e....................................................................................z.............n...j...|...L..q.<z.@.....................................[...........z...v.8.i.s...........6Yx..................................................ev..3.1..F..c...[.|Yj..oj,.o.a=_...v..n.................................................60..i.3c..[8..w_f..:\....e...v0..i.q]C...t..Xr.i.i..........................................-......|7.u....t..x...g....j.60.......=.c..P.../3.....r^g...gG...6...}.B.....................A .................t..... ...5...%n".2.uz.........^e...i.k...n.us.................................................-............|@....W......._..............................s__WO....ut..w...................-.......V. .h.y[....h.y...9i..............................j.....6...^.................Qn........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\hightlight-big-yellow-module1-1.0.0[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 983
Entropy (8bit): 5.0294712732485
Encrypted: false
MD5: 0F100D710F4705118DF3EC9B7B336512
SHA1: B726732C18766BA26FF6CED6553136170A3B7C7F
SHA-256: 08ABD896D9B7055D74A70B927BA63B94B00582F469644DBC851A3CC3D0565ECF
SHA-512: 8063520B1B553DA3D5B43F02D4F8234D9BDC66EC02D0461108590709015204E6585CA269EC4FC3DC29A87D17F19E6449C10BF525AF9D4EE4AD74ABCB33D9BD4D
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/hightlight-big-yellow-module1-1.0.0.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="10333.092 174.99 440.622 105.189">. <defs>. <style>. .highlight-yellow-module1 {. fill: #f6f508;. }. </style>. </defs>. <g id="highlight" transform="translate(10331.219 174.99)">. <g id="Group_14058" data-name="Group 14058" transform="translate(1.873)">. <path id="Path_7996" data-name="Path 7996" class="highlight-yellow-module1" d="M442.22,0C367.145,0,291.8,2.522,216.721,8.646c-37.675,3.242-75.074,6.845-112.2,11.167C70.147,23.776,35.5,28.819,2.5,42.868c-1.65.72.55,43.949,0,43.949,138.6,10.807,277.748-5.4,415.8,14.77V57.638c-6.325,1.441-12.925,1.8-19.25,3.6-2.475.72,2.2,43.229,0,43.949,6.325-1.8,12.925-2.522,19.25-3.6.825,0,.275-43.949,0-43.949C280.246,37.465,141.1,53.675,2.5,42.868V86.817c32.175-13.689,66-19.093,99.824-22.695,38.225-4.323,76.174-8.285,114.4-11.167,75.075-6.124,150.424-8.646,225.773-8.646,0-.36,0-44.309-.275-44.309Z" transform="translate(-1.873)"/>. </g>. </g>.</svg>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\img_3[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 40765
Entropy (8bit): 7.913731257394965
Encrypted: false
MD5: 8EA915D1215D268D88F2209916E5B7B8
Copyright null 2020 Page 33 of 63
SHA1: 62E95C358857F91AC85C09B5AA39F940EF1ED490
SHA-256: C140E1004CED7BD80347E10F439A7AA4CD9990B5F52083C857F251017CE9F0C3
SHA-512: 960BB01B3EAC754CB0FB9163DBFEE23758FF7F44742EDCFEB6A42663E0F47B9571DB07F712A77DE1BE149015CBF450C192BD5E70443BEC7A4CEC62BC46C481DC
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_3.png
Preview:.PNG........IHDR.......8.......1q....PLTE.....~@@5...>88...'''......rbR......h]U.........q`T.........ecc.gJvsq.cG.lRuoj.}{......UPKPG>:3,...NGB.zb.y`7)....~^...........[....|`..............mN............D1..........S.....uX.rS.iJW..O.....[....K........y_ZVSG....r.....b^[.....K5!jfd....v[=,...%.u\.........}.nT.~b.....!&-TOK..........s......|(-6.|....mV...`..vpi.}w}vo5$...v..q.}fV[a.cD..u92/LQYCGN$....~..k......wsv{...;=A..i..|jns/[email protected]..^.......k]@(..|........k....zd{Z={[email protected]<5.|a...,(%}cM.bG.}f.s\...+..._@oO2oWEaL;..........p......5>T.........d.........}...........l.IKt......s.....iZ.tg^\T..v....|^.l\T...y_...s^..............._`.k...../........pm...Lq...s...^..Y...s.Fg.t..kJ...xy.f..~.?6.>...%tRNS....).; UA.q`..z........P........z......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\img_3[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\img_4[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 52417
Entropy (8bit): 7.936132682742428
Encrypted: false
MD5: 4D908224149CCAC9B71BCFD2878E548F
SHA1: FF8D18DF98CBE1EE43F64E9C3C41877387043303
SHA-256: 53C663635912025C4C14A9E1C1B9B2E03D7ADEADF5EB4AC78F465DC3D72A2FF3
SHA-512: CE29D370C77C3F57FEF1827D165D303022F8AEA4A3502430D0D7963793B3F74F7D2D2526D7680F271694B186FC0BE44B66CF40572A0FF05A11EFB5DAA049237E
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_4.png
Preview:.PNG........IHDR.......8.......1q....PLTE.....w55,'''......... ..vh......zhV...GB?.........'# .......qb.lX{twKB<KD?.jN.......fH*&!.v[RMIHIM...ked...I9*_]^...|_........[.....................g...rS.........uV8..n......zu|]? !...x]..y..q.}b..r..x...S.........lLO....nP2.nRJ....{X......v`*..\........oW..x-&.iK.ysm.hK.......tZ....bF...ea^70+UPL......lgcF.....B;7smh.........5!.LFA.......n+/5..@*..fN]>""%.R9"K1.....&...^YU......x_...|eE'...27@..{.gF.{idgosvz...IMT....w.......t}...oW....j...>BIUX_..k...._F....].[=..v...a....\E1pWA.........z.....k.s]M...cL<.eT...dVJ........................c........j.|I............d..z.....nl.GQt....o7:^^_.~r..O4...m....w........YM...[..gS........*.....Iq..^k.qU...oN~......3d..l.zz..:.s...&tRNS...4..Kn6..V.a...P.....w.............IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\index[2].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 3241
Entropy (8bit): 5.210639656285256
Encrypted: false
MD5: 08DE7DB364CFD1E38123D2ADAF4874B2
SHA1: 2C9121BC6CE153BC4BAC0923C4C71A78C2748D58
SHA-256: C38AC1F8E4FAD15D7EB49AA7C6B87293FAC148C21F1D78CB0045FE4FEB64C828
SHA-512: E1D034176FE236AEC92266BF265B9AF0955E09513C784976B8233023717618F6507411F0B432A335CD54E486A643F5A7B88DBC313EF8D1AD156D6EE999C0C8DF
Malicious: false
Reputation: low
Preview:<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">.<html><head><title>Yahoo - 301 Moved Permanently</title><style>./* nn4 hide */ ./*/*/.body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}.html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}.p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}.#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}.h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}.form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\modernizr.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 11084
Entropy (8bit): 5.26714858103651
Encrypted: false
MD5: 65F1D21D5FCC9D21DA758ADABABD0C3C
SHA1: E0661D07D64C00008BC9D013D16EEC0A0F156DC7
SHA-256: D2B82E612D2A812E8BE2A57300DAB8923C4F2EDBE7A799E7DA70791B595646FE
SHA-512: DE7D7DC739CED2E6CFA52C1809144180787ADC3AD5F9B7597C72B9D9BD5EB2F21DE06B1FC12B5034F2458DE428B368772700A6665D3F2E02F148A300239E6183
Malicious: false
Reputation: low
Copyright null 2020 Page 34 of 63
Preview:window.Modernizr=function(e,t,n){function r(e){b.cssText=e}function o(e,t){return r(S.join(e+";")+(t||""))}function a(e,t){return typeof e===t}function i(e,t){return!!~(""+e).indexOf(t)}function c(e,t){for(var r in e){var o=e[r];if(!i(o,"-")&&b[o]!==n)return"pfx"==t?o:!0}return!1}function s(e,t,r){for(var o in e){var i=t[e[o]];if(i!==n)return r===!1?e[o]:a(i,"function")?i.bind(r||t):i}return!1}function u(e,t,n){var r=e.charAt(0).toUpperCase()+e.slice(1),o=(e+" "+k.join(r+" ")+r).split(" ");return a(t,"string")||a(t,"undefined")?c(o,t):(o=(e+" "+T.join(r+" ")+r).split(" "),s(o,t,n))}function l(){p.input=function(n){for(var r=0,o=n.length;o>r;r++)j[n[r]]=!!(n[r]in E);return j.list&&(j.list=!(!t.createElement("datalist")||!e.HTMLDataListElement)),j}("autocomplete autofocus list placeholder max min multiple pattern required step".split(" ")),p.inputtypes=function(e){for(var r,o,a,i=0,c=e.length;c>i;i++)E.setAttribute("type",o=e[i]),r="text"!==E.type,r&&(E.value=x,E.style.cssText="position:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\modernizr.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\ns[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 3385
Entropy (8bit): 5.450542421317906
Encrypted: false
MD5: BF81578A788804534702AE78830655B6
SHA1: A9F77D2F1CA41F48C81EB592024D3D5F15C05213
SHA-256: C595DFB7741B2FC45F9748324574D4F9F3DF040953D1421FFAE85986615D4DFC
SHA-512: E380408C5082FB6448D40892787AD20F816D34BA8EDE1A1D9149B5EEFBDCECA66FE4B58AEE6E5D84ECD31DBFA711BECB7F1EC9450F09BD79E7451C8322A1FF21
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>...<html lang=en>.<head>. <meta charset=utf-8>. <title>ns</title>.</head>.<body>. .. .. . .. .. .. .. .. .. .. .. .. .. .. .. .. .. ...............<iframe src="//9513459.fls.doubleclick.net/activityi;src=9513459;type=ym6;cat=ym6lp;ord=857907770;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3Fpid%3Dlandingpage%26c%3DUS_Acquisition_YMktg_YM6%26af_sub1%3DAcquisition%26af_sub2%3DUS_YMktg%26af_sub5%3DYM6GetItNow_Static_%26af_c_id%3D0?". width="1" height="1" frameborder="0" style="display:none"></iframe>.............................<div style="display:inline;">. <img height="1" width="1" style="border-style:none;" alt="". src="//www.googleadservices.com/pagead/conversion/750142956/?value=&label=kfoXCNuS0a4BEOyL2eUC&url=https%3A%2F%2Foverview.mail.yahoo.com%2F%3Fpid%3Dlandingpage%26c%3DUS_Acquisition_YMktg_YM6%26af_sub1%3DAcquisition%26af_sub2%3DUS_YMktg%26af_sub5%3DYM6GetItNow_Static_%26af_c_id%3D0&guid=ON&script=0"/>.</div>......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\oath-icons[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 4384
Entropy (8bit): 4.889161523352531
Encrypted: false
MD5: B9E5E6AD38B762494C9B724B021FF229
SHA1: A00E5011A1BB878E24585013C5B0D90C49612FDC
SHA-256: B8D7C436A1D6E97C07402F1D63E46A6E952F39C95230021F2862922A8E9207B7
SHA-512: CD005129D79F93B4A09170625F912D0D66D03F22CCE0A73528E3717B51999B8FD850CAF0EE401CFC33AD8BA3EBBB401B8A7EC3867CB71857C7E57CE473DD5CC9
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ge/oath/policies/fonts/oath-icons.css
Preview:/*. Icon Font: oath-icons.*/..@font-face {. font-family: "oath-icons";. src: url("./oath-icons.eot");. src: url("./oath-icons.eot?#iefix") format("embedded-opentype"),. url("./oath-icons.woff2") format("woff2"),. url("./oath-icons.woff") format("woff"),. url("./oath-icons.ttf") format("truetype"),. url("./oath-icons.svg#oath-icons") format("svg");. font-weight: normal;. font-style: normal;.}..@media screen and (-webkit-min-device-pixel-ratio:0) {. @font-face {. font-family: "oath-icons";. src: url("./oath-icons.svg#oath-icons") format("svg");. }.}..[data-icon]:before { content: attr(data-icon); }..[data-icon]:before,..arrow-circle-down:before,..arrow-circle-left:before,..arrow-circle-right:before,..arrow-circle-up:before,..checkbox-checked:before,..chevron-down:before,..chevron-left:before,..chevron-right:before,..chevron-up:before,..copyright:before,..dots:before,..global-principles:before,..gov-data:before,..gov-removal:before,..other-resources:b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\package-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 880x879, frames 3
Size (bytes): 40493
Entropy (8bit): 7.703031131600518
Encrypted: false
MD5: 40180DD8F632A40EBE434AB6D6F38E67
SHA1: 316DC325DC9A54C10F791D13CE9061AD8919BB83
SHA-256: A875DDE13606259FCBC838DF5ABA52B365B3CE93C9E0E13DE9979EC881FD6A36
SHA-512: FAEC8E44B1067C4DF89B47017EA0ABA55850892354229ADE387B42A8B6FC2604FA6425822FF7BD2096AE83C5988310B8632D979F6CF78DE4AB2BD66FCC0BBB5C
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/package-1.0.0.jpg
Preview:......JFIF.............C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================......o.p.....................................................................................A.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................w.a.=iP..........L.hzY.y.............................g....ZSa.4..............c....n.-..... .....................,.uc..S...O~e.....;T.........{Oy...h..^.U.2K.z,............................q..k
Copyright null 2020 Page 35 of 63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\scrolling-1.0.0[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 154 x 240
Size (bytes): 5571
Entropy (8bit): 7.857469246629317
Encrypted: false
MD5: C2DC35DDB6393260E065AE1441C647F1
SHA1: F1C9FD0862D4DBFD7EC12593CB23725FDFDC6D1C
SHA-256: D5673464AEBF3E3C32C801B36794B3CAC07115126A9E4E260DE912AA88B1594F
SHA-512: E02412B5086526D963E60EA337774D34D7C462936E0676F2D96E7C74948E2DE9AB3ACB74A9D97FD57A74BD10BC6191EE0BD88B49200A5E58447546EC6F02CC34
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/scrolling-1.0.0.gif
Preview:GIF89a.............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:adadc61f-ab07-493c-acbc-b08191af21f3" xmpMM:DocumentID="xmp.did:F35A8B66E66D11E6B017A3A356D31404" xmpMM:InstanceID="xmp.iid:F35A8B65E66D11E6B017A3A356D31404" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:566833ad-9317-4516-b8f9-495d88a168b7" stRef:documentID="adobe:docid:photoshop:a1506d77-1f2c-117a-9724-ff3021a1fa7e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\spp[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 3.366634665454505
Encrypted: false
MD5: BFF56CE49DD485D195FDFA0A02342568
SHA1: 74FB4071DEAB7D3AB083562067B735DF32C43397
SHA-256: 0E4B1E428A2198EF747010C094101C257B568A97CDCC0F31ED5E9868CC835B39
SHA-512: 15BC2B5B57144C4F71DC203E16B0F7235EC5E659532D5BAFFD3E91D57CEC61D36CA1B7EA28156AB11A3FA46982FE252A58410D7ADF6693C93EDCCA2B2FA1ABB8
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\750142956[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 84
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: 6A3F2D147842187CD48B1546EDDD5BA0
SHA1: AB278C31189DF2939428CF81A3850A2C6DBF5E2E
SHA-256: D4990F907BCA02F02B3D41216EEA5461609D4BCBA07A3CBEE0D7CF28A6D0D864
SHA-512: 998F55BF5C3D4A71CB3C23782B788F71E7625DF83A37FE8A18F915AAA3BDE5420183A3C709816664E262069EE2FE245CA44799E3476B6DE507B5D68FC86F8960
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\GuyWithBicycle-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1093, frames 3
Size (bytes): 90395
Entropy (8bit): 7.827708327793056
Encrypted: false
MD5: 6AAA613FCA87782887BA153BE9D8430B
SHA1: EFC47BB08FAB921AC9564BB27EF913C567342DB6
SHA-256: 5A12C906340AB1C55FA9554DF93116DEE97F0FA51C9F620CE99043AF723EDC4C
SHA-512: 69B30C36A695690CC9B2DC6924495D62F0A99B581C74BBF5BB29224CDD5256E646D0DC13A6844D3AA93FD5DEF6960A37ECBCEF798AA75F63C54CA991CBB6C084
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/GuyWithBicycle-1.0.0.jpg
Copyright null 2020 Page 36 of 63
Preview:......JFIF.............C...........................#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C...........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;......E..........................................................................................B.PB.).....Wi...R................ .........).@[email protected]........).B.... .... ( ( [email protected]!A.F.Z.v...) ... ...........R...........).(...P.......).).......... ...).................).A.@...... (................y=....B.HR..B.......... ... ..RB.!H.B... (.(...........HR..........H.......)[email protected][email protected]@.( ./...u.....PH.......R..).........@[email protected]"...!@............................).@.. ...........P........).(!H.... .....I/......R....% )[email protected]........%X. (..B..R.....RE............!H........PB...@....B....................H@[email protected]..#.....B.b...P@...........(.HP......U ............A..............).@....(...( .......B.@R...@[email protected]=b.V ..B. .......R...........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\GuyWithBicycle-1.0.0[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\Mail_grocery_1125x2436-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2436, frames 3
Size (bytes): 171733
Entropy (8bit): 7.888211439891323
Encrypted: false
MD5: 90D8A3782FCEB0B27DF4787601B9CA74
SHA1: E8FC23EAC3B5FCB7285F2470848A031B73A10804
SHA-256: 07A37CDB1BEAAA56B791E8B19E56513C1EB5BBBDA87C2376B98FFFCA35AC4011
SHA-512: EB76F17ABD9087802454C7336BB6BC82F80554E7D9640F0C91FFD77C366E567C141CDBB0402DD34ABB65C7ED2746137288A8708C1BC6B09388EF0BDFCF7CAF32
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/Mail_grocery_1125x2436-1.0.0.jpg
Preview:......Exif..II*.................Ducky.......-.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:23AA5037CBB811E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:23AA5038CBB811E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5C52787ECBB711E99835B10FE7EFEA60" stRef:documentID="xmp.did:23AA5036CBB811E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\W53M24WG.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 5038
Entropy (8bit): 5.2228671275041165
Encrypted: false
MD5: 2F74D06019F8454728CE97CA2B5CB3D5
SHA1: CA6832076574CB6996343E149A79A3190578F4B8
SHA-256: CECF28932D1316828AC8198E7AFA2E6E5D3AAC71577C2149EBB3F7FE208951F7
SHA-512: 3E01F998A2FB762948159B345DE85594640478D34C4A4F7C17EA4255E4EDBA103E9ADF7A253879938E0B2A82D44AF19B4AF02BB490E1205889E867EDE7339590
Malicious: false
Reputation: low
IE Cache URL: https://overview.mail.yahoo.com/
Preview:<!DOCTYPE html>.<html lang="en-US">. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="google-site-verification" content="K7T1cKNcaN3iYgPzSl1cqovstKaZijbO4HQhERADtpU" />. <meta name="description" content="Take a trip into an upgraded, more organized inbox with Yahoo Mail. Login and start exploring all the free, organizational tools for your email. Check out new themes, send GIFs, find every photo you.ve ever sent or received, and search your account faster than ever.">. <link rel="shortcut icon" href="https://s.yimg.com/mi/yahoo/favicon.ico">. <link rel="canonical" href="https://overview.mail.yahoo.com">. <link rel="dns-prefetch" href="//s.yimg.com">. <link rel="dns-prefetch" href="//geo.yahoo.com">. <link rel="dns-prefetch" href="//geo.query.yahoo.com">. <link href="https://overview.mail.yahoo.com" hreflang="x-default" rel="alternat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\_[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 476
Entropy (8bit): 5.357247679941758
Encrypted: false
MD5: CFBD0997F0DF2839474027577F304383
SHA1: 37E5266E097899AE185BE0CD9B464D04B6B7E994
SHA-256: AF71198A1CA2A04CF4BD59E84FB0A3D3B387D55BD64487C4C5AE9A7095372759
SHA-512: DAD4BA4A32856F6D29693900B1CB5C056D5116F286D662414F44F96CEEDF25646EA7D89EDC18D4EF8CEF4FCDFD95ED2B5A68AA4360CD7E51A7E70E372370A636
Malicious: false
Reputation: low
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><iframe src="https://adservice.google.co.uk/ddm/fls/i/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6321986172151.532;~oref=https://overview.mail.yahoo.com/%3F.src%3DiOS" width="1" height="1" frameborder="0" style="display:none"></iframe></body></html>
Copyright null 2020 Page 37 of 63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\activityi;src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6321986172151[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 474
Entropy (8bit): 5.346278117716524
Encrypted: false
MD5: 4AF3089945834669D664B68D07E7E73F
SHA1: 3EAD7F9F32C33D1AF8BE51F2603BA3CD716E11DD
SHA-256: 11D0D3D99B1BEFB412E546D0AF3F0AFF23FF8B8ADEFBE4173ABFEE3DF881019F
SHA-512: 59820335E901877DBA7E4DAD65E18855D3BBD4BFEDF11D04F0275DFD3E0D9F8691C73E587D58B9F6871ED9C1F529B60605ACAC7EC968DD896731B4F949CD4B70
Malicious: false
Reputation: low
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><iframe src="https://adservice.google.com/ddm/fls/i/src=6589630;type=nrn;cat=nrnlp;u1=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6321986172151.532;~oref=https://overview.mail.yahoo.com/%3F.src%3DiOS" width="1" height="1" frameborder="0" style="display:none"></iframe></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\activityi;src=9513459;type=ym6;cat=ym6lp;ord=517367889;~oref=https___overview.mail.yahoo.com__[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 634
Entropy (8bit): 5.3298956084181714
Encrypted: false
MD5: 3FBAFECFC708A9F9F7706AA0124FF39D
SHA1: 158344C512224F3BE25F8C2F3A445EB59FD73229
SHA-256: B79C3F499E25A740C1181CDEEF3AA4F16C0460FCB24EB987858493625584CE0A
SHA-512: 2745DD961C744CBAF63FBD352265C6947B23B6689F412E192F88BD68E1E92C12C90410C89246B724E3D4379F4CBB52273074505243ED930DEFFE05D27D983537
Malicious: false
Reputation: low
IE Cache URL:https://9513459.fls.doubleclick.net/activityi;src=9513459;type=ym6;cat=ym6lp;ord=517367889;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3F.src%3DiOS?
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10100069"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092709"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092037"/><img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10092036"/><img src="https://adservice.google.com/ddm/fls/z/src=9513459;type=ym6;cat=ym6lp;ord=517367889;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3F.src%3DiOS"/></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\adsct[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 3.16293190511019
Encrypted: false
MD5: 377D257F2D2E294916143C069141C1C5
SHA1: B7CAE69682CF31DD670B65088DB8395ACDA6ED3E
SHA-256: AC8778041FDB7F2E08CEB574C9A766247EA26F1A7D90FA854C4EFCF4B361A957
SHA-512: 01211111688DC2007519FF56603FBE345D057337B911C829AAEE97B8D02E7D885E7A2C2D51730F54A04AEBC1821897C8041F15E216F1C973ED313087FA91A3FB
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\adsct[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 3.16293190511019
Encrypted: false
MD5: 377D257F2D2E294916143C069141C1C5
SHA1: B7CAE69682CF31DD670B65088DB8395ACDA6ED3E
SHA-256: AC8778041FDB7F2E08CEB574C9A766247EA26F1A7D90FA854C4EFCF4B361A957
SHA-512: 01211111688DC2007519FF56603FBE345D057337B911C829AAEE97B8D02E7D885E7A2C2D51730F54A04AEBC1821897C8041F15E216F1C973ED313087FA91A3FB
Malicious: false
Reputation: low
Copyright null 2020 Page 38 of 63
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\adsct[2].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\bg_grocery-1.0.3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1125x2000, frames 3
Size (bytes): 155855
Entropy (8bit): 7.883463608349721
Encrypted: false
MD5: BEC0E28263D63E1489D9E67C4FEEA345
SHA1: 7B25290D180B8D0674F734F6F90E3803E613BC73
SHA-256: 09FC72E75C6B1F5556074F9DCEA247A6D35BA41CD5D818E11DD663F0A81DF473
SHA-512: DA7D8050E545F24858CDC664083CA6DCFD4DA794FD3FAC1BFE5D317697FD1116EB243ABB1D1DA8EB1D6E1B717CF93DEA7BFFE98CDE0B2BB2398208CBEC917121
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/bg_grocery-1.0.3.jpg
Preview:......Exif..II*.................Ducky.......-.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:853E589FCB6B11E99835B10FE7EFEA60" xmpMM:DocumentID="xmp.did:853E58A0CB6B11E99835B10FE7EFEA60"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CD6893A6CB6A11E99835B10FE7EFEA60" stRef:documentID="xmp.did:853E589ECB6B11E99835B10FE7EFEA60"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d....................................................... ..,+++,1111111111............................................!!..!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\bundle[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 668272
Entropy (8bit): 6.091374670434488
Encrypted: false
MD5: 8443506E8389805172CA3B6EE7F285BF
SHA1: 7D033D696C1E104A0FC0AE327B626D5690683166
SHA-256: D45C39CAB1E4EE5FC855915482E6E8CEF1D73077A0BBEF15659456A33451A55C
SHA-512: 0AA7ACA80A372F6AE377247AE11913F1BF15784257F9EADC331FFC28586C6EC43FDA4B47CC362299BF954CB5BF8381EFA3189A51552D2B98C607BA8871E30D23
Malicious: false
Reputation: low
IE Cache URL: https://overview.mail.yahoo.com/assets/bundle.css
Preview:@font-face{font-family:Zooja;src:url(/assets/Zooja.woff) format("woff")}@font-face{font-family:YahooSans-Light;src:url(data:application/font-woff;base64,d09GRk9UVE8AALwwAA0AAAACGAQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABDRkYgAABCcAAAUBoAAHW3uGQcH0ZGVE0AALwUAAAAGwAAAByBjYzBR0RFRgAAkowAAAA+AAAAQgeJCP1HUE9TAACXpAAAINUAAJca7kj6J0dTVUIAAJLMAAAE1QAAEeqVBV3/T1MvMgAAAZQAAABKAAAAYF5ZbDxjbWFwAABAAAAAAloAAANmoG99j2hlYWQAAAEwAAAANgAAADYOjZp3aGhlYQAAAWgAAAAhAAAAJAeKBMtobXR4AAC4fAAAA5UAAAcif/pWHG1heHAAAAGMAAAABgAAAAYBzFAAbmFtZQAAAeAAAD4eAADslwAh4Rlwb3N0AABCXAAAABMAAAAg/4YAMgABAAAAAQBBFGwb/V8PPPUACwPoAAAAANXTB/cAAAAA1eBNyP8h/xUEmgR9AAAACAACAAAAAAAAeJxjYGRgYD7zX4mBgeXgf8X/SiyzGIAiyIDxKACOgQZdAAAAAABQAAHMAAB4nGNgYfzDqMPAysDC1MUUwcDA4A2hGeMYjBgtGFABOzLH2d/Xl7GBQeE3C/OZ/0oMDMxnGO4pMDBMBskxcTAdZFAAQh4AE68MVQAAeJzFfUuP40iaGHt6dmdn3wusgTUMGHQtsJ1lqLIeMz09PXUZVaayStiszBxJWb11pCgqk5MUqSGpzNb8AF8M+G5gfTVgwEcfffDNBwP+Cf4BY58M3+3vEV+8GJSU1b3rKfQkJZIRX3zvV4SiKIo/+1fRZxH/70l0pq4/i/48+tfq+gfRj6L/qK4/j/5Z9L/U9Q+jv/rsF+r696L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\combo[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 984
Entropy (8bit): 4.974925603835297
Encrypted: false
MD5: 2A37E9B630F5CFCC834461C41B51DA08
SHA1: F0F27228BD629F3C4C67FB535C5FB57AB261E3A3
SHA-256: 29FA55CE405C6B1DD2F88E91F7EB9C20402369F62E54A57CE604EC0F3AE60024
SHA-512: B8E4D6BA206BCAADB7291F7FE0EF8CCFCAACDFFE1A6C86688235920F1D7C56067F0707BAC5CC0D378BE12A672A9F1457C76DF5495EB91B20EBE61955054207D8
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/zz/combo?ge/oath/policies/fonts/font_awesome_min_v1.1.css
Preview:@font-face{font-family:'FontAwesome';src:url("https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.eot?v=4.4.0");src:url("https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.eot?#iefix&v=4.4.0") format('embedded-opentype'),url("https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.woff2?v=4.4.0") format('woff2'),url("https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.woff?v=4.4.0") format('woff'),url("../fonts/fontawesome-webfont.ttf?v=4.4.0") format('truetype'),url("https://s.yimg.com/ge/oath/policies/fonts/fontawesome-webfont.svg?v=4.4.0#fontawesomeregular") format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angle-down:before{content:"\f107"}
Copyright null 2020 Page 39 of 63
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\fg-swipe-1.0.0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x873, frames 3
Size (bytes): 69982
Entropy (8bit): 7.949251821862337
Encrypted: false
MD5: 6B2EFE3F2C27AC43EFFB859F51F868C8
SHA1: 3FF8715EB94A60B2B2714B40C2D3C2B1A1F992D0
SHA-256: F404BABF5D6E32A6F3D4725A97795F66B2502894B1DB7CDFE352758DA540973C
SHA-512: BF6E9DC81A6F538DEB172117C3C7DCF30E4D1050A7B76F032A2C92EBA319FEF9469ECA6C33A1ECC0FEE3153CC277AE0329E6EE2DC6C1D1EFEFDE87A0F8DE1DFC
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/images/fg-swipe-1.0.0.jpg
Preview:......JFIF.............C...........................".##!. %*5-%'2( .?/279<<<$-BFA:F5;<9...C...........9& &99999999999999999999999999999999999999999999999999......i.e......................................................................................>......E.E&@RR. (2X...H.BB..*ehH.*...4D.YjE...U.J.@..!IP. ...........K.. Ih.(B.5.........([email protected]@E.f.E,B.Z......u.)....%B... .)H.R..%X.....K.JHT.P!h...b.B.T...........P..BV...$)[email protected]@..U..D...EX.%....5*.H....R.3P..B.%.P..(.ih..h."...f..B.!:.........$.I.R.... .!A.KAe.$.Fh.......[.p.JJ....b...T..E%X.....,@.V....Z.M...%#FJJ....*h.........%U.2............@@R..,-..[.E.R....Cq......".. .P.FJB....!h....2h.....Ql5......F..........h..($Z..@[l..!HP........[.P..Xh.J.X........K....]..J.........ZX...C%..aP..N.........Vj.@(Rh..U .%..L...2.... ).."..ee..aEA.P.2...(.....j!A.(HJ..R...@...@R%2..4.*@h.)...........QlP..Zi2.Kl..*.......+ .I.[&. ...*.E*J..i!.I.,....(... (TD..H)...4...AHC(. ]&M,.N..........[K..A.....U..).R.4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\handPop[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2590
Entropy (8bit): 4.198396495341236
Encrypted: false
MD5: 3DC5D0231C0CC548E8F218869042D398
SHA1: 493A702714B47537479FD29F2FA7D821A3BAEC2D
SHA-256: 33F398EB5992CA123AD52D08E785803193EAB2CBECC9052C760B70E7D8FBCC22
SHA-512: 3EC5E3C5917DFFC03D97DA0CD3369B20842873CE56ED2CF4A0189431568C89B03DB22D520BD929063EC4C26FA5B6A0E1AF8B0ABBF5B6B2B436804E37B9DA0F16
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/handPop.json
Preview:{"v":"5.5.9","fr":30,"ip":0,"op":6,"w":1920,"h":1080,"nm":"handPop","ddd":0,"assets":[{"id":"image_0","w":1920,"h":1080,"u":"images/","p":"img_0.png","e":0},{"id":"image_1","w":1920,"h":1080,"u":"images/","p":"img_1.png","e":0},{"id":"image_2","w":1920,"h":1080,"u":"images/","p":"img_2.png","e":0},{"id":"image_3","w":1920,"h":1080,"u":"images/","p":"img_3.png","e":0},{"id":"image_4","w":1920,"h":1080,"u":"images/","p":"img_4.png","e":0},{"id":"image_5","w":1920,"h":1080,"u":"images/","p":"img_5.png","e":0},{"id":"image_6","w":1920,"h":1080,"u":"images/","p":"img_6.png","e":0}],"layers":[{"ddd":0,"ind":1,"ty":2,"nm":"img_0.png","cl":"png","refId":"image_0","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[1380,600,0],"ix":2},"a":{"a":0,"k":[960,540,0],"ix":1},"s":{"a":0,"k":[110,110,100],"ix":6}},"ao":0,"ip":0,"op":1,"st":0,"bm":0},{"ddd":0,"ind":2,"ty":2,"nm":"img_1.png","cl":"png","refId":"image_1","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\icon-app-store-1.0.1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 564 x 168, 8-bit/color RGBA, non-interlaced
Size (bytes): 3049
Entropy (8bit): 7.780742507385221
Encrypted: false
MD5: B04C0C4B4B551164E437452B27F27BD2
SHA1: 5E1478BDC2C8C07282669A65316A654D1BA24FEA
SHA-256: 0E998E7F75836F45CAF028E5209069E4323210E6BFD20E4AC4389EAC92896EF7
SHA-512: 54B4EE1B5D9CD422B05ADDA274711F382A31C15D56F17F14007378CDAC32C8D8B30B658E5194F36F5382AAB7155E4E1F536B2A1C9B54A3E61D42E742E45B3F4B
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/icon-app-store-1.0.1.png
Preview:.PNG........IHDR...4...........t.....pHYs...#...#.x.?v....IDATx.....:...2.?Y..]..<L0..`d.K..VD..C.!....f.^._.....l.......O....4B...)[email protected]..."..K............I.K.....`T.).*.a....j.G7...!.<.4.IG..."[email protected]...@.@.....~.........c... =....h..........h.........y\[email protected]........|.I.A.........}.L..3........Y./%.,.y..\[email protected].."....KN..OB..p.....,...w..'.t...z..!c5...v[o;J...e..+..gk....Z+...2$.5..i...?{........t..mO...H.W...[].W...0&z..\rJ4..w?F;.....}.z.....z=.......e.....4..Y`\_......y..f"..c...^.....&.r.....Q3........m.v....c....+..+.Y....&.#}...O..9;....l... <j,...g.r.oG.[:z.q...6.}..[...3.Zc.-.<.k|.gh9C. ..w...H.N0.'.g.k.qs.^.g&Z.....G.tf>[email protected].}.-.F[...w.W.3.a.g.1..3q.I.!q..N>......1...-.Ojp....H.o..q}t......L&...:....&K...$....Y..=4.(....z...*.W}.5 .gh.2..A.PT....J. [email protected]...>j'.........4.Nn...B....}...C..:}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\icon-google-app-1.0.2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 564 x 168, 8-bit/color RGBA, non-interlaced
Size (bytes): 16858
Entropy (8bit): 7.9636360504079375
Encrypted: false
MD5: DF026781990932F5AC455CF4DD82523C
Copyright null 2020 Page 40 of 63
SHA1: A3FB92489C6B3EC3D0CB35AD030B4B1D19E95960
SHA-256: 4DB47198CA423F2791F74CE11FED32FD6BE6B506FA8EC5FD425108A0A36205C3
SHA-512: F8E3C8F2E91DC6E96C9388C66639AD0C6433AC0E776A930C0DBAF0AF9435AA5F671884DDDCAF100BB1E8342BDA7C15C30416C68039AEFF12044F8FD525B41959
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/wm/bcg/norrin/images/icon-google-app-1.0.2.png
Preview:.PNG........IHDR...4...........t.....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..([email protected]..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\icon-google-app-1.0.2[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\img_1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 33328
Entropy (8bit): 7.870906795210602
Encrypted: false
MD5: 190C30E09D7D78CB2E7F0CE2F6E370FC
SHA1: BA3E948F39FE150F842DCCDFC9E0080D9628AD0B
SHA-256: A72961E58AC9C6B4030A61EA22DADDDECA00F39570EFB3659DA06EC646CA306A
SHA-512: 2D053CFDA6377A42206BABA43FC995ECD84BF0A7F041B4DF72D5D22B30723FBB4DA5DFB2C28D834216FCB410E3CF2C11F4006BA4DB864141F8FF46E90A300C09
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_1.png
Preview:.PNG........IHDR.......8.......1q....PLTE..................[[[jjf`__ddfpmm^^_ecaeba49?DDH[ZZ|{|q\.NPTkifkhg`n.=AE7:@FLO.~~.gP{yw9;>...DGK...t_...y........i.....~..!~\.......~\.{].............}].........................".._^]^[Y...(..ZXW...ca^|a................ba`.............../..&..}m^]]\WVVTRR...zjZ......ieclhe4"..~|....tgqqqmnpueU4%..pbedb...:'.+ .p`P.znubOvvugkotst..{..~.wj...zxw.."%%&ygTggh=,.}{y&..&).:63/--O.....zoe...||}@>>ug[...p]JF/.IECiZLdTEIKOI..-16......SMH.{w47;.........aej}.....}uo]K9plj........-%.......RA2G5$...laW........LRZ?EN.."......sx~.x....W\f...E...........uY...3:H...../....j......_........;0i...%&B..VC.K=...uaJ.....t.........r............u........EQk...ll..W........./tRNS......*<.iR...G......v\.y...{....>.......hg.......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8........m.UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUa...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\img_2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
Size (bytes): 34775
Entropy (8bit): 7.899043118936262
Encrypted: false
MD5: 3846B414FB6249AE0DA108E33E117215
SHA1: 93C85F2851E69EA3BC4C116D1729301F40BB5754
SHA-256: 8E0ED9D209B6D4A18972F232598DDCA135B66135DAA25112712C6052E6994365
SHA-512: C02858C65ABB97C733F3B02B619919DA4950533D43911DF651FB3A3B7366857909634720C290796E11AB5052A4A847B09E9DC2C383468EA55D5D0584663386CB
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/cv/apiv2/default/bcg/norrin/animation/boom/2/images/img_2.png
Preview:.PNG........IHDR.......8.......1q....PLTE...vvv......@@@..1............555"%%......e`[dbb_[YVVZ?=AxY.{wwa`_;:HJJNsqqVE.rW.A?=H8.bJ....eO.--9..........}^.....[..........^[X...b^Zgb^....sW.jK.oP..}{b.QLHC?<.....w[...\XS..."..(.....VRN...YURJFBN7!Q;&......3+$.oS...+*)...^..kf`S..Y.......mmoO.....+".......bE10/......)&"@93.gN:4....!"#876...|xt.|xK...kU...oid}bJ.tS...fgiG..[B+usq.y].........|..6$.......{.`G.......v{]@..p......F3!......uoj........tb[T..e..vuU8.....m..%...y}...~@,..kU.eL[`g^I5.....n.i.....u_.w\OA4pu{.}f.|eeiq..^.....e4:E......._>..qYE....p...GMWhR@QW^?DM(-=.......$2...y..iK2...{k.u..ra..............X<...ycS..............O..g.....A:{.t......0/^...bk...s......bc...(Ml.....lL.....@x...$tRNS.....C..q.+Z..b.....>..............G......IDATx................................w................................................... ..FPUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU...@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.=8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\ns[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Size (bytes): 1573
Entropy (8bit): 5.391377103494767
Encrypted: false
MD5: 0CD8FB7B17569EFD16340FB678DB573C
SHA1: 5C878CA0DAB1BD533AB9A781F9CCEC3921871803
SHA-256: EC0204FB8D314A141EA80E6BACBB0048C387CD845D723F80A98C7CBA0C74155F
SHA-512: 1603F0DDA3367B163F7528585FE095A0EB6AC5020410D95FE1C074CC2A1000377F3F8FAE9C78944E7DCC3F7CFE9817D0AD2CA069BDBA9DD28167E43F90F8465B
Malicious: false
Reputation: low
Copyright null 2020 Page 41 of 63
Preview:<!DOCTYPE html>...<html lang=en>.<head>. <meta charset=utf-8>. <title>ns</title>.</head>.<body>. .. .. . .. .. .. .. .. .. .. .. .. .. .. .. .. .. ...............<iframe src="//9513459.fls.doubleclick.net/activityi;src=9513459;type=ym6;cat=ym6lp;ord=517367889;~oref=https%3A%2F%2Foverview.mail.yahoo.com%2F%3F.src%3DiOS?". width="1" height="1" frameborder="0" style="display:none"></iframe>.............................<div style="display:inline;">. <img height="1" width="1" style="border-style:none;" alt="". src="//www.googleadservices.com/pagead/conversion/750142956/?value=&label=kfoXCNuS0a4BEOyL2eUC&url=https%3A%2F%2Foverview.mail.yahoo.com%2F%3F.src%3DiOS&guid=ON&script=0"/>.</div>................................<img src="https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10076255&conv_type=pageview&page_cat=ym6lp&page_name=Ym6>mcb=517367889"/>..<img src="//beacon.krxd.net/usermatch.gif?partner=yahoo_hguid&partner_uid=%25pu1=!;>mcb=51736
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\ns[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\oath-icons[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 2192
Entropy (8bit): 4.889161523352531
Encrypted: false
MD5: 1171F321791C5DC2226EB8AA5C37D245
SHA1: B5266A99577F95925AF558196BEBAEFB6B3C0426
SHA-256: 6B402A0DD9412C0C0B25EA3DFB52197447801DE0F4320588C73AD3601E483890
SHA-512: 252C2ED23C5F4898257ED3282FE73AF5255CB7C9D8ADCBA627C79F3411CEC2E3E625441F7B550E87DF9DC1ED57145143BD1B4A72D5E7A2F01020AF3C62ACB1DD
Malicious: false
Reputation: low
Preview:/*. Icon Font: oath-icons.*/..@font-face {. font-family: "oath-icons";. src: url("./oath-icons.eot");. src: url("./oath-icons.eot?#iefix") format("embedded-opentype"),. url("./oath-icons.woff2") format("woff2"),. url("./oath-icons.woff") format("woff"),. url("./oath-icons.ttf") format("truetype"),. url("./oath-icons.svg#oath-icons") format("svg");. font-weight: normal;. font-style: normal;.}..@media screen and (-webkit-min-device-pixel-ratio:0) {. @font-face {. font-family: "oath-icons";. src: url("./oath-icons.svg#oath-icons") format("svg");. }.}..[data-icon]:before { content: attr(data-icon); }..[data-icon]:before,..arrow-circle-down:before,..arrow-circle-left:before,..arrow-circle-right:before,..arrow-circle-up:before,..checkbox-checked:before,..chevron-down:before,..chevron-left:before,..chevron-right:before,..chevron-up:before,..copyright:before,..dots:before,..global-principles:before,..gov-data:before,..gov-removal:before,..other-resources:b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\policies[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 13591
Entropy (8bit): 5.155665227116514
Encrypted: false
MD5: 6119A46C1C10EF0720AFD8C87F652C0B
SHA1: F11A9F1DFEE2CEC9DE2E28E099A343CE9215EB61
SHA-256: 405E66844F131105231DFD9E559361DE8D2016DB4E78344255D909B980A29464
SHA-512: AF08D0C3471CBA4C4E808F7061A41C86EF04B7008DC9A79B968649491F761E6DCBB7A9AA4EE4FEE2AF854323D9AE593EC16ABFC0F002C3C5BA48EED1FD637B7F
Malicious: false
Reputation: low
IE Cache URL: https://www.verizonmedia.com/policies/
Preview:<!DOCTYPE html>.<html>. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=Edge">. <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0">. <title>Verizon Media Terms International | Verizon Media Policies</title>. <meta name="description" content="Verizon Media Terms International | Verizon Media Policies">. <meta name="keywords" content="">.. <link rel="apple-touch-icon" sizes="180x180" href="https://s.yimg.com/cv/apiv2/vzm/sites/fav/favicon.ico">. <link rel="icon" type="image/png" sizes="32x32" href="https://s.yimg.com/cv/apiv2/vzm/sites/fav/favicon.ico">. <link rel="icon" type="image/png" sizes="16x16" href="https://s.yimg.com/cv/apiv2/vzm/sites/fav/favicon.ico">. <link rel="manifest" href="/js/manifest.json">. <link rel="mask-icon" href="https://s.yimg.com/ge/toc/assets/safari-pinned-tab.svg" color="#000000">. -->. <meta name
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\rapid-3.41.3[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 45852
Entropy (8bit): 5.422868592717903
Encrypted: false
MD5: C19EEAC64B6DAB6DEF012D3FC92A9B18
SHA1: B3E0EFC9D171B8790F773FDFCD4FAB8F9E4028D8
SHA-256: D1A98E7B54EEAC4A1D26CE1BE3BF0609AB182860466A0149C37A838D243EE9E6
SHA-512: 68A2F2836CBA575BBCB05A7B9BA33C6D8109466E1B548D65BD8039F588FCB7C604676B53A6CEFBCAF2FD7CF1D61B84310227FC5258981F7115DA2F6CDD82DDE3
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ss/rapid-3.41.3.js
Copyright null 2020 Page 42 of 63
Static File Info
No static file info
Preview:"undefined"!=typeof YAHOO&&YAHOO||(YAHOO={}),YAHOO.i13n=YAHOO.i13n||{},YAHOO.i13n.EventTypes=function(){function e(e,t,n){this.yqlid=e,this.eventName=t,this.spaceidPrefix=n}var t="richview",n="contentmodification";e.prototype={getYQLID:function(){return this.yqlid},getEventName:function(){return this.eventName}};var r={pageview:new e("pv","pageview",""),simple:new e("lv","event","P"),linkview:new e("lv","linkview","P"),richview:new e(t,t,"R"),contentmodification:new e(t,n,"R"),dwell:new e("lv","dwell","D")};return{getEventByName:function(e){return r[e]}}}(),YAHOO.i13n.Rapid=function(e){function t(){}function n(e){this.map={},this.count=0,e&&this.absorb(e)}function r(){this.map={},this.count=0}function i(e,t){if(!e)return null;null===t&&(t=!1);var n=new r,i=B.getAttribute(e,B.data_action_outcome);i&&n.set("outcm",i);var o=B.getAttribute(e,"data-ylk");if(null===o||0===o.length)return n;for(var a=o.split(B.ylk_pair_delim),s=0,l=a.length;s<l;s++){var c=a[s].split(B.ylk_kv_delim);if(2===c.l
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\rapid-3.41.3[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\rapid-3.42.3[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 44781
Entropy (8bit): 5.408416750710698
Encrypted: false
MD5: 3BA4CBA3F1DCCAE192E31FC328C81AD7
SHA1: 0FB0155EE6B322CCC07EC7D6FB8CCF998FC837CA
SHA-256: BB527720CD83AFEB93794DC181DFF4B79B11D55FA1CC809424F6F44FB2DA1C1F
SHA-512: 488AFEFC851B203A55B2652DB65B1A6728C898E829921A49CF7BC2C736EBA6F3594A04C24E976084D1ADF180C6381B4C3D118129DB07F7A9FB4ECBBF6B7725EA
Malicious: false
Reputation: low
IE Cache URL: https://s.yimg.com/ss/rapid-3.42.3.js
Preview:"undefined"!=typeof YAHOO&&YAHOO||(YAHOO={}),YAHOO.i13n=YAHOO.i13n||{},YAHOO.i13n.EventTypes=function(){function e(e,t,n){this.yqlid=e,this.eventName=t,this.spaceidPrefix=n}e.prototype={getYQLID:function(){return this.yqlid},getEventName:function(){return this.eventName}};var t={pageview:new e("pv","pageview",""),simple:new e("lv","event","P"),linkview:new e("lv","linkview","P"),richview:new e("richview","richview","R"),contentmodification:new e("richview","contentmodification","R"),dwell:new e("lv","dwell","D")};return{getEventByName:function(e){return t[e]}}}(),YAHOO.i13n.Rapid=function(e){function t(){}function n(e){this.map={},this.count=0,e&&this.absorb(e)}function r(){this.map={},this.count=0}function i(e,t){if(!e)return null;null===t&&(t=!1);var n=new r,i=B.getAttribute(e,B.data_action_outcome);i&&n.set("outcm",i);var o=B.getAttribute(e,"data-ylk");if(null===o||0===o.length)return n;for(var a=o.split(B.ylk_pair_delim),s=0,l=a.length;s<l;s++){var c=a[s].split(B.ylk_kv_delim);if(2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\spp[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 215
Entropy (8bit): 3.366634665454505
Encrypted: false
MD5: C165377EF24F08802AAB7AEE46002727
SHA1: EFF667BE5C4D1563BE86D832D8543A93E696E6DA
SHA-256: 9DAC366C84C9215B06A87BB436B5A5E4ABA41674E0AE7AA6AF45895B83C75758
SHA-512: 577862CD9B429484F3720176C3233BF3D14398BC77E864AFE5C1A1451E2654CBCE8361A373ED0065937B223DC2E14FBECA3FA351E56C90974D9712A7067542DD
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T7L7U67X\spp[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 86
Entropy (8bit): 3.366634665454505
Encrypted: false
MD5: D3B00104CAE8F7C80D28CDC9A544D2BC
SHA1: F83FF1EFE8C51949381697E4121B62CE0F3F7EA2
SHA-256: C48B274A6A4FE921DC1ACEEA9056EED209AF3083B3B142F9E61C3F0D08775104
SHA-512: 97205DE31A4714E19414A3F41D80571C054AE0D0FC830B973862EDFAE3FBBE564631E987E459D2F0F1B73B108AF508D9EA274E348EC82BF369BC76CCC08E67FA
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;
Copyright null 2020 Page 43 of 63
Network Port Distribution
Total Packets: 83
• 53 (DNS)
• 443 (HTTPS)
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Jun 11, 2020 20:28:47.688894033 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.689069986 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.739069939 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.739176989 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.740852118 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.740942001 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.751995087 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.752212048 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.801969051 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802088976 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802129030 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802139997 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802149057 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802175999 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.802182913 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.802306890 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.804054976 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804275036 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804305077 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804316998 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804347992 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804359913 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.804394960 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.804449081 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.852377892 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.853204966 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.860500097 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.861139059 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.861321926 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.903327942 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.903476954 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.903501034 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.903520107 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.903527975 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.903639078 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.904419899 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.904445887 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.904464960 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.904515982 CEST 49707 443 192.168.2.7 87.248.100.137
TCP Packets
Copyright null 2020 Page 44 of 63
Jun 11, 2020 20:28:47.904608965 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.911073923 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.911300898 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.912419081 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.912533998 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.913357019 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.913395882 CEST 49706 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.952572107 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.965282917 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996684074 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996783972 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.996840954 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996853113 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996860981 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996870995 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996882915 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:47.996900082 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:47.996999025 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.003206968 CEST 443 49706 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.146878004 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.167666912 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.167865038 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.207679987 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.208414078 CEST 49709 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.219604969 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.239080906 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.239209890 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.239444971 CEST 443 49709 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.239518881 CEST 49709 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.255269051 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.259526014 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.263822079 CEST 49709 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.282763958 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.282824993 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.282953024 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.283457994 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283502102 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283531904 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.283551931 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283570051 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283596039 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.283597946 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283613920 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283629894 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.283646107 CEST 443 49707 87.248.100.137 192.168.2.7
Jun 11, 2020 20:28:48.284038067 CEST 49707 443 192.168.2.7 87.248.100.137
Jun 11, 2020 20:28:48.286530972 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.286715031 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.286784887 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.286906004 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.286923885 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.286946058 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.286961079 CEST 443 49708 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.287003040 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.287079096 CEST 49708 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.294945002 CEST 443 49709 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.295161963 CEST 443 49709 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.295185089 CEST 443 49709 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.295331001 CEST 49709 443 192.168.2.7 87.248.118.22
Jun 11, 2020 20:28:48.295336008 CEST 443 49709 87.248.118.22 192.168.2.7
Jun 11, 2020 20:28:48.295352936 CEST 443 49709 87.248.118.22 192.168.2.7
Timestamp Source Port Dest Port Source IP Dest IP
UDP Packets
Copyright null 2020 Page 45 of 63
Timestamp Source Port Dest Port Source IP Dest IP
Jun 11, 2020 20:28:45.978240967 CEST 58576 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:46.012510061 CEST 53 58576 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:47.640068054 CEST 50284 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:47.672884941 CEST 53 50284 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:48.175576925 CEST 53412 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:48.200237036 CEST 53 53412 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.394067049 CEST 56689 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.434828043 CEST 53 56689 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.498544931 CEST 64966 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.538165092 CEST 53 64966 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.546503067 CEST 56768 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.579535007 CEST 53 56768 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.643232107 CEST 65024 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.667864084 CEST 53 65024 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.686654091 CEST 61712 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.688992023 CEST 49216 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.701764107 CEST 63664 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.711987972 CEST 58051 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.713495016 CEST 53 49216 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.719711065 CEST 53 61712 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.726376057 CEST 53 63664 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.742458105 CEST 52693 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.746268988 CEST 53 58051 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.751912117 CEST 52376 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.768585920 CEST 65179 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.775510073 CEST 53 52693 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.776575089 CEST 53 52376 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.809465885 CEST 53 65179 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.824785948 CEST 52202 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.835120916 CEST 59656 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:56.857868910 CEST 53 52202 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.876219034 CEST 53 59656 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:56.996334076 CEST 54329 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:57.021029949 CEST 53 54329 8.8.8.8 192.168.2.7
Jun 11, 2020 20:28:57.125219107 CEST 59769 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:28:57.149844885 CEST 53 59769 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:04.006002903 CEST 58699 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:04.040637016 CEST 53 58699 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:09.165565968 CEST 52232 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:09.190143108 CEST 53 52232 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:11.553945065 CEST 54435 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:11.555459976 CEST 51924 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:11.578558922 CEST 53 54435 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:11.588454962 CEST 53 51924 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:12.207933903 CEST 56132 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:12.232553959 CEST 53 56132 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:13.581065893 CEST 55809 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:13.615974903 CEST 53 55809 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:15.973272085 CEST 60810 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:16.013027906 CEST 53 60810 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:16.194961071 CEST 59792 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:16.228184938 CEST 53 59792 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:16.381759882 CEST 62210 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:16.418180943 CEST 53 62210 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:16.946553946 CEST 49388 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:16.971254110 CEST 60810 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:16.979609013 CEST 53 49388 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:16.995866060 CEST 53 60810 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:16.997251034 CEST 58650 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:17.021883965 CEST 53 58650 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:18.333405972 CEST 58650 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:18.358098984 CEST 53 58650 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:19.216600895 CEST 60810 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:19.252012968 CEST 53 60810 8.8.8.8 192.168.2.7
Copyright null 2020 Page 46 of 63
Jun 11, 2020 20:29:19.331933975 CEST 58650 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:19.364918947 CEST 53 58650 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:19.826663971 CEST 61888 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:19.859816074 CEST 53 61888 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:20.737216949 CEST 53317 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:20.770145893 CEST 53 53317 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:21.221065044 CEST 60810 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:21.245748997 CEST 53 60810 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:21.339787006 CEST 58650 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:21.364520073 CEST 53 58650 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:25.271497965 CEST 60810 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:25.296231031 CEST 53 60810 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:25.377881050 CEST 58650 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:25.402565002 CEST 53 58650 8.8.8.8 192.168.2.7
Jun 11, 2020 20:29:29.921474934 CEST 52838 53 192.168.2.7 8.8.8.8
Jun 11, 2020 20:29:29.946114063 CEST 53 52838 8.8.8.8 192.168.2.7
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jun 11, 2020 20:28:47.640068054 CEST 192.168.2.7 8.8.8.8 0xaa0f Standard query (0)
overview.mail.yahoo.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:48.175576925 CEST 192.168.2.7 8.8.8.8 0x2665 Standard query (0)
s.yimg.com A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.394067049 CEST 192.168.2.7 8.8.8.8 0x390 Standard query (0)
6589630.fls.doubleclick.net
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.498544931 CEST 192.168.2.7 8.8.8.8 0x2291 Standard query (0)
geo.query.yahoo.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.688992023 CEST 192.168.2.7 8.8.8.8 0xa79c Standard query (0)
sp.analytics.yahoo.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.701764107 CEST 192.168.2.7 8.8.8.8 0x9382 Standard query (0)
beacon.krxd.net A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.711987972 CEST 192.168.2.7 8.8.8.8 0x8535 Standard query (0)
www.facebook.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.742458105 CEST 192.168.2.7 8.8.8.8 0x1437 Standard query (0)
analytics.twitter.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.751912117 CEST 192.168.2.7 8.8.8.8 0x5348 Standard query (0)
t.co A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.768585920 CEST 192.168.2.7 8.8.8.8 0x7548 Standard query (0)
9513459.fls.doubleclick.net
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.824785948 CEST 192.168.2.7 8.8.8.8 0x305 Standard query (0)
googleads.g.doubleclick.net
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.835120916 CEST 192.168.2.7 8.8.8.8 0xe62d Standard query (0)
adservice.google.co.uk
A (IP address) IN (0x0001)
Jun 11, 2020 20:28:57.125219107 CEST 192.168.2.7 8.8.8.8 0x90fb Standard query (0)
www.google.co.uk
A (IP address) IN (0x0001)
Jun 11, 2020 20:29:09.165565968 CEST 192.168.2.7 8.8.8.8 0x1a46 Standard query (0)
s.yimg.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:11.553945065 CEST 192.168.2.7 8.8.8.8 0x4d81 Standard query (0)
mail.yahoo.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:11.555459976 CEST 192.168.2.7 8.8.8.8 0x61b5 Standard query (0)
geo.yahoo.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:12.207933903 CEST 192.168.2.7 8.8.8.8 0x8586 Standard query (0)
udc.yahoo.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.581065893 CEST 192.168.2.7 8.8.8.8 0xdf5b Standard query (0)
mail.onelink.me A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.194961071 CEST 192.168.2.7 8.8.8.8 0xe3b1 Standard query (0)
policies.oath.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.381759882 CEST 192.168.2.7 8.8.8.8 0xacf7 Standard query (0)
verizonmedia.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.946553946 CEST 192.168.2.7 8.8.8.8 0x5ede Standard query (0)
www.verizonmedia.com
A (IP address) IN (0x0001)
Jun 11, 2020 20:29:19.826663971 CEST 192.168.2.7 8.8.8.8 0x7633 Standard query (0)
ganon.yahoo.com A (IP address) IN (0x0001)
Jun 11, 2020 20:29:20.737216949 CEST 192.168.2.7 8.8.8.8 0xdcc7 Standard query (0)
info.yahoo.com A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright null 2020 Page 47 of 63
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Jun 11, 2020 20:28:47.672884941 CEST
8.8.8.8 192.168.2.7 0xaa0f No error (0) overview.mail.yahoo.com
ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:47.672884941 CEST
8.8.8.8 192.168.2.7 0xaa0f No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.137 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:47.672884941 CEST
8.8.8.8 192.168.2.7 0xaa0f No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.136 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:48.200237036 CEST
8.8.8.8 192.168.2.7 0x2665 No error (0) s.yimg.com edge.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:48.200237036 CEST
8.8.8.8 192.168.2.7 0x2665 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.22 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:48.200237036 CEST
8.8.8.8 192.168.2.7 0x2665 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.23 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.434828043 CEST
8.8.8.8 192.168.2.7 0x390 No error (0) 6589630.fls.doubleclick.net
dart.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.434828043 CEST
8.8.8.8 192.168.2.7 0x390 No error (0) dart.l.doubleclick.net
216.58.206.6 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.538165092 CEST
8.8.8.8 192.168.2.7 0x2291 No error (0) geo.query.yahoo.com
ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.538165092 CEST
8.8.8.8 192.168.2.7 0x2291 No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.137 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.538165092 CEST
8.8.8.8 192.168.2.7 0x2291 No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.136 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.667864084 CEST
8.8.8.8 192.168.2.7 0x879f No error (0) pagead46.l.doubleclick.net
172.217.23.98 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.713495016 CEST
8.8.8.8 192.168.2.7 0xa79c No error (0) sp.analytics.yahoo.com
spdc-global.pbp.gysm.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.713495016 CEST
8.8.8.8 192.168.2.7 0xa79c No error (0) spdc-global.pbp.gysm.yahoodns.net
212.82.100.181 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.719711065 CEST
8.8.8.8 192.168.2.7 0x7993 No error (0) pagead.l.doubleclick.net
216.58.207.66 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) beacon.krxd.net beacon-dub-prod.krxd.net CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) beacon-dub-prod.krxd.net
prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
34.250.69.144 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
34.241.92.164 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
52.210.186.4 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
54.154.55.10 A (IP address) IN (0x0001)
Copyright null 2020 Page 48 of 63
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
54.72.105.230 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
54.72.249.200 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
52.19.136.94 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.726376057 CEST
8.8.8.8 192.168.2.7 0x9382 No error (0) prod-dub-beacon-1484770602.eu-west-1.elb.amazonaws.com
63.32.141.194 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.746268988 CEST
8.8.8.8 192.168.2.7 0x8535 No error (0) www.facebook.com
star-mini.c10r.facebook.com
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.746268988 CEST
8.8.8.8 192.168.2.7 0x8535 No error (0) star-mini.c10r.facebook.com
31.13.92.36 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) analytics.twitter.com
ads.twitter.com CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) ads.twitter.com s.twitter.com CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) s.twitter.com 104.244.42.195 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) s.twitter.com 104.244.42.131 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) s.twitter.com 104.244.42.3 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.775510073 CEST
8.8.8.8 192.168.2.7 0x1437 No error (0) s.twitter.com 104.244.42.67 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.776575089 CEST
8.8.8.8 192.168.2.7 0x5348 No error (0) t.co 104.244.42.197 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.776575089 CEST
8.8.8.8 192.168.2.7 0x5348 No error (0) t.co 104.244.42.5 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.776575089 CEST
8.8.8.8 192.168.2.7 0x5348 No error (0) t.co 104.244.42.69 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.776575089 CEST
8.8.8.8 192.168.2.7 0x5348 No error (0) t.co 104.244.42.133 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.809465885 CEST
8.8.8.8 192.168.2.7 0x7548 No error (0) 9513459.fls.doubleclick.net
dart.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.809465885 CEST
8.8.8.8 192.168.2.7 0x7548 No error (0) dart.l.doubleclick.net
216.58.206.6 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.857868910 CEST
8.8.8.8 192.168.2.7 0x305 No error (0) googleads.g.doubleclick.net
pagead46.l.doubleclick.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.857868910 CEST
8.8.8.8 192.168.2.7 0x305 No error (0) pagead46.l.doubleclick.net
216.58.208.34 A (IP address) IN (0x0001)
Jun 11, 2020 20:28:56.876219034 CEST
8.8.8.8 192.168.2.7 0xe62d No error (0) adservice.google.co.uk
pagead46.l.doubleclick.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:28:56.876219034 CEST
8.8.8.8 192.168.2.7 0xe62d No error (0) pagead46.l.doubleclick.net
216.58.205.226 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 49 of 63
Jun 11, 2020 20:28:57.149844885 CEST
8.8.8.8 192.168.2.7 0x90fb No error (0) www.google.co.uk
216.58.207.67 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:09.190143108 CEST
8.8.8.8 192.168.2.7 0x1a46 No error (0) s.yimg.com edge.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:09.190143108 CEST
8.8.8.8 192.168.2.7 0x1a46 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.23 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:09.190143108 CEST
8.8.8.8 192.168.2.7 0x1a46 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.22 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:11.578558922 CEST
8.8.8.8 192.168.2.7 0x4d81 No error (0) mail.yahoo.com edge.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:11.578558922 CEST
8.8.8.8 192.168.2.7 0x4d81 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.23 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:11.578558922 CEST
8.8.8.8 192.168.2.7 0x4d81 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.22 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:11.588454962 CEST
8.8.8.8 192.168.2.7 0x61b5 No error (0) geo.yahoo.com fam-geo-atsv2.prod.media.g03.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:11.588454962 CEST
8.8.8.8 192.168.2.7 0x61b5 No error (0) fam-geo-atsv2.prod.media.g03.yahoodns.net
188.125.72.139 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:12.232553959 CEST
8.8.8.8 192.168.2.7 0x8586 No error (0) udc.yahoo.com ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:12.232553959 CEST
8.8.8.8 192.168.2.7 0x8586 No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.137 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:12.232553959 CEST
8.8.8.8 192.168.2.7 0x8586 No error (0) ds-geoycpi-uno-lite.gycpi.b.yahoodns.net
87.248.100.136 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) mail.onelink.me onelink-1664648862.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
52.30.124.1 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
46.137.84.54 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
34.253.142.89 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
52.208.192.84 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
34.242.13.199 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
52.48.97.245 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
52.16.42.207 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:13.615974903 CEST
8.8.8.8 192.168.2.7 0xdf5b No error (0) onelink-1664648862.eu-west-1.elb.amazonaws.com
54.171.143.173 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 50 of 63
Jun 11, 2020 20:29:16.228184938 CEST
8.8.8.8 192.168.2.7 0xe3b1 No error (0) policies.oath.com
edge.gycpi.b.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:16.228184938 CEST
8.8.8.8 192.168.2.7 0xe3b1 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.22 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.228184938 CEST
8.8.8.8 192.168.2.7 0xe3b1 No error (0) edge.gycpi.b.yahoodns.net
87.248.118.23 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.418180943 CEST
8.8.8.8 192.168.2.7 0xacf7 No error (0) verizonmedia.com
98.136.103.26 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.418180943 CEST
8.8.8.8 192.168.2.7 0xacf7 No error (0) verizonmedia.com
106.10.248.153 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.418180943 CEST
8.8.8.8 192.168.2.7 0xacf7 No error (0) verizonmedia.com
124.108.115.103 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.418180943 CEST
8.8.8.8 192.168.2.7 0xacf7 No error (0) verizonmedia.com
74.6.136.153 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.418180943 CEST
8.8.8.8 192.168.2.7 0xacf7 No error (0) verizonmedia.com
212.82.100.153 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:16.979609013 CEST
8.8.8.8 192.168.2.7 0x5ede No error (0) www.verizonmedia.com
media-router1.prod.media.yahoo.com
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:16.979609013 CEST
8.8.8.8 192.168.2.7 0x5ede No error (0) media-router1.prod.media.yahoo.com
ds-oob-fo-media-router1.prod.media.g01.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:16.979609013 CEST
8.8.8.8 192.168.2.7 0x5ede No error (0) ds-oob-fo-media-router1.prod.media.g01.yahoodns.net
212.82.100.157 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:19.859816074 CEST
8.8.8.8 192.168.2.7 0x7633 No error (0) ganon.yahoo.com
fam-geo-atsv2.prod.media.g03.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:19.859816074 CEST
8.8.8.8 192.168.2.7 0x7633 No error (0) fam-geo-atsv2.prod.media.g03.yahoodns.net
188.125.72.139 A (IP address) IN (0x0001)
Jun 11, 2020 20:29:20.770145893 CEST
8.8.8.8 192.168.2.7 0xdcc7 No error (0) info.yahoo.com src1.yahoo.com CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:20.770145893 CEST
8.8.8.8 192.168.2.7 0xdcc7 No error (0) src1.yahoo.com src.san1.g01.yahoodns.net
CNAME (Canonical name)
IN (0x0001)
Jun 11, 2020 20:29:20.770145893 CEST
8.8.8.8 192.168.2.7 0xdcc7 No error (0) src.san1.g01.yahoodns.net
212.82.100.151 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
info.yahoo.com
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.7 49758 212.82.100.151 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Jun 11, 2020 20:29:20.828768015 CEST
8511 OUT GET /relevantads/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: info.yahoo.comConnection: Keep-AliveCookie: B=cm09ujtfe4tv8&b=3&s=sq
HTTP Request Dependency Graph
HTTP Packets
Copyright null 2020 Page 51 of 63
Jun 11, 2020 20:29:20.879968882 CEST
8512 IN HTTP/1.1 301 Moved PermanentlyDate: Thu, 11 Jun 2020 18:29:20 GMTP3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"Cache-Control: max-age=3600, publicLocation: https://www.verizonmedia.com/policies/Content-Length: 0Content-Type: text/html; charset=UTF-8Age: 0Connection: keep-aliveServer: ATSX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy: sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect
TimestampkBytestransferred Direction Data
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Jun 11, 2020 20:28:47.802175999 CEST
87.248.100.137 443 192.168.2.7 49706 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:47.804359913 CEST
87.248.100.137 443 192.168.2.7 49707 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:48.286961079 CEST
87.248.118.22 443 192.168.2.7 49708 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:48.295352936 CEST
87.248.118.22 443 192.168.2.7 49709 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
HTTPS Packets
Copyright null 2020 Page 52 of 63
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.483071089 CEST
216.58.206.6 443 192.168.2.7 49711 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:33 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:33 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.483294010 CEST
216.58.206.6 443 192.168.2.7 49710 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:33 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:33 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.647115946 CEST
87.248.100.137 443 192.168.2.7 49712 CN=sp.analytics.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sat May 09 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Nov 05 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.719880104 CEST
172.217.23.98 443 192.168.2.7 49716 CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:35:06 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:35:06 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.721354961 CEST
172.217.23.98 443 192.168.2.7 49715 CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:35:06 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:35:06 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 53 of 63
Jun 11, 2020 20:28:56.769371033 CEST
216.58.207.66 443 192.168.2.7 49720 CN=www.googleadservices.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:29:12 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:29:12 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.769591093 CEST
216.58.207.66 443 192.168.2.7 49719 CN=www.googleadservices.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:29:12 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:29:12 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.792145014 CEST
31.13.92.36 443 192.168.2.7 49724 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu May 14 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 05 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.792578936 CEST
31.13.92.36 443 192.168.2.7 49723 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu May 14 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 05 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.823445082 CEST
34.250.69.144 443 192.168.2.7 49722 CN=beacon.krxd.net, O="salesforce.com, inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Jan 30 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Sat Jan 30 13:00:00 CET 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 54 of 63
Jun 11, 2020 20:28:56.824345112 CEST
104.244.42.197 443 192.168.2.7 49726 CN=t.co, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.825270891 CEST
34.250.69.144 443 192.168.2.7 49721 CN=beacon.krxd.net, O="salesforce.com, inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Jan 30 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Sat Jan 30 13:00:00 CET 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Jun 11, 2020 20:28:56.825702906 CEST
104.244.42.197 443 192.168.2.7 49725 CN=t.co, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.826073885 CEST
104.244.42.195 443 192.168.2.7 49728 CN=*.twitter.com, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.826200962 CEST
104.244.42.195 443 192.168.2.7 49727 CN=*.twitter.com, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 55 of 63
Jun 11, 2020 20:28:56.832448959 CEST
212.82.100.181 443 192.168.2.7 49717 CN=*.analytics.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Mar 04 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 31 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.833560944 CEST
212.82.100.181 443 192.168.2.7 49718 CN=*.analytics.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Mar 04 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 31 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:28:56.884951115 CEST
216.58.206.6 443 192.168.2.7 49730 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:33 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:33 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.886291027 CEST
216.58.206.6 443 192.168.2.7 49729 CN=*.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:33 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:33 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.905859947 CEST
216.58.208.34 443 192.168.2.7 49732 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:36 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:36 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 56 of 63
Jun 11, 2020 20:28:56.906111002 CEST
216.58.208.34 443 192.168.2.7 49731 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:21:36 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:21:36 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.932888031 CEST
216.58.205.226 443 192.168.2.7 49734 CN=*.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed May 20 14:10:08 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Aug 12 14:10:08 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:56.933104992 CEST
216.58.205.226 443 192.168.2.7 49733 CN=*.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed May 20 14:10:08 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Aug 12 14:10:08 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:57.197442055 CEST
216.58.207.67 443 192.168.2.7 49738 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:29:11 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:29:11 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jun 11, 2020 20:28:57.198590040 CEST
216.58.207.67 443 192.168.2.7 49737 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue May 26 17:29:11 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Aug 18 17:29:11 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 57 of 63
Jun 11, 2020 20:29:09.259742975 CEST
87.248.118.23 443 192.168.2.7 49742 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0
37f463bf4616ecd445d4a1937da06e19
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:11.643434048 CEST
87.248.118.23 443 192.168.2.7 49744 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:11.643837929 CEST
87.248.118.23 443 192.168.2.7 49743 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:11.697812080 CEST
188.125.72.139 443 192.168.2.7 49745 CN=analytics.query.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 13 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 10 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:11.703336954 CEST
188.125.72.139 443 192.168.2.7 49746 CN=analytics.query.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 13 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 10 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 58 of 63
Jun 11, 2020 20:29:12.364165068 CEST
87.248.100.137 443 192.168.2.7 49747 CN=*.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 19 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Fri Jul 03 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:13.707820892 CEST
52.30.124.1 443 192.168.2.7 49749 CN=*.onelink.me CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun May 03 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Thu Jun 03 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jun 11, 2020 20:29:13.708892107 CEST
52.30.124.1 443 192.168.2.7 49748 CN=*.onelink.me CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun May 03 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Thu Jun 03 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 59 of 63
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jun 11, 2020 20:29:16.293118000 CEST
87.248.118.22 443 192.168.2.7 49750 CN=careers.oath.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon May 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sat Nov 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:16.295207977 CEST
87.248.118.22 443 192.168.2.7 49751 CN=careers.oath.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon May 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sat Nov 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:16.754354954 CEST
98.136.103.26 443 192.168.2.7 49752 CN=src5.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 26 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sun Nov 22 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:16.761147976 CEST
98.136.103.26 443 192.168.2.7 49753 CN=src5.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 26 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sun Nov 22 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:17.091510057 CEST
212.82.100.157 443 192.168.2.7 49754 CN=*.autos.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 26 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sun Nov 22 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 60 of 63
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
Jun 11, 2020 20:29:17.091937065 CEST
212.82.100.157 443 192.168.2.7 49755 CN=*.autos.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue May 26 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Sun Nov 22 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:19.971959114 CEST
188.125.72.139 443 192.168.2.7 49757 CN=analytics.query.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 13 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 10 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jun 11, 2020 20:29:19.973740101 CEST
188.125.72.139 443 192.168.2.7 49756 CN=analytics.query.yahoo.com, O=Oath Inc, L=Sunnyvale, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 13 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Mon Aug 10 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 61 of 63
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 20:28:45
Start date: 11/06/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff799410000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Start time: 20:28:46
Start date: 11/06/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5568 CREDAT:17410 /prefetch:2
Imagebase: 0x1c0000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 5568 Parent PID: 688Analysis Process: iexplore.exe PID: 5568 Parent PID: 688
General
Analysis Process: iexplore.exe PID: 5668 Parent PID: 5568Analysis Process: iexplore.exe PID: 5668 Parent PID: 5568
General
Copyright null 2020 Page 62 of 63
Disassembly
Registry ActivitiesRegistry Activities
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Copyright null 2020 Page 63 of 63