ID: 219320 Cookbook: browseurl.jbs Time: 00:06:44 Date: 01/04/2020 Version: 28.0.0 Lapis Lazuli Table of Contents
Table of Contents 2 Analysis Report http://ib.adnxs.com 4 Overview 4 General Information 4 Detection 5 Confidence 5 Classification Spiderchart 6 Analysis Advice 6 Mitre Att&ck Matrix 7 Signature Overview 7 Networking: 7 System Summary: 7 Malware Analysis System Evasion: 8 Malware Configuration 8 Behavior Graph 8 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 9 Unpacked PE Files 9 Domains 9 URLs 9 Yara Overview 10 Initial Sample 10 PCAP (Network Traffic) 10 Dropped Files 10 Memory Dumps 10 Unpacked PEs 10 Sigma Overview 10 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 JA3 Fingerprints 10 Dropped Files 11 Screenshots 11 Thumbnails 11 Startup 12 Created / dropped Files 12 Domains and IPs 41 Contacted Domains 41 Contacted URLs 41 URLs from Memory and Binaries 42 Contacted IPs 44 Public 44 Static File Info 45 No static file info 45 Network Behavior 45 Network Port Distribution 45 TCP Packets 45 UDP Packets 47 DNS Queries 49 DNS Answers 49 HTTP Request Dependency Graph 53 HTTP Packets 53 HTTPS Packets 54 Copyright Joe Security LLC 2020 Page 2 of 64 Code Manipulations 63 Statistics 63 Behavior 63 System Behavior 63 Analysis Process: iexplore.exe PID: 4776 Parent PID: 696 63 General 63 File Activities 63 Registry Activities 64 Analysis Process: iexplore.exe PID: 2872 Parent PID: 4776 64 General 64 File Activities 64 Registry Activities 64 Disassembly 64
Copyright Joe Security LLC 2020 Page 3 of 64 Analysis Report http://ib.adnxs.com
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 219320 Start date: 01.04.2020 Start time: 00:06:44 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 6m 35s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: ib.adnxs.com Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 8 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 1 Technologies: EGA enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/169@26/18 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.app nexus.com/en/error#main-content Browsing link: https://www.appnexus.com/ Browsing link: https://www.appnexus.com/careers Browsing link: https://www.app nexus.com/careers/life-at-appnexus Browsing link: https://www.app nexus.com/careers/teams Browsing link: https://www.app nexus.com/careers/getting-hired Browsing link: https://www.app nexus.com/careers/students Browsing link: https://xandr.att.jobs/search-jobs Browsing link: https://console.appnexus.com/login Browsing link: https://openadstream- eu1.247realmedia.com/oas/ Browsing link: https://openads tream17.247realmedia.com/oas/
Copyright Joe Security LLC 2020 Page 4 of 64 Warnings: Show All Exclude process from analysis (whitelisted): taskhostw.exe, dllhost.exe, consent.exe, ielowutil.exe, WMIADAP.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.66.21.99, 216.58.208.46, 172.217.18.10, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 104.22.78.135, 104.22.79.135, 2.20.218.118, 204.79.197.200, 13.107.21.200, 2.18.68.82, 92.122.215.65, 92.122.215.54, 23.10.249.67, 23.10.249.90, 2.20.142.2, 216.58.208.40, 152.199.19.161, 8.253.207.121, 8.253.207.120, 8.248.131.254, 67.27.157.254, 8.241.121.254, 205.185.216.10, 205.185.216.42, 67.27.158.126, 8.241.121.126, 67.27.159.254, 8.241.122.126, 67.27.158.254, 67.27.157.126, 8.253.95.120, 8.241.122.254 Excluded domains from analysis (whitelisted): e11697.x.akamaiedge.net, www.xandr.jobs.edgekey.net, www.googleadservices.com, e11697.dscx.akamaiedge.net, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, adservice.google.com, tbcdn.talentbrew.com-v1.edgekey.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, prod- www.zr-att.com.akadns.net, e25441.f.akamaiedge.net, www.googletagmanager.com, e24999.f.akamaiedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, bat.bing.com, auto.au.download.windowsupdate.com.c.footprint.n et, www.xandr.com.cdn.cloudflare.net, prod.fs.microsoft.com.akadns.net, xandr.att.jobs.edgekey.net, e37551.b.akamaiedge.net, www.google- analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google- analytics.l.google.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, www- googletagmanager.l.google.com, f4.shared.global.fastly.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, bat-bing-com.a-0001.a- msedge.net, www.att.com.edgekey.net, i.xandr.com.cdn.cloudflare.net, go.microsoft.com.edgekey.net, smetrics.att.com.edgekey.net, cs9.wpc.v0cdn.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 0 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Copyright Joe Security LLC 2020 Page 5 of 64 Strategy Score Range Further Analysis Required? Confidence
Threshold 4 0 - 5 false
Classification Spiderchart
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Copyright Joe Security LLC 2020 Page 6 of 64 Mitre Att&ck Matrix
Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Valid Graphical User Winlogon Process Masquerading 1 Credential Security Remote File Data from Data Standard Eavesdrop on Remotely Accounts Interface 2 Helper DLL Injection 1 Dumping Software Copy 1 Local Compressed Cryptographic Insecure Track Device Discovery 1 System Protocol 2 Network Without Communication Authorization Replication Service Port Accessibility Process Network File and Remote Data from Exfiltration Standard Exploit SS7 to Remotely Through Execution Monitors Features Injection 1 Sniffing Directory Services Removable Over Other Non- Redirect Phone Wipe Data Removable Discovery 1 Media Network Application Calls/SMS Without Media Medium Layer Authorization Protocol 2 External Windows Accessibility Path Rootkit Input Query Windows Data from Automated Standard Exploit SS7 to Obtain Remote Management Features Interception Capture Registry Remote Network Exfiltration Application Track Device Device Services Instrumentation Management Shared Layer Location Cloud Drive Protocol 3 Backups Drive-by Scheduled System DLL Search Obfuscated Files Credentials System Logon Input Data Remote File SIM Card Compromise Task Firmware Order or Information in Files Network Scripts Capture Encrypted Copy 1 Swap Hijacking Configuration Discovery
Signature Overview
• Networking • System Summary • Malware Analysis System Evasion
Click to jump to signature section
Networking:
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Binary contains paths to development resources
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found GUI installer (many successful clicks)
Copyright Joe Security LLC 2020 Page 7 of 64 Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Malware Analysis System Evasion:
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)
Malware Configuration
No configs have been found
Behavior Graph
Hide Legend Behavior Graph Legend:
ID: 219320 Process
URL: http://ib.adnxs.com Signature Startdate: 01/04/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped
Is Windows Process
Number of created Registry Values
www.appnexus.com live-appnexus.pantheonsite.io fe2.edge.pantheon.io started Number of created Files
Visual Basic
Delphi
Java iexplore.exe .Net C# or VB.NET
C, C++ or other language 4 88 Is malicious
Internet started
iexplore.exe
6 193
ab13.mktoedge.com cookie-cdn.cookiepro.com
104.16.95.80, 443, 49753, 49754 104.20.184.45, 443, 49766, 49767 44 other IPs or domains unknown unknown United States United States
Simulations
Behavior and APIs
No simulations
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Copyright Joe Security LLC 2020 Page 8 of 64 No Antivirus matches
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
Source Detection Scanner Label Link bam.nr-data.net 0% Virustotal Browse cookie-cdn.cookiepro.com 0% Virustotal Browse ab13.mktoedge.com 0% Virustotal Browse i.xandr.com 0% Virustotal Browse www.xandr.com 0% Virustotal Browse
URLs
Source Detection Scanner Label Link https://www.xandr.com/favicon-32x32.png 0% Avira URL Cloud safe https://www.xandr.com/news/amc-networks-disney-and-warnermedia-join-xandr-in-powering-the- 0% Avira URL Cloud safe future-of- https://www.xandr.com/wp/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp 0% Avira URL Cloud safe https://www.xandr.com/platform/monetize/ 0% Avira URL Cloud safe https://www.xandr.com/about/ 0% Avira URL Cloud safe https://www.xandr.com/casestudies/relevance/ 0% Avira URL Cloud safe https://www.xandr.com/casestudies/ 0% Avira URL Cloud safe https://www.xandr.com/inqChat.html?IFRAME 0% Avira URL Cloud safe https://www.xandr.com/app/themes/xandr-theme/public/js/xandr.min.js?ver=1583723005 0% Avira URL Cloud safe https://www.xandr.com/platform/ 0% Avira URL Cloud safe https://www.xandr.com/about/our-story/ 0% Avira URL Cloud safe https://www.xandr.com/app/themes/xandr-theme/public/img/att-logo.svg 0% Avira URL Cloud safe https://www.xandr.com/media/addressable/ 0% Avira URL Cloud safe https://www.xandr.jobs 0% Virustotal Browse https://www.xandr.jobs 0% Avira URL Cloud safe https://sb.scorecardresearch.com/p?c1=2&c2=14617392&cv=2.0&cj=1 0% Avira URL Cloud safe https://www.xandr.com//en/error#main-content 0% Avira URL Cloud safe https://www.xandr.jobs/search-jobszSearch 0% Avira URL Cloud safe https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js 0% Avira URL Cloud safe https://i.xandr.com/2018/09/HPData2.png?auto=compress&fit=crop&fm=png&h=346&ixlib=ph 0% Avira URL Cloud safe https://community-marketplace.com/ 0% Avira URL Cloud safe https://i.xandr.com/2018/09/MediaDigital2T.png?auto=compress&fit=crop&fm=png&h=346&i 0% Avira URL Cloud safe https://mths.be/punycode 0% Virustotal Browse https://mths.be/punycode 0% URL Reputation safe https://dl.xandr.com/2019/12/Advertising-T-and-C_2019.11.25.pdf 0% Avira URL Cloud safe https://www.xandr.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=5.2.2 0% Avira URL Cloud safe https://i.xandr.com/2018/09/HPMedia1Addressable.png? 0% Avira URL Cloud safe auto=compress&fit=crop&fm=png&h=346& https://www.xandr.com/contact-us/ 0% Avira URL Cloud safe https://www.xandr.com/media/television/ 0% Avira URL Cloud safe kenwheeler.github.io 0% Virustotal Browse kenwheeler.github.io 0% URL Reputation safe https://i.xandr.com/2018/09/HP2.png?auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. 0% Avira URL Cloud safe https://www.xandr.com/privacy/cookie-policy/ 0% Avira URL Cloud safe https://www.xandr.com/news/ 0% Avira URL Cloud safe https://www.xandr.com/site.webmanifest 0% Avira URL Cloud safe https://i.xandr.com/2018/09/HPPlatform2.png?auto=compress&fit=crop&fm=png&h=346&ixli 0% Avira URL Cloud safe https://www.xandr.jobs//en/error#main-contentP 0% Avira URL Cloud safe https://i.xandr.com/2018/09/385001538e516effbb0ed5e5794fdd432a522c98.png? 0% Avira URL Cloud safe auto=compress&fit=crop& https://i.xandr.com/2019/01/photo-1537651442520-4fc506474507.jpg? 0% Avira URL Cloud safe auto=compress&fit=crop&fm=p https://www.xandr.com/social-responsibility/ 0% Avira URL Cloud safe https://i.xandr.com/2018/09/DataLivingLabs1R.png?auto=compress&fit=crop&fm=png&h=346& 0% Avira URL Cloud safe Copyright Joe Security LLC 2020 Page 9 of 64 Source Detection Scanner Label Link https://www.xandr.com/data/#audience-insights 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://clientfiles.tmpwebeng.com/tmp/tb-assets/ajd/jquery-scrolltofixed-min.js 0% Virustotal Browse https://clientfiles.tmpwebeng.com/tmp/tb-assets/ajd/jquery-scrolltofixed-min.js 0% Avira URL Cloud safe https://www.xandr.com/media/digital/ 0% Avira URL Cloud safe https://www.xandr.com/privacy/ 0% Avira URL Cloud safe https://i.xandr.com/2018/09/7c02a2c907ec8b492714b46788c51ff126fa852f.png? 0% Avira URL Cloud safe auto=compress&fit=crop& https://www.xandr.com/media/ 0% Avira URL Cloud safe https://www.xandr.com//en/error#main-contentUser 0% Avira URL Cloud safe https://www.xandr.com/apple-touch-icon.png 0% Avira URL Cloud safe https://www.xandr.com/legal/ 0% Avira URL Cloud safe https://i.xandr.com/2018/09/HP1.png?auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. 0% Avira URL Cloud safe
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches
Sigma Overview
No Sigma rule has matched
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
Copyright Joe Security LLC 2020 Page 10 of 64 No context
Dropped Files
No context
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
No bigger version
Copyright Joe Security LLC 2020 Page 11 of 64 Startup
System is w10x64 iexplore.exe (PID: 4776 cmdline: 'C:\Program Files\Internet Explorer \iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 2872 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4776 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.xandr[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 135 Entropy (8bit): 5.043048145848393 Encrypted: false MD5: 2FB37CAAE484422FF8056A885BE215F3 SHA1: 312AD7D64D67246CEC5A36F55334F1AA64D7E3C2 SHA-256: 7FFEC7C197CB764D17421714B70CEBF6B99AC8EC2EC0447E239832085FC3F263 SHA-512: CA1751760FEC74A67B269F8428E8D356FEEFD7A6FB3821657CF1195A15987D519962E1AC91DEDE1BD6AA3F3EDE5790DD58F4CCC5F0C0E35E170F16005065014 C Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 12 of 64 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.xandr[1].xml Preview:
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.appnexus[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 26 Entropy (8bit): 2.469670487371862 Encrypted: false MD5: 132294CA22370B52822C17DCB5BE3AF6 SHA1: DD26B82638AD38AD471F7621A9EB79FED448A71C SHA-256: 451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77 SHA-512: 6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67AC28D5-73E7-11EA-AADD-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 39000 Entropy (8bit): 1.9205761444238818 Encrypted: false MD5: A97B944AF95652920A62CACED6806209 SHA1: AE1056CB48FA9350F575379A95E1704EB32C808A SHA-256: 38976DDAC46ABDE41E222F488E369E3CD6AA86EB135807ACCAA21AEB97835336 SHA-512: 3DE5CD65095E5007D55AFBD508B01BAA2A7100A1EB11584F41E6C6179739D60ACD45848CC682C4F4D4FEEA62BD1DB86F20A79335A8F25C757E2CB8F80EE2690 B Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67AC28D7-73E7-11EA-AADD-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 206890 Entropy (8bit): 2.5689466686892657 Encrypted: false MD5: EE2759EFAED8313087520756D35BB201 SHA1: 5E5707F95D53D5BC0BA8C495271B8F4011A76B52 SHA-256: 25A46CE687A610DA4D5DBA0E5D36B5A722655C43E3AF21C9BDC4D080390E2353 SHA-512: 06403C9D8AC65FE61C7EA9D432718208DEAD2D9BB9F08C246A4CFFF5FEB45301EC7DAC7DBB4F7036D3CABF44E3A33FE5D6390AD29DB8D0DC71403425150C59 BB Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67AC28D8-73E7-11EA-AADD-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 19032 Entropy (8bit): 1.583481651917834 Encrypted: false MD5: 81E2E6ED15A8BCAF4680409F00EEAB73 SHA1: 1E7C11666D4C8CF36859108764039EF13711E260 SHA-256: 8EEA80E57CD8E0A82F6DB7C15F3CC35BC7A807E7847C53F529547B385FAD228E SHA-512: F855615B1A3C84581893F74C591842C2AD16E184983BA4E86E20F86AB11201A63E4D1F9265BAA8DF1BFA75CEFDB37F25EA06FAA3365841B2D6AB09B389BFF550 Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 13 of 64 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67AC28D8-73E7-11EA-AADD-C25F135D3C65}.dat Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.09075386376495 Encrypted: false MD5: F693B635B6C831FFD87B0920D577756D SHA1: 4300A6DCF3827EA8292F84F8E8CD153E1F2F8DEA SHA-256: ADA69DCBB6BBAF0838995CD82970A68FE1B4BADBF2327FC58DB396FDE371BA2F SHA-512: F0E7F8A31D9DD4411EFDC0FAC030F950DC84D67A3E72AE040EAF15B9DC4836770447B59ECF8743B1E933193F4B3291F683ADE2EC65982702D318A940264B9B89 Malicious: false Reputation: low Preview: ..0x3fe9c78e,0x01d607f4 0x 3fe9c78e,0x01d607f4 ....0x3fe9c78e,0x01d607f4 0 x3fed945a,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.078426185536632 Encrypted: false MD5: ED667C8E603E371F0AC11FD82EA2DE5A SHA1: 18EE56B0EC8E7679506E1C3A73A5B355EA06B094 SHA-256: 8DC296C2B52069C27C0532F43D08B193832F4222BBF1C1FC580AC24055F621E5 SHA-512: EC1B3C4EA3E2509C6485AC6B19770A86D51684D63067C17B2BCC33FD7844D16CCD8792542F78F433BE4C13F0D10E75D70C987050F6A50CC4B389ACCB84011CE D Malicious: false Reputation: low Preview: ..0x3f8ecea0,0x01d607f4 0x3f8ecea0,0x01d607f4 ....0x3f8ecea0,0x01d607f4 0x3faae1e6,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.113745073085453 Encrypted: false MD5: 1D40EEAB9B16A87123908F039E48D6D1 SHA1: 09D14F86D2EAC8D0F8BE9B2594A6EBF062AF17EC SHA-256: 05FF761EE45BECE41301C322604F0DB817447E047A7196DF87AF4740E31E407E SHA-512: DE4DC064C90C560C3EFEAF4BC016F631CE44CC626C0A74CD12CC5E1147A01B04B613BAC58AB5FB1EC3BE1282B6BDAA7E4EDABE7E4F52CA2C9AFAF4738AC 125D0 Malicious: false Reputation: low Preview: ..0x3ffa287a,0x01d607f4 0x3ffa287a,0x01d607f4 ....0x3ffa287a,0x01d607f4 0x3ffd9e3f,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.097543056907056
Copyright Joe Security LLC 2020 Page 14 of 64 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Encrypted: false MD5: 77D2B758E830E50AAF961E5040BDE463 SHA1: 9AA022E8C16466428BA5F277BC6481D8FEEB375D SHA-256: 2216D5589AFEFCB38E8D148BC008C2B0BB77837318A20DAB5F1A72CEEC2A2B95 SHA-512: 4D9E87BFFF765BBBA74A396B9DF5C2C34C2B11144B7E04293D84A7200056D31545A1A7280CC470A609E379DAA1A3A44809E9E2E2C0CD91DE30395935B0CCB69 8 Malicious: false Reputation: low Preview: ..0x3fcaf2f1,0x01d607f4 0x3fc af2f1,0x01d607f4 ....0x3fcaf2f1,0x01d607f4 0x3fd34405,0x01d6 07f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.099459813677776 Encrypted: false MD5: A1925312112660D45EC6F94FC3DEE864 SHA1: 8ABF7C52C35955B8B8FC7862315051CAAEB199F5 SHA-256: 3C11F1954E0F5841891BE16FF05DB7AF17417E8CA122BD616AE4F7FA49F699A5 SHA-512: 910729006F8611DEDB96673CF2B0F4BC8880B398109F2ED5524A9280D2CE211059F29A98A770BEB37B16A99A5F7CDF1466A1F2AD69DFBBF26964D6BC9D5B988B Malicious: false Reputation: low Preview: ..0x4000f0c2,0x01d607f4 < accdate>0x4000f0c2,0x01d607f4 ....0x4000f0c2,0x01d607f4 0 x400b80b6,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.0966175409856715 Encrypted: false MD5: C8A69F9C6BA92DFA0C32C483392D110F SHA1: 475F8FAEF900AFE5F408214A7D38D9E5E59F58F1 SHA-256: 5358D0AC1736FE833D36E60B8F7C4AE2DDDD203C7D4A642883B5094A46C20CA6 SHA-512: A2B6235F5FD54442FC9007D6499AC8611BB1C505638ACE857E6D8C11F38468479A121405539CC90AC445447755FA018D81A622068F4C7F8F544F20F6E92D639E Malicious: false Reputation: low Preview: ..0x3fe15b71,0x01d607f4 0x3fe15b71,0x01d607f4 ....0x3fe15b71,0x01d607f4 0x3 fe37196,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.120096362765559 Encrypted: false MD5: BD5BEB9EB3CF2F21BBF9A4E2185DBA4C SHA1: 41E4BFC903C1D2B54FECFA79F5D6F5ECEC4D6D1A SHA-256: A5DD099EB0A0859A9656F93FA818AE9CFEC90D91ED93797857DB5452E9CCCC1E SHA-512: 6B0DD0212E6C65162DE791621920B445CBA081EC3011AFC9CB72055BE2863498EC25FD057C845BFE3DECFAA2FE3C95DD131B28F07CA7AA1C96845E7D43CC954 A Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 15 of 64 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Preview: ..0x3fda21f3,0x01d607f4 < accdate>0x3fda21f3,0x01d607f4 ....0x3fda21f3,0x01d607f4 0 x3fdbf0cf,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.104205780690275 Encrypted: false MD5: B3D8F73375CD1FEECAAA746CA51E482A SHA1: E8C3658A7F10429089D3426F5D085B409AEEFEB8 SHA-256: 2005FE668F61EEAF7D079F1FDA8DD8B7EBD224DCEFE1B7628C6E1FAF262CAC53 SHA-512: 870EAE5F073F3D0E7DAA78329481FBDBF3B607D0586172EEE7BF122B5014B36F992928714A2214CA042B85C96299B72B1FFA266B08ADBBF0E403AE2AE29F251C Malicious: false Reputation: low Preview: ..0x3fb34dc0,0x01d607f4 0x3fb34dc0,0x01d607f4 ....0x3fb34dc0,0x01d607f4 0x3fc2baf9,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.079018850091175 Encrypted: false MD5: 3D8468512ED1D12A32646ADE47C608A6 SHA1: 69102FE3D4E2BB815137686A312B88E3DE4ACC21 SHA-256: 82F51A4F4BD41367845C128373CAE743587C9F83A31392CD4E68CBF5A93E7EE5 SHA-512: 0ECAB3E0B19B6535B483FF8B7381591295BEA0691623D80EBB60A5C8BD6BCF7A42CBBB152D68E7CBA49FF1247F529EEF4C9F561B66B6289D1BB3AFAFB52625 D8 Malicious: false Reputation: low Preview: ..0x3fc7ebf1,0x01d607f4 0x3fc7ebf1,0x01d607f4 ....0x3fc7ebf1,0x01d607f4 0x3 fc923a0,0x01d607f4 ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 3718 Entropy (8bit): 7.150138746292673 Encrypted: false MD5: 239A9CE0916A9248DF12EFF9AE4F6D8D SHA1: 182B78EBCFC888C5E5F2B3AFF5D47EBFFED5FE00 SHA-256: 1770F8757E7AAB405A61AD7596B4CE4585AF9B88577CC93263BD6B12087CC620 SHA-512: 64F46B8C24AD2C97FCEC889136F9409925497502F22A32EC749AEBE4113B2830C41E3A758CAB36A8AE2E1948AD96CCC81661FD4256FCE9879A935447E8CC6D7C Malicious: false Reputation: low Preview: '.h.t.t.p.s.:././.w.w.w...x.a.n.d.r...c.o.m./.f.a.v.i.c.o.n.-.3.2.x.3.2...p.n.g...... PNG...... IHDR...... D...... gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....PLTE....22....PG...... kZ.//...... NE.WN.rc...... VG.pa..~.22.22.22.22...... 33.22.12.QG.PG...... 33.22.12.UJ.PG.PG...... 22.. .PG.PG.PG...... 44.22.01.RH.PG.PG...... 22.22 ..o.PG.PG.PG...... 88.22.-/.QG.PG.PG...... 22.22.22.^Q.PG.PG...... KN.22.!&.PG.PG...... 33.22.11.UJ.PG.PG...... 22.PG.PG.PG...... 55.22.01.RH.PG ...... 22.PG.PG.PG...... QU..#.PG.PG.PG.PG...... NE.NE.NE.WN.XO.XO.XN.XN.rc.rc.rc...... pa.pa.pa.pa.pa..~.pa.pa.pa.MD.....~....n_.pa.pa.pa..~.pa.pa.pa.F>..... ~.k\.pa.pa.....~....pa.pa.pa.3-..~..~.bS.pa.pa.OF.....~....o`.pa.....~..~.9*.pa.pa.LD.....~....n_.pa.pa.....~....pa.pa.G?.....~.l].pa.OF.....~.o`.pa..~..~..~..~.22.PG....pa..~...... '....tRNS ...... bpo.....).Q..@.?..r...X...p.%n...&.%#..%..wq....9...)...8..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\0b48931e-9214-4700-96ed-45d0b5ef5ed0[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 4179 Entropy (8bit): 5.870685294961547 Copyright Joe Security LLC 2020 Page 16 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\0b48931e-9214-4700-96ed-45d0b5ef5ed0[1].js Encrypted: false MD5: 8C824337869A19246A4C198FEEE2D06C SHA1: 4D05BA6658381B435A9FDBE73B15366B97D90D4C SHA-256: 9D8E8CA1BC3774D36533140DC6B9443E828DFAEADB90909568D7F0271A1F573B SHA-512: 0FB3E22EC9F2320B8A1948A5C1977821597DA7C41D5A42A0EAA3B683DF5A60B656491E068F6A5E9F788E4AE0EB815E9BA4349A9AA99CBABADA15F2CA424480 B9 Malicious: false Reputation: low Preview: {"CookieSPAEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"PRODUCTION","Version":"5.12.0","OptanonDataJSON":"0b48931e- 9214-4700-96ed-45d0b5ef5ed0","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"f7c44079-d82a-4b1e-ac0c- fe4e8f1d04d3","Name":"EU","Countries":["no","de","fi","be","pt","bg","dk","lt","lu","hr","lv","fr","hu","se","si","sk","gb","ie","ee","mt","is","gr","it","es","at","cy","cz","pl","ro","li"," nl"],"States":{},"LanguageSwitcherPlaceholder":{"default":"en"},"BannerPushesDown":false,"Default":false,"Global":false},{"Id":"2a254722-a3c0-45b6-b79e-971a9ada 43b5","Name":"Global","Countries":[],"States":{},"LanguageSwitcherPlaceholder":{"default":"en"},"BannerPushesDown":false,"Default":true,"Global":true}],"Consent Integration":{"ConsentApi":"https://privacyportal.cookiepro.com/request/v1/consentreceipts","RequestInformation":"eyJhbGciOiJSUzUxMiJ9.eyJvdEp3dFZlcnNpb24iOjEsI nByb2Nlc3NJZCI6IjE3N
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\377865_4_0[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 38458, version 0.0 Size (bytes): 38458 Entropy (8bit): 7.991134015959363 Encrypted: true MD5: 24B99AE3332EE471E5A2FEA4090976AA SHA1: AAB05EABA19735DD02C54646B4F1254026F7A05A SHA-256: BC7C148BEFD88BDA92EF9332722F9BAB321A550C61EF248AB44C2A67F32939B7 SHA-512: 170ED3C7BBC9ABEDEEF330A8F5D51220C8A0589D3A393D1CACFC86AFBB01DE646CBF2416821FF0CE2E5A0850B64E520F902B13CCFF847E4B8E1F6C23EDE81 925 Malicious: false Reputation: low Preview: wOFF...... :...... 6...... Z...... OS/2...... O...`i.cmap...... I...T...cvt ...... 4...j..&.fpgm...... <....vd~xgasp...... glyf...4..z.....P+.$head...d...3...6..e.hhea...4...!...$....hmtx...X...... 0..UTloca...... S.maxp...D...... name...... !....post...... x..8.prep...T...... F.."...... R...... ".3...... x.c`d``.ba.....6_..._.E..o...F...o..y%...... i....x.c`f.g...... 5.|.6.8`g@....~...... _.[.p...c....d.....y@J...... |.x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH.. ..rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6...q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``~.o.....~..Y.0.E...... =.....x.. [HTQ.....hijS..cZj.$..5Jf.(6E7... .B."Q.BI..(...... C...... C.CP.....EAE...=g.N..|..s.}.3.E...... 5....J.&.e.J...... f'J,wP .P.a$.>.1.bs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\377865_5_0[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 39425, version 0.0 Size (bytes): 39425 Entropy (8bit): 7.99104415762201 Encrypted: true MD5: BF58F82269CADCD9C55B44F7582FA7C4 SHA1: DE109DE4CAE63F36D504C774C2F5118652B9E56B SHA-256: 2F9B95AAB85A13C728D4348BFC7BA72D3D19F308C2F3609F6B91F6F5FCD89F5F SHA-512: 4EB8099E6053B4774F86FD8D7A8C79FEA7A94177794013CA3AA959AC499E26D6EF3A4876A2A722026FD13B998DBBCFD2793F9BE6A5ABA08E73C7703D7FA04B5 7 Malicious: false Reputation: low Preview: wOFF...... J...... ]...... OS/2...... N...`i.cmap...... I...T...cvt ...... 4...j..&:fpgm...... <....vd~xgasp...... glyf...<..~b...... head...d...3...6.~e.hhea...4...!...$....hmtx...X...... 0.r_.loca...... E.maxp...D...... name...... @..post...... x..8.prep...... F.."...... T...... $.5...... x.c`d``.bG.....m.2p3...0\.:...... e1.r ....$...7...x.c`f.f...... |....3 .P.p?.....L./.-b8...1N..a2H..-.< ...... 6.r..x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH... .rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6...q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``~.o...... ,f.. ..3...... x..KlTU.. ...I.#Dm&v.G.).JS[[..Xj.<.Z.m5...... [email protected] [email protected] ....{..H.&...... w...Fy...[..}x.....I-..Z..W.?.^}...).Z.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GalanoGrotesque-Medium[1].woff2
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format (Version 2), TrueType, length 32432, version 1.0 Size (bytes): 32432 Entropy (8bit): 7.993070080958123 Encrypted: true MD5: 7B3770F7954A3610A72B64D5C7BF8317 SHA1: 690ACEE431B9A84FB9EC6997A16EFF8F7651B3EC SHA-256: F529E6E5C449CC611E84D79050BA3DD4D6C77CFE3537178867AED7384490388B SHA-512: 53115B445DA82215B5D9BC001BEB3899FE234450D71469D16FD00F7086B304CC8F3B6B193CF28B9DB1C54509A39AF0BB9631F1335983C45190F38DB49DA69B60 Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 17 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GalanoGrotesque-Medium[1].woff2
Preview: wOF2...... ~...... q...|...... }P...`...... D..Z....`..T.j...... |..C.6.$..0...... !..x...[.Jq...... ;....V..|F.Vy.J.W2.Y..v.>q..S....f.1..X..ZZ.~[M...".9D...3]...B.b.r4.....gl..&3.'.!f9..uW^..;..+...... o 0c|.uRd.....;).....8KF.h..8)x_.c....8...3.Zh...F.5.z?...... )...6....A.. v..WX"Qi.\0pP..p.fZfz.K.C}\.....\.K..X..c..BSC....y:...... R(.R.)..Jp...}...Uw.,...TC..]39e....h.y.g.c.G.HEh..*[email protected] Eo..V...J..0..1r...6.1X.#[.....x.6.`$.r.w.Uy.x`..{...... ,..I.#X.../.zU.(_.}.Ig.z...Cr....i..l....?...`.E....,}.t-.v.R.w..6...h.1...... f.....{..^...RN.....h..r.6g,}.b.m...f..i*&.V....W...g...H. .(.v.. O...D5..R. Nt{A.D...,...zR..L...V;.n.z...../...... q..i...... $...... =\... .r.>.9..*.5..kt..Q....4.|L.p{....Kx.t..y.T...... I.0=.O....:....1....3.1.#.x.fS.b....)..L.(.*[email protected] .`n...N...... LR.:8.. .l.....E...,.....eE...... {0.xT....j]...D..H{...QS....6.p.s..?4..7Zh.....I...$..i.I....7.....P.xB.=.hy..I"A.. O..O)....N[[.=.S8.q.r...w...... (......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\NewErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 1612 Entropy (8bit): 4.869554560514657 Encrypted: false MD5: DFEABDE84792228093A5A270352395B6 SHA1: E41258C9576721025926326F76063C2305586F76 SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284F D Malicious: false Reputation: low Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #00 0000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt; ..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\TiemposTextWeb-Medium[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 79133, version 1.0 Size (bytes): 79133 Entropy (8bit): 7.994069573253663 Encrypted: true MD5: BC263B46E0C16A0C6F370836A65308C7 SHA1: 7F14650C5ACA37D32E754058B240B9AAB53728C1 SHA-256: 4B6AAD44F0F2157894D9CAAC0F5CF176474EC86976AF0A198B27374E0B094212 SHA-512: 00F404BC91F9D4C1EE4CAE7BE01E47D2F27EE23D2349D3FF7FA9DA790E5E38B0465E5F48206D354BA9AC940DDEE409FD48BEF8AF565A2A021015EF9C8C2DA7 A8 Malicious: false Reputation: low Preview: wOFF...... 5...... d...... !4...... 3...... GPOS.....3.....9d..GSUB...... *.B..LTSH...x...... OS/2...$...S...`~(SpVDMX...p...... u1|.cmap..!4...... #.cvt ..&....f...f.c..fpgm..$...... a.A ..gasp...... !glyf..,`...u..W.(*..hdmx...... @..-0`u..head...... 6...6...3hhea...... !...$...bhmtx...x...... -.i.loca..'....J...JT...maxp...... name...... H..post...p...... prep..%...... a...... G._.<...... |%...... x.c`d``...... j....#...P..0-..o..*...... b...Z...... U....x.c`f.g...... t.~.E.``...z...(...... 7...... 9.o....ArL.L.....3..#.^.x..{h.U...3.s6. L.....9ujsf.&....F")...... be..R0.LFZ.fdE.....?.E...... {....^56..=..<.<..=...Y.S..|..E.|...... +....of.S.|.J...... F..4...4..i._..wY.....Z.h._.2_..S..+M.o..6j...... j...t.{]...... q..O.8...|...jU..u.ob...... =K...... 5._...b.QUphw...... *q...i...}T%.rC1.K...X.G...<...Sv8.?..'.Uk....v.T.N....b.f.$T.B.yB..V..YS.J..5.e.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\activityi;src=6100125;type=ecomm0;cat=ecomm01-;ord=1;num=86202 22563629;gtm=2od340;auiddc=1748885882.1585724854;u19=https___www.xandr.com_;u20=Default;u30=7491296195977435583303939005[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 543 Entropy (8bit): 5.537854269432067 Encrypted: false MD5: 2BAC12CF3A52D8F92CD49DE22DA16915 SHA1: 2DD7BBE966A4B1A4EE9C032D9591873FCC7689DA SHA-256: EEE60E65469F925457D0BECA163F8BCA91D8BE735AF26FF63AAA0AD62A4F7B78 SHA-512: C30B21F4174715DCB6552FEBAF339A1E06414F62AD212AD369E29F017FF86697481EEE66E6BE54B8C2C88CADC39CA7BA781ADA77AB09C376965423BD331FC1B 9 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\att-logo[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image
Copyright Joe Security LLC 2020 Page 18 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\att-logo[1].svg Size (bytes): 3996 Entropy (8bit): 4.118135963345771 Encrypted: false MD5: A76313E2E3ACEB6BAA6799AFDF2EEB66 SHA1: EC59EEC2592FA60D7B47C0B01969E8D072204B71 SHA-256: D1180661C2BB6917CDB2909F6D4F3C3FE1071D59CF73958996813553DDAA26E8 SHA-512: 28B003E9CBFC0247CEBD75197FCD8DEC45FDF2CCDB10640928D2E0C8E9418D67F74C9C1432515FA3DFC9267241EC1DDFB1B526DFDF01DC899AFC3A5FFBA0A 7C7 Malicious: false Reputation: low Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bing[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 23315 Entropy (8bit): 5.279594817870933 Encrypted: false MD5: E37C82D9A5495B1F22D5E68274C5739D SHA1: 66FB8DC92A2E532D3761626AEE429FCAB13346A2 SHA-256: 64697DD950D251E2E82CA5A125F9DE74AEDB2588B8D8D5E2C81AD6F3F0E0C83C SHA-512: C8906E3294D76AEFC91859FF7A2984CCCC75D87D9B3A4C99F97EA4BF8A677DE319D2327B253CAFB6EAA93BCA7E1699554FA790E4B198C4E042BE2F00DA28F1 B8 Malicious: false Reputation: low Preview: //Bing.function UET(o){this.stringExists=function(n){return n&&0C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css_VSrfXFHCWgzq5hLrSSCUIz_6zx_2Z_UlNZn5q6qm7lE[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: troff or preprocessor input, ASCII text, with very long lines Size (bytes): 6963 Entropy (8bit): 5.032777392069196 Encrypted: false MD5: FFC2502AF593C61DD5C4BDFDCEA2CE26 SHA1: 8D6E9C6A45B0AF256B4AA30E20E3C8B7677FA1D7 SHA-256: 552ADF5C51C25A0CEAE612EB492094233FFACF1FF667F5253599F9ABAAA6EE51
Copyright Joe Security LLC 2020 Page 19 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css_VSrfXFHCWgzq5hLrSSCUIz_6zx_2Z_UlNZn5q6qm7lE[1].css SHA-512: C54D6FF0E815375EBF71BAC74FA44E65270917B6508A09B9EC342058FB070E1BF75CE59038BDBD94E12117FEAF36FBFFC390D55394C5FAADA4FA650B2FFED41 6 Malicious: false Reputation: low Preview: .ajax -progress{display:inline-block;padding:1px 5px 2px 5px;}[dir="rtl"] .ajax-progress{float:right;}.ajax-progress-throbber .throbber{background:transparent url(/core/th emes/stable/images/core/throbber-active.gif) no-repeat 0 center;display:inline;padding:1px 5px 2px;}.ajax-progress-throbber .message{display:inline;padding:1px 5px 2px;}tr .ajax-progress-throbber .throbber{margin:0 2px;}.ajax-progress-bar{width:16em;}.ajax-progress-fullscreen{left:49%;position:fixed;top:48.5%;z-index:1000;backgr ound-color:#232323;background-image:url(/core/themes/stable/images/core/loading-small.gif);background-position:center center;background-repeat:no-repeat;border- radius:7px;height:24px;opacity:0.9;padding:4px;width:24px;}[dir="rtl"] .ajax-progress-fullscreen{left:auto;right:49%;}..text-align-left{text-align:left;}.text-align-right{text-alig n:right;}.text-align-center{text-align:center;}.text-align-justify{text-align:justify;}.align-left{float:left;}.align-right{float:right;}.align-center{display:b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css_auSBswZNn6tC5F5B-BOtID46hgJuvXSFUhuc6ZhXMlw[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 889051 Entropy (8bit): 5.686748654553388 Encrypted: false MD5: 1035A8B4ED8587823A6506DF60C88345 SHA1: C7AA110C9488484ADB67DD6E4600F3ACE0447636 SHA-256: 6AE481B3064D9FAB42E45E41F813AD203E3A86026EBD7485521B9CE99857325C SHA-512: A3661DEF620A9DCA2CD36B331BA756E33B8F5222AA193E2646A2C74AA5D9F9BBB136313D1A38D588177C3E72A8325C4D7F9D184A773E2F590F8FBA28EA87A45 3 Malicious: false Reputation: low Preview: @import url(https://fonts.googleapis.com/css?family=Roboto|Roboto+Mono|Roboto+Slab);@media print,screen and (min-width:40em){.reveal,.reveal.large,.reveal.small ,.reveal.tiny{right:auto;left:auto;margin:0 auto}}.slick-loading .slick-list{background:#fff url(/themes/custom/appnexus/dist/css/./ajax-loader.gif) center center no-repe at}@font-face{font-family:"slick";src:url(/themes/custom/appnexus/dist/css/./fonts/slick.eot);src:url(/themes/custom/appnexus/dist/css/./fonts/slick.eot#iefix) format("em bedded-opentype"),url(/themes/custom/appnexus/dist/css/./fonts/slick.woff) format("woff"),url(/themes/custom/appnexus/dist/css/./fonts/slick.ttf) format("truetype"),url(/ themes/custom/appnexus/dist/css/./fonts/slick.svg#slick) format("svg");font-weight:400;font-style:normal}.slick-next,.slick-prev{position:absolute;display:block;height:20 px;width:20px;line-height:0;font-size:0;cursor :pointer;background:0 0;color:transparent;top:50%;transform:translate(0,-50%);padding:0;border:none;outline:none}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserror[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 2997 Entropy (8bit): 4.4885437940628465 Encrypted: false MD5: 2DC61EB461DA1436F5D22BCE51425660 SHA1: E1B79BCAB0F073868079D807FAEC669596DC46C1 SHA-256: ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 SHA-512: A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493 AC6D Malicious: false Reputation: low Preview: .....
.. .. .. Can’t reach this page .. .. .. .... .. ..
Can’t reach this page
..
..
.. Make sure the web address is correct .. Search for this site on Bing .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\edmDataDefinition[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 110641 Entropy (8bit): 5.344666647974307 Encrypted: false MD5: A8851F5564F9F2C46DEBC0263E1C18DE SHA1: 8ADB3B8518E0004BFFC1C538E3F0C49C703B44DC SHA-256: B715798FD70600E3E84F2725BC473B2C4E56D7748DB32C85AC1B3CF1FB22F805 SHA-512: 02ED49CEA7540B3333E6AB473E87C3156F9E15075ECACF8489732BF878B5C7ED4F2B45B8D23AC9FF270AC3D93B968BD700284EF7E7EFFB9530045818F6191EC E Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 20 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\edmDataDefinition[1].js Preview: /* edmDataDefinition build# - 1094 prod */..function master_ddo(ddo){// ECAP-19637..this.transport=ddo,this.intersectid=null,this.version=function(){if(null!==this.transp ort)return this.transport.version()},this.createPayload=function(eventAction,eventCode){if(null!==this.transport)return this.transport.createPayload(eventAction,eventCode )},this.createPayloadWithTransaction=function(eventAction,eventCode,transaction){null!==this.transport&&this.transport.createPayloadWithTransaction(eventAction, eventCode,transaction)},this.clearPageLevelCache=function(){null!==this.transport&&this.transport.clearPageLevelCache()},this.cachePageLevelItem=function(item){ null!==this.transport&&this.transport.cachePageLevelItem(item)},this.track=function(payload){null!==this.transport&&this.transport.track(payload)},this.trackPreview=funct ion(payload){if(null!==this.transport)return this.transport.trackPreview(payload)},this.registerForNotification=function(anf,listen){if(null!==this.transport)return this.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hero-banner-video-v2[1].dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 4456448 Entropy (8bit): 7.388450865836596 Encrypted: false MD5: 27DF55F2FC8BC257BE6189C1E2FA48A8 SHA1: 02E74339010CF4B8107CB294D698AB56F1028758 SHA-256: 7A063B97601556436CDD8ABC1C4BE44556449A8E10FC979846067E35B14CE1E5 SHA-512: BA781635514DE64B8C7C600D1ECD083273B99A75E0D92DC3D9C65C3EA3354F79E1FFA3F7B2F5E7D611DF233F64D69965A53718DF8099D2D2E332556EE6DA28B0 Malicious: false Reputation: low Preview: .....Mq8...*...K..4..e.F.;.`z...{.nf8.H.y.#.KBS..\t..!..s.v...j4L..(.)UP..Z.2.,R.....V8.J..<.9.-2a7...1=.5q....D.Xz$..@R'4X.#...q4...''&.[S...... l..5..j...g.+.L|'.....Kaq..A.&...... ].... Z^a.-..Aen{.....!.h...}..P.>:..-.(o...... w.S.*)...t...8.-d6.[.)..D;Hc.'g.O....N...Y>...}`....6W.0h+...W...QR...... S...... k]o...y.L...T...... Sg.a.-(.%.....W.F../}.U}.k...... E4d.9.^x3...... !..Dm...}+h...... '...C.z. ...B.u. ..bs...6..%QBp3...... #.C....R..YG..Xv6.d..h.j<....\`...b.).A.N..:7 <..3F.d...+...S.z...5q.HM....[:#..".9...... 6.....y.Nb....'.....s...T'.e.J...(..../....K..R2xP.. ..wbV.g.)-...YYg.xo....Xr.N...... ]....G....C.{....X.*..a.R."Y..Y.3n.|[email protected] .:.b...s.H....#..KP.x6o...e..u....1.."..e~..\.....cd#H..i|.?.;:.6..=...... fV.p.w..p....OiGR.c. ...O"....W.....?C.^v.,..r..P8.OK..0:7..<...... 6.'..H_M...... 7^Q.n...Y...J...;.a....:Hf{R^M...uo....,....U.].#(...w...... y...... <..B...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img-rc-look-inside-retail-2018[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 786x378, frames 3 Size (bytes): 80737 Entropy (8bit): 7.943236203760043 Encrypted: false MD5: BE9D25D8CC8C7C9BB20B0B192AEC76A9 SHA1: B4430D59071E1D79CF9FC6AE3BE1BC3DF1058678 SHA-256: C0F162CCAD22F127EB6A40E86A8E71844C7229BA883333783CEFAF05EF74DE5C SHA-512: BF7FF91B994C371BB1E88B0C0AA30FAB9EE7D6EEC4AECFE7D93C60F61D63FF358BCFA2135E8841AF2180F535BBFBE18E709D8E7C1191D8744767C6B963C9FD C6 Malicious: false Reputation: low Preview: ...... JFIF.....`.`...... Exif..MM.*...... Ducky...... d...... http://ns.adobe.com/xap/1.0/.......... ......... ... .. .....C...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img-related-content-brain-video-adco[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 698 x 339, 8-bit/color RGBA, non-interlaced Size (bytes): 340090 Entropy (8bit): 7.982260245757526 Encrypted: false MD5: B6228E13AC7157B2EA94D97BCFE47A80 SHA1: 949F28C7CF1B4C7B74994D9D2D4EE466E096C8B8 SHA-256: F623B80C223E2D35DCDC0B6888EB3D816CEEABBF275C0446C53C1C3732ABE5AA SHA-512: DE47F46180D797BAC2AFCF13A5D4AC71BB0CB71ADAD5FEFFE6FD683C50EFD27595E8E8836C61FC59067AD470861609D5FE79222B1195154F423B7EE1829D0D8 9 Malicious: false Reputation: low Preview: .PNG...... IHDR...... S...... ^...... sRGB...... gAMA...... a.....pHYs...... +...... IDATx^...eK..y..c....{..V.P... 4..Z...(AF...... fz...AOz/3>.M2.E...$.D#.@@c .....;...x...... ".9.f..ub...... g._?...... fO..v6.n..?..W.Y....w...t.\...... %.D.f..v...*...s....7{.:...... W..h....M..4s...lj.|.~.O.....G...z.W+..OGG=.....;.!...... N.o...?....q....n?.T..L:>9.g"..+.I..QZ.....{.Q.Y..r...... h..pmR%..b.\.S..JQ..&.D..7F.{Fuv,%N.1I.L...v^y...g..6Zh..;A.Id.f....r9.....%....0.{P6.?8.",.EoHMu.n.}..k..S....|...... {../.b.).f....J...."P".....t[wy.c.l. .e.....g('...Db.+G..R.K..L.....9.. ./I..a..=.0...SW...... iio.f.:.....c.N3.}..-qB.....(....c.?.%...t.1~.|.6.;lJ`.1..G..Od./..~K.....0Z!..oF.]9.#.K.....qQ.:.2McI.[..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img-related-content-brian-lesser-dials[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 698x399, frames 3 Copyright Joe Security LLC 2020 Page 21 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img-related-content-brian-lesser-dials[1].jpg Size (bytes): 131315 Entropy (8bit): 7.935017302433943 Encrypted: false MD5: 90039583F43A1B7276A4FCC69C67CA64 SHA1: 86521C074738166B24B473E5F52D351068F9DAF0 SHA-256: AC14E7C8533A4397ACB4EA9BC8A10F84E1D09D63541F741275560E5B77F551BA SHA-512: 98A412FC0AA77302BAF543B8ECE2B087A1B42ED7784CE9931C918D340C1B73FC8EE94F567252481BF7600EBE3B5639D7C1720BFA717BB4A2919171B4F6439C48 Malicious: false Reputation: low Preview: ...... JFIF.....`.`...... Exif..MM.*...... Ducky...... P.....C...... C...... "...... }...... !1A..Qa."q.2....#B...R..$3br...... %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... w...... !1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... ?..... (...(...(...... Q^s.~..t...n~"x&..wh..Mn.Z7S.R...F..Z...... a.F.\.e...... RU...8...LE(+.I/S..a..?gN.[.l.(...... Z'..E...Q...c...0...... X..ha...~.u.#...... [>.....E...... ?.lx_..-....c...... \..(.x.Y...0 ...... X.~....Mo...]B71...m..a...G.+Jx.5...7..lU.I:.Q.v...W..ho...... U...... 5...... Iv2......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.fancybox-min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with no line terminators Size (bytes): 45146 Entropy (8bit): 5.288635339321958 Encrypted: false MD5: E0C149811487DA3BA3DF8A4682138E89 SHA1: 4A0BCBCF91A7A96E5444EE1422CC05EF76521D17 SHA-256: 7429023D5896A5A7330174E15E7C139BB39D286EF55E1311EC8E9889082F57FF SHA-512: 5E1A09F168C8A4FDB04EB1B269147FE269DEAC2B188FED2D7D0DC3386EE1F2F9D73172077DEE60A00AE1B090E704E399CC4E51AB8AA85AD49A9AB27F48FBF AF9 Malicious: false Reputation: low Preview: (function(m,g,a,l){if(!a){return l}var f={speed:330,loop:true,opacity:"auto",margin:[44,0],gutter:30,infobar :true,buttons:true,slideShow:true,fullScreen:true,thumbs:true, closeBtn:true,smallBtn:"auto",image:{preload:"auto",protect:false},ajax:{settings:{data:{fancybox:true}}},iframe:{tpl:'',preload:true,scrolling:"no",css:{}},baseClass:"",slideClass:"",baseTpl:'
button fancybox-button--left" title="Previous">< /button> /
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-bold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 32111 Entropy (8bit): 7.973376347105969 Encrypted: false MD5: 06A424D24A8CF78F13FCC98521C00B77 SHA1: 638BE48D90FF75EB0214E3CD375DEE1D72C06E37 SHA-256: 4CCA853032FDD4003AD4DF1E56B55AAD4973EB43F10D33F9234CB587767A6653 SHA-512: DB3276D155A7D014B3BF7FE7BE62472B72A085AD830A20FB5B20E222FA896DBDAF65F5911618F52120C914A51EEF564DC5C4DCF4928B8A1CF2FE002BC359625 A Malicious: false Reputation: low Preview: o}...|...... LP....j!.@...... ?(...... A.k.k.u.r.a.t. .T.T.....B.o.l.d...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1.....A.k.k.u.r.a.t. .T.T. .B.o.l.d.....BSGP...... SB.SF.U.....xZg.icyR..&c..4o4F..w....[...... H.zm."...M.n.=.w&d..i..NZ.R...... !.Vx..rm..Lk.A..nQ.L.tz.\..n.xJ.....(..E.!Af...?....M.e4.[Bz...... b.. ..1...P!1&...... D.E.j+...... }.A3p.6...{[email protected] ...... 7..R...... !...&.U.4[.v.....a.z....2.....@#...... @.(LX._E.....Y.k..h...*d...... cQ..lc...nbuC*..>.N..y.&...D....p}..M.|`...G6>.Ab..>.A.l...... i6.].p.b.ko.F...Qn..n".W\.Z..I....D....g.v.'.G....9T.V..Zrm...o.>....1.Y.B.l...H.m%z..R..d..d.b)....at...\...}.n ..".d...... 8u.$...... r...... `..aTl.kU.t.q:\.5...=..dy.".Z...o[v6.j....P...}4. ..8..._.p.....&....EWfR.V.X,..J.s.V....!..9.|.Z..u:W3k.[.r\.....=...I`...`.D..i..m..It...... #P...... dP..$...U....J.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-italic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 35858 Entropy (8bit): 7.972007574011726 Encrypted: false MD5: 7825DADD4046F8AD07ED26F387C1F73C SHA1: A20E6E30FC56B3519AB42EAB6806B2F6449987A0 SHA-256: 54E50D56697DE920FA3D27944284FE69631050A66A3A0F5536B272166BBEE0D2 SHA-512: B3B1DBC1C17B44D8011AD3EA8B6FCA33C01BDB08E457B5D907A3E12F09E2C2877E37D16D9A701F43B85B2A6E16435F06B66DB296C3BE8DCE8623341CBAAFA D9A Malicious: false
Copyright Joe Security LLC 2020 Page 22 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-italic[1].eot Reputation: low Preview: ....&...... LP....j!.@...... ":...... A.k.k.u.r.a.t. .T.T.....I.t.a.l.i.c...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...".A.k.k.u.r.a.t. .T.T. .I.t.a.l.i.c.....BSGP ...... X..Y..WZ....xZg.icyR..&c..4o4F..w....[...... H.|.."...M...=.w&ek.i.z.NZ.R...... [email protected] .....=...... Q...... f.J.^*=..#.N.>HE....1z...$...... d...`.Xu...h...c.....<..8..5....!E5.V...... ].#....4.#].b....h...$.#..~&...GL...... `Q{.....X4x`...Fg.....5[B..a..'..A..v. snA."xo...... z$<.....5.I"c..s..;.....|. uBB...... -...... M`....Y....7`. ....7...j...... v...... 1..u..]8...D,(g.d4.s-3m`..mLiX...n.8b....0..cPY!..I..(HC.!m..igRU.auK..eX...U. B....r(C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-lightitalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT Light family Size (bytes): 35663 Entropy (8bit): 7.971762677624303 Encrypted: false MD5: 52D6CD625FC1EB23D012BEA1282B1129 SHA1: 29D260013F491DB70A3C84DE1C16B11B73BACBCB SHA-256: 6B1212FADA6A52F55A8085F8D39403F81203C05ADB1700E25C0AABB05A0EA87B SHA-512: 864163295510BC1393E07685CB70804509E7DACCD1BF83D66B64E9A43215BA2C1E3A7FC9FE2AE445FB5FE164E79111688EFAB3240C648D0FC43741D9B4C11C53 Malicious: false Reputation: low Preview: O...K...... ,.....LP....j!.@...... !.Y...... A.k.k.u.r.a.t. .T.T. .L.i.g.h.t.....I.t.a.l.i.c...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1.....A.k.k.u.r.a.t. .T.T. .L.i.g.h.t. .I.t.a.l.i.c.....BSGP...... X^.Xb.].....xZg.icyR..&c..4o4F..w....[...... H. Z,D.].....{....v....rr...q....>Z.i....|...v.e*...../.9.5.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 31956 Entropy (8bit): 7.969954340065932 Encrypted: false MD5: 3EC7F3D6D12B15205F1135940A3DA105 SHA1: 2703CA5B58D4F6343A9191B23BFC16960992349F SHA-256: B1AADE691F05AC97DF16BD10DC75450F2FF965B11C8B8934208D085E1B48BD2B SHA-512: 67FA97C0BF74B76A395FDC35B8AE0C4725A5DD4051AF9A7D031AE395FC81800F765463DC4831769F4B75F9FADB2FEB01C5F63070ED79068B73F9776DB909D241 Malicious: false Reputation: low Preview: .|...{...... LP....j!.@...... g...... A.k.k.u.r.a.t. .T.T.....R.e.g.u.l.a.r...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...$.A.k.k.u.r.a.t. .T.T. .R.e.g.u.l.a.r..... BSGP...... T..T..UF....xZg.icyR..&c..4o4F..w....[...... H.&....WF)/.s....2..i.u\.....#...O....M.Ve..-.&.E{.2$#...ER.e.4..G{(k~n..pU.7#[email protected] .+iB../.qi...(..]$9...<....H...... f8..iH....w..R..C.}:0.6.@}; u.T..k..$D.-fl.F..\(.<.u..p.B... hg.-.g..%k.....s....r2.....)..g.Tp.u..<:lZ..L..w..u^..N.. >.B...... ka..`.c..oQ..(w...j...... `.2..a...... D.F..o.`..c..Q...... A..C.Gr...i%..e...... q.#.y
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\link-arrow[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 343 Entropy (8bit): 5.055896950661549 Encrypted: false MD5: FEC2FD0ADBACB9B5937B56473279F2EF SHA1: 45461E98B686225E933515CCBD476601E82B9A3C SHA-256: 5563469E19C21FEA8C7F843FC5FFA58CFD5385BA32F4551FF56D54D20C3987AE SHA-512: 8151BBF0F583B93D6677EE8F16E72C1913CFCE6622DAF49B685E15A098AAF0DB1DE4D875E08F226028B251E4BCAE5C1382A32789BF08E4DD1E928CA1BF158B1 4 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\linkid[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 1569 Entropy (8bit): 5.369127779967127 Encrypted: false
Copyright Joe Security LLC 2020 Page 23 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\linkid[1].js MD5: 0CC3A63FE10060AF4A349E5DF666EEFE SHA1: 3E8D3925B550345123F2CAB26568221FD4154F9C SHA-256: 92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54 SHA-512: 5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C Malicious: false Reputation: low Preview: (function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/\(/g,"%28")[k](/\)/g,"%29");a=a+"="+c+"; path="+(d||"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=func tion(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=functi on(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s*"+a+"=\\s*(.*?)\\s*$"),f=0;fC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\marketing.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Size (bytes): 318202 Entropy (8bit): 5.429394343677798 Encrypted: false MD5: 0900B25F336172C33702C305CD91A7F3 SHA1: 62EFAD827F9E389C88609C4E7CB94B93C8C8A16A SHA-256: 71C9C2645FF19CA5505E705E483B7A24F1006166E9419FB5EF3782CA78859850 SHA-512: 3C4C1898E5669CB18F19A651E5BFDB0A74020B5A18C286A54172686574B9B70462DA3110AC03D3490D9F7B60E11CDDAE66075E11126CB757FEDD4F9314E59B20 Malicious: false Reputation: low Preview: /* Marketing Rules version: 768 */..if (window.location.href.indexOf("dnserrorassist.att.net/") > -1) { } else {.. if ((window.location.href.toLowerCase().indexOf('bcontent.att. com') > -1) || (window.location.href.toLowerCase().indexOf('businesscenter.att.com') > -1) || (window.location.href.toLowerCase().indexOf('businessdirect.att.com/') > -1)) {} else {.. var gaMeasurementID;.. if (window.location.href.indexOf("app.mobilemyaccount") > -1 || window.location.href.indexOf("www.att.com") > -1 || window.locati on.href.indexOf("m.att.com") > -1 || window.location.href.indexOf("ufix.att.com") > -1) {.. gaMeasurementID = "UA-156897858-1";.. } else if (window.loca tion.href.indexOf("www.directv.com") > -1 || window.location.href.indexOf("m.directv.com") > -1 || window.location.href.indexOf("mobile.directv.com") > -1) {.. gaMeasurementID = "UA-156897858-2";.. } else if (window.location.href.indexOf("www.atttvnow.com") > -1) {.. g
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otFlat[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 14876 Entropy (8bit): 5.274888311668455 Encrypted: false MD5: 673A54F553834B04E6F44F4EDD35B686 SHA1: 8DA81A4B3D5D41FDA5067B99E38E02C815A52966 SHA-256: 7249DE2725322FDD70620C4466B78479F7B4E2E070700DAFC43CD520CCA2052B SHA-512: E3FF2B8EFB541B0F3C443437874F4044000633BEEDA7A80478AAC7DA98FE56E4A0B1EC67028743BF84DC7558AE518735834D9EC0A9DFA731218A7936288A316A Malicious: false Reputation: low Preview: . {. "name": "otFlat",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCB2ZXJ0aWNhbC1hbGlnbi1jb250ZW 50Ij48ZGl2IGNsYXNzPSJvdC1zZGstY29udGFpbmVyIj48ZGl2IGNsYXNzPSJvdC1zZGstcm93Ij48ZGl2IGlkPSJvbmV0cnVzdC1ncm91cC1jb250YWluZXIiIGNsYXNz PSJvdC1zZGstZWlnaHQgb3Qtc2RrLWNvbHVtbnMiPjxkaXYgY2xhc3M9ImJhbm5lcl9sb2dvIj48L2Rpdj48ZGl2IGlkPSJvbmV0cnVzdC1wb2xpY3kiPjxoMyBpZD0ib2 5ldHJ1c3QtcG9saWN5LXRpdGxlIj5UaGlzIHNpdGUgdXNlcyBjb29raWVzPC9oMz48IS0tIE1vYmlsZSBDbG9zZSBCdXR0b24gLS0+PGRpdiBpZD0ib25ldHJ1c3QtY2xv c2UtYnRuLWNvbnRhaW5lci1tb2JpbGUiIGNsYXNzPSJoaWRlLWxhcmdlIj48YnV0dG9uIGNsYXNzPSJvbmV0cnVzdC1jbG9zZS1idG4taGFuZGxlciBvbmV0cnVzdC1jbG 9zZS1idG4tdWkgYmFubmVyLWNsb3NlLWJ1dHRvbiBtb2JpbGUgY2xvc2UtaWNvbiIgYXJpYS1sYWJlbD0iQ2xvc2UgQmFubmVyIj48L2J1dHRvbj48L2Rpdj48IS0tIE1v YmlsZSBDbG9zZSBCdXR0b24gRU5ELS0+PHAgaWQ9Im9uZXRydXN0LXBvbGljeS10ZXh0Ij5XZSB1c2UgY29va2llcyB0byBpbXByb3ZlIHlvdXIgZXhwZXJpZW5jZSwgdG 8gcmVtZW1iZXIgbG9nLWluIGRldGFpbHMsIHByb3ZpZGUgc2VjdXJlIGxvZy
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otPcCenter[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 77399 Entropy (8bit): 5.538843252044422 Encrypted: false MD5: 1C7799EFDBE2BFB7550309EA34F1728B SHA1: 593D54CC1FF5CD1A589A3627953FD8DDCB9CA1BA SHA-256: 065F0E3F4B25A5D7417F296FA598B646267DD9DBE0A30E217DB3D3A875C87C80 SHA-512: C966DD8D6611AF62EE47FAEE31A3066302FEB2C766A911323AD7EFB995F8565ACE03E387ABF116ADA7E0239253C07984166EFF3B0047F8FD0C212D67DB19D704 Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 24 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otPcCenter[1].json Preview: . {. "name": "otPcCenter",. "html": "PGRpdiBjbGFzcz0ib25ldHJ1c3QtcGMtZGFyay1maWx0ZXIgaGlkZSBmYWRlLWluIj48L2Rpdj48ZGl2IG lkPSJvbmV0cnVzdC1wYy1zZGsiIGNsYXNzPSJvdC1zZGstY29udGFpbmVyIG90UGNDZW50ZXIgaGlkZSBmYWRlLWluIiBhcmlhLW1vZGFsPSJ0cnVlIiByb2xlPSJkaWFs b2ciIGFyaWEtbGFiZWxsZWRieT0icGMtdGl0bGUiPjwhLS0gQ2xvc2UgQnV0dG9uIC0tPiA8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCk7IiBpZD0iY2xvc2UtcGMtYn RuLWhhbmRsZXIiIGNsYXNzPSJtYWluIHBjLWNsb3NlLWJ1dHRvbiBjbG9zZS1pY29uIiByb2xlPSJidXR0b24iIHRpdGxlPSJDbG9zZSBCdXR0b24iIGFyaWEtbGFiZWw9 IkNsb3NlIj48L2E+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBpZD0iY29udGVudCIgY2xhc3M9Im1haW4tY29udGVudCI+PCEtLSBMb2dvIFRhZyAtLT48ZGl2IGNsYX NzPSJwYy1sb2dvLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0icGMtbG9nbyI+PC9kaXY+PC9kaXY+PGgzIGlkPSJwYy10aXRsZSI+WW91ciBQcml2YWN5PC9oMz48ZGl2IGlk PSJwYy1wb2xpY3ktdGV4dCI+PC9kaXY+PGRpdiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgY2xhc3M9Im90LX Nkay1jb2x1bW4iPjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\photo-1537651442520-4fc506474507[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1186x810, frames 3 Size (bytes): 198465 Entropy (8bit): 7.989922350514683 Encrypted: false MD5: 51D78365B8A450987E0C67E822C57847 SHA1: 5ADE127FBCF73EA74D56BE99368A0C5F8FD22BE4 SHA-256: 81A0F0953ECDE93D302E5353DA10365D24B054974896CF26DCE759C84628C9B2 SHA-512: FAF732E697E81355D59CFF82A13EFE2BC34D4744E2F7C7B01DAC1B5107E1B6A7A78CAA6E7D4674B2305A46E4BC80EC19F291885D86773013E2B77D9A90AE444 A Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... *...."...... o...... x.R..I..K.o&O.<...4.U...!.7.ox.&?.&9...9...... Nqp.]S....G....,[email protected] &R....0..">...... {.4[.x....7.A.2R...... oxDA..U.L..0....E..ccUOx|P.@. .R..!HB..S.C..c...'.."&...... J..@..;....).q/l.t..`.x@}...... &.{...... GU.eC..8....g^(....P!JB.4.i...A4..c.....sx..x.a..}..L..iW...... ?.a?...... |`...... D.....y..%..1p[..u."..)JR...... S"d....s...0.}. ....x...I$...1.DJDYGC)z....%...t._x...B...... cxLa7.....x ...... M$..u.H.7...]9p..>.{.o{....}..Lc...... [email protected] >.%...C....H_&R...)...*i.Ys.Nc.La...... )C..![email protected] .>.....(.J.H...d"h.P.2.QC.....R.....R
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\search[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 32482 Entropy (8bit): 4.653719318112755 Encrypted: false MD5: 90B429F68491893BD7F879EF9408E180 SHA1: 7BFF7BD07C7B4AE3AA83899E5BD6CB675B33DCD1 SHA-256: 14E40EDA786D464AB3EE4102593BF4C361D067F30565B6DCAC7FD07A2D85C8DE SHA-512: D92694EB53871BF9397EE84CE2F5477A9F9D3433F1BF05A953BD927A45767A9CF3B25B5E62ED781C7208CB8A968CB15ADAE2F27B86F197F7844C8590845355FF Malicious: false Reputation: low Preview: /* ======..elastic search..======*/..if ($('[data-search-results-module-name]').length > 0) var elasticSearch = (function () {.. var defaultValues = {.. ActiveFacetID: 0,.. Distance: 50,.. RadiusUnitType: 2,.. RecordsPerPage: 20,.. CurrentPage: 1,.. TotalPages: 0,.. Keywords: '',.. Lo cation: '',.. Latitude: null,.. Longitude: null,.. ShowRadius: false,.. FacetTerm: '',.. FacetType: null,.. SearchResultsModuleName: null,.. SearchFiltersModuleName: null,.. SortCriteria: 0,.. SortDirection: 1,.. SearchType: 1,.. CategoryFacetTerm: null,.. CategoryFacetType: null,.. LocationFacetTerm: null,.. LocationFacetType: null,.. KeywordType: null,.. LocationType: null,.. LocationPath: null,.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-linkedin[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 854 Entropy (8bit): 5.031816179161669 Encrypted: false MD5: DF2679AC0A69455DC05438AAFB609297 SHA1: ECDF1DFD79131D25FAE27789B16F55FD549B4089 SHA-256: 892DAFE751619C050F33DCD11BA3C996194FCCC060ECC3AE4574C7A8C1FB0466 SHA-512: 1928401898EC08DFBA346E36BDE942FEAEC93B5060392C03988F219852AB3B8C9DB6E3601223C92A95C9D0CA29C338CE8FC9901E6B05C1C26F95D5BF8B959D17 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-twitter[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 25 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-twitter[1].svg File Type: SVG Scalable Vector Graphics image Size (bytes): 976 Entropy (8bit): 4.865086615336723 Encrypted: false MD5: 3A58E0150D1D2343074EBD2AD334FFAE SHA1: C524B29C5C8E62A5F194329F905E65E6CD0FDBD3 SHA-256: 875EB62F606F0033F670C39FE65EA5A48FCCA8BA2715CEAD21453D2282916348 SHA-512: 1614969D9A77DF6753B2A710A890C8F0C2FFC6BD6A8A233D6B0E4FB3561F249C51F6505B723DD7ADBB8DD2668F252715D4226575E9D0B5FBD3BB7977FAF0CC88 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 44 Entropy (8bit): 2.8317663774021287 Encrypted: false MD5: B798F4CE7359FD815DF4BDF76503B295 SHA1: F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5 SHA-256: 10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA SHA-512: 921944DC10FBFB6224D69F0B3AC050F4790310FD1BCAC3B87C96512AD5ED9A268824F3F5180563D372642071B4704C979D209BAF40BC0B1C9A714769ABA7DFC7 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... D..;.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\uri[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Size (bytes): 48227 Entropy (8bit): 5.470670127697724 Encrypted: false MD5: 203E0BBE14600276C28AE0506A4E78C6 SHA1: 9DDF8A6AF98E271F7228FCB47ADB95D5E26E3DCA SHA-256: 9611BAA741F2FB5F40534054394E5A0998594A2C297ACA544FDBF80C271132A5 SHA-512: DF7CB950E24E87E8556368A102F021ADEB7BB7CE0192C802D39A220691558C34117556B34AC4578ADBC4EB02466E23D18E51ABACCCF0E4425FB8B57245FB3718 Malicious: false Reputation: low Preview: ./*! URI.js v1.19.2 http://medialize.github.io/URI.js/ */../* build contains: IPv6.js, punycode.js, SecondLevelDomains.js, URI.js, URITemplate.js */../*.. URI.js - Mutating URLs.. IPv6 Support.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/ licenses/mit-license.... https://mths.be/punycode v1.4.0 by @mathias URI.js - Mutating URLs.. Second Level Domain (SLD) Support.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/licenses/mit-license.... URI.js - Mutating URLs.... Version: 1.1 9.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/licenses/mit-license.... URI.js - Mutating URLs.. URI Template Support - http://tools.ietf.org/html/rfc6570.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/U
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wp-embed.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 1403 Entropy (8bit): 5.206464052430262 Encrypted: false MD5: 2DCE40D16F9FF6332D3CBB7AE488A2B9 SHA1: 0A8ECA5975F21A9F1BC079D111CA1657009DBE8F SHA-256: 2152557CAC69E2BD7D6DEBEF5037A9F554F9209CC305B8141B3329ACB10C42B7 SHA-512: 8C5CAFBC2CE3705735FF1131AB34C2AEF7AA50BF25BA13F0A29C07713561B0E6522C93596C8047EC332E7FA98565A9DE56CF040632149B255B58D0BBC43FBA7 B Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 26 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wp-embed.min[1].js Preview: !function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf("MSIE 10"),h=!!navigator.userAgent.match(/Trident.*rv:11\./),i=b.quer ySelectorAll("iframe.wp-embedded-content");for(c=0;cC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\xandr.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with LF, NEL line terminators Size (bytes): 164291 Entropy (8bit): 5.448747429668633 Encrypted: false MD5: C66981A44C8F0ADFF0CA8B403C829314 SHA1: CCA54F820633AA7B3102A658B0C2A81CB139BB99 SHA-256: 33422BBC50A744AE14EEDEFD9766589B269193399A9C37940D47AE8187F87A08 SHA-512: BE7683A00CB93DA3671587C680426E0B30526E932BFFFC7D6E06F162EAB3307D441994AAF78585C150C911E24E705792D5D8B48E07A7652EB549CC78FF2D97BD Malicious: false Reputation: low Preview: !function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n. o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag, {value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null ,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.ha sOwnProperty.call(t,e)},n.p="",n(n.s=0)}({"./js/Components/Bio.js":./*!******************************!*\. !*** ./js/Components/Bi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\CI0RB4MP.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE Malicious: false Reputation: low Preview: ....
.. .. .. .. .. .. .. .. .. .. .. ...... .. .. .. .. .q...Jt..+..<.\.b....#.D.17....{..Xz.*.o.}.0...>..6..n...]F..d.....!.)..\ob....3x.f.7... ..+.]j.d..m..z.p.r.N.*...2/+.x.].+T...(..uj..'gp.xv.4&...N.,.10l.'.&....^">...(*...%xX...... z!..Y...Z6.`.....h..0..=.JCG.8mv..T.;u....G..v.^Be...A^o...... a...... 0...... C.#...<.z..0P./.+...... 2!..... Q...n...vn\.*J.7.I...88.kPQ..0.q..OgE.j...Z...Yx..UV.s...... }..E.i.-Td ..*...X.Fv..z..yt....F..2D...B.s...eC..sN...svl....A..&$.k....i.?^m,.b...... "j%q..}.R...... )Tz...F=ZxF.c.v.m.)-w.4... V...=...Zs.7Q.7l.,.<...=.^s2....3..G....Y;...... u.>.z..n....F.....O...r.6.wZ.....S[.6<#../G.(m...4.}y.hKL~.g..Xr\....~w..a.X1.d.jVg1.%.....W.D.z..a.g...+.$|..N....-..y.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DataLivingLabs1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3
Copyright Joe Security LLC 2020 Page 27 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DataLivingLabs1R[1].jpg Size (bytes): 17757 Entropy (8bit): 7.971408702631118 Encrypted: false MD5: CC9E8F3236F16E3D89CDA1E7E096342B SHA1: 9F4C01D6910EC3EE3115E1A3D0DB679D82E7D0EE SHA-256: 7127C04112C79FA9540EC5AB6AAD08CB431AD882413F5CFC6DFD2F280E595C4E SHA-512: 067C24151B0AE14296A082191BCC387619A71D1369656A55CD3555D263B365B009C8E0C1595D1A3FA05A7E1C812D86B83391C43333CA3E2CC11A45E8EB421F58 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... Z...."...... v.p..[+..m.UN.....n.....9\.+..9...iN...p..|.<$N.....i....4.><).a.s..r..E.G^...... k%L...cm.Df3z..fB:]7..Y...r..s..}.6%_/.&..oS...ff.V.v-B..V.H:Y.Y...r.\..:I.{..!R.....0....y..Z.e[x...... W*.U.._/.G9.Q...... }.~....Lx.x.T..j.D4..r.\...UUW=.s.)N.d...j.^.~m.JUz.\.9W..s..p.+zrU...G.g..F.ao.].....:.{NW;..r...... U..kQ.j...G .^_....gy.\...g.\.*.U..W=\..R.~jtiS....+4.D...... 6ui.M5r.U..UUs..9.-B.1Z....t.34..df....oD...v.a.j{...+..z.ds.C...|7SZ..?O;n.bn.Hx....F....r.."U_*..s....os...... fj.Q.L...... s....B.. j.z....9^./...... ]..@x.|g0.|...G..|.^...`.{..#..s...:7.>t ....ks.qb.J...q]..$...L.14...s..s..9..q.-....>.....k.3iX..q:>.M...j.N@{...9.W9.W=UW.h..|.m..P_..)5Eo.H...&..lI..X<.=.s..9.U..}....k....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\GalanoGrotesque-Light[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 43128, version 0.0 Size (bytes): 43128 Entropy (8bit): 7.9910517463371615 Encrypted: true MD5: 8CB27F62CDA9A2708CF00135D9E75ED0 SHA1: BD1BCBA0F911B9B633FEE407E00709D63E4ABC78 SHA-256: B2EE00D068EF4400CE951FEE4281AD9B344FF9FBF7AEF7EC6DBCBC0E1C3F51B8 SHA-512: E487D22478E052636BF1D46C82984324BCF124C832BC81D5B83A2E2187EC15949003EC01D30EE26AE0E9797B528A0F9C85A73D4121EE2853E6548C80791314FC Malicious: false Reputation: low Preview: wOFF...... x...... g...... X...... GDEF...... ?...D.9.$GPOS...... GSUB...... s....y092OS/2...... O...`j..Vcmap...$...I...T...cvt ...... 4...j..*Rfpgm...... <....vd~xgasp...... glyf...t..w[...... head...... 4...6.i..hhea...p...!...$.6..hmtx...... 0..hNloca...... 7...maxp...... name...0...... k2..post...... x..8.prep...H...... F.."...... V...... ".3...... x.c`d``.b...D..m.2p3...0\_...J/....e>...... $..r).vx.c`f.`...... U.|...8`g@....~...... 3...3.W``...c|.4.H)00....V.x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH....rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6.. .q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``..o..r....,..."...... x..IhTY...s.C.....U&jR...... @%8.`[email protected] _D.qBq.(jTDQ..FP..]8u/.A.V...... 7..VhJ.4..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\HPMedia1Addressable[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 20705 Entropy (8bit): 7.971827202271415 Encrypted: false MD5: E718FC3A2CD5F35F278B682E90C8D54B SHA1: 8F0CBB6B4396B639E0341961C16BC150769E4CC6 SHA-256: CCD866A74A4B805080602C40C825F30C759CA1A7FD23E3477DB217BC1D6A5659 SHA-512: A2F078DE62EA1EBA644D1F12FE30B992169F2669DBE6EA7A308667E823A941EA022253199E6759328A398C5D7DD868C140BDF3D17EEA4925345A50B9C0F975F4 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... Z...."...... y...d.%...(&...... M.0.j..U.!..'H..8.D.s..S|[email protected] .).R..O9.y.i)...Y...P.R&...... ^.*I.<{...Qc..Q..}.O..%..6...~.XI.U$J..D.....n.W.....W.g.d..ZF!...6in.=.mr.....|=. <..E.m\.H.H q....h.O.k.&-..>.vr...... *..qZ..O(...T.:;.[....Q.ny|...h.WP...p.fo....(v...... "D.M...Yx..:[email protected] ."Au....).IB.^.Xx)....f.|..t...... L.\..R.p...p..E@/...t'.T.....oV.j.`..N.C.? U1x...... V.....g..q.#.r...2..^..S.....z...... E....t.s.un.....1..*P....:/.o.....^.)R./....Zl.{%[..UE.b....R.@@3.n.....(w.w.UNc.E.2..1M35.zs.J^R.._.Tj....;.`X3j...M4.DM2..Ea^...P.T_....;.7 ...... A.f..E..I..M2d>...x.2r....L`(..{.5.;:..e=;g...D.E.QA.PI.).B...Z.^u....?.}...... $J..*I..[.ih..M$.I.QA.."..m...N....\.....Q.v...Y.W}...... i..I".f.H."JA.uQ...... ^
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 25419 Entropy (8bit): 7.980672901327252 Encrypted: false MD5: 44DF010D06E4865B5DB767B34218996A SHA1: 954689F05CAD81E4D807FC53455E6512C3BFD2DD SHA-256: 611BBDD7204B122AF193B9F1CC65A4E888AF0578B5219DD38EFDDCDF3A243B6C SHA-512: A19167E5EF9D88546163861094B9DD98FE7B5B85F767A94B358F012358929AFF11DC3DD0579529B2311715DBAF28AFF2E375812D1881CDCD6412880E0EEA55FF Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 28 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital1R[1].jpg Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... Z...."...... v.i....d....H/..6G..K5..P.....^.||...c8....s.3Q.f....JOg...... }.M.{!h.Z....I$Yt].._Z...XJ...... 1.].S....x..Q.w..F.?;..X..b{.m.?..:.3Ld...... -....EUPv.._n...... e..d...... i..).3.b ...WBn..8.$y[.p./[email protected] :.`v..#.f.....qq.s./.....n.o.w...>..uc..'/5)1+#.q.9.....9.*.z6^C...... C...3.v..V....se...<..s...... $iJ.).(Ci.....ZO.YR?j...(=..>0=.~k.....f...... y:...Z._G...Z .3..>..O:y.R[w.O.t..O....p../XI....C.f.N[.8h.di..}....#n&..-.b..v.K.s}.zz.{...mQ.x|s=..G0..j.rk.<..5..k.(...s...mk...... e.b...cM..TH.v7..fV[-.,.< I...... X...n.Hj.)G.3s.....R.G...)..'..u.v2U "..%...Mi...B2.o...f=.9.0.[y&.|..c;t..v.%..+q.:..9Y.ci.bB...[.b...... $..@../....Kgq.}D.z...!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital2T[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 633x346, frames 3 Size (bytes): 19380 Entropy (8bit): 7.960844095868054 Encrypted: false MD5: EB15DEE64295B534DF6F098485F3E11A SHA1: 65AA2269FB62A16E109D069D56985C4737E97BB0 SHA-256: 15657545B321BCD0FB2E04D6C943851AB18AA64F8169FB3F7917B81AF1098CD1 SHA-512: 6F341E6E092FC2A8A640343F20F16CEA289DDEBD667C31E7FF44B0B097CAC7C098680499DAAA33EC54B4C39208AD9B0C3F323F514FCF151095299687DF06D6E4 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... Z.y.."...... Q....rG.e....AS..Y_..*68*.J.HY>.U...... F..v..^/.-.PT..D.F..WV.n...d.l..n'.fg7V.Zt.B....:..V.,v.z...l}...WD.W..J...(.Zg...... 6...GB.x...... S..IV;..j.z.$..<..\&..w.^]S7 ;.CI*.S.)kV..>}..>}.K.w..?Ftu.^.y..s ...... v:U.<..}vR...y>.?_G....O...a..5z.g../?..bKb....[..;<&_...... ;s....z. g..w{..b..!.ei..n..5a.y.^Z....U.~U.KR.Q.[...{..n..jo.....r.x6ct.lg.....H...xwW...... `.W.s....{...>..N.....(...... };.:KV. 7.|...-(....{>.q...... E..q2.g.).....>..-..0..llv...v.CD.U....j.d.;..<..I..Qij..*I....'.c{...M....*.H.f....[.Ar.I...C..6 .$.i..b.T.\.....8.....[.Z...... wd....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaTelevision1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 16656 Entropy (8bit): 7.967483531274869 Encrypted: false MD5: D789BF1EA73A52CF55B1E6120749B6DB SHA1: 21FB765070EDF59C03C963FCCDDAD0033BF0AAF6 SHA-256: 6AD16AFE47D95DCB1912C20618F2DABE7651DB00323091F7B19977F96C4AEC34 SHA-512: F9EC061573D8F0331872F64019FCF04EF931743E1F9152BB412390D1A0413B04999EBA5E7C10FB6DB0B3A4FB09C3EEAF04282110B10AF06F9E6A3D03754826B3 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... Z...."...... B.....{Hs+..J.z...;c3<...@...... 2.sYB.C...7B.&..}D 1Y..6...4f<(..O..ma.1..q.EZ..l6.3.....s.u...... o(.o...... b...Gt/.....us..q)[S=..(.o.42..Q.Cx...>}....:.0..gpX...%...o).={~h. 9.....`.X!.8H..GB...9v.,WZ~....a.....#....]elN'[email protected] ^..V.....+..p.x+.._...u.....b...?.t.r"...... O)..Q.4V`.HKJ..d.\.vr...%.O..B...0...~./...-h43CY.q.}A..=0pV.L..+...... QW>...... ;....b ..:..M..<..1\..~.x.u..?q..H`[email protected] *....foAr.K...lh...il.mT !.p.q.!.;..t$..U.+m.Fg....e...... z.....?..B...... z?M1....0b.."..nJ.*.z..._(....y.D..}.X ....a...... D...... g);f.e..u.....e{.N{..H..X(.aq.a...... Q.."T.7..E.&.+w.K.v..)..+....@.}[\ .a18a...... f.KM.....Y.C../=Q.L..."_G..+.\...... a.7.}+...hP....E.m..u...&.. ..S..]...g.h...... &.hjRl...../L.....Ld
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\NewErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 1612 Entropy (8bit): 4.869554560514657 Encrypted: false MD5: DFEABDE84792228093A5A270352395B6 SHA1: E41258C9576721025926326F76063C2305586F76 SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284F D Malicious: false Reputation: low Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #00 0000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt; ..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Xandr-Carousel-fix-4[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1186 x 810, 8-bit colormap, non-interlaced Size (bytes): 167680 Entropy (8bit): 7.985909107242363 Copyright Joe Security LLC 2020 Page 29 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Xandr-Carousel-fix-4[1].png Encrypted: false MD5: B02CAB246DB4EDEBD5663FED2131BD27 SHA1: FC5BF36C15146BAAD3497F086657D5D4C0FDD320 SHA-256: 538953E8C7D13E2337E7873CD252D49BDF6127C68E3FE8C72749462E78655800 SHA-512: 192D45FE29F88F5FA5B5E0867FB791E3C926E32BF742AFD07CB12A3FF2637762F872614545BA72B8D3411FE7686DCA52B6C10E4D063493E79AA6F8AA6B72A468 Malicious: false Reputation: low Preview: .PNG...... IHDR...... *...... sRGB...... PLTE!.....!."! .#..!. !!.!..$.."..&.."#.!.$$'., .#.").!&. ...! &'..# !#!( .$.#!!)%)....#%.(.)&.%,.!#.&&+.!%@!"/0."1G.1 .!)Y!!+4 .e%.!"4!-f!%"n'. ($#7!.!$=%"!!'#>d (0.5.#!.q!*$!#:0C.-=.!"7"'P*&$H".. .3K.,:.*5.!-m`%.* .:!.!&G!-&)3.[$."(U!'K/@.;).V#.@".<` Q#.!-jE".9X i&.L".(..!"1!9-=".H-.!,c:\ !!-+7."*]!%DA+....6'.?h ,$.!+`!S;- .1!. 6R ...=6.).-![?1.6!6+!gE5O.1%.5.=-('7U !_A!cC@k#;.&!W=!G4An"0+&!D2A91!mH3.)s'.:2,!K6:.E...70*!@0A.'!O8!jG!pJ!/'!=/B!.P0 ! (!1(...D<3%-t!3)G>50("KA7H.)...... ?.L ..*$.+<."OE9Cr#X3 _5!f8 n< \.x5*"% 0%!$SH;'%H8-'ABp$' 6b..))i(,zXL>%"<>Ew"...D.SmG 0*.jhhl\I...... GEE; ....rbM$fA5#k][\O.(T90 536.#YQOP9.X...?:.}eOmX 32._D b?2Q?....TP..[EE3-/.I...AE..}~aT |Q>urs..-z]H>1....oQ?nE5FN.&('@C[*5&op.XZo1H&m.l5P$Q.halO...}....tRNS......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 45229 Entropy (8bit): 5.520614975842175 Encrypted: false MD5: AF5C617D36E28D19710B882A6824E213 SHA1: 39A22DC66EE4D211631F701D349BD3EB7EE20824 SHA-256: EAF1B128B927AC2868755CB7366D35554255C8AF362235AFE270F9614F8C806D SHA-512: 3A4325C38AAF546235FC7802956AC5D3FF0C0FBD4959BAA93B249EF9812FCF43029FEC8A8F9BB2C006E94C3532E36FDD5F432FD94BC23F33EBC52E603D88F3A F Malicious: false Reputation: low Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self,n=function(a,b){a=a.split(".");var c=m;a[0]in c||"undefin ed"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var p= function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},q=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var r=window,t=document,u=function(a ,b){t.addEventListener?t.addEventListener(a,b,!1):t.attachEvent&&t.attachEvent("on"+a,b)};var v=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var w={},x=function(){w .TAGGING=w.TAGGING||[];w.TAGGING[1]=!0};var y=/:[0-9]+$/,A=function(a,b){b&&(b=String(b).toLowerCase());if("protocol"===b||"port"===b)a.protocol=z(a.protocol)|| z(r.location.protocol);"port"===b?a.port=String(Number(a.hostname?a.port:r.location.port)||("http"==a.protocol?80:"https"==a.protocol?443:"")):"host"===b&&(a.ho
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\appnexus[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 8372 Entropy (8bit): 5.267589486507733 Encrypted: false MD5: 569D22E93C583092D99E94BF86AC2758 SHA1: BCE875A2B976C7EF71049B110FF39F0FBCF4CB18 SHA-256: F812581FDC45AF5C663831B50C0C20465677B0C77F43B68ECAC22D459A98A299 SHA-512: F5DA5C57494793C54B1EB4E63726F25B55A04B6016F8AED6702AC3DDA5230C203DE2F8B0823D8D871A6DDDEC8F14680750663F16F457D5DE62185CE115791CE8 Malicious: false Reputation: low Preview: //AppNexus.!function(e){var t={};function i(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=e,i.c=t,i .d=function(e,t,n){i.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProp erty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&& e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)i.d(n,r,fun ction(t){return e[t]}.bind(null,r));return n},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="./",i(i.s=29)}([,,,,,function(e,t,i){"use strict";t.__esModule=!0;var n=i(6),r=function(){
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\career-areas-bg-l-v2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1050 x 1058, 8-bit colormap, non-interlaced Size (bytes): 364676 Entropy (8bit): 7.966625301893772 Encrypted: false MD5: 2C06047B75E9B18F4255D8D32EE421D0 SHA1: 01C876B8F76B53F705309D30305DF7D9772E9A4B SHA-256: 7773909D8F3BC5D37E5FD79F9736C4E811E0B3A7D17860AC5D61E601EBF0AA61 SHA-512: E167E60A6CC9726E1FD82312CB30AB775F61CA3DA0AE9B79638A243855315157C3DA4C258B8F1B32245A11517248602BD121C6D40F01D3586E25A819CDAFDBD0 Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 30 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\career-areas-bg-l-v2[1].png Preview: .PNG...... IHDR...... ".....2+n.....PLTE...... 0,/9Y....{y....+'2....;28....%+,'%...1*(...,*+...... 6:6-*)25..%:@B....&+6BE.. ...(%)#"&:1..../[email protected] . (2...mF=@3/[email protected] :....uK@F3:.....W72.VG...... N51...$7G@/6...G/-*""...Ak.Iq.=,*O<5`:4...W>8...\C;...... 7*/2GY.....)=M...... 19E...dQ.[L...... 5L`>75..r.....{HIL...... F`x... :Rh.t\...cT}]O..rkOE..z.lV}[email protected] ?E<:@[email protected] ..}d+AU...... zi.....raMi.{QGkXR9^.8#$tC8MB>...... -^...... Rx...... j...TEB...... Xn.2V.h..t_Y..\JFM8?p ..Vt...... ^|...... jlytgd]..`.....C('cPL...... yon83?...y...... dio...... xw...... i_^...7Szto..y.&..aWW...u..j..py....Q/+....qc.OAT[a[bi...#U...... ib.YH.to.....z...... J...y...... fRTMQ.~mKSX...[ _{ry.....x...... GGa..?FT.`aPTo.....0...&Fo...>z..T...... tRNS..!.xzzA|..@].2R.....%IDATx..MHtU..+.(b.".Oi...... f4..,.)..A...7ZXV.&.B..)f.Da.hS-.+...D!.c.;f.....\..].....[....{.s...... ^p. ?.EW]u..ywW.{.z..{?*.&.}}}.d.....x..[
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\detm-container-hdr[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Size (bytes): 94681 Entropy (8bit): 5.371581315280141 Encrypted: false MD5: 668F4477A2C0A48F513A23B8A8D4866E SHA1: C9B891F00EF23AF4FC6BD76478A06288B87D73B8 SHA-256: C7D1C739FE8829FD17557B2E854A80573544092FC6422B657C3C48E44443ECE3 SHA-512: EDFE07458A71968463DFDBF43BA9941BD5D89DAC84CAC4B9C2C8AD60F1E78B102AE8E74A5260002A01DF849E53016A7BAA7AD8024D07E611AD11DE3F0E861C 0E Malicious: false Reputation: low Preview: /* detm-container-hdr 1320 prod */..detmScriptLoader.component={UNKNOWN:{ordinal:0},GOLDENEYE:{ordinal:1,launch:"static",restrictions:"target",forceasync:"golde neye"},ADOBETARGET:{ordinal:2,launch:"static",restrictions:"target",forceasync:"adobetarget"},VIPR:{ordinal:3,launch:"dynamic"},QUANTUM:{ordinal:4,launch:"dynam ic"},UC:{ordinal:5,launch:"dynamic",legacy:!1},DATAMANAGER:{ordinal:6,launch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},DATADEFINITION:{ordinal:7,lau nch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},SATELLITELIB:{ordinal:8,launch:"dynamic",trigger:"script.dataset.trigger.dtm",satellite:!0},DETM_ATOM:{ordinal:9 ,launch:"dynamic",trigger:"script.dataset.trigger.dtm",satellite:!1,legacy:!0},DETM_ADOBE:{ordinal:10,launch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},THIRD_P ARTY:{ordinal:11,launch:"dynamic"},ENGAGE:{ordinal:12,launch:"dynamic"}};var mid=window.location.href.match("[&|?]mid=([^&]*)")||"",adobe_mc=window.location.hre f.match("[&|?]adobe_
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dnserror[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 2997 Entropy (8bit): 4.4885437940628465 Encrypted: false MD5: 2DC61EB461DA1436F5D22BCE51425660 SHA1: E1B79BCAB0F073868079D807FAEC669596DC46C1 SHA-256: ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 SHA-512: A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493 AC6D Malicious: false Reputation: low Preview: .....
.. .. .. Can’t reach this page .. .. .. .... .. ..
Can’t reach this page
..
..
.. Make sure the web address is correct .. Search for this site on Bing .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\down[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced Size (bytes): 748 Entropy (8bit): 7.249606135668305 Encrypted: false MD5: C4F558C4C8B56858F15C09037CD6625A SHA1: EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 SHA-256: 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 SHA-512: D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 Malicious: false Reputation: low Preview: .PNG...... IHDR...... ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U...... W..W.!Y.#Z.$\.']...LpX=f.M...H4...... =...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV ...h..Z._.:<.Y_jG...vN^.<>[email protected] ....?...1D.m~)s8..&....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bConsumerVisitor_DIR[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Copyright Joe Security LLC 2020 Page 31 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bConsumerVisitor_DIR[1].js Size (bytes): 5439 Entropy (8bit): 5.291450421778226 Encrypted: false MD5: BCD7271BAB3A8C564239D190C0F98FAE SHA1: D4FDD2A99DA4E7F98FC82175038F18A9FA1B9F01 SHA-256: BFB20BE8040CA57C3C9593FB11D0CA150D0A9F274F8E3B51B948EC86A2FEE9C9 SHA-512: B524764ED60CD5118CE226FB266B1E54F4B131B3596721D4B47B96E408F2A822A990B6851FCC3F2E305E2849B71866CC190C6C5C39D28732C0BABFC6ABDA531D Malicious: false Reputation: low Preview: //Rule: eComm_bConsumerVisitor_DIR.//ATTUID: mk667s.//Version: 1.0 12/23/2019..//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=START comScore-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=-=.if (window.location.href.indexOf("directv.com") > -1) {..var comScore = new Image(1, 1);..comScore.src = "https://sb.scorecardresearch.com/p? c1=2&c2=14617392&cv=2.0&cj=1";.}.//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=END comScore-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=.//-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=START DCM-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=.if (ddo.getVar("_pageLocation.host") === "www.att.com" || ddo.getVar("_pageLoca tion.host") === "m.att.com" || ddo.getVar("_pageLocation.host") === "www.directv.com" || ddo.getVar("_pageLocation.host") === "mobile.directv.com" || ddo.getVar ("_pageLocation.host") === "www.atttvnow.com") {..if (window.location.href.indexOf("?") > -1) {...var url = window.location.href.substring(0, window.location.href.indexOf ("?")).replace("#", "hash");..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bXandrHome_RT[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 343 Entropy (8bit): 5.273794040673041 Encrypted: false MD5: 6FB2333D0CF373FA97C9B17A3C97FA19 SHA1: D90F81161B26DD77F2CFB28A203A18156843D526 SHA-256: C73304C8346E10C2D2D0967DA7CD78E39F0576DE1B748650473D6A4F42947919 SHA-512: C8F35BC6B334ED7E7797F44A353407B819D490BD72D7E03125E48A66DBA11E123C9CB922D0206DE900759FB56D5AA56C72FA31B75660E0ADFE2670CEEFB4A21 C Malicious: false Reputation: low Preview: //Rule: eComm_bXandrHome_RT.//ATTUID: mk667s.//Version: 1.0 12/23/2019..gtag('event', 'conversion', {. 'allow_custom_scripts': true,. 'u19': window.locati on.href.replace("#", ""),. 'u20': ddo.getVar("user.uuid").replace("=", ""),. 'u30': visitor.getMarketingCloudVisitorID(),. 'send_to': 'DC-6100125/ecomm0/ecomm01- +unique'.});.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\errorPageStrings[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 4720 Entropy (8bit): 5.164796203267696 Encrypted: false MD5: D65EC06F21C379C87040B83CC1ABAC6B SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E Malicious: false Reputation: low Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts ";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet conn ection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website \u2019s security certificate.";..var L_CertExpired_TEXT = "The website \u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the web site you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\facebook[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 121097 Entropy (8bit): 5.387336411748081 Encrypted: false MD5: A34804625359275C56F88360358C04C6 SHA1: 290153BBCE1C04D9A81956621D7121E17BB985F5 SHA-256: 8F2BD0A17EB55B38E352473212FA4E8B189B30EADFF241548F19C071807BB9C5 SHA-512: 9C6ED0A8CF0938BBDB87747AC50DA3A8B4F36B7E6678D28940EDDDBE9885B2684E4085937699DCCD5147711C6777F755973540B455CD993D2769CBFC20E4BD30 Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 32 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\facebook[1].js Preview: //Facebook.fbq.version="2.9.15",fbq._releaseSegment="stable",fbq.pendingConfigs=["global_config"],function(a,b,c,d){var e={exports:{}};e.exports,function(){var f=a.fbq;if (f.execStart=a.performance&&a.performance.now&&a.performance.now(),function(){var b=a.postMessage||function(){};return!!f||(b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*"),"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page"),!1)}()){var g="function"==typeof Symbol&&"symbol"==typeof("function"==typeof Symbol?Symbol.iterator:"@@iterator")?function(a){return typeof a}:func tion(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==("function"==typeof Symbol?Symbol.prototype:"@@prototype")?"symbol":typeof a} ,h=function(){function a(a,b){for(var c=0;cC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\favicon -32x32[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Size (bytes): 1922 Entropy (8bit): 7.030386591170482 Encrypted: false MD5: 9B5C1F432C84D016469F4A7BE4E1D63B SHA1: 2EEE4A568124BE516A682C72395D2FEE11A811EB SHA-256: 049C15B62C151AF9F42AFCC84A5EA3F4F76574DBFB59F1865B6DC94FC1479699 SHA-512: B0829A638C8FE9899CFE71317C64099348DF8B4749DBFBBB9611AF1147B1A7D28EF97023F3FDBF9017B9DCE6CAF363F62BA12BD2E20ED9910E5B007406920B3D Malicious: false Reputation: low Preview: .PNG...... IHDR...... D...... gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....PLTE....22....PG...... kZ.//...... NE.WN.rc...... VG.pa..~.22.22.22.22...... 33.22.12.QG.P G...... 33.22.12.UJ.PG.PG...... 22.. .PG.PG.PG...... 44.22.01.RH.PG.PG...... 22.22..o.PG.PG.PG...... 88.22.-/.QG.PG.PG...... 22.22.22.^Q.PG.PG...... KN.22.!&.PG.PG...... 33.22.11.UJ.PG.PG...... 22.PG.PG.PG...... 55.22.01.RH.PG...... 22.PG.PG.PG...... QU..#.PG.PG.PG.PG...... NE. NE.NE.WN.XO.XO.XN.XN.rc.rc.rc...... pa.pa.pa.pa.pa..~.pa.pa.pa.MD.....~....n_.pa.pa.pa..~.pa.pa.pa.F>.....~.k\.pa.pa.....~....pa.pa.pa.3-..~..~.bS.pa.pa.OF.....~....o`.pa .....~..~.9*.pa.pa.LD.....~....n_.pa.pa.....~....pa.pa.G?.....~.l].pa.OF.....~.o`.pa..~..~..~..~.22.PG....pa..~...... '....tRNS...... bpo.....).Q..@.?..r...X...p.%n...&.%#..%..wq ....9...)...8..;..Q.P..R...B...Q.V...4.4..m...^.l."s...... !...}^..?...*..*..9>..%$#$#$..%$..*...^
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\forms2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 173382 Entropy (8bit): 5.390723941238421 Encrypted: false MD5: E3CF2B4F4A8841E05ADF4AB9F9BF373F SHA1: 4E73F56D93E5A6F0ED1930AA057C83BC9AE4ED93 SHA-256: F6E7E0830124EA580B3F0DE0DA80BA48A45D9DF9D7C092AF0F47C63ED0692578 SHA-512: D3423E6212DD0C8173A7284F5C5C51442F2EC12BDCE17687BD5F9ADEAB7062E27B066B6504174FCF0B7917D2B9828E42AB895B9E32CDCA720CE6A5200D4C5CE 7 Malicious: false Reputation: low Preview: /*! forms2 2019-12-04 See forms2.js for license info */.!function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if (f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1] [a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;ge;)b=a.charCodeAt(e++),b>=55296&&56319>=b&&f>e?(c=a.charCodeAt(e++),56320==(64512&c)?d.push(((1023&b)<<10)+(1023& c)+65536):(d.push(b),e--)):d.push(b);return d}function i(a){return f(a,function(a){var b="";return a>65535&&(a-=65536,b+=K(a>>>10&1023|55296),a=56320|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\gtm[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 178644 Entropy (8bit): 5.527714334315055 Encrypted: false MD5: 63AE6156EFB7DC566DDF9F8E485AF32E SHA1: 9F830B3912085F4BBCE099D1B3C9565112EFA3B7 SHA-256: B546573B6A0E24ABA73BEF1223BA34597C6FB5639645B11D1349FD5842658A46 SHA-512: 138B5E6F0869780F9A029C791C7A36062481E132DE3EEECD068BADD52D6AF871DA9B519BA893DF033A1EC3111241D85095FCFCD42C8DF8275E64281445472868 Malicious: false Reputation: low Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"35",. . "macros":[{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__e". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"gtm.elementUrl",. "vtp_dataLa yerVersion":1. },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"gtm.triggers",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":true,. "vtp_defaultValue":"". },{. "function":"__v",. " vtp_name":"gtm.elementId",. "vtp_dataLayerVersion":1. },{. "function":"__r". },{. "functi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 33 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 12105 Entropy (8bit): 5.451485481468043 Encrypted: false MD5: 9234071287E637F85D721463C488704C SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 Malicious: false Reputation: low Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.su bstring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var pound Index = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild( bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-filter-funnel-white[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 22 x 23, 8-bit colormap, non-interlaced Size (bytes): 280 Entropy (8bit): 5.592961831042693 Encrypted: false MD5: 88A6BE78616403180B091CAE792694ED SHA1: 63EF85E9C66C10DC147EC7DBCA338A8524B6C743 SHA-256: 7090DA22B2B214AEA35FCCE8C3B06EF9A165FDDC3522AAA0D9F9B487D8874DAC SHA-512: 51EE402B9F23C200E582687E947AF83CACE83028C60A79774AD0078D952FD1F9C8324CB0624CBA145ABAD546F5D8362433783CB7DE79A8A2C7638167108DBD28 Malicious: false Reputation: low Preview: .PNG...... IHDR...... 86O....HPLTE...... xx.....tRNS...... D#..uVL:3,....c_.....hIDAT(...... 0....,..(.LA..0(.....X`.E...... S.o.....z...ud 5.s...^.U.dN..8..^;..-..M...O...NY=<..H.~].k.....e:.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-plus-white[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 4-bit colormap, non-interlaced Size (bytes): 180 Entropy (8bit): 5.368902090705298 Encrypted: false MD5: 2E8F7CDAB50455E262BE74ED57C76810 SHA1: 6D0AF660AF0D568C6AD02024B83C257206EE54EC SHA-256: 8503F3AE43820ED32B11B74A668DD9E21BA1EB7AE7B9D372EB4A0A89E62BD83D SHA-512: C25E0A9F8377DB4BCB32E51C62478681385E0A4E06175A57A86B1C376C680E12A0DA05FD0634C7B65C6BEA856C6B428C087D2CAE2194F5A8963A991F527912F5 Malicious: false Reputation: low Preview: .PNG...... IHDR...... y....PLTE...... $|...... tRNS."....<..fN_....C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-video-button[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced Size (bytes): 3076 Entropy (8bit): 7.614528773862859 Encrypted: false MD5: 82AAF84099B64830409B6CEA53FC1DB5 SHA1: 21D5D3BD110292A6EF72609908F563B74215832E SHA-256: 1D6B6DA15142BA2717D4D728931AF79D3E06A8BD3CC0C4C2E14D6F7F5C5783D0 SHA-512: 331D21DA727A69096B56134673AA2C63F5749E8200DD64B6B329169A88060F67F19676F7A6FD3C90995EE2E5F5E7C14045DF450350D60D8616E4F5E432C3E741 Malicious: false Reputation: low Preview: .PNG...... IHDR...f...f.....9..b....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp..... BM0...."IDATx..]ilTU.>@.....bAPvA
Copyright Joe Security LLC 2020 Page 34 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-migrate.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 10056 Entropy (8bit): 5.308628526814024 Encrypted: false MD5: 7121994EEC5320FBE6586463BF9651C2 SHA1: 90532AFF6D4121954254CDF04994D834F7EC169B SHA-256: 48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D SHA-512: B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562CC34FE219F71F951D364FA5C68C039B76776CD Malicious: false Reputation: low Preview: /*! jQuery Migrate v1.4.1 | (c) jQuery Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function( a,b,c){function d(c){var d=b.console;f[c]||(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.tra ce()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a) {d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={}, a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a(" ",{size:1}).attr("size")&&a.attr Fn,h=a.att
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\lineto-akkurat-light[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT Light family Size (bytes): 30770 Entropy (8bit): 7.965094625466987 Encrypted: false MD5: 8FD1F76D6F9C2CAC461F629CCA0A5835 SHA1: 70933F561AA5E368B800F5791D94E380C451744E SHA-256: 07B5C176F243C38873EF7A329B87082AF529D8B758F87D174B5CE0248E00BA8B SHA-512: 37B97F4BEF57EE309FC2A646EE0B84E28248C944686DBB2091C2B6DCE22D70B94460181D2D0DAE46AD8C1A1E151A44A2DB1897E1517C503C64B70D39A13AB5D E Malicious: false Reputation: low Preview: 2x..*w...... ,.....LP....j!.@...... x...... A.k.k.u.r.a.t. .T.T. .L.i.g.h.t.....R.e.g.u.l.a.r...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...0.A.k.k.u.r.a.t. .T.T. .L.i.g.h.t. .R.e.g.u.l.a.r.....BSGP...... L.R..R..V&....xZg.icyR..&c..4o4F..w....[...... H...."...M.....2u...4...... &...'.]M9..j@ZI.$...5..{.5.....ycW.Ja.x. ..%.4.- 6FrB.....K.,./.M...&kBy..3...V...X..P..L!.W.^..{.0bX.o.^*....6Dm...... c...)...>.1._ .3.N?. U...I.x.z..L.j...e.42.H4.H!/.....Q....2.....d....$....}-D.%..G.n.. K.....s..I...... 3c,^.eA.T >}.N"[email protected] .(.J...... C....nk.2c...B..c...!..*?...... D.3.....3.L..qI.T.mh....U ...]...b.F...SA..iJw0.1...... a.._...m.!cI..su2 .I\&..X....9n>..\..v#{..Z...s<..z..T{# ...... q.X.2....Pd.. xH....Az.1KB).a.t..hR.....Q...Z...i.>..P.O....%.....m..l.r...'....6~....3..Tk. _Q.,..j..).1.U..P)1*.d.L...... A.S....hH..(s'P....*...... D..dLX...... _.w*.,.a...l..S.E.I...c.w...... $.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\location[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 182 Entropy (8bit): 4.685293041881485 Encrypted: false MD5: C4F67A4EFC37372559CD375AA74454A3 SHA1: 2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56 SHA-256: C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE SHA-512: 1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2 481 Malicious: false Reputation: low Preview: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","contin ent":"EU"});
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\login-black[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 26 x 35, 8-bit/color RGBA, non-interlaced Size (bytes): 1383 Entropy (8bit): 6.887666882350577 Encrypted: false MD5: AAA026B3A0639156C7CDA6A6B2D4E0CB SHA1: 864F2979B14959B95D8FA5B74C22432C74F9B167 SHA-256: A22197C488267F8258A7F0D9C7775551741EF4347F0876E52AB3B0F87D89589E SHA-512: 8AFBDB7C5971E672A78804611DBAE6D46C898CA4FD1A8052075338DF7C3DBA125E4DA93BA92326B3D6F685E425101D12F9395A3655C54411D635721FD3AD03EA Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 35 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\login-black[1].png Preview: .PNG...... IHDR...... #...... ?...... tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .1Lb....IDATx.bd ..{y...l ..b...... x/..l. .1!3...$.Hu.1..%?...hY.>s..XR.....2. v.PUe.y..A.}....H.b ...}v.....M5...V.|..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\nr-1167.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 26895 Entropy (8bit): 5.30832063472068 Encrypted: false MD5: 8155781AB74E51EEE2EAD2C1D5902E63 SHA1: 5679A128CE2702F782C9F3F46D16D95C387B52EE SHA-256: F4AE8A2C83E0A851FD331BBF34D7A6F9184B3E31B6F2E681E8377FB8A8EDC10F SHA-512: BDE3D3A037944032E9822E1F538F958A63582B1E6850BCA2B17BF2E8075FADCDAE6056983327D56B98C6B5684CDB3D49DD82CD8046804C2BB7D28E52C22DCB2 4 Malicious: false Reputation: low Preview: !function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find mo dule '"+t+"'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){var o=n[t][1][e];return r(o||e)},s,s.exports)}return e[t].exports}for(var o="function"==typeof __nr_requir e&&__nr_require,i=0;ie.max&&(e.max=n),nC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\social-fb[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 600 Entropy (8bit): 5.158907930018797 Encrypted: false MD5: 5AE9EF1390F6E2AA11123212EB4E8EF3 SHA1: 7CC62EFFEBF74962FD930289F801CEEA86909541 SHA-256: 9549A2429D59FE9BCC0ACE7C76F876F932E793B6AFCE2F6A8B365C3BB10B8D79 SHA-512: 682534CABA6BCFEDDCD1F985DF485E6D542215DC8001805FCF4D0CD54A6BA20CA8B81B32F85460E67B00A55A33E24AEDF6FBE11992DD7A638CF5106A052AFA A7 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\social-instagram[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 988 Entropy (8bit): 5.013448287767325 Encrypted: false MD5: 512A89CC1D487FCE5B4AAD84DABA003A SHA1: 8AC8C15046EAFCD813AD105B3F9FF017D27B83DE SHA-256: 9538DF51047A3F5B1C819D45B2F049714DC439CE7F2B4FB74E67F3E69785F80A SHA-512: 0808AA8A704768D706EBE1BE755165C53FCEFB320FA611296C998384A26D092ABF30906ED294ECB1922D61D47FA0DFB0C4F0E7630EB6B0C8DD940BE393F71578 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 36 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min[1].css File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 29295 Entropy (8bit): 4.976392120020101 Encrypted: false MD5: 375BD65D60FF3C8723FCCC343AFB1B9B SHA1: B06BA18A307BDF4821DDED9EBFFD2489F7B01D6A SHA-256: 4B8FE5C3D0E5EF7A6582185CBF5C535B5D369C8DF1DA98C03ED69833E55F474D SHA-512: 938011C747F4F036D7662907B388C5985D1C3200145303E646437B143A9DAFCAD9F5F7431492BBECCB755916E0A8843C0A2F49A3599BE8FF51BC5EB2C648426A Malicious: false Reputation: low Preview: .wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em;color:#555d66;text-align:center;font-size:13px}.wp-block-audio audio{width:100%;min-width:300px}.block- editor-block-list__layout .reusable-block-edit-panel{align-items:center;background:#f8f9f9;color:#555d66;display:flex;flex-wrap:wrap;font-family:-apple-system,BlinkMa cSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:13px;top:-14px;margin:0 -14px;padding:8px 14px;position:relative;bo rder:1px dashed rgba(145,151,162,.25);border-bottom:none}.block-editor-block-list__layout .block-editor-block-list__layout .reusable-block-edit-panel{margin:0 -14px;paddi ng:8px 14px}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__spinner{margin:0 5px}.block-editor-block-list__layout .reusable-block- edit-panel .reusable-block-edit-panel__info{margin-right:auto}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__label{margin-right:8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\xandr-banner-home-sm-v2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x350, frames 3 Size (bytes): 102332 Entropy (8bit): 7.977130745708066 Encrypted: false MD5: 5CF96B80E2D664DE49F7CA6AA29F9994 SHA1: F107883F90C8FB7E1E901CFFBBA4707977D83ED8 SHA-256: 73ECC97DE01F31BF20E59D5DED61A545B322CBC7F0B944BF6B25E1615A70A74B SHA-512: A70E8D0D5E7F97B23E796D797557EB65E609576524DA68C2A59EAE4D9EDCABFEC1BCF6A775FB86E2F4E5C9D55C9A17CF9C551922D8118FEE4D2307123088FA2 2 Malicious: false Reputation: low Preview: ...... Exif..II*...... Ducky...... d.....+http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\xandr-life-banner-d-v2[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 880 x 750, 8-bit/color RGBA, non-interlaced Size (bytes): 1356589 Entropy (8bit): 7.991786958181959 Encrypted: true MD5: 9FDB3A6AAD1B5DD375239B69BF49C218 SHA1: 1BB2DF3C2FFEA7B32DA013849C6532450D1FD8E2 SHA-256: E6FAEF19F1EB629828E47BB1DA0AF0B0CEF3AE1396DD03C3E9CA301439AA4641 SHA-512: 2CBC1E3CC6783974F145C3840877551FE8BAE0D337EC643573530B23D4CC3B9F9B18A40B17DE86C23881E4A3705BBBC2E5ED6A73046E25BAF09B78EA46E4B25 3 Malicious: false Reputation: low Preview: .PNG...... IHDR...p...... P.. .IDATx.d.K.m.v....{.9.ZU{.s.qb..(t,H.""!!...... :!.:....P.-$"....&..V.!..D.n`.-.....svU...... }....Uk...... S...._...... )z..9M...].s.\...&..x.x.PU...G..x..(.. .5zk.V)..r.U.9.B...... |w_...... ~..Ri.J..:.{z.4..A..;{ix.P:.6.AE...E.SZ..BW...... Z.....uZk...6.)S.\.....J.(..Jo...... D...9y.-..C.j..N.....N..BBj.}....H....i...5.K...... L...<.B..u.Z.}...N.:]:.n."*.:.V...V..m../...,b.Q...6...E..`[..4x..Z.5$...B.?.Z...[.m.v}...... uP.B.....G.I.v..H-P*.`.w....]..#..f.. .Cz....<.;].)....R...sH.....w.."@)..' ...1....?K.t...(.V.Z.+...... p...~..7...... ?..w.....K.&..?_..s.....J.f....o.....N..l?..q.6Z...q>0.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\06X0WIMO.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE
Copyright Joe Security LLC 2020 Page 37 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\06X0WIMO.htm Malicious: false Reputation: low Preview: ....
.. .. .. .. .. .. .. .. .. .. .. ...... .. .. .. .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\10563-Full[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Size (bytes): 270889 Entropy (8bit): 5.394878370223705 Encrypted: false MD5: A149E87C2077BB1E61C48884DCBA5050 SHA1: 5C5B13DEA6BE2BA46E238475183308CFEF2F4450 SHA-256: B5F635963E3F8BB2C03515032602FC12FB677C82EB9430C3884CA04485FCF629 SHA-512: E72B739A4128501DC8F9E3787BE1DC03D68374C3DF31AC0062DC6A84C6E70FE03B599CBAC886F0433123471F421CB61C0D2C2A0B172743647D9D397E21C44738 Malicious: false Reputation: low Preview: ./*!...... Title: Xandr Careers (xandr.att.jobs)..Author: TMP Worldwide - New York..Lead Developer: Deborah Foerst ([email protected] )..Accessibility: Michael "Spell" Spellacy ([email protected] , @spellacy)..Ticket: TCDQ-23314..Creation Date: 2017-09-14....All typography property of AT&T and may not be used without eplicit permission.....Copyright AT&T....****** Change Log ******....Ticket: TCDQ-28382..Developer: Jorge Felico ([email protected] )..Manager: Hannah Johns (han [email protected] )..Creation Date: 2018-03-23..Comments: New class for twitter embeds to be two columns.....Ticket: TCDQ-30676..Developer: Raven Palte (raven.pa [email protected] )..Manager: Pamela Vasquez ([email protected] )..Creation Date: 2018-06-21..Comments: Added .headroom classes for sticky nav enhancemen t..Addendum: DC removed headroom class 6/26 per PSS request. and added slide-up class - which is added..via JS...... Ticket: TCDQ-38470..Developer: Paul Goepfert ([email protected] )..Manager: Ama
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\2e6d347924[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 24 Entropy (8bit): 2.459147917027245 Encrypted: false MD5: BC32ED98D624ACB4008F986349A20D26 SHA1: 2D3DF8C11D2168CE2C27E0937421D11D85016361 SHA-256: 0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300 SHA-512: 71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B 4E Malicious: false Reputation: low Preview: GIF89a...... ,......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\385001538e516effbb0ed5e5794fdd432a522c98[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 38 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\385001538e516effbb0ed5e5794fdd432a522c98[1].jpg File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1186x810, frames 3 Size (bytes): 87114 Entropy (8bit): 7.9847102037476425 Encrypted: false MD5: 0FC808AB423035727C61AFBBB0B99CFF SHA1: 78F2760F575A8EE23EBCE71C02A91236BA6E49B1 SHA-256: 91E6151D3EF58D64AE4CFD70CDAF18325812C8C3F970194A83BF3E9EABF8504A SHA-512: 9D4CD37D696923FE24ECBD2A8216CDDAD990F5B86EA22A881CBBAC44EC0BA26EC41B959C2D8BBDCB181C8835483EAC0D6C2ED3301FD0051ED24472A8AB8D C0D0 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... *...."...... Z.Y...6t..Z.yn8..._y.%..J|.e..f.....q.(.-F.,...fd`..0j5...F...... 4.u.>...Q..u`.pj..s..aA...... T.]...... <.:.J.N....K|6.(...S.<.)f.R..)JQ..F. ff`...j5...... [.M...i..w1...... Q:u.c.v.u....+qy.. J.....n:.8...PBIo:.B.. 6.(#.....Z...-jZ...(... `...... F..`..$7..7Y.t..la&.;.n.(..n.g....Rl$....[.\/M...y.km.....:.$....)3..4.e. ..q+7d.u..q..[.R..fj2.3.f....Fj3.`."B"R...%.fF..J....^N.]...v...... pr...... ,..#Q.%.2....0.Y.L..F.K1.*U...... f...P3Q...(.....G...2.Z.NJ....,_/..0.j.-r...,.Nnk...<...[Y8`..=!.Vd...... 3.kx.\[email protected] ..!.(...D...... vr.,.;w.5.WN.gT`..8...... k.] [...zL.O:..6.I.?....F...S,._..3I....2.^.3Y.D..e.333Q...3.....C.o...i,..\Y....y.f/:..U#L.!.%..#.6..X..wv." ..eH...$3..q....H)`.F$Y5Z.0.2q....7.iQ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\6C2T6OHO.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE Malicious: false Reputation: low Preview: ....
.. .. .. .. .. .. .. .. .. .. .. ...... .. .. .. .. ...... *.t....8.../O..V.l4.8..P.F..)&..;...V.0y_=.. ...q..F...2&f..I;..3..Q/j\...... &.TE..g5...R.>..+.3.U...O&._....._....j.m34c..b..+e...y<.."....s.....l...."..s.i4 .2w.I.$.t..r....m\9&1.....[....^...t...V.....s...... /...kN.333E.T)3%'..&..aby.!..t- ..E....9g'h.'...;.I;.JF=.../O.p.I.(.r..c...].u}.B..8N..3:j.1..N...... x.z....Db. O.PAgH.h...... H4....u...{F.QhC;....4...... ,.".g...... }E.._..;L.W.....t.Y$..%.I....+..e...8[;z...... 5..x".,.nq....:bA..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Appnexus-logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 300 x 90, 8-bit colormap, non-interlaced Size (bytes): 4661 Entropy (8bit): 7.767333891915912 Encrypted: false MD5: 0C7366F75A91AD061F0FB4D970F97C8B SHA1: FF1135DB59787E531219D29284528CD80BF5E2ED SHA-256: B3C5FC5441A1A105B0D1D86AC1E4E4778B6657E4981F0D6FE9C68200DB582668 SHA-512: A1627FAC0FBA6E89459FC8BD4D8EC61BE75BA80B6036E439FD014636E78BF88CEFE745E094038AA2F70FCEAAFBCEF9FAAC761F541159DAC9732795141238DF 4E
Copyright Joe Security LLC 2020 Page 39 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Appnexus-logo[1].png Malicious: false Reputation: low Preview: .PNG...... IHDR...,...Z.....5../...SPLTE...... 5.....otRNS....}H..ex..(.bQ..s...}.Z...6x.30 ....$.;.MnW-..C.^?...S...... iMK.....k9pC9... vg+...aX....0!..i&.,(..+.tA...."IDATx..YWZ1..G..U.....,....".Rq..P..*..Z.2...... p.T=...... D.|wf2.p.....C...k%.R.PF~...^.7E.+2|Z4.X9....e`+J|&.y.,H.eQ.d....f-..()2.!.*s4_.E...=sY.P ..e].Fz.J|91.u.....eQ.Da.h.m,.(.d.....h...,.fU.U....]....l.....d..2...... -Z...[..,Q..*4S[.uY.tx-....,....L.4.o_...b.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\B772W0WL.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Size (bytes): 48783 Entropy (8bit): 4.888490880660874 Encrypted: false MD5: 373FE9931AD9CC0EF7A768437756EAC4 SHA1: C04B2236D1B4427C352E3D4B4AF44CACF874A191 SHA-256: A41BDD785416B01F5EEDF03C8C9D902B6FD08F762474281688AC14F1D13849EF SHA-512: E5C992515EB3A64F189B68F00FB7CF52D4C01E12CA6AFCAB298B0C772D918BD9FD1242D603BBCB36BCB288F033CB85ACF8CB3BD2014058A87E79C98F8CBC2D D7 Malicious: false Reputation: low Preview: ..
. . . . . . . . . . . .. . Xandr .. .. .C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GalanoGrotesque-Light[1].woff2
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format (Version 2), TrueType, length 31796, version 1.0 Size (bytes): 31796 Entropy (8bit): 7.993774250951371 Encrypted: true MD5: 9F2AEB5F7463544C8A9AC0528430AEDE SHA1: 20CEE061D9FEA57AC4EC3FEF6CA9DE10973DC91E SHA-256: EBA7B1CE5EC0B9687CF0A6602D099C74318B8EA6ED8285A609FBFB27AC736757 SHA-512: 63060C196B778F0AFAC4A0AA821E861632F1D5D894EDFECCB71B2053D3FF05D389322BDAFD8F2E526A08C0E711086FF44E42E1F1F8D89398BD4A0E60637A94C C Malicious: false Reputation: low Preview: wOF2...... |4...... g...zv...... z....\...... D..Z....`..T.j...... 6.$..0...... x...[P?q :w..r;..m...Bv..P.j...... m.v;3t..?.....\[email protected] ...... B....>..5..(.2l..S.;....~... .>....r=n.....q.<...>..l. [...a6L.'...... J..|WzY....CIl..5.&.>..".WT.#b.2.[.wfk(...... K.>.....>..7.....Q4..K.o4OD...... !(8t..p`....X=#k..^...u.(..t....?..{."...n...Y.=.5..E.QMQju...... MQ."* .m.*.,`,*X$.b..HI{.6. <..U.*.....U7...$..2.%{P..7..?...F.M.U..|.@.(..5igz..6...... D...... g.w..a...a..S...A>+...... G/_$...... r;..w...... 8. (J...... U...zC.....L...... |.i..G.../i.\3.#. 1....&..^..R.D"Q..j..%s.....N".V...o.....HE....C...H.H..+.w.....3o.w...;.A`[email protected] @....O...?d.`...... s.*.>.r....]..)...tQ..S.'..._...4I.^..Q..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GalanoGrotesque-Medium[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 43909, version 0.0 Size (bytes): 43909 Entropy (8bit): 7.9921611367088925 Encrypted: true MD5: 50E69A5881966F8B292E48E0AF21E9D8 SHA1: 0158FFCCC6EA3D77B061F1AA1339DF3405905BB2 SHA-256: 20A8609BD409413EACA2BD607613BD6DE8BB999637148E5E47639BCB3EB58BD4 SHA-512: 37B7B38C4AEB2D04971C80C00C2C11BFFDEE993CC32EF77716FB895F66A2F2D64D250F5C80324CA51C45F78098406FB8AC17B17F2E37D4600D5520A8348B992C Malicious: false Reputation: low Preview: wOFF...... q...... ,...Y...... GDEF...... ?...D.9.$GPOS...... (.@GSUB...... s....y092OS/2...... N...`j".ccmap...$...I...T...cvt ...... 4...j.z+Xfpgm...... <....vd~xgasp...... glyf...p..zc...... head...... 4...6.q..hhea...p...!...$.>.khmtx...... 0..UTloca...... XS.maxp...... name...$...... !..Y.post...... x..8.prep...L...... F.."...... R...... ".3...... x.c`d``..7.....m.2p3...0\_...J.....e..J ....$...... x.c`f.g...... 5.|.6.8`g@....~...... 3...12(00L..1~`...... k..x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH....rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6. ..q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``[email protected] .../.....x..[HTQ.....hijS..cZj.$..5Jf.(6E7... .B."Q.BI..(...... C...... C.CP.....EAE...=g.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HP1[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe Copyright Joe Security LLC 2020 Page 40 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HP1[1].jpg File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 646x355, frames 3 Size (bytes): 26850 Entropy (8bit): 7.963419331113693 Encrypted: false MD5: E4C35409F3BFCB8C197BA7C0B1846FD0 SHA1: DD2CFE574FD67850101A8027D97A7D15E5BB8390 SHA-256: 0B04E420D133DAC7117E1AE596414DA3848879105631BC77B8447B3D901C215E SHA-512: C0A9A59B1687DB132A79CA6F3525ED1021D820409374D97361E8192171D0A1C75455F6F5EE2CAD2A29E39F932A38E40B32F97C1DA541E777F4D818FDE49B6B9E Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&.&D6006DOB?BO_UU_xrx...... c...."...... )....3....i.l...g([email protected] .`..f..0...t. ....GO..]4...g.n5....`....`.....`.0f`T...... ''_ ....P.4...... 20`..`..`..1P. @..p....>df...... /. ....f....0`..`...ND...... C.R...... 6km$$.`.f`....`. [email protected] ...(.d....D..#3...`..0...... :`[email protected] ...... 0`.:RD...f.0`....`.Y...... 0F...... :[email protected] ...... a6..j0.0.3...`..0..0`...... F`.n...d` ..<...83Q.Ff....0a-..b..-*L..Q7wj ~>....="d.....!...... <....BP..n...... ?,5}kE....ILdAz4.DT..~...... Mn...B\zT...... 2..{=.s.a.....D+.H..'..^.N..a..<..r.]..+.l.fZ.!..LHv...Y0...... V...... V.Yo8.3.n.zN...2.m.L8Q...;.@?....).y. <.0..YpY_....g$%L..Ku.k..)S.m...Q..ih.....tDomains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation star-mini.c10r.facebook.com 31.13.92.36 true false high dart.l.doubleclick.net 172.217.18.6 true false high pagead46.l.doubleclick.net 172.217.22.98 true false high stats.l.doubleclick.net 74.125.133.157 true false high dcs-edge-irl1-876252164.eu-west- 3.248.163.0 true false high 1.elb.amazonaws.com att.inq.com 206.17.25.188 true false high d2ctznuk6ro1vp.cloudfront.net 99.84.89.69 true false high bam.nr-data.net 162.247.242.19 true false 0%, Virustotal, Browse low addevent.com 54.194.175.157 true false high cookie-cdn.cookiepro.com 104.20.184.45 true false 0%, Virustotal, Browse unknown cs977204322.wpc.edgecastcdn.net 152.199.21.2 true false high scontent.xx.fbcdn.net 185.60.216.19 true false high pagead.l.doubleclick.net 216.58.207.34 true false high ib.anycast.adnxs.com 37.252.173.22 true false high fe2.edge.pantheon.io 23.185.0.2 true false high ab13.mktoedge.com 104.16.95.80 true false 0%, Virustotal, Browse unknown geolocation.onetrust.com 104.20.184.68 true false high xandr.att.jobs unknown unknown false high app-ab13.marketo.com unknown unknown false high secure.adnxs.com unknown unknown false high smetrics.att.com unknown unknown false high d.agkn.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high 6100125.fls.doubleclick.net unknown unknown false high www.xandr.jobs unknown unknown false unknown i.xandr.com unknown unknown false 0%, Virustotal, Browse low tbcdn.talentbrew.com unknown unknown false high dpm.demdex.net unknown unknown false high hello.myfonts.net unknown unknown false high www.facebook.com unknown unknown false high www.appnexus.com unknown unknown false high js-agent.newrelic.com unknown unknown false high connect.facebook.net unknown unknown false high ib.adnxs.com unknown unknown false high fls.doubleclick.net unknown unknown false high www.xandr.com unknown unknown false 0%, Virustotal, Browse low www.att.com unknown unknown false high
Contacted URLs
Copyright Joe Security LLC 2020 Page 41 of 64 Name Malicious Antivirus Detection Reputation www.appnexus.com/en/error false high ib.adnxs.com/ false high
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation mydomain.com/node/1 js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.linkedin.com/company/xandr/ YQICUJRK.htm.2.dr false high https://www.xandr.com/favicon-32x32.png B772W0WL.htm.2.dr, ~DFB4033196 false Avira URL Cloud: safe low 01620250.TMP.1.dr, imagestore.dat.2.dr https://www.xandr.com/news/amc-networks-disney-and- B772W0WL.htm.2.dr false Avira URL Cloud: safe low warnermedia-join-xandr-in-powering-the-future-of- https://github.com/hernansartorio/jquery-nice-select js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr search-jobs[1].htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/FULL_v2_0/js/jq uery.fancybox-min.js https://www.youtube.com/watch?v=zqRalM_-sh0&t=1s search-jobs[1].htm.2.dr false high https://www.drupal.org/node/2815083 js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.att.com/scripts/adobe/prod/appnexus.js eComm_Universal_AppNexus[1].js.2.dr false high https://www.xandr.com/wp/wp- B772W0WL.htm.2.dr false Avira URL Cloud: safe low includes/js/jquery/jquery.js?ver=1.12.4-wp https://www.xandr.com/platform/monetize/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://stats.g.doubleclick.net/r/collect? analytics[1].js.2.dr false high t=dc&aip=1&_r=3& https://www.xandr.com/about/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/casestudies/relevance/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/casestudies/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/inqChat.html?IFRAME ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low github.com/kenwheeler/slick js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/app/themes/xandr- B772W0WL.htm.2.dr false Avira URL Cloud: safe low theme/public/js/xandr.min.js?ver=1583723005 https://www.xandr.com/platform/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://api.jquery.com/animate js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/about/our-story/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/app/themes/xandr- B772W0WL.htm.2.dr false Avira URL Cloud: safe low theme/public/img/att-logo.svg ~DFB403319601620250.TMP.1.dr false high https://6100125.fls.doubleclick.net/activityi;src=6100125;type= ecomm0;cat=ecomm01-;ord=1;num=8620222 https://openadstream17.247realmedia.com/oas/~ ~DFB403319601620250.TMP.1.dr false high https://www.xandr.com/media/addressable/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.jobs {67AC28D7-73E7-11EA-AADD-C25F1 false 0%, Virustotal, Browse unknown 35D3C65}.dat.1.dr Avira URL Cloud: safe https://sb.scorecardresearch.com/p? eComm_bConsumerVisitor_DIR[1]. false Avira URL Cloud: safe low c1=2&c2=14617392&cv=2.0&cj=1 js.2.dr YQICUJRK.htm.2.dr, ~DFB4033196 false high https://tbcdn.talentbrew.com/company/25348/img/favicon/favic 01620250.TMP.1.dr, imagestore.dat.2.dr on-10563.png https://www.xandr.com//en/error#main-content ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low
https://www.xandr.jobs/search-jobszSearch ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe unknown YQICUJRK.htm.2.dr false high https://www.att.com/legal/terms.attWebsiteTermsOfUse.html? id=tou https://cookie- B772W0WL.htm.2.dr false Avira URL Cloud: safe unknown cdn.cookiepro.com/scripttemplates/otSDKStub.js https://www.youtube.com/user/ShareATT/ YQICUJRK.htm.2.dr false high gtm[1].js.2.dr, marketing.min[1].js.2.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. https://i.xandr.com/2018/09/HPData2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&ixlib=ph https://community-marketplace.com/ B772W0WL.htm.2.dr false Avira URL Cloud: safe unknown https://i.xandr.com/2018/09/MediaDigital2T.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&i https://mths.be/punycode uri[1].js.2.dr false 0%, Virustotal, Browse unknown URL Reputation: safe
Copyright Joe Security LLC 2020 Page 42 of 64 Name Source Malicious Antivirus Detection Reputation https://dl.xandr.com/2019/12/Advertising-T-and- B772W0WL.htm.2.dr false Avira URL Cloud: safe low C_2019.11.25.pdf https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high YQICUJRK.htm.2.dr false high https://www.att.com/legal/terms.attWebsiteTermsOfUse.html? id=attip https://www.xandr.com/wp/wp-includes/css/dist/block- B772W0WL.htm.2.dr false Avira URL Cloud: safe low library/style.min.css?ver=5.2.2 www.reddit.com/ msapplication.xml4.1.dr false high https://i.xandr.com/2018/09/HPMedia1Addressable.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346& https://www.xandr.com/contact-us/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://mediaeastv3.inq.com inqChatLaunch10004119[1].js.2.dr false high https://openadstream17.247realmedia.com/oas/z ~DFB403319601620250.TMP.1.dr false high YQICUJRK.htm.2.dr false high https://tbcdn.talentbrew.com/company/117/FULL_v2_0/img/im g-xandr-socialshare.jpg https://www.xandr.com/media/television/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low kenwheeler.github.io js_1nbY82oPF04MMZOTEWnYLaOYl5w false 0%, Virustotal, Browse low Q0so7mAZQ1l0xyt0[1].js.2.dr URL Reputation: safe https://www.appnexus.com/en/error ~DFB403319601620250.TMP.1.dr false high https://i.xandr.com/2018/09/HP2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. YQICUJRK.htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/img/logo/logo- 10563-11712.svg https://www.appnexus.com/en/errorRoot {67AC28D7-73E7-11EA-AADD-C25F1 false high 35D3C65}.dat.1.dr https://www.xandr.com/privacy/cookie-policy/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.appnexus.com/en/error#main-content ~DFB403319601620250.TMP.1.dr false high https://www.xandr.com/news/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/site.webmanifest B772W0WL.htm.2.dr false Avira URL Cloud: safe low tools.ietf.org/html/rfc6570 uri[1].js.2.dr false high https://schema.org B772W0WL.htm.2.dr false high www.whatwg.org/specs/web-apps/current- js_1nbY82oPF04MMZOTEWnYLaOYl5w false high work/multipage/states-of-the-type-attribute.html#valid- Q0so7mAZQ1l0xyt0[1].js.2.dr https://i.xandr.com/2018/09/HPPlatform2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&ixli https://www.xandr.jobs//en/error#main-contentP ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe unknown B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/385001538e516effbb0ed5e5794fd d432a522c98.png?auto=compress&fit=crop& YQICUJRK.htm.2.dr false high https://www.att.com/ecms/dam/att/consumer/global/logos/att_ globe_500x500.jpg https://soundcloud.com/user-634452212 B772W0WL.htm.2.dr false high https://i.xandr.com/2019/01/photo-1537651442520- B772W0WL.htm.2.dr false Avira URL Cloud: safe low 4fc506474507.jpg?auto=compress&fit=crop&fm=p https://www.instagram.com/xandr/ YQICUJRK.htm.2.dr false high https://www.xandr.com/social-responsibility/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/DataLivingLabs1R.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346& https://github.com/sindresorhus/query-string js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/data/#audience-insights B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.glassdoor.com/Overview/Working-at-Xandr- YQICUJRK.htm.2.dr false high EI_IE2303526.11 https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false URL Reputation: safe low https://www.appnexus.com/en/error2Page {67AC28D7-73E7-11EA-AADD-C25F1 false high 35D3C65}.dat.1.dr www.youtube.com/ msapplication.xml7.1.dr false high https://clientfiles.tmpwebeng.com/tmp/tb- search-jobs[1].htm.2.dr false 0%, Virustotal, Browse unknown assets/ajd/jquery-scrolltofixed-min.js Avira URL Cloud: safe https://www.xandr.com/media/digital/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://att.inq.com inqChatLaunch10004119[1].js.2.dr false high https://github.com/js-cookie/js-cookie tb-core[1].js.2.dr false high https://ib.adnxs.com/aboutads?action_id= js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://instagram.com/xandr B772W0WL.htm.2.dr false high https://www.att.com/scripts/adobe/virtual/detm- B772W0WL.htm.2.dr false high container-ftr.js
Copyright Joe Security LLC 2020 Page 43 of 64 Name Source Malicious Antivirus Detection Reputation search-jobs[1].htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/FULL_v2_0/img/ relatedcontent/img-rc-look-inside-retail-20 https://tbcdn.talentbrew.com/bundles/tb-core.js YQICUJRK.htm.2.dr false high https://www.xandr.com/privacy/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low w3.org/TR/2012/WD-url-20120524/#collect-url- js_1nbY82oPF04MMZOTEWnYLaOYl5w false high parameters Q0so7mAZQ1l0xyt0[1].js.2.dr https://console.appnexus.com/loginf ~DFB403319601620250.TMP.1.dr false high B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/7c02a2c907ec8b492714b46788c5 1ff126fa852f.png?auto=compress&fit=crop& https://www.xandr.com/media/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com//en/error#main-contentUser ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low https://www.xandr.com/apple-touch-icon.png B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://github.com/ded/bowser js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.att.jobs/culture/ YQICUJRK.htm.2.dr false high https://www.xandr.com/legal/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low attmonetization.config[1].js.2.dr false high https://www.att.com/scripts/adobe/prod/attmonetization/js/ https://i.xandr.com/2018/09/HP1.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. 0b48931e-9214-4700-96ed-45d0b5 false high https://geolocation.onetrust.com/cookieconsentpub/v1/geo/loc ef5ed0[1].js.2.dr ation
Contacted IPs
No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs
Public
IP Country Flag ASN ASN Name Malicious 74.125.133.157 United States 15169 unknown false 162.247.242.19 United States 23467 unknown false 31.13.92.36 Ireland 32934 unknown false 104.20.184.45 United States 13335 unknown false 104.20.184.68 United States 13335 unknown false 23.185.0.2 United States 54113 unknown false 206.17.25.188 United States 7018 unknown false 54.194.175.157 United States 16509 unknown false 152.199.21.2 United States 15133 unknown false
Copyright Joe Security LLC 2020 Page 44 of 64 IP Country Flag ASN ASN Name Malicious 104.16.95.80 United States 13335 unknown false 216.58.207.34 United States 15169 unknown false 172.217.18.6 United States 15169 unknown false 99.84.89.69 United States 16509 unknown false 185.60.216.19 Ireland 32934 unknown false 185.33.223.218 Netherlands 29990 unknown false 172.217.22.98 United States 15169 unknown false 3.248.163.0 United States 16509 unknown false 37.252.173.22 European Union 29990 unknown false
Static File Info
No static file info
Network Behavior
Network Port Distribution
Total Packets: 87 • 53 (DNS) • 443 (HTTPS) • 80 (HTTP)
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.118169069 CEST 49746 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.118309975 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.141499996 CEST 80 49746 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.141521931 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.142134905 CEST 49746 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.142158031 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.143296957 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.166332006 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.166488886 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.166930914 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.243746996 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.244868040 CEST 49749 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.261126995 CEST 80 49748 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.261429071 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.262192965 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.262274027 CEST 80 49749 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.262537956 CEST 49749 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.279582977 CEST 80 49748 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.279953003 CEST 80 49748 23.185.0.2 192.168.2.5
Copyright Joe Security LLC 2020 Page 45 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.280267000 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.286406040 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.303790092 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.304137945 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.314064026 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.331450939 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334033966 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334059954 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334085941 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334110022 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334278107 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.372472048 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.380688906 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.381109953 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.390172958 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.390855074 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.398339033 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.398582935 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.398818016 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.399147034 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399194956 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399247885 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399272919 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399296045 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399317980 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399339914 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399359941 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399588108 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.408226013 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.408252001 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.415966034 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.415987015 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417032957 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417054892 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417170048 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417356014 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417371035 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.420682907 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.421528101 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.504755020 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.506570101 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.522685051 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.522706032 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.523700953 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.526659012 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526834011 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526863098 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526887894 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526911974 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526936054 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526959896 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526983023 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527007103 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527030945 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527683973 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527812958 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.528644085 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.528789043 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.529791117 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.529937029 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.530092001 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.530631065 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.530761003 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.531610966 CEST 443 49750 23.185.0.2 192.168.2.5
Copyright Joe Security LLC 2020 Page 46 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.531753063 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.532629013 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.532766104 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.533788919 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.533932924 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.534599066 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.536276102 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.541165113 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541284084 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541311026 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541466951 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.543129921 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.553925991 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.555892944 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.558398962 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.561180115 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.561206102 CEST 443 49750 23.185.0.2 192.168.2.5
UDP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:11.596752882 CEST 59949 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:11.631742001 CEST 53 59949 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.081551075 CEST 61115 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.106873035 CEST 53 61115 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.204008102 CEST 57276 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.237638950 CEST 53 57276 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.516000032 CEST 54857 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.525022030 CEST 55750 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.549550056 CEST 53 54857 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.561242104 CEST 53 55750 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.622222900 CEST 50153 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.664716005 CEST 53 50153 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.725137949 CEST 51561 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.771359921 CEST 53 51561 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:15.760123014 CEST 65129 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:15.795283079 CEST 53 65129 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:15.934664965 CEST 52656 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:15.959981918 CEST 53 52656 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:29.497044086 CEST 63177 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:29.530654907 CEST 53 63177 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.265201092 CEST 56380 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.298897028 CEST 53 56380 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.401848078 CEST 62481 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.409461021 CEST 57208 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.418984890 CEST 50600 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.427222013 CEST 53 62481 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.452249050 CEST 53 57208 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.508610010 CEST 53 50600 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.769098043 CEST 63741 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.804402113 CEST 53 63741 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.897793055 CEST 62828 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.923127890 CEST 53 62828 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.050472021 CEST 59454 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.094774008 CEST 53 59454 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.125489950 CEST 61686 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.169137955 CEST 53 61686 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.269726992 CEST 55283 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.323036909 CEST 53 55283 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:37.835978031 CEST 57733 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.842097044 CEST 58376 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.849910975 CEST 62387 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.867463112 CEST 53 58376 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:37.869793892 CEST 53 57733 8.8.8.8 192.168.2.5
Copyright Joe Security LLC 2020 Page 47 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:37.875294924 CEST 53 62387 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.073276997 CEST 64974 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.108366013 CEST 53 64974 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.230519056 CEST 59408 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.271907091 CEST 53 59408 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.325227976 CEST 52145 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.383234978 CEST 53 52145 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.408449888 CEST 50302 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.413273096 CEST 54176 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.442156076 CEST 53 50302 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.446870089 CEST 53 54176 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.920542002 CEST 50000 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.958180904 CEST 53 50000 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.088377953 CEST 61180 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.125282049 CEST 53 61180 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.214246035 CEST 60708 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.441368103 CEST 53 60708 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.612936974 CEST 56131 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.685925007 CEST 53 56131 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.905286074 CEST 59438 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.940862894 CEST 53 59438 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:40.383793116 CEST 53102 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:40.431798935 CEST 53 53102 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:41.710558891 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:41.733462095 CEST 63564 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:41.744235992 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:41.776959896 CEST 53 63564 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:42.714658022 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:42.751928091 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:43.822369099 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:43.847706079 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:45.840655088 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:45.866178036 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:47.070136070 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:47.103641987 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:48.080809116 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:48.106132984 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:49.084228992 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:49.109615088 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:49.861294031 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:49.894895077 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:51.093071938 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:51.118433952 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:55.076518059 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:55.101865053 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:55.144308090 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:55.169801950 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:56.094702959 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:56.120018005 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:57.119791031 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:57.145201921 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:59.142739058 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:59.168097019 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:08:03.175103903 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:08:03.200412989 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:07.253500938 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:07.278914928 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:08.433252096 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:08.458534956 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:09.459152937 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:09.484453917 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:11.460016966 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:11.493691921 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:15.483604908 CEST 59815 53 192.168.2.5 8.8.8.8
Copyright Joe Security LLC 2020 Page 48 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:09:15.508884907 CEST 53 59815 8.8.8.8 192.168.2.5
DNS Queries
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Apr 1, 2020 00:07:13.081551075 CEST 192.168.2.5 8.8.8.8 0x680e Standard query ib.adnxs.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:13.204008102 CEST 192.168.2.5 8.8.8.8 0x42cb Standard query www.appnex A (IP address) IN (0x0001) (0) us.com Apr 1, 2020 00:07:13.516000032 CEST 192.168.2.5 8.8.8.8 0xde41 Standard query app-ab13.m A (IP address) IN (0x0001) (0) arketo.com Apr 1, 2020 00:07:13.525022030 CEST 192.168.2.5 8.8.8.8 0x5154 Standard query addevent.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:15.760123014 CEST 192.168.2.5 8.8.8.8 0x85ab Standard query js-agent.n A (IP address) IN (0x0001) (0) ewrelic.com Apr 1, 2020 00:07:15.934664965 CEST 192.168.2.5 8.8.8.8 0x4885 Standard query bam.nr-data.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:29.497044086 CEST 192.168.2.5 8.8.8.8 0x896b Standard query www.appnex A (IP address) IN (0x0001) (0) us.com Apr 1, 2020 00:07:33.265201092 CEST 192.168.2.5 8.8.8.8 0x64b9 Standard query www.xandr.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.401848078 CEST 192.168.2.5 8.8.8.8 0x80fe Standard query cookie-cdn A (IP address) IN (0x0001) (0) .cookiepro.com Apr 1, 2020 00:07:33.409461021 CEST 192.168.2.5 8.8.8.8 0x5c56 Standard query www.att.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.418984890 CEST 192.168.2.5 8.8.8.8 0xe23b Standard query i.xandr.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.769098043 CEST 192.168.2.5 8.8.8.8 0xf56e Standard query dpm.demdex.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.897793055 CEST 192.168.2.5 8.8.8.8 0x8f87 Standard query geolocatio A (IP address) IN (0x0001) (0) n.onetrust.com Apr 1, 2020 00:07:34.050472021 CEST 192.168.2.5 8.8.8.8 0x5a91 Standard query smetrics.att.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:34.125489950 CEST 192.168.2.5 8.8.8.8 0xb96b Standard query fls.doubleclick.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:37.835978031 CEST 192.168.2.5 8.8.8.8 0xb8da Standard query att.inq.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:37.849910975 CEST 192.168.2.5 8.8.8.8 0xb630 Standard query connect.fa A (IP address) IN (0x0001) (0) cebook.net Apr 1, 2020 00:07:38.073276997 CEST 192.168.2.5 8.8.8.8 0xa638 Standard query www.facebo A (IP address) IN (0x0001) (0) ok.com Apr 1, 2020 00:07:38.230519056 CEST 192.168.2.5 8.8.8.8 0x366f Standard query 6100125.fl A (IP address) IN (0x0001) (0) s.doubleclick.net Apr 1, 2020 00:07:38.408449888 CEST 192.168.2.5 8.8.8.8 0xf099 Standard query secure.adn A (IP address) IN (0x0001) (0) xs.com Apr 1, 2020 00:07:38.920542002 CEST 192.168.2.5 8.8.8.8 0x39fb Standard query d.agkn.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.088377953 CEST 192.168.2.5 8.8.8.8 0x69d4 Standard query xandr.att.jobs A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.214246035 CEST 192.168.2.5 8.8.8.8 0x80bc Standard query www.xandr.jobs A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.612936974 CEST 192.168.2.5 8.8.8.8 0x3d10 Standard query tbcdn.tale A (IP address) IN (0x0001) (0) ntbrew.com Apr 1, 2020 00:07:39.905286074 CEST 192.168.2.5 8.8.8.8 0x79ec Standard query hello.myfonts.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:41.733462095 CEST 192.168.2.5 8.8.8.8 0xbd53 Standard query stats.g.do A (IP address) IN (0x0001) (0) ubleclick.net
DNS Answers
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.adnxs.com g.geogslb.com CNAME IN (0x0001) 00:07:13.106873035 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) g.geogslb.com ib.anycast.adnxs.com CNAME IN (0x0001) 00:07:13.106873035 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.22 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.27 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST
Copyright Joe Security LLC 2020 Page 49 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.36 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.250 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.38 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.38 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.37 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.45 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) www.appnex live- CNAME IN (0x0001) 00:07:13.237638950 us.com appnexus.pantheonsite.io (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) live-appne fe2.edge.pantheon.io CNAME IN (0x0001) 00:07:13.237638950 xus.panthe (Canonical CEST onsite.io name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) fe2.edge.p 23.185.0.2 A (IP address) IN (0x0001) 00:07:13.237638950 antheon.io CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) app-ab13.m ab13.mktoedge.com CNAME IN (0x0001) 00:07:13.549550056 arketo.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.95.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.94.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.93.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.92.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.96.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 54.194.175.157 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 52.19.76.46 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 34.246.31.200 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x85ab No error (0) js-agent.n f4.shared.global.fastly.net CNAME IN (0x0001) 00:07:15.795283079 ewrelic.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.19 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.18 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.20 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.21 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) www.appnex live- CNAME IN (0x0001) 00:07:29.530654907 us.com appnexus.pantheonsite.io (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) live-appne fe2.edge.pantheon.io CNAME IN (0x0001) 00:07:29.530654907 xus.panthe (Canonical CEST onsite.io name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) fe2.edge.p 23.185.0.2 A (IP address) IN (0x0001) 00:07:29.530654907 antheon.io CEST
Copyright Joe Security LLC 2020 Page 50 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x64b9 No error (0) www.xandr.com www.xandr.com.cdn.clou CNAME IN (0x0001) 00:07:33.298897028 dflare.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80fe No error (0) cookie-cdn 104.20.184.45 A (IP address) IN (0x0001) 00:07:33.427222013 .cookiepro.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x80fe No error (0) cookie-cdn 104.20.185.45 A (IP address) IN (0x0001) 00:07:33.427222013 .cookiepro.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5c56 No error (0) www.att.com prod-www.zr- CNAME IN (0x0001) 00:07:33.452249050 att.com.akadns.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xe23b No error (0) i.xandr.com i.xandr.com.cdn.cloudflar CNAME IN (0x0001) 00:07:33.508610010 e.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dpm.demdex.net gslb-2.demdex.net CNAME IN (0x0001) 00:07:33.804402113 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) gslb-2.dem edge-irl1.demdex.net CNAME IN (0x0001) 00:07:33.804402113 dex.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) edge-irl1. dcs-edge-irl1- CNAME IN (0x0001) 00:07:33.804402113 demdex.net 876252164.eu-west- (Canonical CEST 1.elb.amazonaws.com name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 3.248.163.0 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 34.252.123.130 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.49.234.3 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.50.37.223 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.208.194.150 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.209.191.154 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.50.184.22 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.208.212.211 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0x8f87 No error (0) geolocatio 104.20.184.68 A (IP address) IN (0x0001) 00:07:33.923127890 n.onetrust.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x8f87 No error (0) geolocatio 104.20.185.68 A (IP address) IN (0x0001) 00:07:33.923127890 n.onetrust.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5a91 No error (0) smetrics.att.com smetrics.att.com.edgekey CNAME IN (0x0001) 00:07:34.094774008 .net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xb96b No error (0) fls.double dart.l.doubleclick.net CNAME IN (0x0001) 00:07:34.169137955 click.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xb96b No error (0) dart.l.dou 172.217.18.6 A (IP address) IN (0x0001) 00:07:34.169137955 bleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xc5e0 No error (0) pagead.l.d 216.58.207.34 A (IP address) IN (0x0001) 00:07:34.323036909 oubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xb8da No error (0) att.inq.com 206.17.25.188 A (IP address) IN (0x0001) 00:07:37.869793892 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xb630 No error (0) connect.fa scontent.xx.fbcdn.net CNAME IN (0x0001) 00:07:37.875294924 cebook.net (Canonical CEST name) Copyright Joe Security LLC 2020 Page 51 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0xb630 No error (0) scontent.x 185.60.216.19 A (IP address) IN (0x0001) 00:07:37.875294924 x.fbcdn.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xa638 No error (0) www.facebo star- CNAME IN (0x0001) 00:07:38.108366013 ok.com mini.c10r.facebook.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xa638 No error (0) star-mini. 31.13.92.36 A (IP address) IN (0x0001) 00:07:38.108366013 c10r.faceb CEST ook.com Apr 1, 2020 8.8.8.8 192.168.2.5 0x366f No error (0) 6100125.fl dart.l.doubleclick.net CNAME IN (0x0001) 00:07:38.271907091 s.doubleclick.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x366f No error (0) dart.l.dou 172.217.18.6 A (IP address) IN (0x0001) 00:07:38.271907091 bleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) secure.adn g.geogslb.com CNAME IN (0x0001) 00:07:38.442156076 xs.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) g.geogslb.com ib.anycast.adnxs.com CNAME IN (0x0001) 00:07:38.442156076 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.218 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.203 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.206 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.210 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.202 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.216 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.208 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.215 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4729 No error (0) pagead46.l 172.217.22.98 A (IP address) IN (0x0001) 00:07:38.446870089 .doubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d.agkn.com data.agkn.com CNAME IN (0x0001) 00:07:38.958180904 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) data.agkn.com d2ctznuk6ro1vp.cloudfron CNAME IN (0x0001) 00:07:38.958180904 t.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.69 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.76 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.87 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.85 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x69d4 No error (0) xandr.att.jobs xandr-att- CNAME IN (0x0001) 00:07:39.125282049 jobs.talentbrew.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x69d4 No error (0) xandr-att- xandr.att.jobs.edgekey.ne CNAME IN (0x0001) 00:07:39.125282049 jobs.talen t (Canonical CEST tbrew.com name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80bc No error (0) www.xandr.jobs www-xandr- CNAME IN (0x0001) 00:07:39.441368103 jobs.talentbrew.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80bc No error (0) www-xandr- www.xandr.jobs.edgekey. CNAME IN (0x0001) 00:07:39.441368103 jobs.talen net (Canonical CEST tbrew.com name)
Copyright Joe Security LLC 2020 Page 52 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x3d10 No error (0) tbcdn.tale tbcdn.talentbrew.com- CNAME IN (0x0001) 00:07:39.685925007 ntbrew.com v1.edgekey.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) hello.myfonts.net cs977.wpc.4b7e.edgecast CNAME IN (0x0001) 00:07:39.940862894 cdn.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) cs977.wpc. cs977204322.wpc.edgeca CNAME IN (0x0001) 00:07:39.940862894 4b7e.edgec stcdn.net (Canonical CEST astcdn.net name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) cs97720432 152.199.21.2 A (IP address) IN (0x0001) 00:07:39.940862894 2.wpc.edge CEST castcdn.net Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.g.do stats.l.doubleclick.net CNAME IN (0x0001) 00:07:41.776959896 ubleclick.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.157 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.156 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.154 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.155 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST
HTTP Request Dependency Graph
ib.adnxs.com www.appnexus.com
HTTP Packets
Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.5 49747 37.252.173.22 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 1, 2020 1 OUT GET / HTTP/1.1 00:07:13.143296957 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ib.adnxs.com Connection: Keep-Alive Apr 1, 2020 1 IN HTTP/1.1 302 Found 00:07:13.166488886 CEST Server: nginx/1.13.4 Date: Tue, 31 Mar 2020 22:07:15 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Location: http://www.appnexus.com/en/error AN-X-Request-Uuid: 7fb9d93b-da21-4e3d-acf7-2617ee3897a8 X-Proxy-Origin: 84.17.52.22; 84.17.52.22; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.184:80
Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.5 49748 23.185.0.2 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 1, 2020 2 OUT GET /en/error HTTP/1.1 00:07:13.262192965 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: www.appnexus.com
Copyright Joe Security LLC 2020 Page 53 of 64 kBytes Timestamp transferred Direction Data Apr 1, 2020 3 IN HTTP/1.1 301 Moved Permanently 00:07:13.279953003 CEST Content-Type: text/html; charset=UTF-8 Location: https://www.appnexus.com/en/error Server: nginx X-Pantheon-Styx-Hostname: styx-fe2-b-b94bb8456-2mvr7 X-Styx-Req-Id: 86ed7673-72ef-11ea-9be2-56f714405474 Cache-Control: public, max-age=86400 Content-Length: 0 Date: Tue, 31 Mar 2020 22:07:13 GMT Connection: keep-alive X-Served-By: cache-mdw17344-MDW, cache-hhn4060-HHN X-Cache: HIT, HIT X-Cache-Hits: 3, 2 X-Timer: S1585692433.270763,VS0,VE0 Vary: Cookie, Cookie Age: 74066 Accept-Ranges: bytes Via: 1.1 varnish
HTTPS Packets
Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 23.185.0.2 443 192.168.2.5 49750 CN=5677090456207360- CN=Let's Encrypt Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.334110022 fe2.pantheonsite.io CN=Let's Authority X3, O=Let's 23 21 49195-49200- 424db3a98c CEST Encrypt Authority X3, O=Let's Encrypt, C=US 08:31:38 09:31:38 49199-49188- Encrypt, C=US CN=DST Root CA X3, CET CEST 49187-49192- O=Digital Signature 2020 2020 49191-49162- Trust Co. Thu Mar Wed 49161-49172- 17 Mar 17 49171-157-156- 17:40:46 17:40:46 61-60-53-47- CET CET 10,0-10-11-13- 2016 2021 35-16-23-24- 65281,29-23- CN=Let's Encrypt Authority CN=DST Root CA X3, Thu Mar Wed 24,0 X3, O=Let's Encrypt, C=US O=Digital Signature 17 Mar 17 Trust Co. 17:40:46 17:40:46 CET CET 2016 2021 Apr 1, 2020 104.16.95.80 443 192.168.2.5 49753 CN=app-ab13.marketo.com, CN=CloudFlare Inc Wed Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.640922070 O="Cloudflare, Inc.", L=San ECC CA-2, Jan 22 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2020 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020 Apr 1, 2020 104.16.95.80 443 192.168.2.5 49754 CN=app-ab13.marketo.com, CN=CloudFlare Inc Wed Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.642187119 O="Cloudflare, Inc.", L=San ECC CA-2, Jan 22 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2020 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020
Copyright Joe Security LLC 2020 Page 54 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 54.194.175.157 443 192.168.2.5 49751 CN=addevent.com CN=Amazon, Fri Mar Tue Apr 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.672312975 CN=Amazon, OU=Server CA OU=Server CA 1B, 13 13 49195-49200- 424db3a98c CEST 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CET CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Apr 1, 2020 54.194.175.157 443 192.168.2.5 49752 CN=addevent.com CN=Amazon, Fri Mar Tue Apr 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.674535990 CN=Amazon, OU=Server CA OU=Server CA 1B, 13 13 49195-49200- 424db3a98c CEST 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CET CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034
Copyright Joe Security LLC 2020 Page 55 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 162.247.242.19 443 192.168.2.5 49761 CN=*.nr-data.net, O="New CN=DigiCert SHA2 Wed Tue Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:16.219414949 Relic, Inc.", L=San Secure Server CA, Feb 05 08 49195-49200- 424db3a98c CEST Francisco, ST=California, O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- C=US CN=DigiCert SHA2 CN=DigiCert Global CET CET 49187-49192- Secure Server CA, Root CA, 2020 Fri 2022 49191-49162- O=DigiCert Inc, C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 162.247.242.19 443 192.168.2.5 49762 CN=*.nr-data.net, O="New CN=DigiCert SHA2 Wed Tue Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:16.219531059 Relic, Inc.", L=San Secure Server CA, Feb 05 08 49195-49200- 424db3a98c CEST Francisco, ST=California, O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- C=US CN=DigiCert SHA2 CN=DigiCert Global CET CET 49187-49192- Secure Server CA, Root CA, 2020 Fri 2022 49191-49162- O=DigiCert Inc, C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 23.185.0.2 443 192.168.2.5 49763 CN=5677090456207360- CN=Let's Encrypt Mon Mar Sun Jun 771,49196- 37f463bf4616ecd445d4a1 00:07:29.587958097 fe2.pantheonsite.io CN=Let's Authority X3, O=Let's 23 21 49195-49200- 937da06e19 CEST Encrypt Authority X3, O=Let's Encrypt, C=US 08:31:38 09:31:38 49199-49188- Encrypt, C=US CN=DST Root CA X3, CET CEST 49187-49192- O=Digital Signature 2020 2020 49191-49162- Trust Co. Thu Mar Wed 49161-49172- 17 Mar 17 49171-157-156- 17:40:46 17:40:46 61-60-53-47- CET CET 10,0-10-11-13- 2016 2021 35-23-65281,29- 23-24,0 CN=Let's Encrypt Authority CN=DST Root CA X3, Thu Mar Wed X3, O=Let's Encrypt, C=US O=Digital Signature 17 Mar 17 Trust Co. 17:40:46 17:40:46 CET CET 2016 2021 Apr 1, 2020 104.20.184.45 443 192.168.2.5 49766 CN=*.cookiepro.com, CN=DigiCert SHA2 Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.482382059 O=OneTrust LLC, L=Atlanta, Secure Server CA, May 16 May 20 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CEST CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 104.20.184.45 443 192.168.2.5 49767 CN=*.cookiepro.com, CN=DigiCert SHA2 Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.488683939 O=OneTrust LLC, L=Atlanta, Secure Server CA, May 16 May 20 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CEST CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023
Copyright Joe Security LLC 2020 Page 56 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 3.248.163.0 443 192.168.2.5 49776 CN=*.demdex.net, CN=DigiCert SHA2 Tue Jan Fri Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.908262014 OU=Digital Marketing, High Assurance Server 09 12 49195-49200- 424db3a98c CEST O=Adobe Systems CA, 01:00:00 13:00:00 49199-49188- Incorporated, L=San Jose, OU=www.digicert.com, CET CET 49187-49192- ST=California, C=US O=DigiCert Inc, C=US 2018 2021 49191-49162- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 49161-49172- Assurance Server CA, Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 3.248.163.0 443 192.168.2.5 49777 CN=*.demdex.net, CN=DigiCert SHA2 Tue Jan Fri Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.909495115 OU=Digital Marketing, High Assurance Server 09 12 49195-49200- 424db3a98c CEST O=Adobe Systems CA, 01:00:00 13:00:00 49199-49188- Incorporated, L=San Jose, OU=www.digicert.com, CET CET 49187-49192- ST=California, C=US O=DigiCert Inc, C=US 2018 2021 49191-49162- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 49161-49172- Assurance Server CA, Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 104.20.184.68 443 192.168.2.5 49778 CN=*.onetrust.com, CN=DigiCert SHA2 Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.965708971 O=OneTrust LLC, L=Atlanta, Secure Server CA, 12 14 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 01:00:00 02:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CET CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 104.20.184.68 443 192.168.2.5 49779 CN=*.onetrust.com, CN=DigiCert SHA2 Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.966504097 O=OneTrust LLC, L=Atlanta, Secure Server CA, 12 14 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 01:00:00 02:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CET CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49783 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.283333063 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021
Copyright Joe Security LLC 2020 Page 57 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 172.217.18.6 443 192.168.2.5 49782 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.283704042 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 216.58.207.34 443 192.168.2.5 49785 CN=www.googleadservices.c CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.684885025 om, O=Google LLC, O=Google Trust 03 26 49195-49200- 424db3a98c CEST L=Mountain View, Services, C=US 10:45:04 11:45:04 49199-49188- ST=California, C=US CN=GlobalSign, CET CEST 49187-49192- CN=GTS CA 1O1, O=Google O=GlobalSign, 2020 2020 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 216.58.207.34 443 192.168.2.5 49784 CN=www.googleadservices.c CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.711791992 om, O=Google LLC, O=Google Trust 03 26 49195-49200- 424db3a98c CEST L=Mountain View, Services, C=US 10:45:04 11:45:04 49199-49188- ST=California, C=US CN=GlobalSign, CET CEST 49187-49192- CN=GTS CA 1O1, O=Google O=GlobalSign, 2020 2020 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 37.252.173.22 443 192.168.2.5 49788 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.895725012 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 37.252.173.22 443 192.168.2.5 49789 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.899161100 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023
Copyright Joe Security LLC 2020 Page 58 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 185.60.216.19 443 192.168.2.5 49794 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.921183109 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 185.60.216.19 443 192.168.2.5 49795 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.921241999 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 206.17.25.188 443 192.168.2.5 49793 CN=*.inq.com, O="NUANCE CN=GeoTrust RSA CA Wed Oct Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.129968882 COMMUNICATIONS, INC.", 2018, 30 Dec 08 49195-49200- 424db3a98c CEST L=BURLINGTON, OU=www.digicert.com, 01:00:00 13:00:00 49199-49188- ST=Massachusetts, C=US O=DigiCert Inc, C=US CET CET 49187-49192- CN=GeoTrust RSA CA 2018, CN=DigiCert Global 2019 2021 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- CN=DigiCert Global Root CA, O=DigiCert Inc, C=US 13:23:45 13:23:45 61-60-53-47- OU=www.digicert.com, CN=DigiCert Global CET CET 10,0-10-11-13- O=DigiCert Inc, C=US Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=GeoTrust RSA CA 2018, CN=DigiCert Global Mon Sat Nov OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:45 13:23:45 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 Apr 1, 2020 206.17.25.188 443 192.168.2.5 49792 CN=*.inq.com, O="NUANCE CN=GeoTrust RSA CA Wed Oct Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.134243965 COMMUNICATIONS, INC.", 2018, 30 Dec 08 49195-49200- 424db3a98c CEST L=BURLINGTON, OU=www.digicert.com, 01:00:00 13:00:00 49199-49188- ST=Massachusetts, C=US O=DigiCert Inc, C=US CET CET 49187-49192- CN=GeoTrust RSA CA 2018, CN=DigiCert Global 2019 2021 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- CN=DigiCert Global Root CA, O=DigiCert Inc, C=US 13:23:45 13:23:45 61-60-53-47- OU=www.digicert.com, CN=DigiCert Global CET CET 10,0-10-11-13- O=DigiCert Inc, C=US Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=GeoTrust RSA CA 2018, CN=DigiCert Global Mon Sat Nov OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:45 13:23:45 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031
Copyright Joe Security LLC 2020 Page 59 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 31.13.92.36 443 192.168.2.5 49796 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.163314104 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 31.13.92.36 443 192.168.2.5 49797 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.166361094 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49798 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.339567900 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49799 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.340306997 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 185.33.223.218 443 192.168.2.5 49801 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.510234118 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023
Copyright Joe Security LLC 2020 Page 60 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 185.33.223.218 443 192.168.2.5 49802 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.510869980 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 172.217.22.98 443 192.168.2.5 49804 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.512744904 LLC, L=Mountain View, O=Google Trust 03 26 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:45:25 11:45:25 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 172.217.22.98 443 192.168.2.5 49803 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.512919903 LLC, L=Mountain View, O=Google Trust 03 26 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:45:25 11:45:25 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 99.84.89.69 443 192.168.2.5 49806 CN=*.agkn.com CN=RapidSSL RSA CA Thu Jun Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:39.019800901 CN=RapidSSL RSA CA 2018, 21 Sep 16 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, OU=www.digicert.com, 02:00:00 14:00:00 49199-49188- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert Global Root CA, CN=DigiCert Global 2018 2020 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CN=DigiCert Global CET CET 10,0-10-11-13- Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031
Copyright Joe Security LLC 2020 Page 61 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 99.84.89.69 443 192.168.2.5 49805 CN=*.agkn.com CN=RapidSSL RSA CA Thu Jun Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:39.020437002 CN=RapidSSL RSA CA 2018, 21 Sep 16 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, OU=www.digicert.com, 02:00:00 14:00:00 49199-49188- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert Global Root CA, CN=DigiCert Global 2018 2020 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CN=DigiCert Global CET CET 10,0-10-11-13- Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 Apr 1, 2020 152.199.21.2 443 192.168.2.5 49817 CN=hello.myfonts.net, CN=DigiCert SHA2 Mon Jun Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:40.172338009 OU=SecOps, O=MyFonts Secure Server CA, 03 07 49195-49200- 424db3a98c CEST Inc, L=Woburn, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Massachusetts, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2019 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 152.199.21.2 443 192.168.2.5 49818 CN=hello.myfonts.net, CN=DigiCert SHA2 Mon Jun Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:40.214620113 OU=SecOps, O=MyFonts Secure Server CA, 03 07 49195-49200- 424db3a98c CEST Inc, L=Woburn, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Massachusetts, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2019 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 74.125.133.157 443 192.168.2.5 49821 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:41.888290882 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:30 11:37:30 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 74.125.133.157 443 192.168.2.5 49822 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:41.888767958 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:30 11:37:30 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- 24,0
Copyright Joe Security LLC 2020 Page 62 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021
Code Manipulations
Statistics
Behavior
• iexplore.exe • iexplore.exe
Click to jump to process
System Behavior
Analysis Process: iexplore.exe PID: 4776 Parent PID: 696
General
Start time: 00:07:10 Start date: 01/04/2020 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff7091b0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: false Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Copyright Joe Security LLC 2020 Page 63 of 64 Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Analysis Process: iexplore.exe PID: 2872 Parent PID: 4776
General
Start time: 00:07:11 Start date: 01/04/2020 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4776 CREDAT:17410 /prefetch:2 Imagebase: 0x1060000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has administrator privileges: false Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Disassembly
Copyright Joe Security LLC 2020 Page 64 of 64