automated malware analysis report for eula.rtf - generated
Post on 29-Nov-2021
7 Views
Preview:
TRANSCRIPT
ID: 138843Sample Name: eula.rtfCookbook:defaultwindowsofficecookbook.jbsTime: 14:22:34Date: 05/06/2019Version: 26.0.0 Aquamarine
244466677888888
89999999
10101010101010101011131314141415154242424545454546464646464850515252
Table of Contents
Table of ContentsAnalysis Report eula.rtf
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview
Software Vulnerabilities:Networking:System Summary:Persistence and Installation Behavior:Hooking and other Techniques for Hiding and Protection:
Behavior GraphSimulations
Behavior and APIsAntivirus and Machine Learning Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsURLs from Memory and BinariesContacted IPsPublic
Static File InfoGeneralFile IconStatic RTF Info
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsCopyright Joe Security LLC 2019 Page 2 of 58
525253535353535353
54545455
57575757
58585858
58
StatisticsBehavior
System BehaviorAnalysis Process: WINWORD.EXE PID: 3184 Parent PID: 692
GeneralFile Activities
File CreatedFile DeletedFile Read
Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified
Analysis Process: iexplore.exe PID: 3772 Parent PID: 692GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2019 Page 3 of 58
Analysis Report eula.rtf
Overview
General Information
Joe Sandbox Version: 26.0.0 Aquamarine
Analysis ID: 138843
Start date: 05.06.2019
Start time: 14:22:34
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 7m 40s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: eula.rtf
Cookbook file name: defaultwindowsofficecookbook.jbs
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 12
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean3.winRTF@4/260@24/3
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .rtfFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMBrowse link: http://www.microsoft.com/exportingScroll downClose ViewerBrowsing link: https://www.microsoft.com/Browsing link: https://www.microsoft.com/en-us/exportingBrowsing link: https://www.microsoft.com/en-us/exporting/overview.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/exporting-information.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/massmarket.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/ccats.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/faq.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/contact.aspxBrowsing link: https://products.office.com/en-us/homeBrowsing link: https://www.microsoft.com/en-us/windows/Browsing link: https://www.microsoft.com/en-us/surface
Copyright Joe Security LLC 2019 Page 4 of 58
Warnings:Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, dllhost.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 13.107.3.128, 13.107.5.88, 52.114.128.8, 104.121.171.150, 23.54.112.217, 23.10.249.49, 23.10.249.8, 152.199.19.160, 92.122.35.76, 23.10.249.27, 23.10.249.48, 157.55.134.142, 157.55.135.130, 157.55.135.134, 65.55.44.109, 40.126.9.67, 20.190.137.97, 40.126.9.5, 40.126.9.65, 40.126.9.7, 152.199.19.161, 104.123.135.167, 23.54.112.134, 2.21.52.21, 23.54.112.23, 23.54.112.229, 95.100.56.216, 92.123.45.66, 40.77.226.250, 23.10.249.42, 23.10.249.40, 172.217.168.14, 172.217.168.46, 172.217.168.78, 216.58.215.238Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, cn-assets.adobedtm.com.edgekey.net, vs.login.msa.akadns6.net, uhf.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, ytstatic.l.google.com, query.prod.cms.rt.microsoft.com.edgekey.net, login.live.com, c.microsoft.com, e11070.b.akamaiedge.net, pipe.prd.skypedata.akadns.net, e10583.dspg.akamaiedge.net, cdn2.pricespider.com.edgekey.net, afdo-tas-offload.trafficmanager.net, uhf.microsoft.com, e7808.g.akamaiedge.net, s-0001.s-msedge.net, lgincdnvzeuno.ec.azureedge.net, e8252.a.akamaiedge.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, bn2.vortex.data.microsoft.com.akadns.net, youtube-ui.l.google.com, e55.dspb.akamaiedge.net, lgincdn.trafficmanager.net, cdn.account.microsoft.com.akadns.net, c.s-microsoft.com-c.edgekey.net, e11095.dspg.akamaiedge.net, products.office.com.edgekey.net, login.msa.akadns6.net, cs9.wpc.v0cdn.net, cn-assets.adobedtm.com.edgekey.net.globalredir.akadns.net, client-office365-tas.msedge.net, a1985.g2.akamai.net, www.prd.aa.aadg.akadns.net, mobile.pipe.aria.microsoft.com, e-0009.e-msedge.net, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, prd.col.aria.mobile.skypedata.akadns.net, go.microsoft.com, mscomajax.vo.msecnd.net, config.edge.skype.com, poc.cms.ms.akadns.net, pipe.cloudapp.aria.akadns.net, 160c1.wpc.azureedge.net, e1693.dscb.akamaiedge.net, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, mem.gfx.ms.edgekey.net, geo.vortex.data.microsoft.com.akadns.net, www.prdtm.aadg.akadns.net, web.vortex.data.microsoft.com, lgincdnvzeuno.azureedge.net, c.s-microsoft.com, pipe.skype.com, go.microsoft.com.edgekey.net, a1512.dscg2.akamai.net, web.vortex.data.microsoft.com.akadns.net, e13678.dscg.akamaiedge.net, az725175.vo.msecnd.net, www.microsoft.com, e13678.dspb.akamaiedge.net, query.prod.cms.rt.microsoft.com, pstrack1.trafficmanager.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryAttributesFile calls found.
Show All
Copyright Joe Security LLC 2019 Page 5 of 58
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 3 0 - 100 true
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Classification
Copyright Joe Security LLC 2019 Page 6 of 58
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Command andControl
Valid Accounts Exploitation forClientExecution 4
WinlogonHelper DLL
Port Monitors File SystemLogical Offsets
CredentialDumping
File andDirectoryDiscovery 1
ApplicationDeploymentSoftware
Data from LocalSystem
DataEncrypted 1
StandardCryptographicProtocol 2
ReplicationThroughRemovableMedia
ServiceExecution
Port Monitors AccessibilityFeatures
Binary Padding NetworkSniffing
SystemInformationDiscovery 1
Remote Services Data fromRemovableMedia
Exfiltration OverOther NetworkMedium
Standard Non-Application LayerProtocol 2
Drive-byCompromise
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit InputCapture
Query Registry WindowsRemoteManagement
Data fromNetwork SharedDrive
AutomatedExfiltration
StandardApplication LayerProtocol 2
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2019 Page 7 of 58
Signature Overview
• Software Vulnerabilities
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Software Vulnerabilities:
Allocates a big amount of memory (probably used for heap spraying)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Networking:
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Checks if Microsoft Office is installed
Uses new MSVCR Dlls
Persistence and Installation Behavior:
Creates license or readme file
Hooking and other Techniques for Hiding and Protection:
Disables application error messsages (SetErrorMode)
Behavior GraphCopyright Joe Security LLC 2019 Page 8 of 58
Behavior Graph
ID: 138843
Sample: eula.rtf
Startdate: 05/06/2019
Architecture: WINDOWS
Score: 3
iexplore.exe
7 88
started
WINWORD.EXE
39 50
started
microsoftwindows.112.2o7.net mem.gfx.ms 2 other IPs or domains
iexplore.exe
3 279
started
track4.pricespider.com
13.93.106.254, 443, 49776, 49777
unknown
United States
cs1227.wpc.alphacdn.net
192.229.221.185, 443, 49733, 49734
unknown
United States
19 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
Time Type Description
14:25:16 API Interceptor 3x Sleep call for process: WINWORD.EXE modified
Source Detection Scanner Label Link
eula.rtf 0% virustotal Browse
eula.rtf 0% metadefender Browse
No Antivirus matches
No Antivirus matches
No Antivirus matches
Simulations
Behavior and APIs
Antivirus and Machine Learning Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
Copyright Joe Security LLC 2019 Page 9 of 58
Source Detection Scanner Label Link
usetermassembly/dealbuilder_live/DealBuilderNET/dealbuilder.aspx 0% Avira URL Cloud safe
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1 0% Avira URL Cloud safe
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
Match Associated Sample Name / URL SHA 256 Detection Link Context
192.229.221.185 Skype Business VM.pdf Get hash malicious Browse
https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|bob@australianballet.com.au|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0
Get hash malicious Browse
New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse
Ceisa Semo Proposal.pdf Get hash malicious Browse
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse
https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse
https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Copyright Joe Security LLC 2019 Page 10 of 58
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse
https://943d.app.link/ Get hash malicious Browse
https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp
Get hash malicious Browse
CRY INV#98634.htm Get hash malicious Browse
https://onedrive.live.com/?authkey=%21AASAmH1WjDg4yc8&cid=24A8D43B2F0EB8A2&id=24A8D43B2F0EB8A2%21547&parId=24A8D43B2F0EB8A2%21139&o=OneUp
Get hash malicious Browse
https://user37377377733.z22.web.core.windows.net/index.htm?=en-US&username=kgill@vocera.com
Get hash malicious Browse
https://rxyfngwfcvdwy.z13.web.core.windows.net/index.htmGet hash malicious Browse
https://onedrive.live.com/?authkey=%21AGWIFswGorQUzp0&cid=1B6C6333518D19B8&id=1B6C6333518D19B8%21122030&parId=1B6C6333518D19B8%21121842&o=OneUp
Get hash malicious Browse
https://seolinktop.com/redirect/?email=fred.fastback@ttihq.com
Get hash malicious Browse
https://adtdoor.com/oauth2/data/ff787c4ca2f35e704030e1812d2d06bf/3kmw75o8x8w1st54hoya2p2q.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
Get hash malicious Browse
13.93.106.254 dn.bytefence.com/rtop_setup.exe Get hash malicious Browse
52.239.151.138 https://via.intralinks.com Get hash malicious Browse
#Ud83d#Udd0a_vm Fri May 31, 2019 at 0902__AM.wav.html Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
microsoftwindows.112.2o7.net alamin.co/cpseses8294783.html Get hash malicious Browse 66.117.29.228
isaacharvey.xyz/COI/one/next.php Get hash malicious Browse 66.117.29.228
https://exclusivecars.ma/?a Get hash malicious Browse 66.117.29.228
Invoice for PO# 1021874_02.pdf Get hash malicious Browse 66.117.29.228
June 2018 LE Newsletter - Customer.pdf Get hash malicious Browse 66.117.29.228
normals.ipq.co/kjf78s/office365/page/login.php?cmd=login_submit&id=fbba252ad174914c91de3e5cc57bbf50fbba252ad174914c91de3e5cc57bbf50&session=fbba252ad174914c91de3e5cc57bbf50fbba252ad174914c91de3e5cc57bbf50
Get hash malicious Browse 66.117.29.228
Lori%20Janny[1].pdf Get hash malicious Browse 66.117.29.228
Invoice for PO# 1021874.pdf Get hash malicious Browse 66.117.29.228
hyperurl.co/tb7aal Get hash malicious Browse 172.82.206.20
https://www.petanihebat.com/wp-content/plugins/add-to-any/office/one/index.php
Get hash malicious Browse 66.117.29.228
https://events-handling-svc.cordial.io/c2/226:5bec8c998caf4ebd3e52208d:ot:58b5e62a6e05abd5fe526eca:1/c04e3ea2?jwtH=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9&jwtP=eyJpYXQiOjE1NDIyOTYwMDYsImNkIjoiLmNvcmRpYWwuaW8iLCJjZSI6MjU5MjAwMCwidGsiOiJtc2Z0IiwibXRsSUQiOiI1YmVkNzQyMDIzYjkyOWMzMjY4YjQ1NjciLCJsaW5rVXJsIjoiaHR0cHM6XC9cL3d3dy5taWNyb3NvZnRodXAuY29tXC9odXB1c1wvbG9nb24uYXNweD9jbWQ9ZWh1cF9hY3RpdmF0ZSZzaWQ9ZTJkNzVkNjQ5NTk1NDFmNzk1NGZhYWYzZTI4ZTkwMDEmY3VsdHVyZT1lbi1VUyZjb3VudHJ5X2lkPVVTJnNvdXJjZT1ta3RlbWFpbCJ9&jwtS=WRxmI2JiCko6FEZrs2zIAonA-U9P4_7xU0kVW1y_pDI
Get hash malicious Browse 66.117.29.228
PO-KM19-141701.doc Get hash malicious Browse 66.117.29.228
Document1.doc Get hash malicious Browse 66.117.29.228
lnvoice and Contract Agreement-2 10.49.36 AM5.00.35 AM (1).pdf
Get hash malicious Browse 66.117.29.228
Domains
Copyright Joe Security LLC 2019 Page 11 of 58
https://u9748100.ct.sendgrid.net/wf/click?upn=Dl5IZUZzLck2kDpfEgueoVFccFB5YZJ-2B-2FZY7xK8WjaKpjP6raSE2SvTs2s9rhcpDQKjZ-2BbM7-2BNgFsI4XcAZC8A-3D-3D_o5AVXp8blFgDP4X4xNGd2BB9-2FkNuF3MHGtJV8JcGy90si2g-2BpE2m97Djhpz2R5wyNeeJAKSA1VuhdT1DeYYHfDPlHOzIYXWmSFr37E4-2FNpENoCLGncq0g9LvZQWZjppyrKV-2FvEE3TKRCyZ9BUNuUaZ8xoh3M-2Fxkf2svoJIQpRaxIs2O3cCYbFqT8PRjteRasAojMo8-2FLiPHlVyuRKMrtCbdNJWyzJYWjsSBT9vgythU-3D
Get hash malicious Browse 66.117.29.228
x.co/6nli6 Get hash malicious Browse 66.117.29.228
go2l.ink/1uZa Get hash malicious Browse 66.117.29.228
Invoice for PO# 1021874_02.pdf Get hash malicious Browse 66.117.29.228
x.co/6nkwK Get hash malicious Browse 66.117.29.228
swift7737.doc Get hash malicious Browse 66.117.29.228
cs1227.wpc.alphacdn.net Skype Business VM.pdf Get hash malicious Browse 192.229.221.185
https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|bob@australianballet.com.au|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0
Get hash malicious Browse 192.229.221.185
New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse 192.229.221.185
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse 192.229.221.185
Ceisa Semo Proposal.pdf Get hash malicious Browse 192.229.221.185
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse 192.229.221.185
https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse 192.229.221.185
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse 192.229.221.185
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse 192.229.221.185
https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse 192.229.221.185
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse 192.229.221.185
https://943d.app.link/ Get hash malicious Browse 192.229.221.185
https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp
Get hash malicious Browse 192.229.221.185
CRY INV#98634.htm Get hash malicious Browse 192.229.221.185
https://onedrive.live.com/?authkey=%21AASAmH1WjDg4yc8&cid=24A8D43B2F0EB8A2&id=24A8D43B2F0EB8A2%21547&parId=24A8D43B2F0EB8A2%21139&o=OneUp
Get hash malicious Browse 192.229.221.185
https://user37377377733.z22.web.core.windows.net/index.htm?=en-US&username=kgill@vocera.com
Get hash malicious Browse 192.229.221.185
https://rxyfngwfcvdwy.z13.web.core.windows.net/index.htmGet hash malicious Browse 192.229.22
1.185
https://onedrive.live.com/?authkey=%21AGWIFswGorQUzp0&cid=1B6C6333518D19B8&id=1B6C6333518D19B8%21122030&parId=1B6C6333518D19B8%21121842&o=OneUp
Get hash malicious Browse 192.229.221.185
https://seolinktop.com/redirect/?email=fred.fastback@ttihq.com
Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2019 Page 12 of 58
https://adtdoor.com/oauth2/data/ff787c4ca2f35e704030e1812d2d06bf/3kmw75o8x8w1st54hoya2p2q.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1
Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
Match Associated Sample Name / URL SHA 256 Detection Link Context
9e10692f1b7f78228b2d4e424db3a98c DOC1212122211111.pdf Get hash malicious Browse 192.229.221.185
https://cardinalhealth.finance/disribution/ Get hash malicious Browse 192.229.221.185
here.skynnovations.com/availible/ Get hash malicious Browse 192.229.221.185
www.bit.ly/uBbdpe4BxwwuRFnfWgrj?dyu=pascal.martinet@safety-cuttingtools.com&&25.63.34.80&&cc0_34k3=safety-cuttingtools.com&sr=pascal.martinet@safety-cuttingtools.com&NOI8E6JE=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com&&7165&&cc0_34k3=pascal%20martinet&YY0G3FG=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com
Get hash malicious Browse 192.229.221.185
store.zionshope.org Get hash malicious Browse 192.229.221.185
https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 192.229.221.185
Updated SOW.pdf Get hash malicious Browse 192.229.221.185
www.egtenterprise.com Get hash malicious Browse 192.229.221.185
https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au
Get hash malicious Browse 192.229.221.185
ASN
JA3 Fingerprints
Copyright Joe Security LLC 2019 Page 13 of 58
https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au
Get hash malicious Browse 192.229.221.185
www.zionshope.org Get hash malicious Browse 192.229.221.185
Invoicepng (1).pdf Get hash malicious Browse 192.229.221.185
Review.xps Get hash malicious Browse 192.229.221.185
https://lootart.com/qtext/ Get hash malicious Browse 192.229.221.185
meadowss.gq Get hash malicious Browse 192.229.221.185
https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 192.229.221.185
https://orlando.in.net/G5?POP!=jmarker@ckr.com Get hash malicious Browse 192.229.221.185
https://angleshelf.sharepoint.com/:b:/s/ShapiroMasseyLLC/EZ2wTj09HkpIouJm6biidOwBQ1TN1ia5jLFP6D3lYHu1_Q?e=KJ4ytm
Get hash malicious Browse 192.229.221.185
https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 192.229.221.185
https://tryanmcv.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Dropped Files
Screenshots
Copyright Joe Security LLC 2019 Page 14 of 58
System is w10x64
WINWORD.EXE (PID: 3184 cmdline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE' /Automation -Embedding MD5:
EFDE23ECDF60D334C31AF2A041439360)iexplore.exe (PID: 3772 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 1224 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.microsoft[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 135
Entropy (8bit): 4.70441587317972
Encrypted: false
MD5: 93F3B782CE905ADC89E3C829447FFA5C
SHA1: 099AAA88952A4AF1A6DDA2DF1FD8EA47E639D2F1
SHA-256: 3A2AF843EFBCD0885514DA8EB1BA56D1FBA6A6FE514A14B2A11AB93E76FDDCF8
SHA-512: 033C13D37793827A3FBB13D48602B4D202475F8010DE7A15731857EFEF015D6D3A4ADD979B7A44F9CD95E08B464B3AFD7A6D17645693B078BBD3D1D3394D3176
Malicious: false
Startup
Created / dropped Files
Copyright Joe Security LLC 2019 Page 15 of 58
Reputation: low
Preview: <root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="2675531600" htime="30743525" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.microsoft[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FFF1C50-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 33368
Entropy (8bit): 1.8570397486263495
Encrypted: false
MD5: 911698A3C86593C8631790D5C5BFE2A8
SHA1: D4E32016CFCC9683599B4F4F14C17D8B2AB0DBE3
SHA-256: 7DDCDA597BA9F517EA7032E36646D77D521CE309C0054973718A1D14D81D2122
SHA-512: 5DDF9DD451F9043E1CCCF8FAF747354721C5C75BD06144670ED13B1FFEDC57C4371969B95621CAE03AE8F71F12536B4DDA02775BD7C467A196FDCC8B30311B36
Malicious: false
Reputation: low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 325074
Entropy (8bit): 3.1954758803624035
Encrypted: false
MD5: 1047AA0B4180ABB015BA51542755B92A
SHA1: 4A226740B98725A3B5C2D91A4610E11964428486
SHA-256: FF311B66AB84E226F65BC32E9B4563C63E887E0C31059DC4B601404966CD58A4
SHA-512: EF9EE91F26D155C51CE40E49CAF035E8843E055606AC16F052C5F240473E085A0D026CF9683B1DF016A1399D9C2E62855C72001E677FD0FE51E47C517516425B
Malicious: false
Reputation: low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A851318B-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.5648393622864463
Encrypted: false
MD5: 0BC6B2ED8A9482D8D4623AD6BC52ADF4
SHA1: 7604B5B3457397926457579A3B81B296B984EEDF
SHA-256: E87D2DBDCF5CE003362D5BC1CC3E42581B6CD3B8CBBCA7CC51AA94D873081D9C
SHA-512: 5479E6AF11401C37174FC32244C3C4E1B2EEC389C5103704EE9411D72A8AD7A7BFFE5391111BD748827BEDCCAA8160192E3E3653328606C992FDDDC94082094E
Malicious: false
Reputation: low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.100735291788594
Encrypted: false
MD5: 3669339530FA67E9855DABE90673578C
SHA1: A50F884336F0B25AAB80696F938B8B8190590139
SHA-256: 0C379EE27F581B53D83D4E512521BBBDD05FCFDA049DFAF37FF0E09265DAF9E7
SHA-512: 0745BBF73053D468DDFF9CBA24FDD84B769343766460EFB4CBC5E312082E18C5CB5814A513B8C25D285CF3CAAD4C609C08743A75C74222A664A6D8A51D7268C2
Copyright Joe Security LLC 2019 Page 16 of 58
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x579b1723,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x579b1723,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.107229244201319
Encrypted: false
MD5: 1C56A484480CC0706807B9731093F0D5
SHA1: 1E461DEC3F1F10526CACA96B42E5077A8BE5B4DA
SHA-256: DE54F8725D0E31F7ABE70A56D0EF15E37CF718CCC1A39A8B011CF18FC8DCB6E8
SHA-512: 140E9BCB105212736256ABB17D2E215FE058769B28C685A6C24D979FFD0748FDD21D1BAC83633B7B534DF994B6BB5C275347C2E12980593CCFD31D8CDFE528E0
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x578935a5,0x01d51be5</date><accdate>0x578935a5,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x578935a5,0x01d51be5</date><accdate>0x578e0e4c,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.0957840179859115
Encrypted: false
MD5: AD66F1CFC7F006B1550523246AC44486
SHA1: 1E69B64DBFE94008CDB50396271CEBC84CA8D733
SHA-256: 83D55157C7A8A26B80D4F6A47AE8E4598F1B046E95A6AEDEAC8340EAC6FEF07A
SHA-512: EF4E71AB2E4DAD1CC234AC1CC5FF27BB997EB4B20BA330302BF60025E6AEB130623A8E1A68A45401A3F5DF2C5D1EC6F85CB0029827CDF7A54625DB1F5BE0E6C8
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.100641526487655
Encrypted: false
MD5: F7A8D9AC81B6A7A21765773674122773
SHA1: 28F5914511D10E355B0E7BCE5669607CA38DA23D
SHA-256: 643F08557EB4BFB17E14742BABA1E9F453ED0D9DEE63567E56FFDE369B555F35
SHA-512: E3A95BA8D4DDB76DACD1F47617F0C2B4671AD644BD9DE208B3720DC5C9837F9F14BC3B0ABF7775F2A40DF89E4846FC7117B51BFA6596BC0262007ECCC6B7F383
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x579593db,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x579593db,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.107725535749784
Copyright Joe Security LLC 2019 Page 17 of 58
Encrypted: false
MD5: A6906C6F09297AF9756936ECA5F99A2B
SHA1: 7527AA4C611DE628B9AD2C89FAEA34EFCBD93AD2
SHA-256: 2A29FE6E720FF4DCDDD91A19991DF940049AD7DC03BB6E654C0EAC2319BC9CDE
SHA-512: DB8AD13161B6E6F44B6591BC50AF16E00E6CB90AB3C02788F4C4BC7214EC5F4A8B74A4BE3357F453029A0F190AAB546B9B8903367553E44E59A7500DB9741902
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x57a0165b,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.093087965920084
Encrypted: false
MD5: 88494A0F2530E893297CBB43F624966B
SHA1: CB2901CB2D00AF2D799982FEE552FE07223CB808
SHA-256: 25B0481EF57D63F5DCC22D0887E9DA5DF10AB41470151F4E2C61A0D668B7A4D1
SHA-512: 11D76A97828E647F66E87E0C6F65B9194EBACBB0632A124BE02AAF07E768D48D80CC3B1C61846FD0FCD3B2045F9F344B07CCF2F6A9DE3DD2B0C432C60E89FAD0
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.119033855296752
Encrypted: false
MD5: 4FF0B3797E7206576ABD4DA42F6D87C5
SHA1: 94BAD88305A9B4F034900374AF5A3D5A1FE86BAE
SHA-256: E49F3AD7D86ED91D9A030A645D7C1154E975A820407E70C30D91CA3BEA242573
SHA-512: 60E81548B9B0EE17DDD6A2B0283F616D3F45FF2ED6AF1A6274C8F659579D602C560EFA719ACDCAA304697051D02881BED47C7F38A9FFB944A8C4F2F83FA9FDD8
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.071939074208257
Encrypted: false
MD5: 535B637B739C7B9D13AC25AA8C1A43B1
SHA1: 52A7C83E96F29D32944FB468DB9842DC40C6D27C
SHA-256: BA2B33C68784E2663848FEEAF2B0EB5376786F58A3FDF2DD8547F63BC8451C5B
SHA-512: 359578E453E191286111DD7B5BE0FB8CB5A84253C6412980AF20B44B1F1CCC6DB074BDA8A3CA57E3BAFFA56F433A6914ED69463F0B5ECD9528032CB3131038FF
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x579095ee,0x01d51be5</date><accdate>0x579095ee,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x579095ee,0x01d51be5</date><accdate>0x579095ee,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
Copyright Joe Security LLC 2019 Page 18 of 58
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.086086476864212
Encrypted: false
MD5: A2686A832B772E84C2DFBECF12A73000
SHA1: 826F887D4E65287414E814844F139FD972BA2C37
SHA-256: 71D36CA99D01097FA10CBE987AC50F285E72D513F0D061E1466F710ADB04516F
SHA-512: 2B636AEC7C7C5937D06E41BA02CD874F0599DB57072B0DCA36F7786E32E17D50724664EBAC6D5FEAD0E356BFE5286FC7ABB22AE6CC6EE8030BCB25EF39CDE3A6
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x57931e65,0x01d51be5</date><accdate>0x57931e65,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x57931e65,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 35788
Entropy (8bit): 3.0353060764090576
Encrypted: false
MD5: 8B456063CC860B9C49F37AB64AA6C68A
SHA1: 5E264982E55A38654E973901F2FF48B6EB527D8B
SHA-256: A678DBBB1B024C22B8B532755341E3E56D93B91DECDE698457CE4BE2A2B8D3D9
SHA-512: 0CFDE175A85F5DF80E828B863B01AD7937FF4FA1DCD0F61CD25A935CF0B17315F0D1BC254B88F408C1B2F171D79EF033A2AF5685F26234D8734A304F0869BB6E
Malicious: false
Reputation: low
Preview: %.h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.f.a.v.i.c.o.n...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-walProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: SQLite Write-Ahead Log, version 3007000
Size (bytes): 4152
Entropy (8bit): 1.1776981398409248
Encrypted: false
MD5: 4BF3C1BAFD6A70E6BE64E4D2EA74436C
SHA1: 37EE16DAD09A16FF909968A8A640BF9FB32D26CE
SHA-256: 74016F254BFD6B1B6C2DE6E07AF1C17D2E2E12DCE8B4C6AACBE9DAD1E40E8A95
SHA-512: C1A4B00FEB623F2FF4D928FBF2ED5D3EE58D81141CA5B80AD2E74B82F300C61ADFD99641DD8FE43A96989CAC2DABD2B0A0A584115608E3087D86A0716FAE411C
Malicious: false
Reputation: low
Preview: 7....-............*_-$/B4....(............*_-$/B.p8..cp1SQLite format 3......@ ..................................................................................d....d.g..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.sessionProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: SQLite 3.x database, last written using SQLite version 3019003
Size (bytes): 12288
Entropy (8bit): 0.9293919750949183
Encrypted: false
MD5: 804F578DA99BA14B6E2BC0B55D608B5A
SHA1: 396C9C8507F8B6E96784F8025737008EDD17A007
SHA-256: 571434B7C55334D1911F8F3653760F24E61EBB527BD1F5F80AFBD495A5DE1046
SHA-512: DFD3D600C499C5DAA77B922E20AE4C2A556E6E71197B0C1DA093376F6D81459F1BB0AD36D6B834B3153E5C8CDDB4F5B5054E0B402B44DDE118B430FF81429043
Malicious: false
Reputation: high, very likely benign file
Copyright Joe Security LLC 2019 Page 19 of 58
Preview: SQLite format 3......@ ..................................................................................d....d.g......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session-journalProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: data
Size (bytes): 13360
Entropy (8bit): 0.9081777503395082
Encrypted: false
MD5: 0F74DF9FC80C71945A5E46C76D8918EE
SHA1: 62F43E50701F207D5F09670EBFE6B29EE2DF4F93
SHA-256: 3C748DD3A09B338B0E589F48830A48A49638AB038BFD285D59168A4F321EDC7F
SHA-512: 0709EB41CC6788C898ED24660C6016399296D8A8090AABD20232C43486C0F2910F780921C90F051A1FD25F8D0DCFDF23F0CD044270FD128B232CABB127218B89
Malicious: false
Reputation: low
Preview: ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..................................................................................d....d.g..................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{064698D9-EB56-4E21-AE1B-3CAA0529CF6A}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: data
Size (bytes): 1024
Entropy (8bit): 0.05390218305374581
Encrypted: false
MD5: 5D4D94EE7E06BBB0AF9584119797B23A
SHA1: DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256: 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512: 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious: false
Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0A7F7147-4827-4ECC-806D-F76BF8CFA213}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: data
Size (bytes): 1536
Entropy (8bit): 1.6328672162113287
Encrypted: false
MD5: 1EA507D0487291F497063157B17B28FD
SHA1: CC7930AD38FA549EFDCEC0E299AFE80804B9A6A6
SHA-256: B7B9F72846C2022A5AD7EC950016C4BBA01F4094A38AAB5F4F0CDC75D013AE76
SHA-512: 4584E28C91C7B21E7503B94A15B9C5C339D184AC4473B41BEE858BDC240D4F217DF119613AD8B3295D250AAD01A84438EEE4C91A62C51F10EAFCF4EB5ACF6A46
Malicious: false
Preview: ..1.2...1.2...1...1...1.2...1.2...1.2...1.2...(...(...(...(...(...G.u.c.c.i...G............................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...(.......2...6...:...>...B...N...R.......................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type: data
Size (bytes): 52244
Entropy (8bit): 3.8739875038469673
Encrypted: false
MD5: B56CE37C6EE81A084A6C20A4A2A48822
SHA1: CF684A701AB4C8B2E6682B45222DE80B00DF9A3D
SHA-256: B11D68ECCE4CC3810CF2D91C5816BCCD960DBB0548506C72F489269DEA710F71
SHA-512: 41930FE8CFC5EA2BACDC872421321B2C4C65593641A1FC23237F6C5D1BBE0A9411B18275A001598ADC84FF3C56FBBE102DD6EDE1464E2E1FB80BC4030D819992
Malicious: false
Copyright Joe Security LLC 2019 Page 20 of 58
Preview: M.I.C.R.O.S.O.F.T. .[.P.R.E.-.R.E.L.E.A.S.E. .].[.E.V.A.L.U.A.T.I.O.N. .].S.O.F.T.W.A.R.E. .L.I.C.E.N.S.E. .T.E.R.M.S.0.0.0.0.0.0.0.0.d.b._.b.u.i.l.d._.v.e.r.s.i.o.n.2...6.d.b._.c.h.a.r.g.e.r._.d.o.c.u.m.e.n.t._.r.e.f.e.r.e.n.c.e.8.9.7.9.d.b._.c.h.a.r.g.e.r._.c.l.i.e.n.t._.n.a.m.e.t.b.c.d.b._.c.h.a.r.g.e.r._.m.a.t.t.e.r._.n.u.m.b.e.r.t.b.c.a.u.t.o.s.a.v.e.f.a.l.s.e.o.w.n.e.r.R.E.D.M.O.N.D.\.j.e.s.s.c.o.d.b._.m.a.s.t.e.r._.r.e.f.e.r.e.n.c.e.U.S.E.T.E.R.M.S._.O.T.H.E.R.S.U.P.E.R._.E.N.G.L.I.S.H.d.b._.m.a.s.t.e.r._.v.e.r.s.i.o.n.2.0.0.6.0.3.2.9.d.b._.m.a.s.t.e.r._.c.l.o.c.k.4.8.9.d.b._.m.a.s.t.e.r._.n.a.m.e.L.i.s.t. .o.f. .B.e.t.a.,. .E.v.a.l.u.a.t.i.o.n. .o.r. .S.t.a.n.d.a.l.o.n.e. .S.o.f.t.w.a.r.e. .L.i.c.e.n.s.e. .T.e.r.m.s. .L.a.n.g.u.a.g.e.s.d.b._.m.a.s.t.e.r._.d.e.s.c.r.i.p.t.i.o.n...d.b._.o.u.t.p.u.t._.f.i.l.t.e.r._.r.e.f.e.r.e.n.c.e.d.b._.b.a.s.e._.u.r.l.................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1399_Panel7_Mosaic4_Budget_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x400, frames 3
Size (bytes): 2032
Entropy (8bit): 1.084618340227828
Encrypted: false
MD5: 34C2ED5605DA4B29F5884DA176F78963
SHA1: 99BF9F0ACC72D646E3CE65899A84EFF18C9D392C
SHA-256: 57A334A4E1B8CC0BA35038432424F0EA3EF4ACB2AE4653D184127279F0C8E3EE
SHA-512: DB59CBD9E4DBD1EFCE3E21F405A29134BFEC8C15A9CA4C99CCE5B07863ECC62862F60484BD9B36770CEB520F658F4B9512178749028D2335223241F35E9F4D01
Malicious: false
Preview: ......JFIF..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1399_Panel7_Mosaic4_Budget_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x400, frames 3
Size (bytes): 13459
Entropy (8bit): 7.909540353881409
Encrypted: false
MD5: 313F53DE1654C42422F6069917530EA4
SHA1: 654F753375C28AD4528978CC18538302675E0CC3
SHA-256: C2A1A970063632C65FE1CCFF75DB16F5D997F838A1230224B515E692BFE69E1B
SHA-512: D0DF1C8D4E58F09E6358176C9DA0E2005208EF3BBBE6A3CD68DC9F4484292DA855193EF606C501E8B1AEA0641C94C78EF9D5A2D36168457F71DEFEFEC6E733D9
Malicious: false
Preview: ......JFIF........................................................................................................................................................^....................................................d.*fVq1.....y.x.y.g.yg...D$...Q...DDFq.y.y...yg.y..Z......'8."3..<..(..,.,...,IJ....c8..(..,..<..<.....IL..LDg..e9.q.y.Y...x.?.i........#<....<.2.<...(..I)R.DL...FY...FY.x.Q.c....)J...."2.<..3.<..,..8.<...AJ.....g..q.g.y.y.Yg.yg......2.bfg9.3...<.8.<..,..3....R.f&f#8..,..(.8.<....8.2..I..fbbb"3..<..8.<..,..(.<...I%$L.LL.q.y.Y.g.y.X.g..G$...bb"g8.<.s.<..,..<...D..L.s....yNYe.Q.y.Y.9.q..$.)......8.(.,.(.3.,..,.9..I)R.DD.19...Y.S.Y.ye.y...IL...."b#<..<c,....,.....3..$...1..D.g.q.Ye.De.........>.....J.S11...s.g.y.Q.t.../=........*fTDDD.q.y.X._)..2.>..z....)S)D.D.3.y..7....8O...5n.o.m.......b:g.x.u....~.u`..~..%*eL.1.?.|...'aM.......)BJ8?....>.e...1.~...J~. .o..-~....66.`~.$........m.`.lcc.L`..\.t............60c.0a....{.8....8.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\18-d72213[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 128007
Entropy (8bit): 5.225176216325186
Encrypted: false
MD5: 59AD05CBCCE6803FB00314310F20FC45
SHA1: F7A094F6E0E60CD5C5B20D10788AF8A8F71CFEFF
SHA-256: 55AFD02F9CA1FE1B8D3705EF8EBA7C9A8E2F0BA4B8D1AB8853A2A10FAE9E4AC8
SHA-512: 7EDCE6C4078519C8E623B5CC32F47E8033E400673F17BEDBF59A8C6DAB551705E2C33000D158CAB2C7EB164281D6C5980B81FE0F297B38AF05061F086C121D09
Malicious: false
Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel3_GlobalPromo_SP6_platinum_V1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x120, frames 3
Size (bytes): 17481
Entropy (8bit): 7.811317522255113
Encrypted: false
MD5: A38B9B7FAB08B32B98ECB1FF488D247F
SHA1: A78DB6DCFD82248BAEF37B2F54F241C4047AA8A9
SHA-256: 358CB902778D7D6704B869D0A110B31D7D8047B6D355829AAF70934A4CF99B43
Copyright Joe Security LLC 2019 Page 21 of 58
SHA-512: 5BE53045F9CF2187C40A16EA8F5A8DC48979A167D139455BEAC6AA4A144B3E1FDFCD587A6F521BE62F3B3CA772B0586A901BA15A3806B7F54FD84F83EBD736BF
Malicious: false
Preview: ......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BB7079BCF92011E8A02A90944F8E2CAB" xmpMM:InstanceID="xmp.iid:BB7079BBF92011E8A02A90944F8E2CAB" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="B450E593EEF1D7864A307CCBF5665893" stRef:documentID="B450E593EEF1D7864A307CCBF5665893"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................x.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel3_GlobalPromo_SP6_platinum_V1[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel5_carouel_Office[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 998x663, frames 3
Size (bytes): 118077
Entropy (8bit): 7.965027776866983
Encrypted: false
MD5: 5150E94A5F46F2154AA3866DA020DAC3
SHA1: 0BCE96C758A1F6715D6408C8182DE04D49D1EE25
SHA-256: D4FE0AB01008DD9D65E892F5BF9B9514FF92EB3870ADF03D23CCF5E231EF1BFC
SHA-512: E30750D350C7418453795FB170F79C0CF481EFF3C6D107B78E05D45D5585249FF99D3846FEEFB2A6048D8B97EC5A043A7D8A0C591F7824BCB2506964DFF6FF69
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!.1A..Qa".2B.q.R#.....b3.C...r.$.S....cs4D...T%...d&..tE.......................1.!AQ.aq..."2.....BR.b.#.r....3.S.4d............?.....@...(%@...b...P:.($($(...................f........v.....2..=0@...'(.O..p.R.,.&.w..3S3s.qBo...........W+r.Uh..h..D('..PX.A|0I,..H^G.Tq5-Y-..[.!.....LA.....)..>-...w~.........>....~}.w......n16|h.$..}..$q&.....l.U<..^i..k.-.{u`...;.tXXp.NnS.g. .S.n..(.^-.Vu.k...}..[...y........l..L.....3.....'..'..e}...~7.?'.....}.....].R.4I,..E ...n.....O...pr0.'....|G.....dr:.X...../K.....g..1;.v.....j.rG...@=.$../..^.T...W~....''...../.._}...;zA...;.....C..'..){.I.....gu.6.G.~....q....5..../......~.}H.....[.Ac.............\:..I....v...J............+.c.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel5_carouel_Outlook[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 998x663, frames 3
Size (bytes): 106264
Entropy (8bit): 7.958897740921402
Encrypted: false
MD5: 88CD7B802727590C8B1CBF17C0C9C7DC
SHA1: 9D0B037DD2FCD7305E9F422521C2F303775656CE
SHA-256: 742AE16D85F495C63261F5224F4142985653847799498DCAE94EE49A10DA57EC
SHA-512: 905464C02B19EE687895ED48BFA81BDF4920D78C65619E37800D2C85905FE41B0DD6EA3490144084414CDEBC64E1B57D7B0626E00F18C36497D236B27666FA07
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d..............................................................................................................................................................................................................................................!1.AQ"..aq.....2R..Bbr.#S......3C.cs.$T...4D.%&d...t5E6..e'7.......................!1..AQa....q.....".2BR.b..#................?..:...l.}....`.f7{......y..}S...'..b...%.5eY..Y..*I...).3....s..j#.x.0./.}.. n%.v,3....}5.>..O.....?T......k&.......(..G........M...X...g.~.....~.nO.0+..gi..I8C.,o..|~..q.#.._]..c3......|s.......%?:._Uz0..........s...b>.?../...Z9....c....6...]..s...3.....#.mnO.}i..d... ...%J..;|yc..........CY?Po..R}..d<.I.q.3..i..q.?.<.w{..9...i=......".(.}...~.JcE.........#.9~..P.!....*.p).+_....<k0.^D...2Y..U..p,@..B.K..#Z.(..J.u ..e.... ..A9..LW..Tj..HIX...<....EW.r.a........E..n6.Q.s..s.R..:j/..@.A...cUu..v..\...9}A.X..[HG.O.........=..x...O.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 850x425, frames 3
Size (bytes): 2548
Entropy (8bit): 0.901535278192056
Encrypted: false
MD5: 1BA5DC09EDF3AF5333A032BE866D02C0
SHA1: 374276053DC0B9857C5A6E4D4A404299C1653AE1
SHA-256: 4DCF9569D44505F5254E6C2789837471070FA80C4B445937C4CB620CDECD9015
SHA-512: 4DCEA434AE1FD32A3D234C61A1E1049534A6AF9B1A58F8A7508981AABBC1443BC36C641851FEBBDFE6943C3E595817EAADA71D66BDB99FBC0C3287FFF4F62CF7
Malicious: false
Preview: ......JFIF........................................................................................................................................................R.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3
Size (bytes): 16833
Entropy (8bit): 7.914215771445709
Encrypted: false
Copyright Joe Security LLC 2019 Page 22 of 58
MD5: 4B6F27319D38726232417DE950503969
SHA1: 14535685D897316FE4706BF525EC06D966887F1B
SHA-256: BA60967BDB1208C988350357FA68B4086B05919F5BD1732D81539656B516B6F3
SHA-512: 636FB7B6717AE4D492B81A85239BEF2E0C19BBF9F217F7864421A193BF3F7C33570631BBF48017189DED6C8A47112A268A22D2666714D7D43835FAA3CAF86AB9
Malicious: false
Preview: ......JFIF...............................................................................................................................................................................................................)g9..1.g8.'..r.%.bx..9.r.19....0.K+8.s....q<c...).x.%.Ns.....%.R$....g...g...9.R..<.S..K......K".V.q.c...fr...S.'..8..9.x...V.eeag9.1<.x...r......9bS...K.. .Y.r.....1,O...,Fq.'..r.%..x...Z..Iac..q<O..'..s.#)O..%9NS......Ied.s....e..x..9.X..<Ns..9.s.....Ig+9.1.O...<K3..9.r...3...Nx.....Y...q.bx..K..9Jr....r.#.NX?..,..9.s..y.'9.r.'9.s..).x..9......$......s<O3..)....9Nq..,.r.#.K.....Y..g..y.1,Jr...s..).....S.3.d!%......1.....)Nx..)J2.'9.q..)..4..Vs..c9.%.Ns..<Nr..8.S..).s...A$..X.q.c8..9.S..9.r..)K..%..S.....Y..3.c8..9.S..,NS..(.s.(...Q...A$.......s<Ns..9K...).Q..<K.....uWO..I%..g..'......S..).3..8....z\...O.lFL...c...bs..9.r..9.q.q.]...~..Z...U.BYY..q.c...9...q).S.c.o.._U..m....I$...9.g....9.r....]..K..>..]6......YY..q..9.'<N\g..7.tK}.m.n.c....V..K9Y
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Device[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Hello[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3
Size (bytes): 40929
Entropy (8bit): 7.96876739707999
Encrypted: false
MD5: 5431194804F8A8ED6707811D6C4AE574
SHA1: F12DEF8E6893CC92A4C23A8EB21D79C9E86158D7
SHA-256: A3BF19827812BA8D022951E93178E8A318FFAFFB44758032DB1C464A66418183
SHA-512: 459A73529C45CD6CB7018B767D56DD1C41EFC175F1859994ECBB60B34D36550548F515E571F95AC1C79265301260BECB31486C03A254D2C14F0D3194288AC5B0
Malicious: false
Preview: ......JFIF.............................................................................................................................................................................................................\....1.-$..a.....R....-234,Lh....c...D.`e....#d...!xLi...Hc.WY".RE1EXNc.%...X....+B...I.Y...^...^.....!....$.LP..=...5fHd.$hKBKG%.1.g.HP..H..$...z.d.I...$..I0..k.n. +.._....xP..Y./"..`>.........W.\.I#\...4,\..Mw..W.?]?,..R.)_....u~m...K1!..Q.d.Jr.;....@ ..)?8$.c.|...0..[y.>:L......}....*V@...$#..C....>n.,.)HB...H.1.o.?..R....7...-.ll.G....ZN8V....."._g.+.0).@.....>j...Ga.y ...^_...]l h.o>..WB.."$O.sy.......?.$.c...>......t.......P..o..Iv.~..).~z.$..bk......Sf....D. .H..u.W..G./..p. ._..P.......m..~_..ULC.f..[?..W...<..DQ$.eq.QZ.e.k.2.....1X"2.).q...:..S....i..H.d;l.W9V...MN...s...{........6....6.u .cmy.Z.U....uXUj.~.....CY.....D.$.....S.StK.oy}~..E..[..iy\|..O.u........t+.. .e....j..V.>5.....;...#....?..dz/....A.FU.y.d.ZW]US..%U%yX..p.F?..m.l.q...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel9_3up_Photos[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, baseline, precision 8, 485x273, frames 3
Size (bytes): 26609
Entropy (8bit): 7.934082765857674
Encrypted: false
MD5: B6A91D2AC4B9FEA765FB7139FD60D870
SHA1: FD4470F392829CFE06FF323AAC5E2E378DDFEAFF
SHA-256: 63D53790F3F4C25946DEE9506E25C90029BDAF8DCB787BD382C3ABE7E38F4E91
SHA-512: 190C16AEDE4F6A8C444143CF7171A07D1A956C90FF4985DB74EA9AC8AD0C24A2C9D74EC38AB1EC1C52C0A841260E7C90BB1CBB0BD89D748B9FE856B5609558A9
Malicious: false
Preview: .............................................................................................................................................=....Adobe.d.................................................................................................g..............!..1A.."2QSq...RTVar.......#45BCs.............$%&'()*36789:DEFGHIJUWXYZbcdefghijtuvwxyz............................................................................Q1............!Q..1S....2ARaq...."#3br..........$%&'()*456789:BCDEFGHIJTUVWXYZcdefghijstuvwxyz.....................................................................................?.....=Vq~..{.{.x..e...3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel9_3up_Snap[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, baseline, precision 8, 485x273, frames 3
Size (bytes): 45635
Entropy (8bit): 7.957850688880408
Encrypted: false
MD5: AC9BED7803D9CB48DE79FC023F716C10
SHA1: 3470895DD7BFA6BB73005C77B0BF77BA2DA0C89E
SHA-256: 71826360339D8F89FE7704CB419C4D2D7758561F34263C7BF8EA2DFAC8E24318
SHA-512: 463F75CE3A3E4BEDA3BD5FCF580FC219077A000DCA448E8900EC2CCF9CA0E47FA2BC2E43910D529DEF6E1B89DA70ADE4F58D144807BE47AD1D5B41693D5107FA
Malicious: false
Preview: .............................................................................................................................................=....Adobe.d..................................................................................................a.............!1A.."Qa..2q...#BRr......$34CSTU......%(78FVbsu............&')*569:DEGHIJWXYZcdefghijtvwxyz.........................................................................l............!1A.Qa...."23Rq.....5BSbr....#4C............$%&'()*6789:DEFGHIJTUVWXYZcdefghijstuvwxyz.................................................................................?.7....y.:.T..q.)r.!$..7....Sm.B..M$...>R.7#18."I(eK....J\m#2V.M.0..N.Z.c7E.y.g2.....;Qz.&.L..,4.%.r{.hk..u.9."..+...a*..N.J.ILS...].l.....'a.....C.}....?m..........aRz....0].........k.`..#;.P=.I.n..v.Fw.{....q..,..J%..|...$...T.u.F.T.lUIB..vi.U.`..W..4.^q.D.O4...%.E..PJ9A$....q8...@..m...~..x...5..e...!..\......:.}.......mVh.S.NYR...l7,..i.9,mk....c..&.:.m{.D..46..LR
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 66442
Copyright Joe Security LLC 2019 Page 23 of 58
Entropy (8bit): 5.367460973044008
Encrypted: false
MD5: 4961852D115763E46C5B485CC764BAB5
SHA1: D437D676AEB7284E5141F80382E6B11552408728
SHA-256: 4EBB716903FC9B9DABF6A74FF88C4B8CB38FBBB89190175F4DAF7CE29AE6DB08
SHA-512: 7560A45ACA5995C4FD0163271CF678E9B1F7773300A2EF7CD3CF77FE4D3017F967C74133005FF3D9D57F1F31382C01DF54510981B33E9E779FBECA9E7411CE99
Malicious: false
Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){return n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2,INFORMATION:3};awa.behavior={UNDEFINED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE:8,CONTEXTMENU:9,TAB:10,COPY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20,PROCESSCHECKPOINT:21,COMPLETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61,SEARCHINITIATE:62,TEXTBOXINPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFROMCART:86,PURCHASECOMPLETE:87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOINSTALL:93,SIGNIN:100,SIGNOUT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNITY:125,VOTE:140,SURVEYINITIATE:141,SURVEYCOMPLETE:142,REPORTAPPLICATION:143,REPORTREVIEW:144,SURVEYCHECKPOINT:145,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 66556
Entropy (8bit): 5.367791117419677
Encrypted: false
MD5: 67C11847493C9A15E9A3341BDC8E935B
SHA1: 104FDD629C1DF8F4839916F714AF0B0BBA89939B
SHA-256: C20B13598CFC3B29774A3909D1EE5927FF2947A6EBFE7064575D3B1738DD7548
SHA-512: 77E7AFB1A21F6F0A37C66834823EE1C5E0AC1AD67AB5A99F9617357051C36C37360AB6488957DC7B4E0F259E34C8F78C0AB5A30E32AF7A7702E0D1E5F5C392EC
Malicious: false
Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){n.cookiesToCollect=["_mkto_trk"];var t=window._pageBITags.pageTags;return n.ix={a:t.userConsent||!1,g:t.userConsent||!1},n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2,INFORMATION:3};awa.behavior={UNDEFINED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE:8,CONTEXTMENU:9,TAB:10,COPY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20,PROCESSCHECKPOINT:21,COMPLETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61,SEARCHINITIATE:62,TEXTBOXINPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFROMCART:86,PURCHASECOMPLETE:87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOINSTALL:93,SIGNIN:100,SIGNOUT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 163522
Entropy (8bit): 5.050717299586406
Encrypted: false
MD5: 6178D19989D7964964A1CC7BED82F341
SHA1: 8B0DBA5CCCCFAC4ED390F900F85B275A5507215A
SHA-256: 3ABC05CF7FCD206115A9F2871547BE6A8649C34B2EFC0D1F77441147A5A78BC8
SHA-512: 120F92E7C4F785EADC0B000F0035E475977ECAAA4131500E3D2EE3C4CE9D1A368DB3C07D16BEB58DE46AD2F6857503A3445DFE06BEA23F59646424FFA1946F81
Malicious: false
Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\LinkedIn[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 19 x 20, 8-bit/color RGBA, non-interlaced
Size (bytes): 315
Entropy (8bit): 7.022483950744116
Encrypted: false
MD5: 02734A460C03D20B8C4AEA1D9A7B7DCD
SHA1: 0A642B81EB3E0F66D2D4CDC49339C3A60845B427
SHA-256: E495966DD87033EC1E3F55C58062DE559B251AAD1CABF20DD2AF44CD34675CD6
SHA-512: 1E4A8E8812BD061828D52B106AD91A03FB49B55A051DC0D433C731CE3F3A968A3C2BFF63B2FACDC8B220D37169FDB88EDAED6802667C6F0672B8941C05D8B958
Malicious: false
Preview: .PNG........IHDR.............oU.t....sRGB.........gAMA......a.....IDAT8O..=j.A...Y-$.""........ ..Y..x..A...z.....[{O`B"B@..t.......[....L..*.j.........,].*.G..z..`...%^qS..!.w!.P.....gd.......$>1.?ts.......|.6..X.......=....J#.\.....+...w.r.&.Q@.C9.*...a`.j..Y......mw....c^.>.H.E.RG.>*..5....IEND.B`.
Copyright Joe Security LLC 2019 Page 24 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC31570345bb96413b898d9ee318090731-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 8645
Entropy (8bit): 5.281702034488803
Encrypted: false
MD5: 1C147059F5B20EB1BA0A41125FD0F1E6
SHA1: 70340E471B4DEBCB50C55D7367A2305B81604200
SHA-256: A67711B070FCFC486CDC4D1624A2885543FA7B59572F6033D2E7C96D0E85112B
SHA-512: C2301637B1C65B5093CCA70144CD9FB8CFCED1CD80330AAF77A5EC56DCDABFEA409FC53B21D1511F3D7A9E931A37D609B07FE582CFABB7AC78F8F8EB74B0B569
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC31570345bb96413b898d9ee318090731-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC31570345bb96413b898d9ee318090731-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&(window.wdgtagging.jsll.vt=window.wdgtagging.jsll.vt||{},function(t,o,a,c){var e,d;o.checkpointCntnr=function(t,e,n){try{this.cpPercent=t,this.textValue=e,this.parentCntnr=n,this.hasFired=!1,\"start\"===this.textValue?this.behaviorVal=\"VIDEOSTART\":\"finish\"===this.textValue?this.behaviorVal=\"VIDEOCOMPLETE\":this.behaviorVal=\"VIDEOCHECKPOINT\"}catch(i){a.debugLog(\"Error in the vt.checkpointCntnr function. Inside video tracking script. Error: \"+i)}},o.checkpointCntnr.prototype.fireEvent=function(){try{if(this.hasFi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC6093e61065034898a18b3abc92c03214-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 6457
Entropy (8bit): 5.377021157550868
Encrypted: false
MD5: B56CF5A5EF2E87296D580C8A794C498A
SHA1: 2932D980FA1EAF52466411F7E8BC61573639A633
SHA-256: 35994410F65280AFD34D519183E9EF9A8BDCFCC6D26ECD73464B35368A155E2B
SHA-512: 38F0FF5E39C88BAC6E07A7EDBBE8EAC706613D0376D66FA19233BB00BE21E918F518537125501EA12C3742272E3DC58494C3B50C6A66311A3FA1F3EC95A0D665
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC6093e61065034898a18b3abc92c03214-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC6093e61065034898a18b3abc92c03214-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,e,w,f){window.location.pathname;var m=window.location.href;w.wdgVideoTagging=!1,w.videoTaggingInit=function(){var g=awa.ct.captureContentPageAction;w.wdgAttachedEvent={},w.wdgVideoName={},awa.ct.captureContentPageAction=function(o){if(239<o.behavior&&o.behavior<253&&240!=o.behavior&&250!=o.behavior&&251!=o.behavior);else if(253==o.behavior)g(o);else if(240==o.behavior){var i=o.contentTags.vidid,d=o.contentTags.vidnm,c=!1,r=f(\".c-video-player > .f-core-player\").find(\"video\");r.length&&r.each(function(t){
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC90de3d91e87d4e289cdf12d9ed2d405c-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1725
Entropy (8bit): 5.485144962170923
Encrypted: false
MD5: B686714B718573BE57DAA70E297645CC
SHA1: 37D29EE2E3397C2A60223A6947DF0FD5A0C127B8
SHA-256: 61D751350344890B9203BC5F1ACEB096F9E524CE830A7BF0EE1881EF35C7DCB2
SHA-512: 5C6FD62AD0C2F38753DB35B2101DEA33FA2D941FEECDC15DE8517D4CFB1A37519920D832C1C3D468FC9C8ED7C08753EF47A22A92E850E3C76C73FE1586B18CF0
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC90de3d91e87d4e289cdf12d9ed2d405c-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC90de3d91e87d4e289cdf12d9ed2d405c-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,e,n){n(\".surface-clearfilters button\").on(\"mousedown\",function(){n(this).attr(\"data-bi-bhvr\",\"REMOVE\")}),n(\".c-checkbox input\").not(\".surface-hmc-ans-block INPUT\").each(function(){try{i=jQuery(this);var t=n(this).next(\"SPAN\").text();i.attr(\"data-bi-name\",e.tlcStr(t));var i=n(this),a=n(this).is(\":checked\")?\"APPLY\":\"REMOVE\";n(this).is(\":checkbox\")&&(a=n(this).is(\":checked\")?\"REMOVE\":\"APPLY\"),i.attr(\"data-bi-type\",\"option\"),n(this).attr(\"data-bi-bhvr\",a)}catch(c){e.debugLog(\"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2OdIC[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Size (bytes): 65750
Entropy (8bit): 7.914829833769577
Encrypted: false
MD5: 050E542580D0E4F21509BEB5C9B80ECC
SHA1: 33D8A9DC17D7BAF17DB2AED3BC40C851186384FC
SHA-256: 891F6C532C5034FE5F28515EA619070AFE73908D3CFF3B9F3FE5A3C8F2D7C72F
SHA-512: 885DE7F234BFABF7EC0E9F41536C4780EBC6E4069EA3817726E532E5EDCCC0621E93191193D2BA0F31C50246515697BCE041DE213998A9E87007CC3DBDF3AEA1
Malicious: false
Copyright Joe Security LLC 2019 Page 25 of 58
Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B....................P.......WMPHOTO..E.q....0...,8:B.. .....m@.........@0<.....@. .......{.R....`......K1.FR@..u&.!ku.W.Q5...E....N..._..{h..$... .......b......q...UUUUUr..M............./.sH.A..?C%wr..XCM!..T.../......!dD.h,6".:V..........J..2.t6..&.s..hSrGl}on.......v...s.......!e...d@.<....|...;....U.*.........P>....`.@..rl|c....{..V....B...TExe..d......@.V_b.j7....0S.*..UUUUU.K.....N>....NZ\TiX.....ti.:.L....%S......##..Zh..i>6....ip'.0m...l.....r"%Wt...........]Lm....d.!*...@.e.]h..........fI.. .W..>..XSy...R.&{o..DL[L]..9....*......U..o.5J.m..MZ......*~.a|..=...`....Q...~.\...1.......iK.3`Z...r...C....:r...........wf]M..5Re..v.j..Q..0?.........2.4J..u..^\..)$...7..O..Tr..2......,2..J^7.....C.T...WG..I.7i..2.1....k.!{.....e1s.i...}v*\.....{U%..XA,_P..X.}.@}. +.DD..uP..UQ.....].wj?......&&.4Z*e.J.&.%..*W.'..X .0....d^:./ k....r"....yf..r#^n...k.n....K..wP
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2OdIC[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2QTP2[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 66149
Entropy (8bit): 5.432481644807615
Encrypted: false
MD5: 893F8FA395F6743BEA0F48F8673CD5B9
SHA1: E0C648D51F31959F5E265077BA53F527C34AE29D
SHA-256: 6D28F6751A087565F3F0AD4CD93443385FF1C3491F9E20C5783BA0A9EEF8F120
SHA-512: 9D523897489A1D2D8B3A3547A4A13289145434B0A3E795ABE8A932C7C8956BA00796B9C6A80CAA745D83253FB059449C3645EA718F76FADCF37647330D385208
Malicious: false
Preview: ......<!DOCTYPE html>..<html lang="en-us" dir="ltr">..<head data-info="{"v":"1.0.7083.39717","a":"44bd8749-0983-4b73-9521-3642f942bd36","cn":"OneDeployContainer","az":"{did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2019-05-25T06:03:54.0000000Z}","ddpi":"1","dpio":"","dpi":"1","dg":"uplevel.web.pc.ie","th":"default","m":"en-us","l":"en-us","mu":"en-us","rp":"/en-us/videoplayer/embed/RE2QTP2","f":null,"bh":{}}">.. <meta charset="UTF-8" />.... <meta http-equiv="x-ua-compatible" content="ie=edge" />.. <meta name="viewport" content="width=device-width, initial-scale=1" />.. <title></title>.. ..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2QZ2T[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
Size (bytes): 597418
Entropy (8bit): 7.981911310963697
Encrypted: false
MD5: ABB80F67593EB8983BCC999265CC0AB3
SHA1: 7DCEB7A8B3DED82ABFA218BA2F8D5C5EB77AAB45
SHA-256: 20EB444DBEA7E554C5BC52D052D0C17CA46D840F7C10C7AB2F34AFF5C986A306
SHA-512: 0B11832F864EA9C87D0D49818857BB21A5FC9D542D9559C88C19E2C5ADB31CD02F1B9E5F357D65DAC5BB857169ABE35A8D11555B40E16CE95D47D18708AD3680
Malicious: false
Preview: ......Exif..II*.................Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F9B4E7158645D5F41928335C6554A8E6" xmpMM:DocumentID="xmp.did:EC5F4535608111E9B745A83179CD6C5E" xmpMM:InstanceID="xmp.iid:EC5F4534608111E9B745A83179CD6C5E" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ec5b2b3e-8629-4f79-b3fd-a35e06f5c134" stRef:documentID="adobe:docid:photoshop:1eecbba5-e501-e748-9f93-528a5bfc760a"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...HPhotoshop 3.0.8BIM..........Z...%G........8BIM.%
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_1_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 2048 x 1152, 8-bit/color RGBA, non-interlaced
Size (bytes): 741355
Entropy (8bit): 7.979795327197334
Encrypted: false
MD5: 7CD862696D20D3E75D66384FCE70AEFD
SHA1: F7C794C2B19219C3F1DBE6A1F25EAC6DFA12B061
SHA-256: 8278A09661789A604CD87DD3B5D91D03A5F8447CABB9E45A046DB2865EFBB36F
SHA-512: E5107AA3A57EA3A19150CB302B3613CC8CA2A260151DB3D4362A5DCC1503E54FDEFC15222E85F5AD859EE4370FE771D3A215972F0C2CC2BBF8E871928F56702D
Malicious: false
Preview: .PNG........IHDR.............k.....O.IDATx.....@...8..#XHm.6.. .Aa#.P..R..*q.c'..._..%.|Y........./._...........................`............................`............................`............................`.......................4M.\.$..$I.$I.....$I............B.......................................................0..........i...k/m{...|.......8>71..\Xj.$I.$}>......(.....n.Y.>.H..a(.MJ.K/.e..cff...3.......L....M.a2...$.#5s..~....t..wv.difd....yF.....f.....~..r..D...D)G..,/......^O......\..\..;./_...V..|nKD*r.......|........7.g.}.O....*....<..m;......Q..NxL...u...s.z]j...l.W_.-.%u..==....GG........\..h.....K....]..H '..........E............w..........fK.NG......-..D[.UQp...r...s..=.n....#=O'..{*.....~8....Q.......'......k+.T..K..E:..9.!.....@.......... .N........L&s9\..,+j.Y..#...A...FC...i.<J)y0.......k..?........-.VE.....f........GFFrSSS.R.t.Ap.BY.U....'"...........*O*.............?......^......eYV..f.;8 ....~ .V;<...d...aS...<....mK.X.z;..X
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_3_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 2048 x 1152, 8-bit/color RGBA, non-interlaced
Size (bytes): 733823
Entropy (8bit): 7.969893467816012
Encrypted: false
Copyright Joe Security LLC 2019 Page 26 of 58
MD5: F8C8E458D0B326116D8DB4394FEACA42
SHA1: 3AFBA82A4BDEDC50EF34C53ED7878569F2EAF6C4
SHA-256: FA8BE65CE75F47DF685C2F02EC01BD46375AFEBBC9468E9E24EBEB6F3CE2EF93
SHA-512: B677FC593E2A6197A24A9EA128BD12E82010AFEBD178FE808FD853584290909828A75E22BAAA2510FA1DA126CA5248EE2FD30BACCD25ABA2533A73A61D91566D
Malicious: false
Preview: .PNG........IHDR.............k.....2FIDATx...... .. _..............@zk.......................@y.=..rd;.0..8'.....|.=....5......%8..J.23C|Z.;.]....zkm.Z..Ph!EG.B,.<y2...t-"..X .B.9a&.....H.`k.`o....O...O.../{..;7No.k..^gz..)..RJ)..R.......RJ)..RJ)....Z.l..vs...x.....7..Z...N[.S.ID.H.Kq..8......5..)@{XF.b..06.c)1.i#....s...#...~l...,.^..f....f..s.....G#.a>+;.....J)..RJ).....g*..RJ)..R.z..v........^.mz)z..Z{.E.l.EI..];U.q.8..8".N.N..!$....Q.!!....$l.C..@ .Nf...W.._....72i...8}a.....L._M0c$.W......{O.>.;M.OZk?.c..?....^......n.....RJ)..RJ.....z..RJ)..RJ.u....c.iH'#...........W.._\..^=......6..=.H..>O.".....`.&".b.7a.w........D._=.L^].{.........6j.}"Z.....zI....*...`.X........8....I:.....7V...o.1..#.....X.. ..v;~...RJ)..RJ)..D.l6.RJ)..RJ).....2...f.e..._.z..j(^..-.........a....2.@..E...:;...IH....\.w...$A..c..(.....b..)..}....FJvl..... .D..1.........q.~u.!..BD4$c...y..;...W......7.|id.3..d..d....f...j...r..../../.....XSJ)..RJ)....7J)..RJ)......[K..|.8...^.y..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_3_V1[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_HighlightFeature_Panel_1_V1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x600, frames 3
Size (bytes): 74933
Entropy (8bit): 7.859097020161532
Encrypted: false
MD5: 94EF7CDB82E6F7E5778A4DA0D0FD56AD
SHA1: 2450D47112E00E0BB26992676BEB2444BAE4E595
SHA-256: 26EE58DA2512916C69FFF0566C35C8BFF0984629ECC94A6DE73566B38272DA92
SHA-512: 35E6AAA752E04A95EE616F51153A954CAEDF0E02DF12574ECB24E26C744B69D714655C3C55B45B88A35B3A77392AE8329FAFDFF397126C4F73F1ABD1BE10622E
Malicious: false
Preview: ......JFIF......................................................................................................................................................X.@......................................................zR.zQ.J=)G..G...G.R..J=(.GzQ.......[6.......4.I%9.r..9.))NS.....4.....s..h....0.....T(P.......a..........zR.z=(........G......J5Z.Ggvg,KbF ..UU&..M%4..9NRH.R..).r.JI).s..4..sI.Q....UP".UP.@......`..................W..]..Wz=(.G....Gw.;..r.N...U..&.9.s..)Nr..)NS..).s..$..9.'4..h...UE@.....(U....R.a...6.oXz=)G.)JQ....^.w....zQ..JQ.GzQ..wvgfr.N....U.&.9.r..8.S..9NR..).s..9.s..I..4DETEETUT....@P..p.a..l6..=f.zR..(..)J;.w..(.zQ.J;....(...;.3.9..e.UURk9..9.s..).r..9JS..9I%9.i$..s.I&......P"..UP.........6..........(..h.zQ.J;.G...G....JQ..g...P.f'...B.DE..&...9NR..)NR....S..9Ns..9.s..i4E...........B.....a..a..a.JR.z..JR.JQ.J;.G...G..J=..z;..vwffbN;l.U...5..9.S.g9Jq..9Jr.g).r..S..9.s.NsDY."...*...P.*..\...........)J=+J=)G.^.w.R...J;...........Fvv.X.v..UUU..&.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_1_new_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 2048 x 1152, 8-bit/color RGBA, non-interlaced
Size (bytes): 1128317
Entropy (8bit): 7.954945224320037
Encrypted: false
MD5: C11E05BA111DBED391CA4C1185D4B631
SHA1: C3DDDFD8810D0D74BC2FB40E1AE9A65A814C5ABF
SHA-256: 87300ED19ED6D6EB09AD4F14C3E41E068F7C382CD7985340554BD701FBB9601E
SHA-512: 4B89E201482B36F4F5D059C67E57F7014899F96003D3EFFC46082DC11963456490A0F4C8D9F3ADB127C86C37746DD38563BEC0E96B71B284F82E4AF6BEADDB14
Malicious: false
Preview: .PNG........IHDR.............k.....7DIDATx..[r.6..P..U..u&.....G..j.v.D. .....................................<..c...~..K.....f?..........F.}.4....xc.f.}.c...:.w...?......<........6.q.......\..O:b.>/ym=k...[.=...o....](..{...x.....X.8g......Z^=....z......b-.]..q6.Y...l.e...M....mp=.....xP.......?..t.n...~..8..}.W).,..../...-A......i.....{.3{........i_Y.XW..t{.....pb...C.......3.uZf....).kC..].j.[.6.x.gw<W6.x.6.:.!...f.n.a...~.....}.....!...-.....~\....7....g.V..O.....b......3._.U`.......-.,.`.P..=.........u].{m.b].k.'........].`......._.LS|......23.'7g.....g...... ?ao...................u}.....|'..8.m..o.G....g......{..z.P.b}..o<.7:.>.wm.....g.I.HXu.K..![I+.3.x9..Cv....6..B...O.....@...`....D....#P..1.'.B1.}..C:..-....Pn.b.`......$..O.O......i.o..........R....y.._8.=.e....Si....K..0..x.|........t..H...6..=..~..d.;!..>i/@".c...3.......f.I&.s.=3}-......l...+x2p.......p.zb&5..j.=;.N.[.Oe.i.$65.o..|..........0.?/.GN'..._.\~
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_4_new_V1[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 2048 x 1152, 8-bit/color RGBA, non-interlaced
Size (bytes): 1776987
Entropy (8bit): 7.9967245039940975
Encrypted: true
MD5: 386E16D44339C3ABEA775D8262BBE093
SHA1: EAA7CE8CA017554760B8F6AB53BE7AC87CCE83E8
SHA-256: 5815207FFF83ABB3F47949DBA5BEBDE5202DE8A9353E050E09FC947B7E2B140D
SHA-512: 5061F88EF5656EF82799FD4F03EBC6B3A7E3DE67BFA1F470A0770E515A714FF96C4614F5AA18F0F45A247238E10D6D391D0FEE0B17C6ADD125B8B9894E621BA8
Malicious: false
Preview: .PNG........IHDR.............k......"IDATx....Ad1....m....Z2...2N.A...-.?........)...........................wP.......?.....1.j.J..eU..\J...VG.1...c....Z.j..."F..m...1......x.'gg.>?.>...=..l9...Gd.....<z44...Wd.q{bf{....F.nB...J%.....dPE.9%*.R.@....)g.6k)...:.Z.>~.d.e.LE$9y.YE'w.Z.=..a...&.Xw..=w........"*.Z..f..}..B. .u..L.._.i..p8..f.U f.-.,..J.......{..DU..._.....B....-....B.!..B.!..B.!<}.}.\...J2..f..e.lt....T;..f"..J......f.$.....v...Tz3.m....x$*.4%U.......{.$...lyG@.H...F.@$.3.3.;8.w....V...%h.g..^\\$... n.mr[....._...gU.g.x..j...?.:!*XK..........!.M...s..W/F/%.L..9:......~....o.V...g.!..og.^.B.!..B.!..B.!...?....p......pH..@..X.m&.d3..@EI.@t.,......N..y.TK.....{.$3.....#;.n....A..=.$...] ..."P....]*.99...6..AUDH*D..F..`*...A.4..........$......9.......;..OT........#M..<...o8.1..F.]<..u.....'>.Z.z..m. oz.....!........`..a...U\....X..yY....w.+....~B.$.7../.t..B..3"..B.!..B.!..B...?....w..eQ...*.8.. T...u.<=|..$........&.+...}....D.....D.4.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_studio-New-5-V1[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1600 x 600, 8-bit/color RGBA, non-interlaced
Size (bytes): 752531
Copyright Joe Security LLC 2019 Page 27 of 58
Entropy (8bit): 7.9915480148682825
Encrypted: true
MD5: 30ED03FDB56DB6B61E5DFF175E91E9B0
SHA1: 627728114AB35ABE247E6ECC634A294BCBC123BA
SHA-256: E3A5F64AAD47736264C8C672E4C92553141256E8AFDCB141A1D4C9065F8DC9F4
SHA-512: 415795581A02282D6EDE386D36E4FB0F2C33CA40244508657F907AD347BC7E417C502C427FFDA8CEB9E3BC4D9E93E388D7A6990DB11B835E734C30DD307BC64B
Malicious: false
Preview: .PNG........IHDR...@...X.....:.*B..{ZIDATx...1N.0.....-{.....i.PP.b#..{RjH.....'.+..y..V......8.<......._......ZH....nV......... ........*....o.......D.<.V_......P.....@'<.:@....@'<..t............ ........$...... .......|........e..........<..[`..c....F.xr.[....k............d........ .................@........@...........F]................................._.N.........H.@...K....0..... .......`...7 ....[..... .......v..@t..........?`.5......X.(...).................................\....p.-L..x...-..P8........ ......... ...PT........@...............`a...........&a3............ ($.....................u.?.....@V....G..{....}.P.E.....f.%..0.............O6:7.. .8.....;...-.0...j..\....@.....A..0.....A.`.,.........6..%d........`.,..................n..........`....F.....?....`...6.......#.......:@...t...........>....../..k...VJ...........7..BIr]I.).d..a..^fffff..wX.^fffx...ef<.3.]l...]..U..aN~=..v..vUC.?)..7.o}....}........g.r1.Bi..Q....L.v.P........xY.y!.0......(..A..A..A.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_studio-New-5-V1[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_LinkNav_Panel_2_image4[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 1230
Entropy (8bit): 4.465658582341525
Encrypted: false
MD5: 9807E2D0143042B099454E83F29FD3C5
SHA1: 8FD51F53C496175F8C07733A8C17497E16B51F59
SHA-256: B042FD8196D7BEB8048862F6E0819AE253980A415E123F88AC6816363DB3545A
SHA-512: CEA0F87D718C623C0CA156BA311136932A6484F76A08698E87B9D89C13F5D05B45DB1E2B4E7ECB0D17C732F59B6C92C6A827B6058B51368D0ADFDC4F94AB2DD2
Malicious: false
Preview: <svg enable-background="new 0 0 27 21" viewBox="0 0 27 21" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><path d="m21.312 4.214c.716.312 1.363.711 1.94 1.196.579.484 1.071 1.034 1.478 1.646.407.614.72 1.276.94 1.989.22.714.33 1.455.33 2.224 0 1.066-.204 2.065-.61 2.999-.407.934-.965 1.749-1.672 2.446-.709.697-1.537 1.246-2.485 1.647s-1.963.601-3.045.601c-.846 0-1.671-.13-2.472-.391-.801-.26-1.54-.643-2.215-1.148l-3.126 3.077-9.375-9.231 10.938-10.769h9.375v3.714zm-10.937 14.111 9.375-9.231v-3.786c-.146-.032-.326-.054-.537-.066-.211-.013-.433-.024-.666-.037-.231-.011-.462-.03-.689-.054-.228-.024-.434-.066-.617-.126-.184-.061-.332-.143-.446-.247s-.171-.248-.171-.433c0-.209.077-.389.231-.541.155-.152.339-.228.55-.228.399 0 .792.004 1.178.012s.775.056 1.166.144v-1.694h-7.165l-9.376 9.231zm7.813-.902c.863 0 1.673-.162 2.429-.487.758-.324 1.418-.765 1.984-1.322s1.014-1.208 1.343-1.953c.33-.745.4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_LinkNav_Panel_2_image7[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 1055
Entropy (8bit): 4.584222259166922
Encrypted: false
MD5: 80CE8FC112B97920A2A8E16A9A1366BB
SHA1: 5B6941F056B06E68CAB5744F25A470F4DDC5652D
SHA-256: 7AE03D6DB88646424478804E4593A5FD2425453554319F24053A9A968EF285C4
SHA-512: 26163BC3C8D3B0402A92D28E1B5F757A5B88AB8DDA358CABE03C90FD79AEAC37D895A37F06C24AEC7072ABC586805BD118ACE856F05B6B507D231CCD2D84F342
Malicious: false
Preview: <svg enable-background="new 0 0 27 21" viewBox="0 0 27 21" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><path d="m21.5 2.625v18.375h-16v-18.375h5.334c0-.362.069-.702.208-1.02s.33-.596.573-.835.526-.427.849-.564c.323-.137.668-.206 1.036-.206s.713.069 1.037.205c.323.137.606.325.848.564.244.239.434.517.573.835s.208.658.208 1.02h5.334zm-1.333 1.313h-1.333v2.625h-10.667v-2.625h-1.334v15.75h13.333v-15.75zm-12 5.25h5.333v1.312h-5.333zm0 3.937h5.333v1.312h-5.333zm0 3.937h5.333v1.312h-5.333zm1.333-11.812h8v-1.312h-2.666v-1.313c0-.184-.035-.355-.104-.512-.07-.158-.165-.296-.287-.416-.121-.119-.262-.213-.422-.282-.16-.068-.333-.102-.521-.102s-.361.034-.521.102c-.16.069-.3.163-.422.282-.122.12-.217.258-.287.416-.07.157-.104.328-.104.512v1.312h-2.666zm8.198 2.164.937.922-2.469 2.43-1.801-1.774.937-.922.865.851zm0 3.937.937.922-2.469 2.43-1.801-1.774.937-.922.865.851zm0 3.938.937.922-2.469 2.43-1.801-1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_1.png[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1396
Entropy (8bit): 7.5454284767456725
Encrypted: false
MD5: 7E990EB99DAE838049B984B83988CEF5
SHA1: F6F82893ABDF49578891F36F9413124A841DE8C8
SHA-256: 29596253E4E17117B0882EE63C302B719DA3E9B5D69C8327B9B9F6269F0629C9
SHA-512: 8E62C52DE4A64AC249994CE967945C9D49F3B1DE234D8DCF6CB9E1DF056D26262D93DE16E3FF2788D62FD2507A3293AC35897DB7AF25A8F0503624F14AAEB92C
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3.....................................................................!17AQatu....."38BFUcqrs........................................................1.qr..!"25....AQRa..4............?...X.L@D.@D.@D.@Es.......0r.XQ#.Y#..2\.KG1.......#.N....j.Y.o$....\..Ql.uTbF....#.J...gXn.y..y.q.,)....d>n.v..B[.gm..}.U..<...8..!.8......).,.7...2t.l.z.x3hmy.Yc7r#QCf<=...1...."h.I......9\w.......=..W)..l..i..-..Q..~..]..?G..h.u..[Y.K.....f.PS.........{.C..Q....#Q..&7-.g.E..r..IZf..!..6.48...\*d.[V.g.......3........G...........2...]b5...x..J..|...l{..d.aLuW#E.<^.O.-..9....6.....l....EV..c...A.....%..M.t....D\..+.}*..2.6...JHh...h..h..?V0.>.[..k.J..K.G...S...Y-l.N.Hs;X....J..4....MHaJ"[OJR...TFG...M.g........`....R..YE+.~C.......L..0.A..A..Qy...To.......Z.<..I.I.\.....2......|...?N?j...~Rz.{.....5....0..E.y..%.d.i-.
Copyright Joe Security LLC 2019 Page 28 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_2.png[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1656
Entropy (8bit): 7.645428985716039
Encrypted: false
MD5: 01A16E9C9A12C3AF124C4D8E4791907B
SHA1: B73C43C28554C16F171B1020EE8248E855514FDA
SHA-256: 2A049DE2216B10275216327EACCCEA3242EFFA2A4C68524AD2BF7313A332BF1C
SHA-512: 0B7172D93BBC3808B517A4E8DCBC14143D229C96C57D83BAFD5113BC82F244B49798932DF3EBEF5A13753C2B7D609B1277B492F24007CD21621BDE0B3C8ABE01
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3...................................................................!"1Qa..AVq....#B...............................................!1..AQq...2RSa."3....B...............?......DJ"Q...D.%.Op.......x..i...7.T.H..@k.D.!;.......HR..G.rh.O.2.RiQg.l.f...Ao.+..N8R.....x..J.u...@.CH.v$}I.^f.S.y........O.mR.:\..xi>(...>.V....'Bz%...9...8`...4.....H?PEM35)G..Da.....BZ.6...o....%.z.../..J.x.:. ...N)O9...y..jSi.....${.F.t...0..f...w.]..%.i...v.......a.zo.Y......(.DZ;...3.6.s.."^B.K..+.)[.4H...J.G..{[...>...Ll....@.0.,...f..s.).7JJ....x......v.).s.{#.c......|I..I}...Ohj4.0.(h..t;.....K.........1.6.........cGf.6.m1b.b<.M.8...PlO.......m.RlO#-.KZ^....p..X...M..U.U.T..: 7.........5VZi.[...|F[F{.H.GbS.E..]e.ZX.J..$..A.....q.[....@e.,......F...e...Xm.....j.=N.3.....O.c.y~.,%.B.5.......9(...z..wPv.f..B.>DT....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_3.png[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1382
Entropy (8bit): 7.502628462867667
Encrypted: false
MD5: 970BFA81C5288D69F2BA48D847F4DA1D
SHA1: 2539846C918368091BA07A3C0EA0020E7FFFAEFC
SHA-256: 57F0502DC168EF20250AC3A4D2C6EFFA72DD2DCCDCA5541E11F22F3407FCAC5F
SHA-512: 3641098A83CDC38D908D1E5C2B80C937A66FE789CB57DB46BE30154F888F1A248A1057A21AB0F3F15F2D14A122D110BCA44BE842E028AD4C795539066756394A
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3...................................................................At..!12568as..."#$Qq.r....................................................!13Qq..."5Aa..2r.....RSb...............?....o%.(.DJ"Q...E.`._..l.......h.Hu....=...)m..v._...u!4....6..)".S..k.i..g.....~4d.u.(b...).v.$.)=.. %...B..9k.@.1.4l...Q... .`..^..5...S..Xz<..4..M..|...G1..piN8....H..w..=.o[..+"...x\.|.....K.f/.hFf7.2.h.l..;9...+%.ti.9w7....I^....<XH=...q.?...3v.b.n..M8f8+Y+.j..^"....(.*....o......YJ..!...v......#a]9.......^Z..%.v.....9.y..7.O...]..iZ.......|..B.0.....3.Z......B.N..N.^7....9.t...m.<'..8.v...!{....2w..W....~.%U.]..sz.......oi...O.Us.}c.....|#....t.E....P......>.{.w...=.k`nw6.../x......m.Z......-R...h?7[..H^.x.........~.%{|..6...Y.N...9d..]{....8..o+.%u,.G%....(._../:;j.X..D#|q.....{..JV.......{.+....].ms[.*v....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_inactive_1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1528
Entropy (8bit): 7.612429255190347
Encrypted: false
MD5: 1BB007C6E521ABA8F8F577D72884AA4F
SHA1: 55D1F06C5C8B914AD5CD9F13767030FF8AB33ED3
SHA-256: F2E763DECDC13F93A25BED7C16B6A2D3E563AC0FD11A0904EF1CEA00852C8630
SHA-512: 4C27335F2D54B161EBD9084A64F4B0D5C07335A56998D1FFF1BFD7A5702211F63B4683E8057DFB05B5D233970E9E7055D1DD0FC2C3AEA160C510DABAB0618C9B
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3.................................................................!..1467QU.........23ATr.."#5BCFSabcstu.........................................................1..234QR.......!A.."Bar.Cq...............?....qg..J.G.z.$}.Ag@.....^.m.G..g........md..t...R...).5.......J.s.^.rX.....ux...-5...#N{..K.......oF......=...%....J..7..Mk.m........ux.....6.i.y{..b.@.R..M...Z..r..ii|...n..Z...{.....=.!h.n...~+C......6.~.]|.e.8/5hhh..y.......D....r(...J4..N.......c.t9.j.#S..IA...V....;n..%U.....6\..-....kV..>........Y&.....k..*.Wjf..;V.!.O..`.D.am....0...c...>..!.p.nL...(.......t.6.?...>..qZ......g....y...6.D...#.lA.,a..h..e:.Y.I7.]c..V.j+5n.eI.....V.~.3.m{....o8.h..V........n6.h>.....2...5Vs ....Z.u.>b}.gZS-./Q.z\Y+\...:.l....._..]j..&...p^j.Ef...4.t....W!g).k...N.B.[..<.Q.6......W.DJ^;........![. 5..$.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_inactive_2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1683
Entropy (8bit): 7.665429827685936
Encrypted: false
MD5: 77E8A7067F65F9DF4A403895503200A4
SHA1: 0116DA6CBBAFEF32DA7CF965DE39D1F6BD0F0D21
SHA-256: E330A17EC9E406716BEF2B2970FC00981EDE06A56F9C2DBB093B33D6A0115602
SHA-512: 81B598926B84431A2CF2AC054580A89BD80C081C7C12FA5BFC35C6640974368E5A2A2DE4284EE2850FCA72179378A5113F5148E905316FD1E39799FB81C8855C
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3................................................................!...127AQUaq."36.........4....5BCFSTb......................................................!14AQR........23aq...C...............?..N...w..c.....`.Y.#.GN;kW|....N.VV}./.].sjMr...FZ...).5....3.D..>%....T..J..<...5.....>%....T\.].'......F........Qr.tx.h..Z|....._L{,_.E...y..Mi.o$n.}1.~..*WG..5....G..........k.....}..UOwHY.......C......O.......<..Z..+.n....li...*YV\.n.b../....O).'....Je.#a...%..#.Z*J.]....!.....$f.--M0..S..nc...-..4.(6.J.^..X..`...N`.<..Q.%...*.G....#-i....-o.e\/.{..x.....u2....V.R.tT.o.85.y...UL...L..9)Y.9..Zr.I..(V..'.U.....e..k.Sk+.n.......}B......Y.m.XL.rb.....Ch.)n(.y..........wL80.0_w%.)......h.......>...*..)...h-...Ci!:D.j..V...!..Z0gw.S).I.C..s.........WZ....2S..y.OA.e...)C<..s...z<.h...M/{..2.Pc4.H...
Copyright Joe Security LLC 2019 Page 29 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_inactive_3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1310
Entropy (8bit): 7.505236406518429
Encrypted: false
MD5: BBE5E8F43991AC64D86CEEAF96BD29B8
SHA1: 0AFF4DF1BC939F62F77A55753B924B2EA6E177FC
SHA-256: DDCEF53CCB6CE9D0410D56E48A72BEC88DF16A338C1238F95F3E03F458333BE9
SHA-512: C62B0FA113D49D7FA48C620C5D5A5832903BAE9614491B33CA94E221CF74179C3ABF516115C384377621E4FCB7BF62023BCC6E004947FA83B8051F270865E643
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3...................................................................!56....124Ta......qrst...ABEQRS.....................................................3...12AQq.....!4R..a....BCb............?...{om./......[."66.Lf..I'|.i....@>.K''..C.+&.gj......{._+...w...>..M.^.]..+...w|..........{.eqv.......7yz.wb.r.........s../_..Y.A...;._..~S...o...o.......{....+...J.I.x{?.v..4.{...M..'4..m....^.p4.....B.R.....9....e2Yx<....&...U...H..7.?.W.....%2.\[...%6..X4B..VARR...z.......R.....*..j...y)yG.l...2..Zt.......Zos.Qd.....I..5.:@.+B..3..k=.@/..t:.EI.S.......;.z..1<....cz....>..6.\K....+PEH54.............h.]j....[.wVb)KP..l..6..........qYh...1X|f..?xf.r.{.._.+..u(..v..I....~%..~w...:by.3.U.l..S..J.T..b9.E-.cy\.........Z..#`n.i..f..w.f...;..@.n...0.i..0......i\.C.DT..=jLh.....*..nM.o.....F..c.Prc.....(QK.aO..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_inactive_4[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3
Size (bytes): 1048
Entropy (8bit): 7.240463979004769
Encrypted: false
MD5: EA7340E6BD3F8A7D13BC5A49D018CF2B
SHA1: A7EA5D991BAD740C869E78B9399BFD9A6A2E6F36
SHA-256: ADF8D6FD76D5A6ADEEA87ED62C245C9FFAB7F406F5215098EBDD0B2DE84E5737
SHA-512: C57DEA29371CCE446B97989E3D4A8CD4882F3F66B5EF1541D3A2A64118A7D27C5CEDA935BA46781A80128B6A5B706095666EDB826FAECAEB9F4EDB9CBDCAFE59
Malicious: false
Preview: ......JFIF......................................................................................................................................................3.3..................................................................!1A..."24QS........3Ra.$BDq....................................................!.A.".1............?...992...mvH...... .;.9.xS..M..<).1.3..r} ...9.O..7Fs....7l=.~.d.8\..U.8.G. .z.].S.....:..1..\.F{.P].I..\B.*..,.m.......V..}.d....ter..6}./..!.2......y.....a.Z..V.....'2..I..F\.N=.V>_.....e.......:>Q.y.I+.8..aQ..\v.*nm.;..z../d.7u.>..Yj].0...@.B...".....F)-#x.>..mNL..b.4...0.`....X.+9'[.#gW....F..R.......H.16..J.r.}.c.......yD.....h..>..Q..l.:.|].s.z.B...[.=.". ...2.......N.'9?.S.....3.I*......).B.l: '.Fl.nf.h../....z..s.....,..y.n_z.w.C.6...28..x..@t.l.S'..Xq....9@k#7X..a)w[.8....2g...G..........>..>>...Giy...m.R25LIU.:........Vc..I.S.)...!..>R..i.....J..Cooe..Z{X........D.4....Bj.m..rt.....q8J.H....0.. .....r.>#..X..l.6.B.5....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\authorize[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 3784
Entropy (8bit): 5.90072383320781
Encrypted: false
MD5: D9A72DC4282FB8AE2754DF4C59EC8555
SHA1: B0EE77B1AE0C4455F869A053F70769D7CA92BDF2
SHA-256: C3948C1A3764BFB3A503341361A1F0BABBAD67265BF403C0227D36AA79D0AE97
SHA-512: 153301E46B9B0DC809968CF0A601FD91D394A138ADAB272A31DC73BBDD8F727F2F36C8CC5F73EC07F27ADA02955AC3EBA883A133BC7158B222B244D95EF01F26
Malicious: false
Preview: <html><head><title>Working...</title></head><body><form method="POST" name="hiddenform" action="https://www.microsoft.com/en-us/silentauth"><input type="hidden" name="error" value="login_required" /><input type="hidden" name="error_description" value="AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com)...Trace ID: 135f46b1-9ee1-4025-970f-f1c29d8c4e00..Correlation ID: bcadc053-b589-4b9a-b7e9-cfe6e88bc638..Timestamp: 2019-06-05 12:26:02Z" /><input type="hidden" name="state" value="OpenIdConnect.AuthenticationProperties=AAEAADfZrTrWsanBzilc9pZkkDOvboo8_wV4GM5lfyDxy7-j26GjjCVrahW018CY7hekmZlRSSY6n719ZRqWF-UFEy2ogWUYY_o7gtgnR-7wRfXBrqyosZXuGNyKSp3Kvy2sVX5vxNotYnOZq4-eN6KpHzTmF9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\b3-c67af8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 13591
Entropy (8bit): 5.235764362480649
Encrypted: false
MD5: 2D7DFA1D55029429503D62340C7AF2D8
SHA1: 09463A41F0EEF15924329788E368E0D9FD853462
SHA-256: 7F7A226087BD79D5CE3839860441C5A8C9F475A69F84A17B207801EFCFE75D16
SHA-512: 32618564D1882B4372D941653AE30BC1539D16D095763EFFECD7356EA0825A480F0266E92FA944AA21216DA83317CB4B7B40B4BE254D2B19712E3272A7FF2D05
Malicious: false
Copyright Joe Security LLC 2019 Page 30 of 58
Preview: define("genericVideoDialog",["dialog","componentFactory"],function(n,t){"use strict";function w(n,t,i){var r=new RegExp("([?&])"+t+"=.*?(&|$)","i"),u;return u=n.indexOf("?")===n.length-1?"":n.indexOf("?")!==-1?"&":"?",n.match(r)?n.replace(r,"$1"+t+"="+i+"$2"):n+u+t+"="+i}function b(n){var r=n.querySelector(p),t,i;r.removeAttribute("tabIndex");t=n.querySelector(y);i=n.querySelector(e);t.addEventListener("focus",function(){i.focus()})}function k(n){for(var i=[],t=n.parentNode.firstChild,r=n;t;t=t.nextSibling)t.nodeType===1&&t!==n&&t.nodeName!=="SCRIPT"&&t.nodeName!=="NOSCRIPT"&&t.nodeName!=="STYLE"&&i.push(t);return i}function o(n,t){if((n.type==="click"||n.type==="keydown"&&(n.keyCode===13||n.keyCode===32))&&(i=k(t),i&&i.length))for(var r=0;r<i.length;r++)i[r].setAttribute("data-js-controlledby","dialog")}function d(){r=document.querySelectorAll(h);Array.prototype.forEach.call(r,function(n,t){(function(){var u="owVideoDialogContainer-"+t,r=n.querySelector(f),i;r.id=u;i=n.querySelector(c
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\b3-c67af8[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cartcount[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF line terminators
Size (bytes): 2931
Entropy (8bit): 4.515088399504564
Encrypted: false
MD5: 82168382EB4B8237D0DB2114FF745370
SHA1: E6AE23E8A2C79916432FD149CA814931E2315423
SHA-256: 8113C72B19FDDE652DD8E125BC88F896F3249BEB9E695C75C4E667EE448F2B88
SHA-512: 0F729D6623E3EA28AB0BBFD45D70D0FA936C020C6C6E4F480F768C2462F4F60FD67BB03B4681BDFE5101DA1C1AC35ACC5A36D7DCBE920EF8E04798A3405F0814
Malicious: false
Preview: ....<!DOCTYPE html>....<html>..<head>.. <title>title</title>..</head>..<body>.. <script>.. function getCartItemCountFromCookie() {.. var name = 'cartItemCount=';.. var allCookies = document.cookie.split(';');.. for (var i = 0; i < allCookies.length; i++) {.. var c = allCookies[i];.. while (c.charAt(0) === ' ') {.. c = c.substring(1);.. }.. if (c.indexOf(name) === 0) {.. return c.substring(name.length, c.length);.. }.. }.. return 0;.. }.... var count = getCartItemCountFromCookie();.. parent.postMessage('DR_Cart_Count=' + count, 'https://www.microsoft.com');.. parent.postMessage('DR_Cart_Count=' + count, 'https://support.microsoft.com');.. parent.postMessage('DR_Cart_Count=' + count, 'https://account.microsoft.com');.. </script>..</body>..</html>........<!DOCTYPE html>....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ccats[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 69345
Entropy (8bit): 5.298700221240144
Encrypted: false
MD5: 33E9CF38A9C803565FD3BB826D3257A5
SHA1: A0A655DF5AA331F8104647E1A0D0759F765FC5F0
SHA-256: D2B50AD5DAFFB48FF781A94266E26E284C2B752FEAEE53FD7E287C7E040AB1C3
SHA-512: EF301E556FF956E941D42CE8336CF4B5868B470F7CEA6E6C4A2FB8EBA2811EFF29A9BA3DD83915F7979089EA4E50F581C843A85F5AA8A79E0A63AC97FCDD1472
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - CCATS</title><meta name="Title" content="Microsoft Exporting - CCATS" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.16" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="te
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\contact[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 69339
Entropy (8bit): 5.299504743531708
Encrypted: false
MD5: 3B99473808F9DF1CABA7614893213DD2
SHA1: 7859E3F129E34FC73668246BAC3091248334EB17
SHA-256: AFF290C3C5B57E15A0501D96F91670E852998B7E766820CF429B60D4B59C41BA
SHA-512: DF0577C9FF632BEC917384BF019F1CB31F666AEC927A578404C9F914DACF9E8BBD92FCB27AB919B5CE24E9D87A31597FA2DF9E45296ED08E7E0A0E26454DEDAF
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - Contact</title><meta name="Title" content="Microsoft Exporting - Contact" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.21" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\e3-082b89[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 108096
Entropy (8bit): 5.229160903502225
Encrypted: false
Copyright Joe Security LLC 2019 Page 31 of 58
MD5: 690F308362F1791C5B9CB51970939A4E
SHA1: B7DCFD930BD3112B65AC18F42BA97CEC06C9EE9B
SHA-256: A9ABF95ED8994AC44392AA9B402BCD15577C34EC90967FE162718D83EAF58B5B
SHA-512: 545C6B7AFCA56736D1CBAA16D842CDE2A8F120867646C86647C8E3ECAA0782E9A4C775E0AC05DE45AE4B810E2D362FE502CD215EF6509DAC1F9C4F00A448BFBF
Malicious: false
Preview: var __extends;define("actionToggleTelemetryHelper",["require","exports","actionToggle","componentFactory","coreUIConstants"],function(n,t,i,r,u){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var f=function(){function n(n){var t=this;(this.element=n,this.onActionToggled=function(){setTimeout(function(){t.updateTelemetryDataAttribute()},0)},n)&&r.ComponentFactory.create([{component:i.ActionToggle,elements:[n],callback:function(n){n&&n.length===1&&(n[0].subscribe(t),t.actionToggle=n[0])}}])}return n.prototype.updateTelemetryDataAttribute=function(){var n=JSON.parse(this.element.getAttribute(u.CoreUIConstants.TelemetryDataAttributeKey)||"{}");n.cN&&(n.cN=this.actionToggle.isToggled()?this.element.getAttribute(u.CoreUIConstants.DataToggledLabelAttributeKey)||n.cN:this.element.getAttribute(u.CoreUIConstants.DataDefaultLabelAttributeKey)||n.cN,this.element.setAttribute(u.CoreUIConstants.TelemetryDataAttributeKey,JSON.stringify(n)))},n}();t.ActionToggleTelemetryHelper=f});requi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\e3-082b89[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\exporting[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 72722
Entropy (8bit): 5.318378325873037
Encrypted: false
MD5: 789DE023846F05E8FBB71FD75892A0FD
SHA1: 1D313C91B9EC41E8A79A654131B6ADABE3EB4201
SHA-256: C2A45ECCDA3E63D3B679EF8EC22295BC4A0DC1F2759C3C7B90413B4A0EA9B025
SHA-512: 902C1FB293625B69827FF29D9E5172A30CE2F52DC2D2EA1095FDF972B5F469149C748327C68C694202FE537355DE11AC62BE02D5BF4411433B17B00159AE6D4C
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - Home</title><meta name="Title" content="Microsoft Exporting - Home" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.1" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="text/
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\facebook[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
Size (bytes): 265
Entropy (8bit): 6.681697500155679
Encrypted: false
MD5: 352637E02A377A29073AA9F65B1FBA22
SHA1: E5E2B07F777F47DCF158120B11D0B6BDEB0BC878
SHA-256: C77873C0C4A8499BA493832E950D41CBAEE43020D5C99D702A1E9DEBBAF0DB32
SHA-512: DFDF4B94AC252B67E6D255C708505845AD427CEC4155D4C2796B84AC49658D6D140CC3744A5BA7A2F4F7AE989EC89D1F13271AAAC44ADF15D8553F45BBF4470A
Malicious: false
Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bt.].@K..@c0j.A.B....Vey......T...X:>PKYN.Y.9n5u,...m..a.dG..6..C...].O.=..V....D.>8.)0z1.)D....@....H...(..........0.^..J.8x.......W......-.G-..`0V.....8........@2..M....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\faq[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 84733
Entropy (8bit): 5.360066612036354
Encrypted: false
MD5: D7D57337549C154E5BBE8F0CB9CC87AC
SHA1: 95DD7C071BC6624D1CF8EFD79CACFAC475E9B7A5
SHA-256: A5C5865AFAB6FEC35A49556A5B26EEC51891968DDAD3238FB7C537A633467C27
SHA-512: 2295DB96964027EFC240DADCC21890DAF27815B2EC60C1792F573CE91F6D84A95C24DE336E52C8694379B3E4ECDB5846C2E26E653250FC807E5F6F64AF09E880
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>FAQ</title><meta name="Title" content="FAQ" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.18" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="text/css" href="https://c.s-microsoft.com/en-us/CM
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 32 of 58
File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Size (bytes): 17174
Entropy (8bit): 2.9129715116732746
Encrypted: false
MD5: 12E3DAC858061D088023B2BD48E2FA96
SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious: false
Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[2].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\instagram[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
Size (bytes): 431
Entropy (8bit): 7.099817516184939
Encrypted: false
MD5: 95FD424420005BCBF324E0219845C132
SHA1: E5F797BC388729F32AFDD7F424487450984B2F25
SHA-256: 97E35ACCD166FFA4D0B84862E2F8C2C36B5B8433D7A20AF382DEE3F104087E77
SHA-512: 1196131B170E7B689BB19C96CB81F4C74830D41B629BEB3957094D4942195D11331B71299A7D80E24549A72308EC0ABBA781DC5349B3B7EA2C44BF8DB1A1AC08
Malicious: false
Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<...QIDATx.b4..d.%`b.1..`.-`....).s..b'...~./.....> .t .j.j$...^.....@...jwQ V.....td.PKE..Ac...x....FZr...d...d..4...O.@.k..2.(....@.w;Z..r."..3..H...G...k....'3.?....4IE......5.....Jr2...0.@..ry...,|HKE......X....0u.....@...Pd....3..O........@)..Js20&b*......@.....JQ'.....hTNE.....W,..'X..M....!...F.(...`.GF.T...-.Q.(..........e.\....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\launch-EN7506e353034849faa4a18bc4c20e727c.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 116970
Entropy (8bit): 5.215438438741596
Encrypted: false
MD5: B05B2EB1C0DD9E568F52F23F4FF2DD73
SHA1: AD894611A6149FCE4BBE88FA694885AF0DD4079A
SHA-256: 51C9B8C80C43AC2020D27A869C64138CDEEF7DA42D1B11DBBDC8257A5787EEA7
SHA-512: 5D6F88C68894FBA20C5802F9E423F25AA5C42DA88E55D13D91B48D6A82DB595E824F7EC4B24E1CE46A2565B5A726985D17468DBACF625ECDBDF41579E026C820
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.js`..window._satellite=window._satellite||{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2019-05-30T12:17:19Z",environment:"production",turbineBuildDate:"2019-04-16T19:21:56Z",turbineVersion:"25.4.1"},dataElements:{"JSLL RedTiger":{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return 0<$("#primaryArea[data-m]").length&&awa.isInitialized}}},MSCC_Consent:{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return!("undefined"!=typeof window.mscc&&"function"==typeof window.mscc.hasConsent&&!window.mscc.hasConsent())}}},"Surface - All Pages":{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return!(!location.pathname.match(/\/..\-..\/surface\/?/gi)||location.pathname.match(/\/..\-..\/surface\/business\/?/gi))}}},"Surface - EN-US Pages":{modulePath:"core/src/lib/dataElements/cu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\meBoot.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF, LF line terminators
Size (bytes): 101829
Entropy (8bit): 5.511650731816798
Encrypted: false
MD5: E864B3D8073AED0ABAA46E8040C72A60
SHA1: AEF6F631C551E5F6C9A46B945529B30FE641EF8D
SHA-256: 3276074AC4617881105E6A86A63A3EF72DCE1A9531A8B4E4D0D48DF6FDB951E1
SHA-512: A3FB863F6CB77FCD6C29296B185A7C8C577EA307484EBF86E1CD879A98CABF0B086E4B98D044E9D9115E4E9CCD97E5B0005DD04A55514058F0D2540C0AED5A0D
Malicious: false
Preview: MeControlDefine("meBoot",["exports","@mecontrol/web-inline"],function(t,A){"use strict";var s=function(){},i={},u=[],p=[];function w(t,e){var n,r,o,i,a=p;for(i=arguments.length;2<i--;)u.push(arguments[i]);for(e&&null!=e.children&&(u.length||u.push(e.children),delete e.children);u.length;)if((r=u.pop())&&void 0!==r.pop)for(i=r.length;i--;)u.push(r[i]);else"boolean"==typeof r&&(r=null),(o="function"!=typeof t)&&(null==r?r="":"number"==typeof r?r=String(r):"string"!=typeof r&&(o=!1)),o&&n?a[a.length-1]+=r:a===p?a=[r]:a.push(r),n=o;var c=new s;return c.nodeName=t,c.children=a,c.attributes=null==e?void 0:e,c.key=null==e?void 0:e.key,c}function T(t,e){for(var n in e)t[n]=e[n];return t}function d(t,e){null!=t&&("function"==typeof t?t(e):t.current=e)}var e="function"==typeof Promise?Promise.resolve().then.bind(Promise.resolve()):setTimeout;var f=/acit|ex(?:s|g|n|p|$)|rph|ows|mnc|ntw|ine[ch]|zoo|^ord/i,n=[];function a(t){!t._dirty&&(t._dirty=!0)&&1==n.push(t)&&e(r)}function r(){for(var t;t=n.po
Copyright Joe Security LLC 2019 Page 33 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\me[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 28317
Entropy (8bit): 5.418253807010367
Encrypted: false
MD5: 6D38808DEA4E26273DE027DE6F6C0A25
SHA1: 6404D7382E111FA2EDDDE2E698CADF65E3E1B62D
SHA-256: C299D3134139DEDDFFCF1AF81001BD004601C2B97F13A6F5671E6D69B3F0E0A3
SHA-512: 8AD1FC71AC0D974265D4572D512F1AA1529CF6190562CC7B0E837C4173126F9A87C87C62B6D78B0C0E740BC5D144080FF22B4AEA57EA68E0B6EA10C10E31FA9E
Malicious: false
Preview: <!DOCTYPE html> ServerInfo: BL2IDSLGN1C026 2019.05.14.21.17.17 Live1 Unknown LocVer:0 --> PreprocessInfo: azbldrun:CY1AZRBLD68VM1, 2019-05-25T09:36:31.8893825-07:00 - Version: 16,0,28215,2 --> RequestLCID: 1033, Market:EN-US, PrefCountry: US, LangLCID: 1033, LangISO: EN --><html dir="ltr" lang="EN-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><base href="https://login.live.com/pp1600/"/><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=e28e1d0477584310bf4d48c8c32c060e"/>Microsoft account requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Windows Live ID</title><meta name="robots" content="none" /><meta name="PageID" content=""/><meta name="SiteID" content="38936"/><meta name="ReqLC" co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mwf-auto-init-main.var.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 307257
Entropy (8bit): 5.169381678188456
Encrypted: false
MD5: BFCD48223E39F7A846413DD5814365E9
SHA1: 13DDB26618D203607C9B12D0D0D80F03ECB71362
SHA-256: 5E484A06AE85C5A599A6511224405A773FB3AF3D9D6600AF8F5A1B4A2C39504F
SHA-512: FD66AA707E23432C48C5709CD75C2235850884F198B339EEA8238395A0B875ED7890AA2A04DFDF82E46C152CA7ECE88EA2B4C64C978C94BF84E274BF47A049B7
Malicious: false
Preview: /*! modernizr 3.3.1 (Custom Build) | MIT *. * https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses !*/.!function(e,t,n){function r(e,t){return typeof e===t}function a(){var e,t,n,a,o,c,l;for(var u in s)if(s.hasOwnProperty(u)){if(e=[],t=s[u],t.name&&(e.push(t.name.toLowerCase()),t.options&&t.options.aliases&&t.options.aliases.length))for(n=0;n<t.options.aliases.length;n++)e.push(t.options.aliases[n].toLowerCase());for(a=r(t.fn,"function")?t.fn():t.fn,o=0;o<e.length;o++)c=e[o],l=c.split("."),1===l.length?Modernizr[l[0]]=a:(!Modernizr[l[0]]||Modernizr[l[0]]instanceof Boolean||(Modernizr[l[0]]=new Boolean(Modernizr[l[0]])),Modernizr[l[0]][l[1]]=a),i.push((a?"":"no-")+l.join("-"))}}function o(e){var t=l.className,n=Modernizr._config.classPrefix||"";if(u&&(t=t.baseVal),Modernizr._config.enableJSClass){var r=new RegExp("(^|\\s)"+n+"no-js(\\s|$)");t=t.replace(r,"$1"+n+"js$2")}Modernizr._config.enableClasses&&(t+=" "+n+e.join(" "+n),u?l.className.baseVal=t:l.className=t)}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mwf-west-european-default.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 556551
Entropy (8bit): 5.221740865051638
Encrypted: false
MD5: 5582719A793D8D70C369645A28698466
SHA1: F4B2D75F1E55D65CF87DFB3E2A856A7C2D917A45
SHA-256: 301A9A7613FB8A2F5D5A12D5B23949E2B52849402A87FFE4D33DFBD7774C61ED
SHA-512: AF00AC2F81D371BEC64E580005AB0BF57A0AA5F21E534BBC47A837069CB22B66A43A677F0B0188AB1946AF0AB6BDF4B4176329D40B35545E91D65C9E23F29FEB
Malicious: false
Preview: @charset "UTF-8";/*! @ms-mwf/mwf - v1.23.1+5118857 | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css *
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\override[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 1531
Entropy (8bit): 4.797455242405607
Encrypted: false
MD5: A570448F8E33150F5737B9A57B6D889A
SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E
SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC
Malicious: false
Copyright Joe Security LLC 2019 Page 34 of 58
Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\override[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 104363
Entropy (8bit): 5.16996133505699
Encrypted: false
MD5: A93C9C69321164A3911DB41440CC4608
SHA1: 653E2C3EF944D81C5320A04D581D3BF43F96586D
SHA-256: BF3C7E7D59318769F0C327D85D681CF017B87958612087CCB718B40FA1DD8DB6
SHA-512: 866467D4FC454EFEF7061D1199B84428FE8DA48804D8E81D0D49C11046ECE2C824849E4FCC192972272C990E83CF2F1DAEDE7E5B57D6E3D0F18ED2BD52BC5FC1
Malicious: false
Preview: define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions","pageBehaviors"],function(n,t,i,r,u,f){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var e=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;r<u.length;r++){if(i=u[r],!i.c&&!i.component)throw"factoryInput should has either component or c to tell the factory what component to create.Eg.ComponentFactory.create([{ c: Carousel] or ComponentFactory.create([component: Carousel]))";n.createComponent(i.component||i.c,i)}},n.createComponent=function(t,r){if(t){var o=r&&r.eventToBind?r.eventToBind:"",f=r&&r.selector?r.selector:t.selector,s=r&&r.context?r.context:null,u=[],e=function(n,f,e){var a,c,l,o,h;for(a=r.elements?r.elements:f?i.selectElementsT(f,s):[document.body],c=0,l=a;c<l.length;c++)o=l[c],o?(o.mwfInstances||(o.mwfInstances={}),o.mwfInstances[n]?u.push(o.mwfInstances[n]):(h=new t(o,e),(!h.isObserving||h.isObserving())&&(o.mwfInstances[n]=h,u.push(h)))):cons
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 195648
Entropy (8bit): 5.149399979663423
Encrypted: false
MD5: 2761544029B0B80C2555F654395380D1
SHA1: FA4D906727B0961473B3D615F397BDFF5BCE23F6
SHA-256: 678F8FB58828BB4759E53AB062757E45C06975C17B3FEEE5E47D958C9F99EF26
SHA-512: B3575AFEFE17D684DAB8C32F39FA8BEDCBAA7565F791CD274D5924082C369AC9EE084ECDCFD04D35347A7012037F6D288AF6E10752DF9D2E9900B938E663EBAB
Malicious: false
Preview: define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions","pageBehaviors"],function(n,t,i,r,u,f){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var e=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;r<u.length;r++){if(i=u[r],!i.c&&!i.component)throw"factoryInput should has either component or c to tell the factory what component to create.Eg.ComponentFactory.create([{ c: Carousel] or ComponentFactory.create([component: Carousel]))";n.createComponent(i.component||i.c,i)}},n.createComponent=function(t,r){if(t){var o=r&&r.eventToBind?r.eventToBind:"",f=r&&r.selector?r.selector:t.selector,s=r&&r.context?r.context:null,u=[],e=function(n,f,e){var a,c,l,o,h;for(a=r.elements?r.elements:f?i.selectElementsT(f,s):[document.body],c=0,l=a;c<l.length;c++)o=l[c],o?(o.mwfInstances||(o.mwfInstances={}),o.mwfInstances[n]?u.push(o.mwfInstances[n]):(h=new t(o,e),(!h.isObserving||h.isObserving())&&(o.mwfInstances[n]=h,u.push(h)))):cons
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 347085
Entropy (8bit): 5.017391063443508
Encrypted: false
MD5: 308B68F8C0B3EA4A1069429AD62BF92F
SHA1: AC248CEC0493844568C8E9399DE4D4BB70F4D0AB
SHA-256: 3E4F3824E818392C5FF6FE988E0E5754AB91DEF3D3E9526CF5C2099D0907BFAA
SHA-512: E0FE77DEA17DF0A7D480E711F2D2E599D20F9BE6AB1B66AC25E3D9FD7581E773F84552A608E6E5B3C24F18731ECFBD128DBF3B48DFC63BEF3C0178552F13154F
Malicious: false
Preview: .theme-light a.c-hyperlink.normal:active,.theme-light a.c-hyperlink.normal:hover,.theme-light a.c-hyperlink.normal{font-weight:normal !important}.surface-margin-top-120px{margin-top:50px}.high-contrast-mode .surface-hero-pivot-multi-img :not(.f-disabled).c-pivot>ul>a.f-active:focus{background:transparent}.surface-margin-bottom-120px{margin-bottom:80px}.overflow-x-hidden{overflow-x:hidden}.en-sg .c-price{visibility:hidden !important;display:none}html[lang="ar-qa"]{direction:rtl}html[lang="ar-qa"] a.m-skip-to-main,a.m-skip-to-main:hover{left:0}.zh-cn .surface-j-panes [data-accprodbuyid=""].surface-bg-cta-blue{display:none}.INTL-bussiness-product-placement li{width:50% !important;float:none !important;margin:0 auto}.surface-margin-bottom-34px{margin-bottom:34px}.surface-margin-top-40px{margin-top:30px}.responsive-surface-margin-bottom-120px{margin-bottom:100px}.surface-margin-top-112px{margin-top:115px}.surface-margin-top-64px{margin-top:64px}.surface-margin-top-20px{margin-top:20px}.resp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\surface[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 166874
Entropy (8bit): 5.364835555814847
Encrypted: false
Copyright Joe Security LLC 2019 Page 35 of 58
MD5: AE4842671B7AC68ED1CD74DCDE6FFAD5
SHA1: 3E88741DA5C83B7C5129ECB3997FC9F074FABFD9
SHA-256: 0012B7CCF51962D7DDABE31E35BFF781355F63569A01491F2873B39098824FD4
SHA-512: A854B5A00DF36377AEDAFEFF4440F0D2694799EC3B106D50A833409B76A6390A355FF35338D372E0D015C56D3AEB646F0E400357CA8E26FB8C72DA3A60779C9B
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" class="grunticon skrollr skrollr-desktop" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head> <meta content="width=device-width, initial-scale=1.0" name="viewport" />--> <mscom:conditional propertyexists="true" instancename="isCookieConsentRequired" customexpression="True::False">--> <script type="text/javascript" src="//www.microsoft.com/library/svy/min/pre_broker.js" async="true"></script>...<script type="text/javascript" src="//www.microsoft.com/library/svy/min/broker.js" async="true"></script>--> </mscom:conditional>--><meta charset="utf-8" /><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0" /><link rel="shortcut icon" href="//www.microsoft.com/favicon.ico?v2" /><link rel="canonical" href="https://www.microsoft.com/en-us/surface"></link><
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\surface[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\twitter[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
Size (bytes): 532
Entropy (8bit): 7.480175935964278
Encrypted: false
MD5: B30436EB503A7EA8E77925F435DF4671
SHA1: 3313C5FDE8EC85B94547168B867EFEC0188F5987
SHA-256: 0AC4630B76827B89EBEA070A1BEB6E5175D280EADC76B67FA886CF6068368CA3
SHA-512: CE6B7F9D8860E146CD41802FBD30AE99F205D145CCA4BBECBAB446851165BEE8316FEAABD83826FB31CA97652E911BE4815ED542F33B5BFEAABDCF71BCEFCDC8
Malicious: false
Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V=O.P......u`.A.q...eU......YW..q.UYHD.M.A.]:Xc4..X<.1....&..Ci.;..s.T./?bQF".q....@..G.O..r^....q.j...4F.C.....ik........".....r>.V..^}.H.u....g2...\t7....p.5.C...?..8.......IW...j.x._Ay-S)....bi...B..c.Yk@.........$.......$.@.F....X...B#...*9U.y.to%.m.u.2....Kp.;....b....N..@y..MkL.Fg.-%.~.....Cq.#W4J0.xP..R.+1..kdPm.kw...n.+B..d..J!.p....5..T..84..$..3..O5...m.SHmz..\.ULX._.q....r...f.....h8..g.4...0..|.o$..&....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wdg-global.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 5805
Entropy (8bit): 5.278923653755367
Encrypted: false
MD5: EF4613E3C20BFE5E3F07B49BD0B66C1E
SHA1: EDE2835F716750EDC0245E2AF061732427F5A8ED
SHA-256: 3DC7C03D651B5E29363C365C3B83B83A508865A194639070A20ABD863FBBC054
SHA-512: D8D6F060B4FCB2C781C8574BE01368BB8F25C314098BEF844859452DF88B77C9E7D088F190F111135F44C80F82F47F9AF4822240FEDEDD4F040F991CAE20EDC6
Malicious: false
Preview: (function(n,t,i){"use strict";./*!. * Some of the plugins here are extracted from WET. Details below.. * Web Experience Toolkit (WET) / Bo.te . outils de l'exp.rience Web (BOEW). * wet-boew.github.io/wet-boew/License-en.html / wet-boew.github.io/wet-boew/Licence-fr.html. * v4.0.25-development - 2017-05-04 . */.var r=t.wdg||{};r.doc=n(i);r.win=n(t);r.html=n("html");r.siteMuseCtaSelector=".mscom-link.c-call-to-action";r.modules=r.modules||{};r.jqEscape=function(n){return n.replace(/([;&,\.\+\*\~':"\\\!\^\/#$%@\[\]\(\)=>\|])/g,"\\$1")};r.modules.refactorSitemuseCtas=function(){n(r.siteMuseCtaSelector).contents().wrap("<span/>")};r.modules.setPrefooterDrawerInMobile=function(){n("#prefooterDrawer").click(function(){var t=n("#prefooterNav");n(this).attr("aria-expanded",!t.is(":visible"));n("#prefooterNav").slideToggle()})};r.modules.noCookieYTVideosWithConsent=function(){t.mscc&&(mscc.hasConsent()||n('iframe[src*="youtube.com"], [data-source*="youtube.com"], [data-youtube*="youtube.com"]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\www-widgetapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 21508
Entropy (8bit): 5.390603690512765
Encrypted: false
MD5: 8E730C4C5E68A9093C61F5FCCF33301F
SHA1: F1289F4259CE4C63DBA5D5E6E643CCC43B83DD51
SHA-256: 7D18FEFDD7A913BEACBD1949D36A1A5BB37337AE973E0F55B1CE3B6545BE7B3D
SHA-512: 43F68825D79163DDD885F8F10C93A82567F8DE0AA70B543797229C00003F763773946224D0F40BB8C1AF179785BCCCE4BB3F3B557C6D8CF80DA696F7D68760D3
Malicious: false
Preview: (function(){var k,l=this||self;function m(a){return"string"==typeof a}.function n(a){a=a.split(".");for(var b=l,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}.function aa(){}.function q(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}.function t(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}.var v="closure_uid_"+(1E9*Math.random()>>>0),ba=0;function ca(a,b,c){return a.call.apply(a.bind,arguments)}.function ea(a,b,c)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Office[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 648x430, frames 3
Copyright Joe Security LLC 2019 Page 36 of 58
Size (bytes): 60172
Entropy (8bit): 7.97093929116208
Encrypted: false
MD5: B5A82A9EC7CFDE4CE8129DE209683249
SHA1: 02F6682E957AD78364CA44FD762BA3FDD0F112E0
SHA-256: 1A50E420EF9C0A8D7F38AA0C7F148CFA18E4ADDC79AF1E5EF99AA3511ECDFD66
SHA-512: F6A001F8911975AAAEFFCFED295109AB97C38E3226672708FD3ADD75162A02BB5CE9A5C839EC6D5CB2BECE78978B70B480EF6885C3A0663C999B173CDA6643A1
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!.1A..Q".a2B..q.R#.....b3...rC.S$.%....csD..4..Tdt&......................1.!AQ.aq.."2......RBb..#3r.................?..].=....q@B.......(.P...P..+.".To%.....lXc+9....&$v3N..O...E.R.,.S.n.........11#$...%..?..S...I..TU..in<..x..N.)`.]...'..u..&.;tu...i..;_.......W.o....{{._..=..>.....r...}...^.N.\O..|.~_....9........./...Y..;...K5...>.k.......v..5....|}?..w...6..>..y.d...`\..I..Z.....\<:..G.{..~}..........&^l....9...9...M^^]x..mq.r...y..;^.W...a.w.z.xr.r..Ek.:j......5......|.......o....\..G........~.`..|y}X0.L4>..+.d#.S......i.k....>.q..^^..w..=...?....K.....p..W.l............'.0...^....iq..Z...].EW...`.f.~.[..Q....`..(.(.I\q.?6..e.......Q...z.@...i.$i.65...Hu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Office[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Outlook[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 648x430, frames 3
Size (bytes): 53126
Entropy (8bit): 7.968954529542709
Encrypted: false
MD5: 034B175B6F489DA3D3FD640AA0DB1A8E
SHA1: 572AD24E813A0660B73474F2CA73FA1B8548FFE1
SHA-256: D1CE2260FEB6B0A608EB0F346637DE2B2D5DA0ECDE5A05D5479ACF3D0CE155D5
SHA-512: BF9CD7FC38F424DAAF8956DC10B9EF2629A14D8DD277A8D04421326FD38F3D644E1EFB1ADCD5A9C8705200CB67BA4F5569E955F5E716DF03A1420283C192DCA7
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d..............................................................................................................................................................................................................................................!1.AQ..aq."2...BR....br.#...3S$..Cs.4...c.d%..DT..E&'..t5........................!1AQ...a.q..".2B...#..R3.............?..:.gT>..._..N...x..._..;....@..4Xt..!c}DW......b+...{..T....<....;1.-,.......?a.......=1....dy..,........I..J...m..)..|...p..&.c..$...B....:..\.z.!z...x.7?......Q.5S.....7.....T.F.-^.~....C........7.....2.I4.>.^.}}.yc.~P....e.)..M..w.......W').dXUG..f.(.u5.!.i..U........P.....7O.Y....9...v..a.}...d.6s...jE..*.u.7$...X.)...Q.....4a27lb...I................9..a..9.Ev...c..O..O......y..Z..2...X.....z.~ns....Iz..w..t..;......-I.......YO,2f.v...F7IJ..!.~]..;~.<.c.X..[...d\_6....pp....}L...........q...Y.Jy.:.&.O4.....O..G,r...j=?jc.X...3.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Photos[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 648x430, frames 3
Size (bytes): 61487
Entropy (8bit): 7.939342204672186
Encrypted: false
MD5: 833BA615184F36724DF03B92C71D3D08
SHA1: 4197FA5E11AF725D1C7754E989F8BC0416512F2E
SHA-256: 49A57EAB4C903CA224AF89385C1AE639CC18A086C749CA0621F5AAE97BC684CE
SHA-512: AC774321027B820B87DB6A8A810DB4D5A9A1E22826D19242F833A14F3E8A46B015DEC914B1DE3A6DB7E99A928F63BAF8EA023949317E36D063AED6241A27508C
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!1..AQaq.."...2..BRbr.#3...C....Scs$.4D....%..TE..t.5&........................!1A..Qaq......"2....BRb....r.#3...S............?..R...`@.@.......L..`...8L..`.J.<J.........$K.....f.....'......V.=V...3........l..Vd..C".u_*&>$....O.8.q.L..3)..uEO8..x..|..Idf...(. ..q(uQJ.bz".h.}X.L....rt:O!( ..W8..,.1...t.4.ZNb3|h.v......Z...Q....N.h.N/Q.......+U.M.R...t...O):......^..&A.,t..n....d.N..@....MD.>.<.._C.8&..C.....Z`.......@...^\.6..h..D..@...m....6..Z`...6...`Q...h..D.. ...m....6..h..OD..`A...S..L..`...6..Z`...6.....S.1L..0.i.....$.(a0......@E.......V...Gl.F.q....=..L...H..S...q.'.8s......L44..G..l.\..2./.G.....#h.L..2..ufn,.....)dd..b..r..)..G8P....A#.b......%G....Q...>Y...KKW..zxAE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_2in1_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x400, frames 3
Size (bytes): 14201
Entropy (8bit): 7.764786209076549
Encrypted: false
MD5: 2FB1DF5FDB1070A633C982405426A581
SHA1: B14F53BE0CBE321BCA98DF65470AC40732FEB783
SHA-256: 002955AD7EF9A372FF3BAC881B76C2B76092A9E47E3020C4C01B14F86AFEF32E
SHA-512: 3B12A2E85F61AC0C0FBAD6BFBCC1DF0E6F71778FE783579DCC5BB786FFF802B77241CF3D1E22EDDA0235F8DAF4CFF01F79F1B400EBA152E024B6038225D989A4
Malicious: false
Preview: ......JFIF..............................................................................................................................................................................................................% @...,...`..>.!*."X....`..` ...."X.X!.j.` ...K.......%B..`%A..T.........@..B, ....X.,....A.K. .....,".@'..b.......!*.%..H....P.d.!....K%.X.@.@.."....).. .".`..@.,.b.]. ....K"*!. @...{.. B$....."...,@@..".D......@.%.A.....D...BX.. ......TJ.X=.!!.....D\. . ... .....3d$...... ".$.D....!.X..B..D...BX$....K....d$!$..B.R.D...XB..%..$HDD#!...B ..B.!.!.H...."!".IrD"X.B...a.`...!"2D..B"! .....B."...!$.3rf.HDDA...K..2....a!..."DD..$f..Y.$"...!.!%..!"..f..C6$..2B........K.%.%.Dd.rD.D!..H".Z!!....!"$$d..Q,.B!.....DD.DD3d.H..."H."$."..3bu."D.I.6D..c&l.I.$DD..$.! ...22.2.H.HD......DD.DBD!'a$...$."."\..!.K.BH."".!!...$.....d$3d""Bf.$.$"A.v..d.$D......lD.C6D......B$.Y#2......f....Q%...BD!...DD.$.$f.""B.#6D....DId#.H.$..\..""!..D3bHD.I..I,I.A.,.....D...DBA.!.B2."#...j"..,I
Copyright Joe Security LLC 2019 Page 37 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_2in1_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x400, frames 3
Size (bytes): 19147
Entropy (8bit): 7.917957701734644
Encrypted: false
MD5: 49041E981A340E8A2279E8B2669742E8
SHA1: C0997B6F0A82F7A95B8DB7BD0A6D3C0678A87CF5
SHA-256: 6C8575713A3A16DC5B58FAA1B222011468FEE165DCF262C760D05576C348CD49
SHA-512: 76D1D553C5091F2FFC8FCEC8318C4C7FE1FA71717EABC4D179961B9F2D161969055AB2F7F4C7396AEF9D96108FF798877C5D564F4A88D0E7979FBCAB7A15329A
Malicious: false
Preview: ......JFIF........................................................................................................................................................^......................................................@..A.7..}..u..+,s..9.......4...s.....]m.....R.........h.G.w.}'#"wY)...l`........_.;.={:.m..d...&.......M|.....[.m.........C.dZb...G..^.....)NSm.....a.............}...svHm.K..+o....+..v..N.~....T..N.rr.....:37;x.#..l.......|....+d.'+.0...J.N.bP..,.{_...m....rs'&.K...6.q.......3...];.....m..6.(.....a......~u..Y9Jsrd.I.6.."..]..a.0^+......+e'c...?...r.Sc...]6mw1#.P.z>..7)9I.>...U~e..+l.v(....K....H.)I.I..?....p.]........8.}....,%`.9.....:..Q...F....q...].#.....?..zYo.\L.^j{..n..Z.m.M...9...rr...~z..fe.q.3...;Z....)f..../A.nCnm...."..mV.e..n...k.|..5n....P.f...........].L=..o...{..}.N......D..!...=..F.9.L......W....yX.]..~.../"M.)....=.c..v.L.?Nt...'...6..?..n.d..&6..[..j...t.........,.S..w.Elw.m64.k./...1...Ev...],....vF.o.y...4I...m~r..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_Budget_Hello[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 350x400, frames 3
Size (bytes): 34891
Entropy (8bit): 7.968687375953092
Encrypted: false
MD5: 785A7D723B7959B98619803D7CBC9C0B
SHA1: 3574798E69B61F6B08311AD8720E5E2B6E270F38
SHA-256: 6A284754AC525C31305748C1D5965E5C1B5BB278CED048B2B98B2CDD563042FF
SHA-512: C20F4784AA6F39DF59535A0F7892CE561E961F34276FE40B06E741EABC24263CA7653288A4A5763D496D8D3DEA2F7C645075B7C805CB45B93B0154CB526083F0
Malicious: false
Preview: ......JFIF........................................................................................................................................................^....................................................-.<...S.O.....(....b.....C.$'.A.. Z.{.....S..9.Hppp.j@.....K...(...IN.(....Rj..Iy....I..(..%..\.=.!..Y"MA.$..!.....^..s@.......tJ0......19..}0...-?9.W....F.4.2.4.L..Sc.Y.s.....x...f.L..'.<:..e.../.......#.m..S\...5.....W..${c.;.9aA|.D#3..F}....CbT......6.?.=c....j...e.\..._...W.R*.....zM..gf.A&......4..-o?....IT.kK..#1..5..7r..sG.il:g......5$.R.8..a..c.L..|..J.o..3r.....2.!..Q.a...Rcd..6.=......#.~..;.p....YWi.%.E62.:.Nt....\..>q>.c.wF..xM_.Uh.%>.....l..uG.|C.^..A5|..oGf_......p.kZ.6......C\..p..^....-K.{..B.W.....sE...M..K....O...e!..^....--.!...2g.1.&.h.....\d.......s.}8...^<..#Z.G.Q6............[V.y..y..l]+..?.....[.#.....1.c&...x.s<...+.5.{..o;.{/.k...@...%...\.1........NY..t.b....1.C.q...E.5........kcu.sr]#C.n[n?P..9zY.....Z....r
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_backflip[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 350x400, frames 3
Size (bytes): 25751
Entropy (8bit): 7.961999432224508
Encrypted: false
MD5: 1A7A41E6C4EA1FA44A0EC12610D60C59
SHA1: AF90D7020C1738B26304910E9CC0A5F4C639BCAC
SHA-256: 8B4FB9FFB47350D836D200D524CC64B8FC390E2CE5E27B0B518664A121A4779D
SHA-512: 1E890D0E13651B5D62F5DA71F1410A578CD33CF2AA44778434559FFAD96D17FB59F0AB538348350256B1295630FF2C553AC17BC8D22E74760DCBEF15A9E67A51
Malicious: false
Preview: ......Exif..II*.................Ducky.......<......Adobe.d...................................................................................................................................................^..........................................................................................!1.AQ".aq..2....BR#br..3....C$4...Sc..D.s&......................!1..AQ.aq.."...2R...B...#.r.b3$.............?..PM..@.P(.....P(...c.>......V..@.G.~...eT....gy..G..p.....n...j.*.6..........T.^.$...IN..Mz..}..+?'..G.<bm.6ju....\..+%.......q.....<.....I.G7y...K..i..../r...........aW".x[TR<l92...A....R`.T.'*.....6.,.k...A........'.!...........Y..M....n..^9..&...m<E.jA.."6]*...X.4..9U.T(..PM...L=....0.1...K.J.v...'.Ml....c6gn...,x....$.B FA.M.G..uy}...9........K.'f/.2.e.c.@...>...{."...\..%b...'......A^<.n....e....6.....i....8...."..U.....TXy.....`.......A4.......@..{..l....,.~i<+.R..^..nB.U....oYU...B.Pm6.....Y.x...i...6Pt."..{h.Z..y^.&.@.&.P(......(d.C(.i.(.jarX
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1920_Panel1_FullBleed_Win10_V2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x720, frames 3
Size (bytes): 134317
Entropy (8bit): 7.893186007733665
Encrypted: false
MD5: 4D39B8F7D1050032EA57E190F7B188E1
SHA1: F4AE4A1D0F3DA9B14BF5CCBD6F0D38D731387DCF
SHA-256: D83BB9374A60FF1490AA96A73575E53509F3C1856FA6EAB07E0FD41FBCC988DD
SHA-512: 94E2EE1DFBF887BFC13C7CE0D458F893F5C2FF59A533C680FD58F7D8C5F315B52984EBD4AD43901333ECA441BFC293A225BD9DC2943F70B8EEC0FCF08FC8462D
Malicious: false
Preview: ......JFIF.......................................................................................................................................................................................................................c..Y.xw{.d..+...%..(.i...+..Q)..E.Jd.r.n\s'w....+...{M.|....e..).....?.~.:....@.-...hf.@F......<x...!.B..B..n..#..4......>.................)...W......K...".i*N.F..c|.NB.\...97....r9...1..;.e....m..N[r....+.M.....[.......c....-..p.!.[.mF........#..1.io..:>...P.............U.b.>.....Rn..wJ..I[.)"....)..eer.oY..o..os.{..r..#..v.kwy..]v............/..L.;......U.-.u...........y.7....F.#.Q..[..B.a....#n..1.:....~5G..............c..............4.K:.5R.....(.K..r7k.[.r.W..k...y}.A../<t...=.6.l..I....Z...p7c....x.fb..=..oi}....&k.]...<M...[kmz;.XD..h..c.q..[..[..B0..[.cKt.).".#...?O.~.@.......)o...1.W..0-..a.}.{]5...+Z.a*F.#:.YG..rw..E..|...s.......\..>...M....C}...".....t..../.i@-...}).?:y.l.k...|..6....,.W.>..>.R..6..F..n...[.n
Copyright Joe Security LLC 2019 Page 38 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1920_Panel2_LinkNav_Learn_Win10[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 445
Entropy (8bit): 5.2124097142399695
Encrypted: false
MD5: 792C8C8348A6B6C9C4D0C5B3C4060960
SHA1: 8D9938AC1F2E8F0D0F7B1AC6D1864EB6570FACAF
SHA-256: 14FA7C030BDA8A06A548DB5427394C8B838B298189320EACC395E6D2A53D5FAA
SHA-512: B852CB7D335B6E96986315A565ECA925878E5EBB718EA1F9DD62E34630A6931F1D3F633D16715ED452DC7DE3E5834C5C65A38FE1F58C302AC1BC10240B7DCF57
Malicious: false
Preview: <svg enable-background="new 0 0 64 64" viewBox="0 0 64 64" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><g><path d="m30.577 31.383h16.923v-14.883l-16.923 2.364z"/><path d="m29.373 31.383v-12.351l-12.873 1.8v10.551z"/><path d="m30.577 32.586v12.553l16.923 2.361v-14.914z"/><path d="m29.373 32.586h-12.873v10.589l12.873 1.796z"/></g></switch></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MWFMDL2[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 11480, version 0.0
Size (bytes): 11480
Entropy (8bit): 7.941998534530738
Encrypted: false
MD5: 5ED659CF5FC777935283BBC8AE7CC19A
SHA1: A0490A2C4ADDD69A146A3B86C56722F89904B2F6
SHA-256: 31B8037945123706CB78D80D4D762695DF8C0755E9F7412E9961953B375708AE
SHA-512: FCCBE358427808D44F5CDFCF1B0C5521C793716051A3777AAFDE84288FF531F3E68FBC2C2341BBFA7B495A31628EAB221A1F2BD3B0D2CC9DD7C1D3508FDE4A2F
Malicious: false
Preview: wOFF......,.......NH........................OS/2...X...H...`JZxhVDMX.............^.qcmap.............ph.cvt ...l... ...*....fpgm...........Y...gasp...|............glyf...... ...7.oV."head..'X...0...6.k..hhea..'........$....hmtx..'....v.....F.Eloca..(..........Y..maxp..).... ... ....name..) ..........b.post..,8....... .Q.wprep..,L........x...x.c`f..8.....u..1...4.f...$..........@ .............8.|...V...)00......x...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0|.>...O.g...E.2|....o.w...C.1..~..._.o..08........?..0$........x..AHTq.../..$mk...E#.L.<.X,..D..P..:T.$Y.x.*...!.u...!J..(.X
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MeControl[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 16818
Entropy (8bit): 5.45589735864732
Encrypted: false
MD5: 41D0D2F3581D2DCE990DFF6A707C9FA7
SHA1: 695CD33AC9ED1EDD6AE072FC526B173F08BF19CA
SHA-256: 2412060D23A31CA6243B9DDE201A318D563E7067671D50F35A0EA6438BC781BD
SHA-512: CDBD6DBC5EE374899B95E58C369A334E4DCEBD9F0AC9238690337FABBD9D30B98FDC1986B0432411CAB2FCD8F1F83A8CBAB0AFB5D289D755E3817C157EE7E99B
Malicious: false
Preview: function _iY(a){return a?true:a==0||a==false||a==""}function _Du(a,b){return _iY(a)?a:b}function _Bd(a){return a instanceof Array}function _BD(a){return "function"._g2(typeof a,true)}function _E(a){return typeof a=="string"}function _BE(a){return _iY(a)&&_E(a)&&a!=""}function strOrDefault(a,b){return _BE(a)?a:b}function _A1(a){if(!_E(a))return "";if(a.lastIndexOf(".")<0)return "";return a.toLowerCase().substr(a.lastIndexOf(".")+1,a.length)}function _A0(a){return document.getElementById(a)}var $J={_dW:false,_b:function(c,a){var d=null;if("img"._g2(c)&&_iY(a)){var g=_A1(a.src);if("png"._g2(g,true)&&!$F._mK())c="span"}var b=d;if("input"._g2(c,true)&&_iY(a)&&(a.name||a.type)){if(!$ae._h._g2(a.type)){var f=document.createElement("div");f.innerHTML='<input type="'+(a.type?a.type:"")+'" name="'+(a.name?a.name:"")+'" />';b=f.firstChild}else try{var e="<"+c;if(a.type)e+=' type="'+a.type+'"';if(a.name)e+=' name="'+a.name+'"';e+=">";b=document.createElement(e)}catch(h){b=d}if(_iY(b)){a.type=d;a.n
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Panel5_Quote_DigitalTrends_128x128[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, frames 3
Size (bytes): 2444
Entropy (8bit): 7.530434813178274
Encrypted: false
MD5: DE69837FBC036DDFAF8D1A0885C68CB8
SHA1: 51142006DABB8A7E37EA3EC7441A7F9A8E4F98BC
SHA-256: 318E1D485FE3E176217443CA8A551E427BC7DD88A33A5D14EAED87FDEAB2BA93
SHA-512: FF45044861549B51691629CA7FAFCF953A014B453362635F216B1CB6B3B4E42988CBCB0F809A9657217895ADE7D208BDCC4640DBF91B0483D074D017D53CE4DC
Malicious: false
Preview: ......JFIF..............................................................................................................................................................................................................................>V.8..V'!...%..L.X.=..........1g.3..+.......................................................................@....$...3...~Z1..................................................................._.7.`..].c.1b.b.5..DYP:..K.................."............................`0TV.............../X....'qu...K.R..O.%.].P...Mj9..g....^...P.)K.Kj.U......G.}2_.>...o.%. .......h.J....O*.4...!x5~f.LV...9.).W..b.......5pJ..A.Q-uXC..(.7K.P+...f."e.O..q....(,.T.f.U..OK5E..zeW.;......2...)U..d....Mq>.....D.(Fc....x>..w.O....j+..}.....6.U..QU\.."3.uE...B.^...(...}......]/;.W/r!\\..=....-....7t...{pT.@.3...^.$jqsP...9SV...&&{.J....d=.>....f..e.cd..s&.._Dvn..FL&4.I.+....d.... ..X..*G.;.$.......y..i.e.4vR...V{i.]....J.....0.f*M.=.n.MTv.A.m.'D.@......CM.
Copyright Joe Security LLC 2019 Page 39 of 58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC3b77403c2085488fb1858d5f0c936b33-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1470
Entropy (8bit): 5.4951745647840005
Encrypted: false
MD5: 43F2F8E303993A65F45A77FC9AB8D5C0
SHA1: C9D22B5B660711374F474AD260C5325DFB4BB038
SHA-256: 1D346D3BCB3840567CF1B0BD019F7A19711DAA5D6E6D438BA7C674A6D22F46A1
SHA-512: 2FE90184B5C73540AC316668B58C7F33E2D00BDA72E52F0B4F388E731D74B0B0E31F26F8EB17850A49E1C90A53CAAA08EF9796C09EEF597E3DE39ED7524421FA
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC3b77403c2085488fb1858d5f0c936b33-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC3b77403c2085488fb1858d5f0c936b33-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,n,i,o){if(n.loadJSLL=function(){var a,e,g={appId:\"surface\",version:\"4\",coreData:{env:t.getData(\"env\"),market:t.getData(\"langLoc\"),pageName:t.getData(\"gpn\"),pageType:t.getData(\"pageType\")}};(\"undefined\"!=typeof isUserSignedIn&&\"1\"===isUserSignedIn||o(\".msame_TxtTrunc.msame_Drop_active_name\").length)&&(g.isLoggedIn=!0),location.pathname.match(/\\/surface\\/business(|\\/.*)$/gi)&&(g.appId=\"surfaceforbusiness\"),g.prePageView=(a=t,e=i,function(){e.setMetaTag(\"awa-env\",a.getData(\"env\")),e.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC49b4b5634b9e41ba953925198289cea1-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 4431
Entropy (8bit): 5.377615161167856
Encrypted: false
MD5: B9DE856CB849B3D1F5F67ED49AA50303
SHA1: 09FD81B6A2275C7765E338491265861A9795E8F1
SHA-256: 6EC13822D7AA9F249490799B0132403D6F26A3A9DCE0D49BFE2EB2D9CD9E5B9C
SHA-512: 44355CCAA7849EE4785DF00B97B423C7AD108678DD5955FAA785B01E6407DA11E4B56B3413CAB5FF9E6016D121148547A83606B79362C59ADF9DDA0DCAD29065
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC49b4b5634b9e41ba953925198289cea1-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC49b4b5634b9e41ba953925198289cea1-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(a,e,t){var i,s,r,c,n,d=location.pathname,o=\"MAIN\";d.match(/\\/surface\\/business\\/extended-service-warranty/i)?o=\"MAIN>DIV.cfb\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/overview/i)?o=\"MAIN>DIV.surfacecom\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/tech\\-specs/i)?o=\"MAIN>DIV.surfacecom\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/for\\-business/i)?o=\"MAIN>DIV.pmp-devices\":d.match(/\\/surface\\/accessories\\/surface-dial/i)?o=\"MAIN>DIV#surface-accessories-dial\":d.match(/\\/surface\\/
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC5f812135e64f48ad85ea100034bc60a2-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 6457
Entropy (8bit): 5.369944067975907
Encrypted: false
MD5: 1E9A525FE0C9CBABED65B7E71583A8B8
SHA1: 6AAC844E00207074931BC1F6B39358CADB40EC6B
SHA-256: A2D9B01D1E6AACE2FDA64B4CF7B2495E54742DD05F367C9DF45B472823DD2DDA
SHA-512: 6F44E9E3217825C599ACB6CFC761E1EF12949AB683955729F0AFCB7162B9EA22D27E66144E5E2B485593F31BF850391FE3A5BE5CD140774FAE03ECB0317C04F6
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL219dd0e92a374f9bbbfe40b6e97eea6a/RC5f812135e64f48ad85ea100034bc60a2-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL219dd0e92a374f9bbbfe40b6e97eea6a/RC5f812135e64f48ad85ea100034bc60a2-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,e,w,f){window.location.pathname;var m=window.location.href;w.wdgVideoTagging=!1,w.videoTaggingInit=function(){var g=awa.ct.captureContentPageAction;w.wdgAttachedEvent={},w.wdgVideoName={},awa.ct.captureContentPageAction=function(o){if(239<o.behavior&&o.behavior<253&&240!=o.behavior&&250!=o.behavior&&251!=o.behavior);else if(253==o.behavior)g(o);else if(240==o.behavior){var i=o.contentTags.vidid,d=o.contentTags.vidnm,c=!1,r=f(\".c-video-player > .f-core-player\").find(\"video\");r.length&&r.each(function(t){
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC8e5087d112014ec3a21ceac680f229a1-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 5374
Entropy (8bit): 5.287027412761807
Encrypted: false
MD5: 9486087605D5510E36ED1BBE874AAACC
SHA1: B75000C16A3944A8303C6A0B2399F9B67237AE46
SHA-256: 5C5BA9AAE1A0664F1423C410FE35AF67C7CDDA634B7E9886C5EA61C8745E1C33
SHA-512: 25D0E8323E288872F601FC9DEF4F0B43D364D4014F124A2E02885D1D9399A6A598E2E458FF68D8BF5423A33520094BD157C64203F286CC1C62364F60FA4C805B
Malicious: false
Copyright Joe Security LLC 2019 Page 40 of 58
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC8e5087d112014ec3a21ceac680f229a1-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC8e5087d112014ec3a21ceac680f229a1-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(c,g){c.lineage={main_sel:\"MAIN\",zone_id:\"a3\",sec_custom_sel:\"\",grp_custom_sel:\"\",pnl_custom_sel:\"\",subpnl_custom_sel:\"\",exclude_sec_sel:\"\"},g.getLineageName=function(e,a){return e.attr(\"data-lineage-name\")||e.attr(\"data-productid\")||e.attr(\"data-vg\")||e.attr(\"id\")||a},g.setLineageSection=function(e,a,t){var i=\"r\"+t+a;e.attr(\"data-bi-id\",i),e.attr(\"data-bi-name\")||e.attr(\"data-bi-name\",e.attr(\"data-productid\")||e.attr(\"data-vg\")||e.attr(\"id\"));var n=\"DIV[data-grid*=col-12],DI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC8e5087d112014ec3a21ceac680f229a1-source.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 19076
Entropy (8bit): 5.178796777685234
Encrypted: false
MD5: C9A08127AD78238F60EA6625D151407C
SHA1: 47F9462BA21F84984854E342835181F6CDA164F1
SHA-256: 0048749A49313BBFE77EA8F7317F0AFB73ECE04CE42002FF7F19476BC1416E6E
SHA-512: 37E828921C2E28EE43293560D2B5F6E374DDA4C9BC8E0B10C23BF5FA7BCDDE84E9919170F51549197E84ACE8E5B61BD0B6E69F09A39E28386FB4EE2EA1A72987
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC9bd0a1317c6346bfb0410bd8e4533dcb-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,n,s){window.location.hostname;var e,r,o,h=window.location.pathname;n.tagMSStoreBehavior=function(){return\"PARTNERREFERRAL\"},n.isMicrosoftStore=function(t){return t.attr(\"href\").match(/microsoftstore/i)||t.attr(\"href\").match(/microsoft\\.com/i)&&(t.attr(\"href\").match(/\\/store/i)||t.attr(\"href\").match(/\\/p\\//i))},n.tagChooseContentType=function(t){return 0<t.find(\"img\").length||0<t.find(\"picture\").length?\"image\":i(t,\"class\",\"glyph-play\")&&(t.find(\"span\").length<=0||i(t.find(\"span\"),\"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RCd1804cfaa2594ff19eeb29b448811a27-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 13117
Entropy (8bit): 5.298514236732393
Encrypted: false
MD5: 13A3125285CC1753E100AAFAE531512F
SHA1: 55F52751DB4F71D9726CDEC678ED2BA97FC4DE0F
SHA-256: 645895FE445925FE2799AF11F6681E67CEF6BB117271267C8AF5823152361FF2
SHA-512: 6D724C5FC1B38A456F3243ED481B6FF62F32D9AB0EACD5235B055B7168935F39FF3320497A13630C4462D995B02F1916217AD517B666B2DD9093D0E1CDEF4E6A
Malicious: false
Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RCd1804cfaa2594ff19eeb29b448811a27-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RCd1804cfaa2594ff19eeb29b448811a27-source.min.js', "window.location.pathname.match(/\\/help\\-me\\-choose\\/?/gi)&&null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&(window.wdgtagging.data=window.wdgtagging.data||{},function(s,r,t,c){function a(t,a){c(t).attr({\"data-bi-scn\":\"hmc\",\"data-bi-fbid\":\"hmc\",\"data-bi-scnstp\":\"hmc-result\",\"data-bi-stpnum\":o.qseq.length+1,\"data-bi-field1\":\"fc:\"+a,\"data-bi-vtbm\":window.wdgtagging.data.sdata.vtbm+\";fc:\"+a,\"data-bi-sat\":\"fc:\"+a,\"data-bi-field2\":window.wdgtagging.data.sdata.vtbm+\";fc:\"+a})}function a(t,a){c(t).attr({\"data-bi-scn\":\"hmc\",\"data-bi-fbid
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2FHD0[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Size (bytes): 3985
Entropy (8bit): 7.7473486299018255
Encrypted: false
MD5: E64CF23A05C1A621C782B982F24D42F0
SHA1: A8A99D86D917FF48869D870762547D93D0F80429
SHA-256: 1ECDF5B753A0C167FFF5708AB7D5DE0FAB638C209522F07C6F379C6E4BB1447B
SHA-512: 57E458950A4F09758D47D10111F3B065F27BE91D940CF7A322FCE0C40A109B5BEF71D25B3AB8FBA03325D24897876ED79779B6CE8933F67F95DBD508E7C23184
Malicious: false
Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B............................WMPHOTO..E.q....0...,8:B.. .......s............ ..........0.}....0....$@ .J.......D").B.1...`...V%...@,"3.... ...gy.5O.X...V....L.>P......P.!...$<KD1@.....!hea...a..A....!. ..u."U_.'.1.."....5....T.d...A..YhD.!.b....j.AJ,..*..#..G....D...E..8.1e%*.................................C....*Q4l[....#..D$@.Q.. ..!..O.E.g..?.8F....+..o%C..0.FA.L.......}JI.C...................+I>...P$U,...B,..@.j-.G.....F/.Aa'.8k.4...r?....e_.jmV-...rX..,`;.'*.,.cF..{.y..y...](6....0...................,,6..,$..E.j....@.nT"Y.Ou..l@.?...p....FL..h...w..h.wl..5..]p...].."..i..1.....Rt.h....E..=.....'.."..#.d5....+......8........$.A....].L.}O.._..,..!.C...3.u%/..Sy..^..X..k..25....M^).n..A...."`(..G>....A_.<.......s..CA...=.....6.9.@.....~..#...._...f.....mpA9~......&.SW.U..-D.'Co^C..J?......B....Z........U...).U....V<..^.e.......j>d...=...'...># >.$....$.u..$..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2OVYl[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Size (bytes): 5090
Entropy (8bit): 7.73036200353017
Copyright Joe Security LLC 2019 Page 41 of 58
Encrypted: false
MD5: 469177BE5AC476D508D64632AF660900
SHA1: F90A67788C10587D033168B4B5C63FD2017B5CD0
SHA-256: F6308F3E69814AF2FD945FF079CBE2A3682290EC92732B8C4D3A4529C299BC82
SHA-512: 050DC0CAF2E348808FFF0E0B5A31283F5B7A23EE511286794B1C213E39E28FE9669508AC57C831233DCD3CFEC7AB3AD46C6DD86A9CFFD0BB4EFBD479F70FCAAA
Malicious: false
Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B....................\.......WMPHOTO..E.q....0..$$.BBL.DD....................0..@...".D......u....[m......oq%%.U..+7..r'W....eJRx..$a)_J..P.VW.....3.$....8....#.....`A^..X...q.k.....2..-.`.q...bp.g.d.:..ZZ.&..,}c.Ib.........g.`%......0..E...Pwu..p... .0..*P.0.V..IJ..`...@...l........."'......................................qh...P....D...r....V..J.k.[lQ..4XE.....j}...... ...BL.I...H..)..&...... )....[........P....X....."r..E.......n0#.".....E.....E..Q...6.fb..U;.O.....|s.? .....0.@.....v5....7..RJ.....N.Q...Z.a./.P....................}Q6.f..I..U.....g.}........4D*'B.=..k....3...obF.r.....-...,k..UT.U{.:./..Y.+..0._s....D4.@i0..........<..l..a......?..Y.X..4.I r..sh..V......!.....MWU......H[.....g.A...K..sb.Sj.I...9.M.j.7.8................H.!.D.$YOM1...B...y.e..$D.Na..X....Tr+........=...y........S.I.>...q{...-....V":.L........I!......a...W....-i..j
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2OVYl[1].wdp
Name IP Active Malicious Antivirus Detection Reputation
microsoftwindows.112.2o7.net 66.117.29.228 true false high
track4.pricespider.com 13.93.106.254 true false high
cs1227.wpc.alphacdn.net 192.229.221.185 true false high
blob.dm5prdstr12a.store.core.windows.net 52.239.151.138 true false high
logincdn.msauth.net unknown unknown false high
assets.adobedtm.com unknown unknown false high
assets.onestore.ms unknown unknown false high
ajax.aspnetcdn.com unknown unknown false high
mem.gfx.ms unknown unknown false high
statics-uhf-eus.akamaized.net unknown unknown false high
cdn.pricespider.com unknown unknown false high
track.pricespider.com unknown unknown false high
prod-video-cms-rt-microsoft-com.akamaized.net unknown unknown false high
products.office.com unknown unknown false high
windevicesminnofferprice.blob.core.windows.net unknown unknown false high
login.microsoftonline.com unknown unknown false high
amp.azure.net unknown unknown false high
img-prod-cms-rt-microsoft-com.akamaized.net unknown unknown false high
www.youtube.com unknown unknown false high
s.ytimg.com unknown unknown false high
Name Source Malicious Antivirus Detection Reputation
https://outlook.live.com/owa/ home[1].htm.10.dr false high
eus-streaming-video-rt-microsoft-com.akamaized.net/1c528897-c95c-442f-9949-770400a3e58d/4433f
RE2QTP2[1].htm1.10.dr false high
https://support.office.com/en-us/office-training-center?ms.officeurl=training
home[1].htm.10.dr false high
https://products.office.com/en-us/home home[1].htm.10.dr false high
https://products.office.com/en-us/sharepoint/collaboration
home[1].htm.10.dr false high
https://products.office.com/en-us/business/enterprise-productivity-tools
home[1].htm.10.dr false high
https://www.businessinsider.com/microsoft-surface-laptop-2-first-impressions-2018-10
surface[1].htm.10.dr false high
https://assets.onestore.ms RE2QTP2[1].htm0.10.dr false high
jqueryui.com jquery-ui.min[1].js.10.dr false high
https://products.office.com/en-us/business/office home[1].htm.10.dr false high
https://www.treasury.gov/resource-center/sanctions/Programs/pages/iran.aspx
faq[1].htm.10.dr false high
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2PeLK?ver=9a00&q=
home[1].htm.10.dr false high
https://products.office.com/en-us/word home[1].htm.10.dr false high
Domains and IPs
Contacted Domains
URLs from Memory and Binaries
Copyright Joe Security LLC 2019 Page 42 of 58
eus-streaming-video-rt-microsoft-com.akamaized.net/0c8f5df4-474e-4573-9cb3-ffb987fd314d/4433f
RE2QTP2[1].htm1.10.dr false high
https://products.office.com/en-us/microsoft-teams/group-chat-software
home[1].htm.10.dr false high
https://www.digitaltrends.com/headphone-reviews/microsoft-surface-headphones-review/
surface[1].htm.10.dr false high
https://www.youtube.com www-widgetapi[1].js.10.dr false high
schema.org/ItemList surface[1].htm.10.dr false high
https://github.com/scottjehl/picturefill/blob/master/Authors.txt;mwf-auto-init-main.var.min[1].js.10.dr false high
https://products.office.com/en-us/business/small-business-solutions
home[1].htm.10.dr false high
eus-streaming-video-rt-microsoft-com.akamaized.net/3f0211f0-b3fe-4379-a1f1-12cb76beb982/4433f
RE2QTP2[1].htm1.10.dr false high
https://www.treasury.gov/resource-center/sanctions/Programs/pages/cuba.aspx
faq[1].htm.10.dr false high
prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE2QTP2-tscriptenus?ve
RE2QTP2[1].htm1.10.dr false high
https://support.office.com/en-us/ home[1].htm.10.dr false high
https://products.office.com/en-us/business/enterprise-firstline-workers
home[1].htm.10.dr false high
assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4
RC31570345bb96413b898d9ee318090731-source.min[1].js.10.dr, RC49b4b5634b9e41ba953925198289cea1-source.min[1].js.10.dr, RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min[1].js.10.dr, RC3b77403c2085488fb1858d5f0c936b33-source.min[1].js.10.dr, RCd1804cfaa2594ff19eeb29b448811a27-source.min[1].js.10.dr
false high
schema.org/VideoObject surface[1].htm.10.dr false high
prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE2QTP2-enus?ver=04be
RE2QTP2[1].htm1.10.dr false high
https://schema.org/Product surface[1].htm.10.dr false high
https://products.office.com/en-us/site-search home[1].htm.10.dr false high
https://microsoftwindows.112.2o7.net RE2QTP2[1].htm0.10.dr false high
github.com/requirejs/requirejs/LICENSE RE2QTP2[1].htm0.10.dr false high
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
home[1].htm.10.dr false high
https://www.skype.com/en/ home[1].htm.10.dr false high
assets.adobedtm.com/launch-ENbb9d0de7cc374dc99259df2c4b823cef.js
launch-ENbb9d0de7cc374dc99259df2c4b823cef.min[1].js.10.dr
false high
https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimary
home[1].htm.10.dr false high
https://products.office.com/en-us/homeg/contact.aspx3D%2522devicesoftware%2522%2520Type%253D%2522htt
~DF9FC10B73CFDB0C7A.TMP.9.dr false high
travel.state.gov/travel/travel_1744.html faq[1].htm.10.dr false high
https://www.office.com/?auth=2 home[1].htm.10.dr false high
https://products.office.com/en-us/compare-all-microsoft-office-products
home[1].htm.10.dr false high
https://www.onenote.com/ home[1].htm.10.dr false high
github.com/requirejs/domReady RE2QTP2[1].htm0.10.dr false high
https://www.office.com/?auth=1 home[1].htm.10.dr false high
www.bis.doc.gov/policiesandregulations/index.htm#ear faq[1].htm.10.dr false high
https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
home[1].htm.10.dr false high
https://products.office.com/officeproducts/onerf/signin?EEL=True
home[1].htm.10.dr false high
https://cdn.pricespider.com/1/ ps-widget[1].js.10.dr false high
www.youtube.com/ msapplication.xml7.9.dr false high
https://www.microsoft. {7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.dat.9.dr
false high
https://products.office.com/en-us/homeg/contact.aspxon.ico?v2
~DF9FC10B73CFDB0C7A.TMP.9.dr false high
https://dell.com/microsoftdpa surface[1].htm.10.dr false high
github.com/aFarkas/lazysizes RE2QTP2[1].htm0.10.dr false high
https://schema.org/Organization home[1].htm.10.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2019 Page 43 of 58
schema.org/Organization surface[1].htm.10.dr, home[1].htm.10.dr false high
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2QZ2T?ver=cb78
RE2QTP2[1].htm1.10.dr false high
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflWEkxrd/www-widgetapi.js
iframe_api[1].js.10.dr false high
https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016
home[1].htm.10.dr false high
www.bis.doc.gov/policiesandregulations/ear/740.pdf faq[1].htm.10.dr false high
https://swiftkey.com/images/misc/stores/app/en.png RE2QTP2[1].htm0.10.dr, home[1].htm.10.dr
false high
https://github.com/jquery/jquery-ui script[1].js1.10.dr false high
https://products.office.com/en-us/onenote/digital-note-taking-app
home[1].htm.10.dr false high
https://products.office.com/en-us/student/office-in-education
home[1].htm.10.dr false high
https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook
home[1].htm.10.dr false high
www.amazon.com/ msapplication.xml.9.dr false high
https://products.office.com/en-us/academic/compare-office-365-education-plans
home[1].htm.10.dr false high
www.bis.doc.gov/index.php/forms-documents/doc_download/1063-746.
faq[1].htm.10.dr false high
www.twitter.com/ msapplication.xml5.9.dr false high
www.bis.doc.gov/index.php/policy-guidance/country-guidance/sanctioned-destinations/cuba
faq[1].htm.10.dr false high
www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=c5cc9a1c749a6f225283bdfa124431d0&rgn=div9&am
exporting-information[1].htm.10.dr false high
https://products.office.com/en-us/excel home[1].htm.10.dr false high
https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses
mwf-auto-init-main.var.min[1].js.10.dr false high
assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL2
RC54dd4417603a4f0aaf96451509bb7d4c-source.min[1].js.10.dr, RC5f812135e64f48ad85ea100034bc60a2-source.min[1].js.10.dr
false high
usetermassembly/dealbuilder_live/DealBuilderNET/dealbuilder.aspx
eula.rtf false Avira URL Cloud: safe low
https://templates.office.com/en-us/ home[1].htm.10.dr false high
github.com/requirejs/almond/LICENSE 18-d72213[1].js.10.dr false high
https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2
home[1].htm.10.dr false high
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu
RE2QTP2[1].htm0.10.dr, home[1].htm.10.dr
false high
https://www.xbox.com/en-us/xbox-one-s?xr=shellnav home[1].htm.10.dr false high
www.apache.org/licenses/LICENSE-2.0 social[1].js.10.dr false high
assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.js
launch-EN7506e353034849faa4a18bc4c20e727c.min[1].js.10.dr
false high
www.nytimes.com/ msapplication.xml3.9.dr false high
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
ec-ac126e[1].css.10.dr, ec-ac126e[1].css0.10.dr
false high
www.youtube.com iframe_api[1].js.10.dr false high
https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387
~DF9FC10B73CFDB0C7A.TMP.9.dr false high
https://img-prod-cms-rt-microsoft-com.akamaized.net RE2QTP2[1].htm0.10.dr false high
https://scottjehl.github.io/picturefill/ mwf-auto-init-main.var.min[1].js.10.dr false high
https://products.office.com/en-us/microsoft-office-for-home-and-school-faq
home[1].htm.10.dr false high
https://products.office.com/en-us/homeg/contact.aspxotocol
~DF9FC10B73CFDB0C7A.TMP.9.dr false high
https://products.offic {7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.dat.9.dr
false high
https://mem.gfx.ms RE2QTP2[1].htm0.10.dr false high
https://products.office.com/en-us/onedrive-for-business/online-cloud-storage
home[1].htm.10.dr false high
https://products.office.com/en-us/powerpoint home[1].htm.10.dr false high
https://products.office.com/en-us/products home[1].htm.10.dr false high
https://onedrive.live.com/about/en-us/ home[1].htm.10.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2019 Page 44 of 58
Static File Info
GeneralFile type: Rich Text Format data, version 1, unknown character
set
Entropy (8bit): 5.1143113053725555
TrID: Rich Text Format (5005/1) 38.47%Rich Text Format (4004/1) 30.78%Java Script (2000/0) 15.37%Java Script embedded in Visual Basic Script (2000/0) 15.37%
File name: eula.rtf
File size: 132464
MD5: 7f56ce915dc6be782681464cc62a6588
SHA1: f1156381ee1c1a2737e45bea8640715b50e1ae40
SHA256: 5e499529aaa0f92ff57d67f6464f46cf5a04187807aa200419383431d2eed1f3
SHA512: ccf173242e5f0ba06c27ed9b24549d84ff2524d20b7f8b12cd3647e14bb2cb1f6c737a4106fa96380054ed0234a0245bfa68ce2fe7f95fa3b330c025c9f4e9c9
https://char.gd/blog/2018/microsoft-has-the-best-device-lineup-in-the-industry
surface[1].htm.10.dr false high
www.wikipedia.com/ msapplication.xml6.9.dr false high
https://www.xbox.com/ home[1].htm.10.dr false high
https://www.xbox.com/en-us/xbox-one-x home[1].htm.10.dr false high
www.live.com/ msapplication.xml2.9.dr false high
https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1
home[1].htm.10.dr false Avira URL Cloud: safe low
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
192.229.221.185 United States 15133 unknown false
13.93.106.254 United States 8075 unknown false
52.239.151.138 United States 8075 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2019 Page 45 of 58
SSDEEP: 768:Y0RYSkYuwBNl8cG/l9Em42UcuVZ0cw/yblG05ABjR7sJcQqLB31aiyaz3iw+f1RC:Xgunmc/U6m+UQV1yKOcX2rT
File Content Preview: {\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff37\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}{\f2\fmodern\fcharset0\
General
File Icon
Icon Hash: 74f4c4c6c1cac4d8
Network Port Distribution
Total Packets: 83
• 53 (DNS)
• 443 (HTTPS)
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Jun 5, 2019 14:26:02.276792049 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.278306007 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.294260025 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.295365095 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.295888901 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.305494070 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.306267023 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.310319901 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.322768927 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.323929071 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.323954105 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.323967934 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.323982000 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.327696085 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.327878952 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.329221010 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.329252958 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.329266071 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.329276085 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.329286098 CEST 443 49734 192.229.221.185 192.168.2.5
Static RTF Info
TCP Packets
Copyright Joe Security LLC 2019 Page 46 of 58
Jun 5, 2019 14:26:02.333861113 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.397047997 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.397789955 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.398206949 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.401416063 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.402370930 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.414616108 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.414635897 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.415386915 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.416687965 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.418584108 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.418622017 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.418634892 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.418715000 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.418732882 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.418744087 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.419107914 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.419125080 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.419394016 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.419615030 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.419671059 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.419857979 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.420212984 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.420670033 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:26:02.477875948 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:26:02.478629112 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:02.486568928 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:02.486721992 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:27:02.667172909 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:02.667217016 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:02.667268038 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:02.667588949 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:27:02.668333054 CEST 49734 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:27:02.685709000 CEST 443 49734 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:03.597865105 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:03.600095034 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:27:47.093641996 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:27:47.111104012 CEST 443 49733 192.229.221.185 192.168.2.5
Jun 5, 2019 14:27:47.111430883 CEST 49733 443 192.168.2.5 192.229.221.185
Jun 5, 2019 14:28:32.526714087 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.528181076 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.555948973 CEST 443 49776 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.557395935 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.574433088 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.574481010 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.576874971 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.577235937 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.607768059 CEST 443 49776 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.607798100 CEST 443 49776 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.607812881 CEST 443 49776 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.608330011 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.608721018 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.608788967 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.608812094 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.611619949 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.622251034 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.622507095 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.622688055 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.651681900 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.651705980 CEST 443 49777 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.652142048 CEST 443 49776 13.93.106.254 192.168.2.5
Jun 5, 2019 14:28:32.652676105 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.652708054 CEST 49776 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:32.655225039 CEST 443 49777 13.93.106.254 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2019 Page 47 of 58
Jun 5, 2019 14:28:32.658785105 CEST 49777 443 192.168.2.5 13.93.106.254
Jun 5, 2019 14:28:35.372739077 CEST 49778 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.374346018 CEST 49779 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.511209965 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.512687922 CEST 443 49779 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.513447046 CEST 49778 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.513470888 CEST 49779 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.514283895 CEST 49778 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.514942884 CEST 49779 443 192.168.2.5 52.239.151.138
Jun 5, 2019 14:28:35.654922962 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.654963017 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.655025959 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.655050039 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.655096054 CEST 443 49778 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.655205011 CEST 443 49779 52.239.151.138 192.168.2.5
Jun 5, 2019 14:28:35.655286074 CEST 443 49779 52.239.151.138 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Jun 5, 2019 14:25:22.315944910 CEST 60811 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:22.325299978 CEST 57659 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:22.329585075 CEST 53 60811 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:22.338880062 CEST 53 57659 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:26.959849119 CEST 54527 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:26.973769903 CEST 53 54527 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:56.148576021 CEST 60440 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:56.171256065 CEST 53 60440 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:57.909528971 CEST 62740 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:57.943630934 CEST 53 62740 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:58.837642908 CEST 62238 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:58.849351883 CEST 65013 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:58.869465113 CEST 53 62238 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:58.873291969 CEST 53 65013 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:58.897957087 CEST 55972 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:58.911068916 CEST 53 55972 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:58.915807962 CEST 51695 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:58.969393015 CEST 53 51695 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:59.182861090 CEST 60558 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:59.205216885 CEST 53 60558 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:59.229331017 CEST 63487 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:59.242465973 CEST 53 63487 8.8.8.8 192.168.2.5
Jun 5, 2019 14:25:59.281867981 CEST 54294 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:25:59.294856071 CEST 53 54294 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:01.676172018 CEST 65179 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:01.689987898 CEST 53 65179 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:01.905715942 CEST 65315 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:01.919101954 CEST 53 65315 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:02.215591908 CEST 49772 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:02.269435883 CEST 53 49772 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:02.674501896 CEST 50135 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:02.687771082 CEST 53 50135 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:26.175188065 CEST 65205 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:26.189356089 CEST 53 65205 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:26.785887957 CEST 64570 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:26.799540997 CEST 53 64570 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:27.187135935 CEST 65205 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:27.200246096 CEST 53 65205 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:27.777631998 CEST 64570 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:27.791240931 CEST 53 64570 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:28.195262909 CEST 65205 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:28.209358931 CEST 53 65205 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:28.800097942 CEST 64570 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:28.813775063 CEST 53 64570 8.8.8.8 192.168.2.5
UDP Packets
Copyright Joe Security LLC 2019 Page 48 of 58
Jun 5, 2019 14:26:30.208116055 CEST 65205 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:30.222760916 CEST 53 65205 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:30.806885004 CEST 64570 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:30.820970058 CEST 53 64570 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:34.206168890 CEST 65205 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:34.220102072 CEST 53 65205 8.8.8.8 192.168.2.5
Jun 5, 2019 14:26:34.814114094 CEST 64570 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:26:34.827790022 CEST 53 64570 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.072695971 CEST 62955 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.086137056 CEST 59147 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.096823931 CEST 53 62955 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.132402897 CEST 53 59147 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.146804094 CEST 61222 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.147000074 CEST 56934 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.147104025 CEST 55625 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.161098003 CEST 53 61222 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.165226936 CEST 53 56934 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.184528112 CEST 53 55625 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:11.511998892 CEST 49291 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:11.543744087 CEST 53 49291 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:13.868304968 CEST 57549 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:13.881768942 CEST 53 57549 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:13.911732912 CEST 64482 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:13.925729990 CEST 53 64482 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:16.025841951 CEST 57051 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:16.039473057 CEST 53 57051 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:16.088438988 CEST 62536 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:16.102191925 CEST 53 62536 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:18.144428968 CEST 57436 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:18.157929897 CEST 53 57436 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:18.169118881 CEST 50829 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:18.182987928 CEST 53 50829 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:20.638501883 CEST 57993 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:20.652225018 CEST 53 57993 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:20.661675930 CEST 59053 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:20.674963951 CEST 53 59053 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:22.722062111 CEST 59917 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:22.735738039 CEST 53 59917 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:22.760207891 CEST 64305 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:22.773422956 CEST 53 64305 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:24.583769083 CEST 58919 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:24.598115921 CEST 53 58919 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:24.612843990 CEST 50457 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:24.627226114 CEST 53 50457 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:26.528475046 CEST 63404 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:26.542135000 CEST 53 63404 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:26.565162897 CEST 49752 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:26.579171896 CEST 53 49752 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:27.804688931 CEST 55942 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:27.829783916 CEST 53 55942 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:30.781867981 CEST 65302 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:30.788474083 CEST 57656 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:30.797900915 CEST 63529 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:30.805268049 CEST 53 65302 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:30.809273958 CEST 62462 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:30.822134018 CEST 53 63529 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:30.823849916 CEST 53 57656 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:30.825800896 CEST 59431 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:30.841311932 CEST 53 62462 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:30.856844902 CEST 53 59431 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:32.467261076 CEST 50555 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:32.522583961 CEST 53 50555 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:35.298409939 CEST 65127 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:35.337764978 CEST 53 65127 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2019 Page 49 of 58
Jun 5, 2019 14:28:51.736128092 CEST 59235 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:51.742690086 CEST 53621 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:51.749243021 CEST 53655 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:51.750875950 CEST 52082 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:51.751636982 CEST 64715 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:51.765409946 CEST 53 64715 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:51.769062996 CEST 53 59235 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:51.777756929 CEST 53 53621 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:51.782568932 CEST 53 52082 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:51.801254034 CEST 53 53655 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:57.416198015 CEST 59140 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:57.448092937 CEST 53 59140 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:57.961127043 CEST 62617 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:57.975744009 CEST 53 62617 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:59.281052113 CEST 56714 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:59.309396982 CEST 53 56714 8.8.8.8 192.168.2.5
Jun 5, 2019 14:28:59.438280106 CEST 49425 53 192.168.2.5 8.8.8.8
Jun 5, 2019 14:28:59.478583097 CEST 53 49425 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jun 5, 2019 14:25:58.837642908 CEST 192.168.2.5 8.8.8.8 0x8cf8 Standard query (0)
statics-uhf-eus.akamaized.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:25:58.897957087 CEST 192.168.2.5 8.8.8.8 0xbed3 Standard query (0)
ajax.aspnetcdn.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:25:58.915807962 CEST 192.168.2.5 8.8.8.8 0x3177 Standard query (0)
mem.gfx.ms A (IP address) IN (0x0001)
Jun 5, 2019 14:25:59.182861090 CEST 192.168.2.5 8.8.8.8 0x1cc5 Standard query (0)
img-prod-cms-rt-microsoft-com.akamaized.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:26:02.215591908 CEST 192.168.2.5 8.8.8.8 0x58d Standard query (0)
logincdn.msauth.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:26:02.674501896 CEST 192.168.2.5 8.8.8.8 0x5c2a Standard query (0)
login.microsoftonline.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:11.072695971 CEST 192.168.2.5 8.8.8.8 0xe2bb Standard query (0)
assets.onestore.ms
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:11.086137056 CEST 192.168.2.5 8.8.8.8 0xb5f0 Standard query (0)
img-prod-cms-rt-microsoft-com.akamaized.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:11.146804094 CEST 192.168.2.5 8.8.8.8 0xde9b Standard query (0)
microsoftwindows.112.2o7.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:11.147104025 CEST 192.168.2.5 8.8.8.8 0x5a93 Standard query (0)
mem.gfx.ms A (IP address) IN (0x0001)
Jun 5, 2019 14:28:27.804688931 CEST 192.168.2.5 8.8.8.8 0x2c71 Standard query (0)
products.office.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:30.781867981 CEST 192.168.2.5 8.8.8.8 0x1d81 Standard query (0)
assets.onestore.ms
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:30.797900915 CEST 192.168.2.5 8.8.8.8 0xd32d Standard query (0)
assets.adobedtm.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:30.809273958 CEST 192.168.2.5 8.8.8.8 0x8cc9 Standard query (0)
cdn.pricespider.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:32.467261076 CEST 192.168.2.5 8.8.8.8 0x7b19 Standard query (0)
track.pricespider.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:35.298409939 CEST 192.168.2.5 8.8.8.8 0xaf63 Standard query (0)
windevicesminnofferprice.blob.core.windows.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.736128092 CEST 192.168.2.5 8.8.8.8 0xaa37 Standard query (0)
assets.onestore.ms
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.742690086 CEST 192.168.2.5 8.8.8.8 0xfdc7 Standard query (0)
mem.gfx.ms A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.750875950 CEST 192.168.2.5 8.8.8.8 0xb06f Standard query (0)
img-prod-cms-rt-microsoft-com.akamaized.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.751636982 CEST 192.168.2.5 8.8.8.8 0x5698 Standard query (0)
microsoftwindows.112.2o7.net
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:57.416198015 CEST 192.168.2.5 8.8.8.8 0xb28d Standard query (0)
prod-video-cms-rt-microsoft-com.akamaized.net
A (IP address) IN (0x0001)
DNS Queries
Copyright Joe Security LLC 2019 Page 50 of 58
Jun 5, 2019 14:28:57.961127043 CEST 192.168.2.5 8.8.8.8 0x3696 Standard query (0)
amp.azure.net A (IP address) IN (0x0001)
Jun 5, 2019 14:28:59.281052113 CEST 192.168.2.5 8.8.8.8 0xd5c0 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
Jun 5, 2019 14:28:59.438280106 CEST 192.168.2.5 8.8.8.8 0x62a5 Standard query (0)
s.ytimg.com A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Jun 5, 2019 14:25:58.869465113 CEST
8.8.8.8 192.168.2.5 0x8cf8 No error (0) statics-uhf-eus.akamaized.net
a1512.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:25:58.911068916 CEST
8.8.8.8 192.168.2.5 0xbed3 No error (0) ajax.aspnetcdn.com
mscomajax.vo.msecnd.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:25:58.969393015 CEST
8.8.8.8 192.168.2.5 0x3177 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:25:59.205216885 CEST
8.8.8.8 192.168.2.5 0x1cc5 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net
a1449.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:26:01.689987898 CEST
8.8.8.8 192.168.2.5 0x112d No error (0) login.msa.msidentity.com
login.msa.akadns6.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:26:02.269435883 CEST
8.8.8.8 192.168.2.5 0x58d No error (0) logincdn.msauth.net
lgincdn.trafficmanager.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:26:02.269435883 CEST
8.8.8.8 192.168.2.5 0x58d No error (0) cs1227.wpc.alphacdn.net
192.229.221.185 A (IP address) IN (0x0001)
Jun 5, 2019 14:26:02.687771082 CEST
8.8.8.8 192.168.2.5 0x5c2a No error (0) login.microsoftonline.com
prda.aadg.msidentity.com CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:26:02.687771082 CEST
8.8.8.8 192.168.2.5 0x5c2a No error (0) prda.aadg.msidentity.com
www.prdtm.aadg.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:11.096823931 CEST
8.8.8.8 192.168.2.5 0xe2bb No error (0) assets.onestore.ms
assets.onestore.ms.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:11.132402897 CEST
8.8.8.8 192.168.2.5 0xb5f0 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net
a1449.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:11.161098003 CEST
8.8.8.8 192.168.2.5 0xde9b No error (0) microsoftwindows.112.2o7.net
66.117.29.228 A (IP address) IN (0x0001)
Jun 5, 2019 14:28:11.184528112 CEST
8.8.8.8 192.168.2.5 0x5a93 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:27.829783916 CEST
8.8.8.8 192.168.2.5 0x2c71 No error (0) products.office.com
poc.cms.ms.akadns.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:30.805268049 CEST
8.8.8.8 192.168.2.5 0x1d81 No error (0) assets.onestore.ms
assets.onestore.ms.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:30.822134018 CEST
8.8.8.8 192.168.2.5 0xd32d No error (0) assets.adobedtm.com
cn-assets.adobedtm.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:30.841311932 CEST
8.8.8.8 192.168.2.5 0x8cc9 No error (0) cdn.pricespider.com
cdn2.pricespider.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:32.522583961 CEST
8.8.8.8 192.168.2.5 0x7b19 No error (0) track.pricespider.com
pstrack1.trafficmanager.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:32.522583961 CEST
8.8.8.8 192.168.2.5 0x7b19 No error (0) track4.pricespider.com
13.93.106.254 A (IP address) IN (0x0001)
Jun 5, 2019 14:28:35.337764978 CEST
8.8.8.8 192.168.2.5 0xaf63 No error (0) windevicesminnofferprice.blob.core.windows.net
blob.dm5prdstr12a.store.core.windows.net
CNAME (Canonical name)
IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2019 Page 51 of 58
Code Manipulations
Statistics
Behavior
Jun 5, 2019 14:28:35.337764978 CEST
8.8.8.8 192.168.2.5 0xaf63 No error (0) blob.dm5prdstr12a.store.core.windows.net
52.239.151.138 A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.765409946 CEST
8.8.8.8 192.168.2.5 0x5698 No error (0) microsoftwindows.112.2o7.net
66.117.29.228 A (IP address) IN (0x0001)
Jun 5, 2019 14:28:51.769062996 CEST
8.8.8.8 192.168.2.5 0xaa37 No error (0) assets.onestore.ms
assets.onestore.ms.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:51.777756929 CEST
8.8.8.8 192.168.2.5 0xfdc7 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:51.782568932 CEST
8.8.8.8 192.168.2.5 0xb06f No error (0) img-prod-cms-rt-microsoft-com.akamaized.net
a1449.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:57.448092937 CEST
8.8.8.8 192.168.2.5 0xb28d No error (0) prod-video-cms-rt-microsoft-com.akamaized.net
a1985.g2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:57.975744009 CEST
8.8.8.8 192.168.2.5 0x3696 No error (0) amp.azure.net 160c1.wpc.azureedge.net CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:59.309396982 CEST
8.8.8.8 192.168.2.5 0xd5c0 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
Jun 5, 2019 14:28:59.478583097 CEST
8.8.8.8 192.168.2.5 0x62a5 No error (0) s.ytimg.com ytstatic.l.google.com CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Jun 5, 2019 14:26:02.323982000 CEST
192.229.221.185 443 192.168.2.5 49733 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Jun 5, 2019 14:26:02.329276085 CEST
192.229.221.185 443 192.168.2.5 49734 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
HTTPS Packets
Copyright Joe Security LLC 2019 Page 52 of 58
• WINWORD.EXE
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
File ActivitiesFile Activities
Start time: 14:25:15
Start date: 05/06/2019
Path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE' /Automation -Embedding
Imagebase: 0xa40000
File size: 1966368 bytes
MD5 hash: EFDE23ECDF60D334C31AF2A041439360
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\VBE read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 643F70E2 unknown
File Path Completion CountSourceAddress Symbol
C:\Users\user\Desktop\~$eula.rtf success or wait 1 64334024 unknown
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Analysis Process: WINWORD.EXE PID: 3184 Parent PID: 692Analysis Process: WINWORD.EXE PID: 3184 Parent PID: 692
General
File CreatedFile Created
File DeletedFile Deleted
File ReadFile Read
Copyright Joe Security LLC 2019 Page 53 of 58
Registry ActivitiesRegistry Activities
File Path Offset Length Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmp
unknown 117 success or wait 2 64334024 unknown
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmp
unknown 117 success or wait 2 64334024 unknown
Key Path Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 64334F25 RegCreateKeyExA
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 64334F25 RegCreateKeyExA
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3861A success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0 success or wait 1 64334024 unknown
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
MS Mincho binary 02 02 06 09 04 02 05 08 03 04 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Cambria Math binary 02 04 05 03 05 04 06 03 02 04 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Tahoma binary 02 0B 06 04 03 05 04 04 02 04 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Trebuchet MS binary 02 0B 06 03 02 02 02 02 02 04 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
@MS Mincho binary 02 02 06 09 04 02 05 08 03 04 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
Segoe UI binary 02 0B 05 02 04 02 04 02 02 03 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3861A
3861A binary 04 00 00 00 70 0C 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 04 00 00 00 69 00 6D 00 67 00 73 00 00 00 00 00 01 00 00 00 00 00 00 00 80 17 C2 44 E5 1B D5 01 1A 86 03 00 1A 86 03 00 00 00 00 00 1F 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
success or wait 1 64334024 unknown
Key CreatedKey Created
Key Value CreatedKey Value Created
Copyright Joe Security LLC 2019 Page 54 of 58
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
File Path unicode C:\Users\user\AppData\Local\Temp\imgs.htm
success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Datetime unicode 2019-06-05T14:25 success or wait 1 64334024 unknown
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
Position unicode 0 0 success or wait 1 64334024 unknown
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\30283
30283 binary 04 00 00 00 70 0C 00 00 1F 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 5C 00 65 00 75 00 6C 00 61 00 2E 00 72 00 74 00 66 00 04 00 00 00 65 00 75 00 6C 00 61 00 00 00 00 00 01 00 00 00 00 00 00 00 C7 D8
04 00 00 00 70 0C 00 00 1F 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 5C 00 65 00 75 00 6C 00 61 00 2E 00 72 00 74 00 66 00 04 00 00 00 65 00 75 00 6C 00 61 00 00 00 00 00
success or wait 1 64334024 unknown
Key Value ModifiedKey Value Modified
Copyright Joe Security LLC 2019 Page 55 of 58
01 00 00 00 00 00 00 00 C7 D8 51 2A E5 1B D5 01 83 02 03 00 83 02 03 00 00 00 00 00 1F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 02 03 00 83 02 03 00 00 00 00 00 1F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 56 of 58
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 14:25:55
Start date: 05/06/2019
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff6acbe0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 3772 Parent PID: 692Analysis Process: iexplore.exe PID: 3772 Parent PID: 692
General
Copyright Joe Security LLC 2019 Page 57 of 58
Disassembly
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 14:25:55
Start date: 05/06/2019
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2
Imagebase: 0xcb0000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772
General
Copyright Joe Security LLC 2019 Page 58 of 58
top related