ID: 434295 Cookbook: browseurl.jbs Time: 17:40:30 Date: 14/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Windows Analysis Report https://azure.microsoft.com/email/?destination=https%3A%2F%2Fdocs.microsoft.com%2Fen- us%2Fazure%2F&p=bT04MGE5OWVjMC1jMWQ4LTRhNjEtOWNhNy01Y2Y2MTk4YmFiZTYmcz0zM2VlZmIzNy1hZmU2LTQ5NmUtOWQwYi1hZGQxYWM1NjE5MmQmdT1hZW8mbD1henVyZQ%3D%3D Overview 33 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 7 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 9 Created / dropped Files 9 Static File Info 42 No static file info 42 Network Behavior 42 Network Port Distribution 42 TCP Packets 42 UDP Packets 42 DNS Queries 42 DNS Answers 43 HTTPS Packets 45 Code Manipulations 47 Statistics 47 Behavior 47 System Behavior 47 Analysis Process: iexplore.exe PID: 6712 Parent PID: 800 47 General 47 File Activities 48 Registry Activities 48 Analysis Process: iexplore.exe PID: 6776 Parent PID: 6712 48 General 48 File Activities 48 Registry Activities 48 Disassembly 48

Copyright Joe Security LLC 2021 Page 2 of 48 Windows Analysis Report https://azure.microsoft.com/e…mail/?destination=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2F&p=bT04MGE5OWVjMC1jMWQ4LTRhNjEtOWNhNy01Y2Y2MTk4YmFiZTYmcz0zM2VlZmIzNy1hZmU2LTQ5NmUtOWQwYi1hZGQxYWM1NjE5MmQmdT1hZW8mbD1henVyZQ%3D%3D

Overview

General Information Detection Signatures Classification

Sample URL: https://azure.microsoft.com No high impact signatures. /email/?destination=https% 3A%2F%2Fdocs.microsoft ...z0zM2VlZmIzNy1hZmU2 LTQ5NmUtOWQwYi1hZG QxYWM1NjE5MmQmdT1h Ransomware ZW8mbD1henVyZQ%3D% Miner Spreading 3D

mmaallliiiccciiioouusss Analysis ID: 434295 malicious

Evader Phishing

sssuusssppiiiccciiioouusss Infos: suspicious

cccllleeaann

clean Most interesting Screenshot: Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Process Tree

System is w10x64 iexplore.exe (PID: 6712 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 6776 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6712 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Copyright Joe Security LLC 2021 Page 3 of 48 There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS Security Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Software Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS File and Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Directory Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery 1 Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 434295 Process URL: https://azure.microsoft.com... Signature Startdate: 14/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process started Number of created Registry Values

iexplore.exe Number of created Files Visual Basic

Delphi 5 58 Java

.Net C# or VB.NET

C, C++ or other language

microsoftwindows.112.2o7.net mem.gfx.ms assets.onestore.ms started Is malicious

Internet

iexplore.exe

9 421

adaptivecards.io liveperson.map.fastly.net

52.173.249.137, 443, 49826, 49827 151.101.1.192, 443, 49788, 49789 24 other IPs or domains MICROSOFT-CORP-MSN-AS-BLOCKUS FASTLYUS United States United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 4 of 48 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://azure.microsoft.com/email/?destination=https%3A%2F%2Fdocs.microsoft.com%2Fen- 0% Avira URL Cloud safe us%2Fazure%2F&p=bT04MGE5OWVjMC1jMWQ4LTRhNjEtOWNhNy01Y2Y2MTk4YmFiZTYmcz0zM2V lZmIzNy1hZmU2LTQ5NmUtOWQwYi1hZGQxYWM1NjE5MmQmdT1hZW8mbD1henVyZQ%3D%3D

Dropped Files

Copyright Joe Security LLC 2021 Page 5 of 48 No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link https://static.docs.com/ui/media/product/azure/lighthouse.svg 0% Avira URL Cloud safe https://docs.micrRoot 0% Avira URL Cloud safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://www.youradchoices.ca/fr 0% URL Reputation safe https://www.youradchoices.ca/fr 0% URL Reputation safe https://www.youradchoices.ca/fr 0% URL Reputation safe https://www.youradchoices.ca/fr 0% URL Reputation safe https://static.docs.com/ui/media/product/azure/database-mysql-server.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/iot-hub.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/maps.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/database-mariadb-server.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/cognitive-services.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/spatial-anchor-accounts.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/databricks.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/devops.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/event-hubs.svg 0% Avira URL Cloud safe https://static2.sharepointonline.com/files/fabric/assets/icons/fabricmdl2icons.woff2?2.21 0% Avira URL Cloud safe docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/cart 0% URL Reputation safe https://www.microsoftstore.com.cn/cart 0% URL Reputation safe https://www.microsoftstore.com.cn/cart 0% URL Reputation safe https://docs.micr.com/en-us/azure/?product=featuredRoot 0% Avira URL Cloud safe fontello.comIcon 0% URL Reputation safe fontello.comIcon 0% URL Reputation safe fontello.comIcon 0% URL Reputation safe narwhaljs.org) 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/ad-domain-services.svg 0% Avira URL Cloud safe fontello.comiconsRegulariconsiconsVersion 0% URL Reputation safe fontello.comiconsRegulariconsiconsVersion 0% URL Reputation safe fontello.comiconsRegulariconsiconsVersion 0% URL Reputation safe https://static.docs.com/ui/media/product/azure/sql-database.svg 0% Avira URL Cloud safe https://docs.micrcumentation/ 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/logic-apps.svg 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/microsoft-365/microsoft-365 0% URL Reputation safe https://www.microsoftstore.com.cn/microsoft-365/microsoft-365 0% URL Reputation safe https://www.microsoftstore.com.cn/microsoft-365/microsoft-365 0% URL Reputation safe https://docs.micr.com/en-us/documentation/#mainRoot 0% Avira URL Cloud safe https://docs.micr.com/en-us/s/privacystatementRoot 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/data-lake-analytics.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/managed-applications.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/fxt-edge-filer.svg 0% Avira URL Cloud safe https://docs.micr.com/en-us/adaptive-cards/Root 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/hpc-cache.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/advisor.svg 0% Avira URL Cloud safe https://www.youradchoices.ca 0% URL Reputation safe https://www.youradchoices.ca 0% URL Reputation safe https://www.youradchoices.ca 0% URL Reputation safe https://static.docs.com/ui/media/product/azure/security-center.svg 0% Avira URL Cloud safe https://static.docs.com/ui/media/product/azure/application-gateways.svg 0% Avira URL Cloud safe

Copyright Joe Security LLC 2021 Page 6 of 48 Source Detection Scanner Label Link https://static.docs.com/ui/media/product/azure/storage-azure-files.svg 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/hardware/xbox 0% URL Reputation safe https://www.microsoftstore.com.cn/hardware/xbox 0% URL Reputation safe https://www.microsoftstore.com.cn/hardware/xbox 0% URL Reputation safe https://www.microsoftstore.com.cn/surface 0% URL Reputation safe https://www.microsoftstore.com.cn/surface 0% URL Reputation safe https://www.microsoftstore.com.cn/surface 0% URL Reputation safe https://mem.gfx.ms 0% URL Reputation safe https://mem.gfx.ms 0% URL Reputation safe https://mem.gfx.ms 0% URL Reputation safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation sni1gl.wpc.gammacdn.net 152.199.21.175 true false unknown microsoftwindows.112.2o7.net 15.188.95.229 true false high microsoftmscompoc.tt.omtrdc.net 54.75.9.158 true false unknown dh1y47vf5ttia.cloudfront.net 143.204.98.27 true false high cs672.wac.edgecastcdn.net 192.229.233.50 true false high liveperson.map.fastly.net 151.101.1.192 true false unknown adaptivecards.io 52.173.249.137 true false high js.monitor.azure.com unknown unknown false high lpcdn.lpsnmedia.net unknown unknown false high accdn.lpsnmedia.net unknown unknown false high pbs.twimg.com unknown unknown false high assets.onestore.ms unknown unknown false unknown ajax.aspnetcdn.com unknown unknown false high static-assets.fs.liveperson.com unknown unknown false high mem.gfx.ms unknown unknown false unknown static2.sharepointonline.com unknown unknown false unknown static.docs.com unknown unknown false unknown publisher.liveperson.net unknown unknown false high dc.services.visualstudio.com unknown unknown false high lptag.liveperson.net unknown unknown false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 151.101.1.192 liveperson.map.fastly.net United States 54113 FASTLYUS false 52.173.249.137 adaptivecards.io United States 8075 MICROSOFT-CORP-MSN- false AS-BLOCKUS 192.229.233.50 cs672.wac.edgecastcdn.ne United States 15133 EDGECASTUS false t 54.75.9.158 microsoftmscompoc.tt.omtr United States 16509 AMAZON-02US false dc.net 152.199.21.175 sni1gl.wpc.gammacdn.net United States 15133 EDGECASTUS false 143.204.98.27 dh1y47vf5ttia.cloudfront.ne United States 16509 AMAZON-02US false t

General Information

Copyright Joe Security LLC 2021 Page 7 of 48 Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 434295 Start date: 14.06.2021 Start time: 17:40:30 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 6m 52s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://azure.microsoft.com/email/?destination=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2F&p=bT04MGE5OWVj MC1jMWQ4LTRhNjEtOWNhNy01Y2Y2MTk4YmFiZTYmcz0zM2VlZmIzNy1hZmU2LTQ5NmUtOWQwYi1hZGQxYWM1NjE5MmQmdT1hZ W8mbD1henVyZQ%3D%3D Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes 13 analysed: Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/372@17/6 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://docs.microsoft.com/en-us/documentation/#main Browsing link: https://go.microsoft.com/fwlink/?LinkId=521839 Browsing link: https://www.microsoft.com/ Browsing link: https://docs.microsoft.com/en-us/ Browsing link: https://docs.microsoft.com/en-us/documentation Browsing link: https://docs.microsoft.com/en-us/learn/ Browsing link: https://docs.microsoft.com/en-us/answers/products/ Browsing link: https://docs.microsoft.com/en-us/samples/browse/ Browsing link: https://docs.microsoft.com/profile Browsing link: https://docs.microsoft.com/en-us/dotnet/ Browsing link: https://docs.microsoft.com/en-us/adaptive-cards/ Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

Copyright Joe Security LLC 2021 Page 8 of 48 No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BACZYXTY\adaptivecards[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 283 Entropy (8bit): 4.821376124998815 Encrypted: false SSDEEP: 6:JFK1rUFVz9cLohxj8q5z9cLohxj95ieXRi1rFK1rFK1rFK1rFK1rFK1rFKb:JsrUviLonjJhiLonj9QCOrsrsrsrsrse MD5: D1E11596BEB09EA7AB92EB476B7DC8E8 SHA1: 66EF9458FABAAD9B116C0219F4DC304D20809711 SHA-256: AF7F5610A0A7ADCC741E9D97BCC27C91559C5B3F0BFF864EF0B1B3AF4C3EE789 SHA-512: 5194B37DA9D55680C11F01A608BEC67C3B1798F31F917125E2A0060F0EA6732A304AB5C829164BA9D194A15608080E7CBC4B13EF227AC2D2890987339858AFF3 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\docs.microsoft[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 1200 Entropy (8bit): 4.758912769502828 Encrypted: false SSDEEP: 24:WUGYT4CyUGYT4C9t9yt99aCyUGYT4CyUGdCyUGanCyUGhECyUGHCyUGHCyUG6Cyz:LaCvaClCvaCvgCvHnCv7Cv2Cv2Cv7Cva MD5: 1E2E9E831FD0C493776EAFF25CF9A6A8 SHA1: 3E9B66A636E9B64BA4DC295F3ABF407CE615DA10 SHA-256: 8F866700518993EB0363F985FCE84FACA9E649704E70CB6C00F76E3BB27BE8C5 SHA-512: 782B4C219380F77070CDD5AE0727D9371456548CE0C57099C444418D6BC924E770DE85A2556386B18AC88F48663AFD9B9BFAAC2EAEDDDFF32E0190D722A29CC4 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\93ae22c4.at-config[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF line terminators Category: downloaded Size (bytes): 11299 Entropy (8bit): 5.07217384138262 Encrypted: false SSDEEP: 192:6Ptyz4MrslwYw6FTX1J8lKiYsbhAT4qBKo:JrslwYJb1JHi3h1qBKo MD5: 7A5AC39E940E689F709170412BA11A24 SHA1: F8DABAA9EE1DF4AAB3B15083904167FBA5CE0FD6 SHA-256: B6E07CCD516607FE756B9128424D16D806782B38BE7AE69035803A808BB7C2E3 SHA-512: 3F696DFB2376E57383E915E1C7E7AD1FC7EC3DFB30705BED268AC757451F7353521287FBBB5B197F868C9B2891A14662EE394B6A53EC09D7F7F115D31656FB68 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/93ae22c4.at-config.js Preview: 'use strict';....(function () {...// The following IIFE is provided by Martech/Adobe. Do not modify....// Properties are configured at https://experience.adobe.com/#/@msc om/target/setup/properties...var at_property = 'bdabb721-9b44-aabd-3839-ac91540d91f8'; // "Microsoft Docs (Prod)"...!(function () {....function tt_getCookie(t) {.....var e = RegExp(t + '[^;]+').exec(document.cookie);.....return decodeURIComponent(e ? e.toString().replace(/^[^=]+./, '') : '');....}....var t = tt_getCookie('MC1'),.....e = tt_getCooki e('MSFPC');....function o(t) {.....return t.split('=')[1].slice(0, 32);....}....var n = '';....if ('' != t) n = o(t);....else if ('' != e) n = o(e);....if (n.length > 0) var r = n;....if (n.length > 0 && at_property != '') {.....window.targetPageParams = function () {...... return {...... mbox3rdPartyId: r,...... at_property: at_property...... };.....};....} else if (at_property != '') {.. ...window.targetPageParams = function () {...... return {...... at_property: at_property...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\FabricMDL2Icons[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 68776, version 0.0 Category: downloaded Size (bytes): 68776 Entropy (8bit): 7.994905054589336 Encrypted: true SSDEEP: 1536:KGDKkb0Gj3DbSvfwxJSijoDJFqAOi0kyefbAQSxd+h1mlDN7DFQX:Kpv8Svi7cFVOi5bBSxdYmtNFQX MD5: 67004E41FB0CBB79BD8B963D82FC4826 SHA1: B3007FE009B33DAA1F30813A18895E45133BBD8B SHA-256: 16E86C343895335A523A1351F52B77836B7DFD914AE59491A8648667ADE9FB42 SHA-512: A82AC3188464A0BB4BEC0F0551FAB65FC6EACF032755E55B1039BCFCBFC3E32C54EF0920C532B0883416BCE9288B328A804F8B5E590D362B6C58C16A8655D1A C Malicious: false Reputation: low IE Cache URL: https://appsforoffice.microsoft.com/fabric/fonts/icons/FabricMDL2Icons.woff Preview: wOFF...... OS/2...X...H...`JZx.VDMX...... ^.qcmap...... L...j....cvt ...... *....fpgm...... Y...gasp...... glyf...... "...p_=..head...4...5...6.1..hhea... l...... $....hmtx...... r:...loca...... n...n.8bJmaxp...... M..name...0...... J.post...... Q.wprep...... x...x.c`f..8.....u..1...4.f...$...... @ ...... r...... S``...P..x...S...... _..m.m.m.m.m;e..y.~...... ...O.g...E.2|....o.w...C.1..~..._.o..08...... ?..0$...... x..yx.....s..5..73w..@ ...K.HeG...... C...&*.... .*.-.B1.5..T..|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MathJax[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 63263 Entropy (8bit): 5.465999751701189 Encrypted: false SSDEEP: 1536:fZ/jj0ebL/4r1l15MIt8SaXiWalhPbcpbZLWPrAO8EpKw6kzJc+OLN/Ifbj1dI3Q:fZ/T4r1FBt8S2dZK0+pzXzJVOLN/IfJ MD5: 7A3737A82EA79217EBE20F896BCEB623 Copyright Joe Security LLC 2021 Page 11 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MathJax[1].js SHA1: 96B575BBAE7DAC6A442095996509B498590FBBF7 SHA-256: 002A60F162FD4D3081F435860D408FFCE6F6EF87398F75BD791CADC8DAE0771D SHA-512: E0D1F62BAE160008E486A6F4EF8B57AA74C1945980C00DEB37B083958F4291F0A47B994E5FDB348C2D4618346B93636CE4C323C6F510AB2FBD7A6547359D28D5 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/static/third-party/MathJax/2.7.2/MathJax.js?config=TeX-AMS_CHTML Preview: /*.. * /MathJax.js.. *.. * Copyright (c) 2009-2017 The MathJax Consortium.. *.. * Licensed under the Apache License, Version 2.0 (the "License");.. * you may not use this file except in compliance with the License... * You may obtain a copy of the License at.. *.. * http://www.apache.org/licenses/LICENSE-2.0.. *.. * Unless required by ap plicable law or agreed to in writing, software.. * distributed under the License is distributed on an "AS IS" BASIS,.. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... * See the License for the specific language governing permissions and.. * limitations under the License... */....if(document.getEl ementById&&document.childNodes&&document.createElement){if(!(window.MathJax&&MathJax.Hub)){if(window.MathJax){window.MathJax={AuthorConfig:window.Math Jax}}else{window.MathJax={}}MathJax.isPacked=true;MathJax.version="2.7.2";MathJax.fileversion="2.7.2";MathJax.cdnVersion="2.7.2";MathJax.cdnFileVersions={};(fun ction(d){v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 1612 Entropy (8bit): 4.869554560514657 Encrypted: false SSDEEP: 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk MD5: DFEABDE84792228093A5A270352395B6 SHA1: E41258C9576721025926326F76063C2305586F76 SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284F D Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/NewErrorPageTemplate.css Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #00 0000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt; ..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE1CmIw[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 14889 Entropy (8bit): 7.878874241400787 Encrypted: false SSDEEP: 192:LiA8KesyGAUMhJZAVy2G5Wj5MbGghrttqwTEldTDsH3GElqINGkbEqGLc1:98Kb/jMhXAVnjFKtq0E/Dull54m MD5: 5B95469F6A1E333C3E7A9165D22C72CB SHA1: CE481079755F339678DDFBFF784ACACE55D7E426 SHA-256: D61B3DC11CA888349CEA77CED4E8E4B483139786ADEBE84654176E96D6626781 SHA-512: F5685F37187D0E9CE097FBD718A50D19A709C22DE22240F03C393F1B1A0966083C21B43C1ABA04044D2A02C32B479996F5BA2582DBEA7DE7FED020FD63F29F33 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1CmIw? ver=e555&q=90&m=6&h=201&w=358&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: II.. ...$..o.N.K..=wv...... f...... $..B...... $..B...... 9...... WMPHOTO..E.q.e..0..$$.BBL.DD...... +3...... @P....*...... *.85..|.*.....(. .G.aZ....n...... bY..'..;KH.(...... Y.....f`.,..T...... X.<...M.q!O.Q...... $.v....%.(.....J....7W...SqD.e...e.. ...[a...*i.-."...(Ja..K.....)"*.L8..c%...BD.t!..| .xi#.Y.^..JI...v6'C<9...Y....j7X.. .n.*H;-..7.'.....7.L..d\...6.!.S.MC..5p...... K...F.'.'..f...4....,r!.6.YF*.$p.D.H5..:..B..M.3....4%....WQp...... &.S.8...... ,T.p7.*..4W....z.m.?7._b.S..{/..$..0....B..sI..`,.5..u2mB..? BU....16;.....Si..#.d.I.ms)...... J.9..D....!...... DN...x..s.;..W...... `.a.V`..b.....1*ji7C..( .r.f...... $.....`....L.G).".o.Q"...... h..d...... Q.J9,.A39%[email protected]...... y .B.f...m..1*0.*0....R,T%t...... 4..^.....y)...... H.K.%os.$=m..bI.@.(e.5.K..V.A...... B..A.a"J.%`..,.-Pc.3B`Lx?...... &..z..:..1e).&.WX.9....-..."#s$B....7V..2.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4Av0A[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1600x600, frames 3 Category: downloaded Size (bytes): 54105 Entropy (8bit): 7.028305099094474 Encrypted: false SSDEEP: 768:eLDOmM0YE4lZNuLQWiR0cWnjcrx4nZeHHyav/sh6bSEjTxI6BfxI:e1V4lZNcQ5Rojm+ZLs/sh6bVhvZI

Copyright Joe Security LLC 2021 Page 12 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4Av0A[1].jpg MD5: B1D28337EAE0495EE9CCA4F9799C5033 SHA1: A1B5A69626894D14936A13458B9EC298FC396BCA SHA-256: DA93620F6D1B9BBA314AEACED22725DCF2B2F546ADF324072C169465EBEEB05F SHA-512: 26F49C3748BB265950BF571512345EF9FF82BF1C183837ECCA938E923594C7F81C61793B21D80E1B79F472340C41E09F86D372E5DC63DE8B78516E6D472AECF2 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Av0A? ver=baf8&q=0&m=8&h=600&w=1600&b=%23FFFFFFFF&l=f&x=0&y=152&s=2120&d=795&aim=true Preview: ...... JFIF.....`.`...... $.' ",#..(7),01444.'9=82<.342...... 2!.!22222222222222222222222222222222222222222222222222...... X.@...... }...... !1A..Qa."q.2....#B...R..$3br...... %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... w...... !1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... ?..:.. (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (...... (.....P....(...... (.....`&(..a@...... (...... (...... Z.J.(.....P.@..!...... P.@ [email protected]...@.....%...P.@..&(...... P.c..(.(.{P.P.@.@.@...... P...... N..P.zP.P.@.@..%.-.%.'[email protected].(.(...... (.1@...... P.@...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4CSsn[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, progressive, precision 8, 358x201, frames 3 Category: downloaded Size (bytes): 22439 Entropy (8bit): 7.980681834661952 Encrypted: false SSDEEP: 384:dl5zhmFhGZSVhxlwLT+WMRW/866qIaCPvhDJZoC+k9msglaQHM54:dhmFKSxlwLTLMRW/6qP+is2aoj MD5: 088D355970946F5A6C61C8F36DC46D2B SHA1: A85538E652458F5A18909B07B36BDBCAD9B29183 SHA-256: 5E28F417AF1577E220F7D5F0CAD2DC29E453BA9FC9637042A38A3F4EFFD32340 SHA-512: 727C1D631F9DE7FCF3CDED4752872F522ACE9512DEEEECFE89C59CB9FFF9368649D52020171876A408EFEEC69DBFF3CACEAAB32AEF7771FADC4AAF1980A1E B46 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4CSsn? ver=3e81&q=90&m=6&h=201&w=358&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: ...... JFIF.....%.%...... &$&22C...... &$&22C...... f.."...... 8...... d. (.o..o...... qc...N..|U...... @.a..&...?.8.d.uM&.L/.X.....+..3*.N.Y..n....0?b...L...|m.mO....y..V,...... 9.2....L.....-R.D.o0..0..x.Ko+i.%....E.|)..d.}...4./..B.04.1..ge..o..:.R..O.%...... -.= 6.u..!.0`oR.<.$0^..u._..f:...... %Fn...QI...... u{...... v..;.ts.+.bw..m..O..AGy....$2h..g...... ,...x...... d.g..?Y.o.....Gi{...I...... x.._..`i..&.S.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4E4rT[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 10430 Entropy (8bit): 7.89480959014599 Encrypted: false SSDEEP: 192:Lapejnf9UHMPQ4KVxnkaRJZzlp+0G4p1N/MeLjZzzqCPLs/+bgdkKKqW:LakVUEUNRLlXWk+Cg+bWK MD5: DB2CBCF163B2A7648BA57FC5ECEAB887 SHA1: F493A978EB04F87EC718885264699695AA0BCABD SHA-256: FC92E55FC3D1DA01C8A9CDF330639EEE663DDEE0B398C4A8BE39891F4ACCFA6D SHA-512: 3099055CA5F7F257D2B3B78DEACEDB3A879CDA7949A0344B9E0C5549FE36E766B240B75909C53D637CD0E327D76355013243C8E8394EE84D1E30257913DBE297 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4E4rT? ver=2072&q=90&m=6&h=201&w=358&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: II.. ...$..o.N.K..=wv...... f...... %..B...... %..B...... 8(...... WMPHOTO..F.q.e..0...LJJT...`.....%.V'...... j0}[email protected]. ..~&.L9.NOF.).u..OG...... |...... w.c.U..u.6.C....d[..`0..\$6X; ...o...... Kfb1."[email protected]...]'. [email protected]...... 5.a.-..Tg.$..C...=.aD.2..0Q.....?0...X..5..P...... }w...8$..$..PB..l.. [i..1.\^..T...,.o.B.....Ni.M4. Q.Ms.N..*...{...c..Y.?.E.R.>.*m)<.k.$.v...i.R..m...k.T..eRm.."2..L. .'....{....M.{.S..nD.$..T...).2.mh..N1t...... Ft...,....t../..+....G..T.y7...9h.*2....i...... ^QwL..`M.X..R.0.1._.... *)...... Z_h...-)=.A.h.$.P.K.Y"QhD.j.\..,...... V1..-..L.H.^.m.....Z..5.,...... @....>(C5.`@.....$..&...|._o.....94.e\..\m...... En`.u....F.R...... I...n...... ~.`.Q ..Q..B...... `x..?.6e.....pv.A....DQ.4~..aFa...!.....h.K.[.:VB..[j...... x..bkRD...M@0..., ... p..w.E.My.F%...... kS\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4pkvE[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced Category: downloaded Size (bytes): 234 Entropy (8bit): 6.336886292770393 Encrypted: false SSDEEP: 6:6v/lhPnMtkiQg5gmlUkBNdMSwul9Kx+2lPpgt+SgU2KmiZUup:6v/7PVg5gSUkBDkSox+2VPSgU0iqc Copyright Joe Security LLC 2021 Page 13 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4pkvE[1].png MD5: 260A51F19FFB5DC5B69223FA27B28B7F SHA1: 45DB7B29D637618990DDBE2C428875EB2B9E4B97 SHA-256: 38D313123BA702A51B25E52DF6C17F5CDF127C1BA2094F05F968AD2890CEB49F SHA-512: C0809F0BBEB79665DE95C7C7455E9FDFC878D6553B377F7B4F742034BC35624BA07CCD320B6557509BF3EE772CCEFFFE1017B498247DFF54563AFAD288B789C6 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4pkvE?ver=d8fc&q=90&m=6&h=40&w=40&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: .PNG...... IHDR...(...(.....&.p.....orNT..w.....IDATH.c`.t@...!...a=.~...... 4..h.~..@#P!...hD..#.4.bD?.3 ...1X.t`...1...=.....D7...a ~.....8j.P1../T..f.AZ...p4..8j..0..#.....jK...b6tA..j..Y jbk=R` [email protected]`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4pxBu[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced Category: downloaded Size (bytes): 592 Entropy (8bit): 7.5191542877143895 Encrypted: false SSDEEP: 12:6v/7PoNuMxRUHNV7ROerL/EmNsgF8wUy+cghBZ+QXe0q1cg+SR:+o0M7cbUen/d8BZxcKg1R MD5: E8DCCE76EF06E598B2FFEDB2D2DF92C3 SHA1: 652895F799FCBACA551EC5911A88895DB90EE693 SHA-256: BD58174AB1A620975F07510EC6480E6C2D97E84FEB5D8647873E172908942651 SHA-512: 1467EB0690B8747F28098B2032662C0014B2CEB647113DE40D99AA5F0F53D214F607392A09833BF41F91D8691A228239537A08860C1C3B31C3D90F6CB708A0C9 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4pxBu? ver=eae5&q=90&m=6&h=40&w=40&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: .PNG...... IHDR...(...(.....&.p.....orNT..w.....IDATH.V].. ...D0...@.#...D ...@."...... ^x.x.qwf...... a.q`.?...... l...Gxh..{...... `,.l...E2..B,...... SF.c|T0.x.5c..."..[A..l.....2.^_...jz.>..... <..m...|A.8..H._f..;[....I..CN...$d...n..J...pGFfST..|..4...5..9...?Q#2..f".W;...... a.^.[2i..4..c... >."$....i.g.).+V.....d.x...h.I|ta3...\...R..OQ....l...T.|..C.*....].;..>..c..P.z.V...r....zbmB..... (.|..e-.?..0Yr.h.....p..w.>+/....e.... JS....U...H...l..?...E.4.}.;....M.c.{....'9..!8.DOA."(..Q.q....- ..Q5....kO75m..Wn...w.U...... r....,.D.z.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RWEECz[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1259 x 472, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 493966 Entropy (8bit): 7.978904986825848 Encrypted: false SSDEEP: 12288:wlNW4Ug74AFv5mI/ThyOHIaT11DSyUlLA9zg42cpvMrWjHa:wH178Il/IaTbSnLAj2cNMrMa MD5: D6AA8FB6B151D7F41C4A8C9FDD2093AB SHA1: 47A96AC5BF4F416317B96E7D2FA116484B5E41E9 SHA-256: 8D0DA7B726CBF12B8FC2E358915F37A1E550D3556694BF7F0A08A7DB353B664C SHA-512: 66F49019E994348AA4BE36D1F2B0029834DEB7B1BDBA7CA57F70E102344B298F72C64BE9CBBB7ECC4D6DE8567AF82A9FCCBA65C0AFF3CB43A4161E90445F87 8A Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWEECz? ver=ef1d&q=0&m=8&h=472&w=1259&b=%23FFFFFFFF&l=f&x=0&y=0&s=1895&d=711&aim=true Preview: .PNG...... IHDR...... Jl.....pHYs...... +...... IDATx...... 1e.. Ap.EI...n....o?d?R?.]U..4..'..cDfd..6?.G..H...+7 ...... q6...... |g._...d...;.z....n6.u]7.6...b...O..b.]^.w.9.....Mf...S..?? _u...y.N.YxO...{...sxM...... \...... u...[.:.].gu...... m.e.@wu...... b....n...;X..n..C.Yw....\t...... Qw|.....;;[.?.;...8..i.]l.96.K...K\.\.O....r..7....].,....ez9.f....;G.}:.s.?[...... ]...7...Yt.l. %...c...c4.t....:^d..;...O.C....`>.....l...3.o''...... ]...... Y....[m8;;..{...._?........ ?.={.l.%6(...Y...+....{...... ;t.O.9..q...... 0..?e.\0....Xi...w./W.8W....".s_...2.g.,ut...st.p...Z0...a~8.g..[ .G..:...^...?...n..RG.[wN..8.3..-.m....<.(...... yo.9..s.=..Cp.z....@.....&.#..m.....cB...E....K.)..B.)~N..3...4Z:..F....y..*m.Yf..]q...J..s.y._..f...... }....>....v...`.c.N.....s.9*S...... m.s..%>V...... 6?7>...... j7.@...... CM.?g.[3,zU...... C...*..^DW...,C.yN-}.1...W|e3:4&}.V.}.o.a...W.l[.xo):..5...c.....uz.y.B.>...9.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RWEze0[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 10139 Entropy (8bit): 7.85314242641808 Encrypted: false SSDEEP: 192:cnbQO40Ou1NpPShyEqzk5FdLh9zMNexRo91SMDgOwQGO:+QONpqhyEckrdF9z5ZMDLHGO MD5: A1627DBC58260903580FA8CDCCD6D1F1 SHA1: 88A4B43C8BF406ECC90C84B389993BB16F0483BF SHA-256: 637AB8D15746A9C77541D9070E78F9DBFCCAC068418D34B01DEE08108C84F37C

Copyright Joe Security LLC 2021 Page 14 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RWEze0[1].wdp SHA-512: 63076D72488B92D030C7AE175CBFC1E903DB6016160D9221DCAA04A2C343D4AFAB50A6D3F2279FB8E1D4A14E624EE5F45F6B5EE7ADAC9835355193A36F5F599 A Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWEze0? ver=ab91&q=90&m=6&h=201&w=358&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: II.. ...$..o.N.K..=wv...... f...... %..B...... %..B...... '...... WMPHOTO..E.q.e..0....l,.6...`...... m...... @[email protected].!P...c.....=...{1...... 3 @...c.5uT.l ..f.. [email protected]. [email protected]%s....E.., A!.R...... W.0~.Q.,g.E.b.....@$MJa*.B80.`..0....cp.Q.!a/R..;.E.D..C'..D`..f^X`....L qf0.P.!..B...!..?X..Y..@.!....0.. +.d1....!.F. ,".....B.r.!4^[email protected],[email protected]..[.....H.}..g..M..."....wO..j...F..NLa....Xa...a.. ...1g..)U..._.-..A.X....y1X..9.Pv;.k.9....ZS5b...... [email protected]=.Jb.....%...T...`c....2I.. xs+y.+.k.^P4...,.0.t.a..?].t..#CZ.4A ...'..@."....B..z9.io...d6.Cj`.$..N2.....F...e.~.Oq...P..L..||[email protected].."..m.k..G...Eh.6.;.(bM!.Z..uF...... ;.....:.A..0..`.nf$(]y. ..a1!...... Bo.Ef.e.!N."..[...~y7(.2{..0...... a86..A2W.....8..w..a...~,o.$I1a3v.8....w.....',....*..N...F.2...`..P.b..{...... lP...t...'.'....V..A..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\a4-539297[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 5109 Entropy (8bit): 5.118496102533826 Encrypted: false SSDEEP: 96:9yRLDkGDGQeG9UfG2maev58hcl/FguMziiKp9bfkbXH/0RKZy:9yRLPDGQeG92G2maev6KlFguMzMbfkbS MD5: E118A9C15F6A649384F76DD008BDEE73 SHA1: 7E02125C645D41BF34F268EEFD35DAC8E2CCF100 SHA-256: C5AF8980AD43586DA80FB13BDAF0858F563907D477ED4800768C817EB8C8E499 SHA-512: 6E33EBA6297F547D94249A65AE1715632936FE78AB5438E5E37229CD8F880ECEEC4DB367CA19C43D299EA1A0A3A4A466D724C22794485E86A9EBEF6E650562D9 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/89-144c00/a4-539297?ver=2.0&_cf=20210415 Preview: require(["jqReady!"],function(n){function a(n,t,i){i.setAttribute(s,"false");nt();n.contentWindow.postMessage({action:"open"},t);o||(o=document.getElementById(b));o.style .display="none";o.getAttribute(s).toLowerCase()==="false"&&o.setAttribute(s,"true")}function k(){y()}function d(){var n,u;t||(t=document.getElementById(r));i||(i=t.getAtt ribute(e));t||(t=document.getElementById(r));i||(i=t.getAttribute(e));n="";window._pageBITags&&window._pageBITags.pageTags&&(n=window._pageBITags.page Tags.pageName);u=t.getAttribute("data-lpcurl");t.contentWindow.postMessage({lppagename:n},i);t.contentWindow.postMessage({lpcurl:u},i)}function v(n){t||(t=docum ent.getElementById(r));i||(i=t.getAttribute(e));t.contentWindow.postMessage({invite:n},i)}function y(){t||(t=document.getElementById(r));i||(i=t.getAttribute(e));f||(f=t.getAttribu te("data-isOfficeCommercial").toLowerCase()==="true"?"Office365":"Store");t.contentWindow.postMessage({action:"parentsize",Width:window.innerWidth,Height:window .innerHeig

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\accountproperties[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 5309 Entropy (8bit): 4.889474193109998 Encrypted: false SSDEEP: 48:pdSYux+JjRNyJqau1BRvgdtBdqVDunVaVq6NEogCDajg6a3DUEXh+AtfDEW4YCDV:mCZYqau1QdLCoyRfe86a3DRnqPYCD1aA MD5: 2A78084FC756702BB2319653F73C6A79 SHA1: F8466B4D4A1521406C7920DDFE58DB75CBEEE161 SHA-256: FED0F183EFD4CE79390956EAB53F303651C7F30D813BA7A26B4C259C73231339 SHA-512: F7484C3410E7A53F473D512B41870E081DCD4BF7B96218DE323497CCA5B8B76428AB7DFAD3B9A162A2FA5C38EE49E659B57EB2E0CC61669F0272C173B9FE29F 1 Malicious: false Reputation: low IE Cache URL: https://accdn.lpsnmedia.net/api/account/60270350/configuration/setting/accountproperties/?cb=lpCb9305x81426 Preview: lpCb9305x81426([{"id":"messaging.ios.sdk.min.version","createdDate":"2017-01-10 04:11:41","type":2,"propertyValue":{"value":"1.1.36"},"deleted":false},{"id":"me ssaging.audio.sharing.enabled","createdDate":"2018-05-13 02:02:09","modifiedDate":"2018-11-14 08:32:03","type":2,"propertyValue":{"value":"false"},"deleted":false},{"id": "messaging.ios.logs.settings","createdDate":"2017-01-10 04:11:41","type":4,"propertyValue":{"value":{"level":"WARNING","minLogLevel":"INFO","randomFactor":1000. 0,"maxEvents":50.0,"maxPendingEventsRequests":10.0}},"deleted":false},{"id":"unified.window.fallback.to.first.party.cookies","createdDate":"2019-11-20 03:10:29","type":2, "propertyValue":{"value":"false"},"deleted":false},{"id":"messaging.file.sharing.blurAllConversationImages","createdDate":"2021-04-13 05:58:57","type":2,"propertyValue":{ "value":"false"},"deleted":false},{"id":"le.agent.widgetSdk.allowMicrophoneCamera","createdDate":"2019-08-19 04:03:07","type":2,"propertyValue":{"value":"false"},"deleted

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ai.2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 120231 Entropy (8bit): 5.308039619356215 Encrypted: false SSDEEP: 3072:d7bNuuObGh9UpVbDHtkIsOWYiIw+XWYiBCMMZMnAKp3cr3b1Xt8ZI:dVOWYiEXWYiBWZMAKp3c1XaO MD5: F5C334F4B2A7C3E3C2655F685AED2D1A

Copyright Joe Security LLC 2021 Page 15 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ai.2.min[1].js SHA1: BE068996A829D4B9A45524E0FA5A7230126F4ED1 SHA-256: 27D984FE65621F53C15F3C09CF858BF9465A3920BA5B35A072DDE63D143F8A81 SHA-512: 5D1D2CD76E63D2C40A462660B12E44504615BC5EE067FC042F14034CF0D8687B29733DA01F5EC26558E4F2A4AB82DBE42DA2B420D82D57F07CBEE5AE5CB6E16 E Malicious: false Reputation: low IE Cache URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js Preview: /*!. * Application Insights JavaScript SDK - Web, 2.6.3. * Copyright (c) Microsoft and contributors. All rights reserved.. */.var e=this,t=function(e){"use strict";var r= {Unknown:0,NonRetryableStatus:1,InvalidEvent:2,SizeLimitExceeded:3,KillSwitch:4,QueueFull:5},o="function",w="object",s="undefined",D="prototype",a="hasOwnProper ty",n=Object,c=n[D],t=n.assign,i=n.create,u=n.defineProperty,l=c[a];function M(){return typeof globalThis!==s&&globalThis?globalThis:typeof self!==s&&self?self:typeof win dow!==s&&window?window:typeof global!==s&&global?global:null}function d(e){throw new TypeError(e)}function f(e){if(i)return i(e);if(null==e)return{};var t=typeof e;functi on n(){}return t!==w&&t!==o&&d("Object prototype may only be an Object:"+e),n[D]=e,new n}(M()||{}).Symbol,(M()||{}).Reflect;var p=t||function(e){for(var t,n=1,r=arguments .length;n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\anomaly-detector[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1076 Entropy (8bit): 4.844615331343652 Encrypted: false SSDEEP: 24:t4IJPHx8G6BGA3rNMZYtEHIlQGKgPU0hpSQiLXASqgI9m33wiUO49Ab:TPHJ6wAKS6HuU9LQiSri MD5: 5404CAE626EE861C3A840E851EC8EED8 SHA1: E6A2AF1D4F9F2922F0C9D1A2C56B9F3EBD96C4F0 SHA-256: 79180B2605C26D697E2FA1808C6047849F30984BC3906289862A97345B2D0245 SHA-512: 06B1116411214B0BA1D36DC959C28ACE72931A2D050AE4CE76A704884BF29311ECFF9F80B0977C39F87E05739915139BF36218D6AC32198D2F19F8701645F91C Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/anomaly-detector.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\api-management[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1295 Entropy (8bit): 5.044036337207262 Encrypted: false SSDEEP: 24:tmXIN+Hx8GQGU1G/GQGPGIWNEqHx8GEcEkcGZX0AYXA7dSSVOWmVv5eEBeab:4NHJTUMOT+9EqHJEcp3ZEAYQ5TO3v1N MD5: 74EA0B08B3611B25C964F89E5A231DDD

Copyright Joe Security LLC 2021 Page 16 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\api-management[1].svg SHA1: 6F91FCF323F9D747AE5A6B481A4F051AC424875B SHA-256: 48E4AB7766C1A2DC3EB830F33406442E678D13DD48C1890B245EB9DE3269EDE5 SHA-512: F33AF0884CB013DAA2F903C1452DD2AF29FCDF27572FAD04691251D978215045E7DA27442215C2C2A8BFC681070F4DEE35CDE5CDF32B2A153B53DFD1302794BE Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/api-management.svg Preview: ....................Microsoft Azure cloud services. Get documentation, example code, tutorials, and more." />...........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\boards[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1218 Entropy (8bit): 4.758776346835383 Encrypted: false SSDEEP: 24:tZqRun/jpUvNfNT+777IWTb7GQo07++njsaZhv9e9wnsU3Y:2VF1s7mkfvAN MD5: A2CC3519181160A4448D1127C485533A SHA1: E4239024D402EFAF2874E1DA25CC832D8E3B327D SHA-256: 2C364CAD9903FFB097F58836442D873E27381B1CBEEE65460CC85D9D4A9F968E SHA-512: 4B759FDBABE1535A78CA218C39617563253915220F65F38379E4902D42250A94EB19A285FB27A70EBA08F4E8B79CF4C3D196AF26C735A5CC8C0F27334CF885CD Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/boards.svg Preview:

Copyright Joe Security LLC 2021 Page 20 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ce151cee.site-ltr[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 491038 Entropy (8bit): 5.060436739741993 Encrypted: false SSDEEP: 3072:cBpCIUetKd6jxgxeF7PTrvYFZIRMby4fN:WQetKsjxgxeF7PTrvYFZcMV MD5: E65614263025AC91B0601F40CFECE8B9 SHA1: 5853D776FAD733B855732EB49B5C8AF53C04B273 SHA-256: 5BC14C9698A3BCE29AF6BEADE8739D0BA49EA69CE762C5302B6DF5E9F191336A SHA-512: BED09909731475711D0D81C8E7CB701A17C300F93CF90312F9676547F8E049E9E7426BD93FF6EFE70EEB917EE94E9C92E80A1DEE2D5C15F98698F0423BA5A17B Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ce151cee.site-ltr.css Preview: @charset "UTF-8";..../*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15}body{margin:0}main{display:block}h1{font- size:2em;margin:.67em 0}hr{box-sizing:content-box;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{ border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-siz e:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input ,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type =reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus- inner{borde

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cloud-shell[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1186 Entropy (8bit): 4.971643594496692 Encrypted: false SSDEEP: 24:t4IX5Hx8G52Gw2GxXGmG6IJttxMgT1v4OVddxCFLFX3p4swoskthZFUaEi:N5HJjSxWx6I5Eb51wosklFUji MD5: C012C6940813AF6A8102B941578A4B96 SHA1: 0A65EC6F62D5DD755DEB9A6F1B1C9BE8B3F0F6C5 SHA-256: 6A407B58297D5C8738756A1D4CBA1D6FE9A81E3541DEE42DC1B06A849BF02C4C SHA-512: 5DB1768E4B9559738793F6F2B7F49C217A6F3379140DD287A9B86E8E9EBF60CC0E256FFAF1D2FE5977694CB7285DD6F42F2397F4A64D80BAFD00797710B2D0FC Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/cloud-shell.svg Preview:

Copyright Joe Security LLC 2021 Page 21 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\data-explorer[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1474 Entropy (8bit): 5.064682568939092 Encrypted: false SSDEEP: 24:tmXI/kHx1G7GeBakJq5REdDHy99H++DHq+nKHCYLq2Y+L9qJKSGse0FGHePe:4ykHuCCJJqQdezz/9oT MD5: A0547546515E8811ECA949B4EA571DC9 SHA1: 0CD65A2583EC010A868D73EAE23F004FD0EE8558 SHA-256: ADB9DB57DC02241CB655855E702127054056B81CB96B0E861061C2248CF5CEAC SHA-512: 63AA84FE4FF97AC81EBE923F23A215BC9B42755C24ADD91BDB5AE52737CA7937EFF92D4BB41E58D0990D5D42FE339DEFD9305D1AC1BB19C37D2C5526AD3116 4C Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/data-explorer.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\data-shares[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1855 Entropy (8bit): 4.772240190364049 Encrypted: false SSDEEP: 48:4oHJG6++BhYuGRL52+jUjsctIIBFjSRL785Aw8tIIBFjSRLPfuuStvMox:fbqLhGyIBRSRL78eyIBRSRLXuuStvj MD5: EDE687A0ED5F45AC563093A1ABEC4E67 SHA1: DC523D7B465E8129E22F96098C111AC455C5EE30 SHA-256: EF8F9DB2DE7A5905F1920FB01AB9BB4FD46CA30A52DD3FDB28BD1187893507C9 SHA-512: 080D6857866D7FD8C2F52909B0F30F8618B8ADF437F6E376F3BC7FDBFE6B49AAEA720A81143ADEDE8F44E7D2189D9AE9CAD2E41A1F1E4C6519789DC6526978B D Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/data-shares.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\database-mariadb-server[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1810 Entropy (8bit): 4.739497281055632 Encrypted: false SSDEEP: 48:4wIO0HJG6++BhYuG/b/0C6REs8S7G4s6B59RkCb:uTbK/l6Rpy4s6B59RkCb MD5: 8F2EC71FC452F7AD42DE3913FD86C2D6 SHA1: 730A9C61A1E147B10465C778406A2E698307F94F SHA-256: FF2A70099FE76F222B9FDCED1C851E72302DDD555D682968471D188F2A098458 SHA-512: 93F1C935507D698F7801CEF745BD469CFC218B7ABA78606B4F0920921A3573DE2415497691DA2C69CA1B247595A2EB36A7FCBCB231AFB02EE1235C0730982952 Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/database-mariadb-server.svg

Copyright Joe Security LLC 2021 Page 22 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\database-mariadb-server[1].svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ddos-protection[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1116 Entropy (8bit): 4.929217109287505 Encrypted: false SSDEEP: 24:tmXI5WHxQWG6BGAak8Q4IwK/EoV5aRES3FaAM+pYwwKlBgcSAwwyuS:4AWHa6wAd4IBEI5HS3FIMnHe MD5: 50B9E7B6E24A0C7E7A1384ECA9A4BB76 SHA1: 267AF87A5DF632F94F8DF5110EB7F9F94D040971 SHA-256: 965502ECFA17F616EDCB69F61B52C4DAAC36E4141C12BBC64E3F24593EDEFEF8 SHA-512: B5B2DCA95680A513D6B24D91523F0789A782ACD171E4E725DD40A6F0A6A13DC8B08918FE83715356F1B527F2A5F36EAEEACF272E3D6D188700F398311EE05356 Malicious: false Reputation: low IE Cache URL: https://static.docs.com/ui/media/product/azure/ddos-protection.svg Copyright Joe Security LLC 2021 Page 23 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ddos-protection[1].svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\de-ch[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Category: dropped Size (bytes): 180838 Entropy (8bit): 5.414001507226715 Encrypted: false SSDEEP: 1536:YHmIR4J9Zm4nzKF5ZHdKh1LGYhz3jEj9TNfHx7EmI9oNhOB7YadueD0G4JSGgetw:YlRmLUPYic7YadueD0G+geK MD5: B9513F82EBCA2B8A7C88D27971E0C12A SHA1: F4C2FF0B1721F25A626517A5E56C5C6552BE2207 SHA-256: FE5C3094A68546DED309F4D333540F1933686CC4A65EF31F9C759C663A609680 SHA-512: 028E14D1D818F0BFAFBDBB6AC5B8EC86649CEE7705C27300E0954BA4F3FB2E8D84B595D0B148CC20996723AF53D46535BC7F6EB00B1BE1AE0838BD8FF00BB2 41 Malicious: false Reputation: low Preview: ...... ...... .... .. .. .. ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\deploy-a-website-with-azure-app-service[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 9443 Entropy (8bit): 5.004541382952046 Encrypted: false SSDEEP: 192:6DLzzW7eFxerDeu4Q+ocR38H+2VG6CgBAObP+cCthx:XK8ofo+kdCgZb/g MD5: 79AAB72A7A33001B3486707CAEF97603 SHA1: 56AAEF24428AC937A131BF42B20E8B4008A8BC51 SHA-256: 17C5A0AB41266CD8A2732C5B21206D15584F9C0708CC74B4369EA571723E0279 SHA-512: 0BF106CCE0A6075C368C8EF160A34012BE3351BC91E65A5144702EB51922EF07A51829D770EBCE73DF73DB0B17F80D3D65464F440516A73B57C7DC8824FEB550 Malicious: false

Copyright Joe Security LLC 2021 Page 24 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\deploy-a-website-with-azure-app-service[1].svg Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/learn/achievements/deploy-a-website-with-azure-app-service.svg?branch=main Preview: ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\designer[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: dropped Size (bytes): 157 Entropy (8bit): 4.760990356736931 Encrypted: false SSDEEP: 3:8ROFKGQIeNi1Xbvx9M84JxeCAIuREg7F6nmqD2VqTjpq2WD0GyGFq:AYSI0MXLxu2CAIuh7FUGqTjpFh MD5: 60A71CB04A13B65C542C5F3419F35AED SHA1: 117A79965F3AEA74943D5BE74C07EF61752730CF SHA-256: 9967FED0EC0CBD860C201EE0A33CC72E6320CA5F8D262A4F212E3EDAAC69448D SHA-512: BBEF45A83FA472CF99E55D12134E7CA6F7C53FE92899DC8148022377371301C1D56D5ADEB30E05DA850C01D3F9ED78D8FCB0041C05DE391E59AC50501AE3D42 B Malicious: false Reputation: low Preview: .

Object Moved

This document may be found here

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\documentation[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 124331 Entropy (8bit): 5.03210206200932 Encrypted: false SSDEEP: 1536:KNEsnf/DfUO8hRWDU/IX/8VPb/g6Q2W6s6IVTPgozFt+8ozFl:KfDUWAPzduo MD5: 17F0751CD2F159DE99D14A5C163D21C3 SHA1: 3CE5E2A9D2A8DBF8D2585DB1EC6FBA8818B0F0A1 SHA-256: 4E92990ABFC1D36FA1DCF81314532C3D9BFF1DD5C24A80CF2C472C066C404CEC SHA-512: 1CF15D4B918EBB5A6D56A5A1AAB91684300726490DB207ACAF891226C36BA672A8CF1B741578B5DC410C4550940A8FFF1BCA959CABCEA3C1CC5441B18FE4942 5 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/documentation/ Preview: ...... ........................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dotnet[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 79578 Entropy (8bit): 5.166280442225188 Encrypted: false SSDEEP: 768:bYH+qwjCdNlDbwnWa1sNGDCdqCdyjpTWcZjHPXbm6+3JYMJlviUgoNVnFnt+8oNQ:bB/0DbwnWa1sNoJZ+LPgozFt+8ozFs MD5: EE22F579BA9E8BE210BA274A2BAA068A SHA1: 671A3C8C2BD70A183467CBE7AE7B4ACC5B96D3BC SHA-256: 57D574420FC7C7CB6B0AA3BB46450BC18B667EEC4A2CB9A1BE0412CF4FEB2CF0 SHA-512: 8867A2B7DC3E95601627DEEF9C09B3DFACF5DE1990F9BCAAE58B033404FB618160C40072E8132197F823659C614F4957B348E04425A502AC175F40F9FE837E25 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/dotnet/

Copyright Joe Security LLC 2021 Page 25 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dotnet[1].htm Preview: ...... ..................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e3-082b89[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 114289 Entropy (8bit): 5.228842823062561 Encrypted: false SSDEEP: 1536:uzUHQcyAz7pxhX2OG+59gEkpCI+IX8BJWxFu209RhY8WOyd1EwgXA9GKamAMKrdF:uzUZpxJIS20y9d1EwgXA95KrDDCE4+ MD5: 7351A575B039642F1D76552437F879D6 SHA1: AFB27C57E922A11F5C670F5FE8DF699DF0DE30EF SHA-256: 5C5F898AB0EA9B270D48144B59D02B02469CC72B5AD5A425FE14A0195B89695B SHA-512: B7E1425ED5248BA8593F92A40F4FEC8ABF43ED25B9198FE3334E64A20FBA972AF8841C2FFA97ABD62594E8C9068BCC876D16F567D24DC90582838D6351B82439 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/2f-63ce8f/45-f9a0d4/aa-dc1460/2d-7a9063/dc-7e9864/4f- 5115f8/7d-266f10/4a-abd94b/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92- 10345d/f8-73a5f2/79-499886/7e-cda2d3/69-13871c/6a-234a32/91-97a04f/1f-100dea/33-abe4df/17-f90ef1/e3-082b89?ver=2.0&_cf=20210415 Preview: var __extends;define("ajaxWithAnimation",["jqReady!","jsll"],function(n,t){var i=["

<\/span><\/span><\/span><\/span><\/span><\/div>"],u=function(t,r){var u=n(t),o,f,e;u.length&&(o=(r.l oaderType||"").toUpperCase(),i[1]=o==="PROGRESS"||o==="PROGRESSBAR"?"regional":o==="SPINNERLARGE"?"local f-progress-large f-center":"local f-progress- small",r.margin&&r.margin.length&&(i[3]=r.margin),f=i.join(""),e=(r.loaderPosition||"").toUpperCase(),e==="TOP"||e==="BOTTOM"?(u.addClass("ajaxloader"),e==="BOT TOM"?u.append(f):u.prepend(f)):(u.parent().addClass("ajaxloader"),e==="BEFORE"?u.before(f):u.after(f)))},f=function(t,i){var r=n(t),u;r.length&&(u=(i.loaderPosition||""). toUpperCase(),u!=="TOP"&&u!=="BOTTOM"&&(r=r.parent()),r.removeClass("ajaxloader").children().remove(".c-progress"))},r=function(i){i.refreshElement&&u(i.refresh Element,i);var r=n.extend(i,{s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\editor.main[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 2344786 Entropy (8bit): 5.273498582194641 Encrypted: false SSDEEP: 24576:2fwLFLJgVYA5+Rt+gUiIG568yUvVD+ysaPIk/mK3fA:bLJgVYAdgL/568yUvVD+ysaPIkLfA MD5: 776136B24B6515E1A6DD919EFB297911 SHA1: A2CA594E50F3963724B972FDBC0C734D27F8D39C SHA-256: 31A46DFB5B582926A941A22B85B78178BB9DE326474A413F13621B18079D82C6 SHA-512: BC3D627E163220441864982E2A812B9FF6828EB9A3EF761278A5CEE7D24BB7C445AF0F791E9C76860704BEF8F956E4A7477A1105DD9864B530D07ADE131D6E1F Malicious: false Reputation: low IE Cache URL: https://adaptivecards.io/node_modules/monaco-editor/min/vs/editor/editor.main.js Preview: /*!------. * Copyright (c) Microsoft Corporation. All rights reserved.. * Version: 0.20.0(6363745c0a33c27b149b89342a7b96d354fb5 54c). * Released under the MIT license. * https://github.com/Microsoft/vscode/blob/master/LICENSE.txt. *------*/.(function(){.var e,t,n=[ "require","exports","vs/base/common/lifecycle","vs/editor/common/core/range","vs/base/common/event","vs/base/common/strings","vs/base/browser/dom","vs/nls","vs/ nls!vs/editor/editor.main","vs/css!vs/editor/editor.main","vs/base/common/errors","vs/platform/instantiation/common/instantiation","vs/editor/browser/editorExtensions","v s/editor/common/core/position","vs/platform/theme/common/themeService","vs/base/common/async","vs/base/common/platform","vs/editor/common/modes","vs/p latform/contextkey/common/contextkey","vs/base/common/arrays","vs/platform/theme/common/colorRegistry","vs/base/common/types","vs/editor/common/core/s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\end-user-support-icon[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 19076 Entropy (8bit): 4.361562066295024 Encrypted: false SSDEEP: 384:ckDkP1P/S34agT2GVCCuG7XjSlu6usbOdxd:7gP1HSrgT3VN3OhG MD5: 36F95F79999E68869B2B92894508D014 SHA1: 6064B38D921E23FD6562DC011F0F92894DFC0578 SHA-256: F1F86FD28926E174A279EA239D24B0BD2E59F858D2EED3E43982614A16C9A7D0 SHA-512: 1BD1121F1D46DCFE9F8F690850709A10D9D34F8D5DC6370CE5DBDE907A1474B51958E866E8041F2511C9423AAA7EEC7A0E2FF38D52EF437CE430140F2389689B Malicious: false

Copyright Joe Security LLC 2021 Page 26 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\end-user-support-icon[1].svg Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/media/home-and-directory/end-user-support-icon.svg?branch=master Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\f2-fae105[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 128614 Entropy (8bit): 5.224007892067786 Encrypted: false SSDEEP: 3072:1f/HuF3CpxQIjm0/9d1EwgXA9KxnKKvq3:1f/HuZlIS83 MD5: F9FDF264133BE1B98AE91F51F06DCBC3 SHA1: 2AE2C3E5079DDF4596B253C232A6432948E2C5B3 SHA-256: 1FA7EB1D8AD2E77DB8ECF562DAC3AE4E2C4EFA0110556C0D19E9FF82C83F9B93 SHA-512: 845E5C5EC38BCA14AB206AD5336E4203196E9ABD45FBF973E947D28CF27B64EA2B8F72AAEA0D71FA12650AE5222A1840C5622FD863031DC4E69C2E5114CFEAF 5 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0- 251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/1b-c96630/db-bc0148/dc-7e9864/78-4c7d22/39-97e6ff/16-4c1a9d/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca- 40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/62-95a6e7/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/f2-fae105? ver=2.0&iife=1 Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */ .var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){ for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){ for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c =y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fabricmdl2icons[2].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 151924, version 0.0 Category: downloaded Size (bytes): 151924 Entropy (8bit): 7.996755078799659 Encrypted: true SSDEEP: 3072:izu4By5vR4gdzOjZHpybtAVOZ71Q1gcq0WTo7wSRhpFY/iw2yQ0X2+6L0aR/h:iznyHBmNMJcOd1ro719FY/ilyQ0Gp MD5: E80FF72E03E780056CFDBD85C63404CE

Copyright Joe Security LLC 2021 Page 27 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fabricmdl2icons[2].woff

SHA1: C450A1A6233F0FBC6DBFFB7FEE251E378F64EF32 SHA-256: 05828D625DCB5781D0A3CC67A2429CED535FDF848B8B8075D49751EB5B30C7AF SHA-512: D819D75CA896AF15F99185F87AF40A85A0FA6941B9E08974C6569123B601DCC8E043BE1C0F5C154E37A351A046B57D5196002B16FA7102761E3C0961D92CAC8D Malicious: false Reputation: low IE Cache URL: https://static2.sharepointonline.com/files/fabric/assets/icons/fabricmdl2icons.woff?2.21 Preview: wOFF...... Qt...... OS/2...X...H...`JZ}.VDMX...... ^.qcmap...... cvt ...\...... *....fpgm...|...... Y...gasp...l...... glyf...x..$...0.{.yyhead..7`...6...6% .d.hhea..7...... $7.5.hmtx..7....M... .N..loca..<....q...D...maxp..K|...... |..name..K....8...... post..P...... Q.wprep..P...... x...x.c`.`a...... :....Q.B3_dHc..`e.bdb... .`@..`...... os9.|...V...)00...... x...S...... _..m.m.m.m.m;e..y.~...... ...O.g...E.2|....o.w...C.1..~..._.o..08...... ?..0$...... x...wx.....;..j..fwf....R. %.....4...... "<.w..A.<..H.C'.E.E..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors Category: downloaded Size (bytes): 17174 Entropy (8bit): 2.9129715116732746 Encrypted: false SSDEEP: 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO MD5: 12E3DAC858061D088023B2BD48E2FA96 SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/favicon.ico Preview: ...... h(..f...HH...... (..00...... h....6...... =...... @...... (....A..(...... (...... "P...... """""""""""""""""""""""""""""" ...3 33333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""" """"""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333333333 3333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""" """"""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333 333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[2].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors Category: downloaded Size (bytes): 17174 Entropy (8bit): 2.9129715116732746 Encrypted: false SSDEEP: 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO MD5: 12E3DAC858061D088023B2BD48E2FA96 SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/favicon.ico?v2 Preview: ...... h(..f...HH...... (..00...... h....6...... =...... @...... (....A..(...... (...... "P...... """""""""""""""""""""""""""""" ...3 33333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""" """"""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333333333 3333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""" """"""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333 333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\github-actions-icon[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1332 Entropy (8bit): 5.041017987466267 Encrypted: false SSDEEP: 24:txLjxMW9HNjhllhxjhllLNjhllkLNhlllaobYTueNjhllmNjhll8qFHExjhsQ:flobYBWi MD5: 8B815D4362CC4A535AAC207F20B5C990

Copyright Joe Security LLC 2021 Page 28 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\github-actions-icon[1].svg SHA1: BFF3FF324278A8B7F9F3646499B8EB030B374DC6 SHA-256: 57F6E89B2A4CF80A519D1A1AA1A070135B2DC1A1489471FB2A70953F23274133 SHA-512: 729227E8DC57FB5BF98A94EC84B95B2AAF53409E81EF6E8F5BB83C021232056CB9687ECBC9B4823D7D55BC74105243AF558C595345E21B97628D29BAB32C4985 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/azure/media/index/github-actions-icon.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\icons[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), icons family Category: downloaded Size (bytes): 4388 Entropy (8bit): 5.568378803379191 Encrypted: false SSDEEP: 96:2WZx42qACoApC6do8MPOGiN4mER38GTDfO/fv:1x42qAHAo6VMPi6mcTy MD5: 77E1987DF3A0274C5A51E3C55CEE7C98 SHA1: 9B0FE96AF141AB09183F386F65BC627B8C396460 SHA-256: EF04649D4D068673CF0FA47EF4C45C8BE291E703F4EC5FC0E507F17839120AA2 SHA-512: B1E0CFB515FF2298799BA54574899D27B1FC043F66CC4E9591C504F88273B98697B99ED25955DB84986B39ED9F51864611833DC88064B14C29ADC020FBF6E295 Malicious: false Reputation: low IE Cache URL: https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/fonts/icons/icons.eot? Preview: $...... LP...... G...... i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.s...... OS/[email protected]...(...Vcmap.1...... Jglyf...... dhead. 9...... 6hhea.$...... $hmtx@...... loca". h...L...Bmaxp.3.`...... name...... post{NK...... G..._.<...... |...... |...... T...... D.l...H.D.l...... PfEd.@...... D...... (......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\items[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 3032 Entropy (8bit): 4.772304149758458 Encrypted: false SSDEEP: 48:eALoAAAVAwAMAgOAALAj0obIBoZVfHbANkHpdNNNq5dVPHGWDscqZIyFIytPIyvV:hLPqfjMDALwVENkHpdNNNIdVeW7LyyyZ MD5: EB33CCA295E6561C17A37B0402D68228 SHA1: E4898D90475A345FB9742F0BC0597AB549F059D2 SHA-256: CD0EDE8A6FD9ED469DDAC40AC4E497B1817FEDD70A96F4BE5C14E04C81D67733 SHA-512: 6459B4A3AD7C55F893C1FCBD05F57BA51F0EFB00BABD59CA17C1BC53824E7B21656733C7B02A80F216E7482FA4B3B9843D4371B6720D0949D6FA0E875B5D3189 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/api/hierarchy/items?locale=en-us&uids=learn.azure-well-architected-introduction%3Blearn.static-apps-gatsby%3Blearn.github.github- actions-automate-tasks Preview: [{"childCount":8,"childUIds":["learn.azure-well-architected-introduction.1-introduction","learn.azure-well-architected-introduction.2-pillars","learn.azure-well-architected- introduction.3-cost-optimization","learn.azure-well-architected-introduction.4-operational-excellence","learn.azure-well-architected-introduction.5-performance-efficie ncy","learn.azure-well-architected-introduction.6-reliability","learn.azure-well-architected-introduction.7-security","learn.azure-well-architected-introduction.8-summary "],"summary":"Learn how using key principles throughout your cloud architecture can help you design and build a solid architectural foundation that you can continuously i mprove.","levels":["beginner"],"products":["azure"],"roles":["solution-architect"],"uid":"learn.azure-well-architected-introduction","type":"module","title":"Introduction to the Mi crosoft Azure Well-Architected Framework","url":"/learn/modules/azure-well-architected-introduction/","iconUrl":"/learn/achievements/azure-w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-1.11.2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 95931 Entropy (8bit): 5.394232486761965

Copyright Joe Security LLC 2021 Page 30 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-1.11.2.min[1].js Encrypted: false SSDEEP: 1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB MD5: 5790EAD7AD3BA27397AEDFA3D263B867 SHA1: 8130544C215FE5D1EC081D83461BF4A711E74882 SHA-256: 2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0 SHA-512: 781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D 98A Malicious: false Reputation: low IE Cache URL: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js Preview: /*! jQuery v1.11.2 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports =a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window: this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^ [\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArra y:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.pr evObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\kinect-viewer[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 821 Entropy (8bit): 5.4196008359489625 Encrypted: false SSDEEP: 12:TMHdwYi/nzVc/KYf3KopZgSgM65nKBsol/4+uv9IBZNYmdZBuGJM65nKCeq5:2dVA6LfaopYMMnK//KVIZZJMMnKCeq5 MD5: 98B9126DCDA84E797D9D46925E810240 SHA1: 80990FCCC54AC96430B4CF56D5D5E0D916DA8F5D SHA-256: 5B997AAEAE6CE32DAAEE20A48E84CB865BF3FF1CB2CD65D72D3ACC3A593DBE93 SHA-512: C527A419CFB0E08AA585678B5719EDE4541D6F7ABDA8535214A71C9EFD67EEFC34EB892C44418420E3E247F60C8933147E53922476EF2BC0AE279456D3804A6D Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/azure/media/index/kinect-viewer.svg Preview: .. Generator: Adobe Illustrator 23.0.3, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\latest[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Segoe UI Semibold family Category: downloaded Size (bytes): 30643 Entropy (8bit): 7.976822258863597 Encrypted: false SSDEEP: 768:UOtV1asJ9G0dAdnVrKX/HkVJRPvkgxYZ4Zoe:bLasJ9G0u0fk/RnkgxGof MD5: E812BA8B7E2A657F2B70CFACE93C7682 SHA1: 2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD SHA-256: 3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9 SHA-512: 354B2DB12BC1D67F26F94352B0B663DAD64C46C107454FC19CFEA01C54BB09340BC26C06DE1B96FF826F5287CE246A6317722BAE41B72B63BA86FDAF844BA94 E Malicious: false Reputation: low IE Cache URL: https://i.s-microsoft.com/fonts/segoe-ui/west-european/semibold/latest.eot? Preview: .w...v...... X.....LP#...B...... ".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2...".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d...... H .P..lb.7^...... U.D.-..iu...:4P\..GLFM.Y.#?.;..-...~}_).z{.rmD.1".$.....{.t.....=...!cK...%.~.....g...... j.9S....6. ..n..V.]pz...e.....#X...=,.p.F..6&.VR...k$~J..n....7...... K.8..T.....x..J...... #.J .XaQ.Q%_{3..xr.... 0Dm...k..Ep...... >..?Pk!KB..C...Q.q..1=6<,.S.F.&B..J.....ya2b."S...... 6.2...... H...... *..09A...Tb/.&.d..#.E.:.E.(..I5.M..444d.1...... K..l...l.O..VBb...:..:b..Mh.'= 4.d/..o.k.mMm...... bx..!..S.@E.....>@:..k.JCas..7."..uG3hR.h..w..8W>.4...... pX....J..a....}.Y...... (>H^=.`=.mg*.!.....w'...J.<.ob..3A .../.....5%.'....XS0a...... I.Ia....a...=..g...... {V1+.."_)7$2 O..!bb.=..|.s.1..2qm..#.O...... +E(I..1....EgQ.....E)R.m.?.8.q...J.G.@!f..n.F.r#..(..2p.?.9.8..?.d]..s..0.9.f..A...r.iq....x.g.aO....S.....R0i..BT.yl.".

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo-ms-social[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 400 x 400, 4-bit colormap, non-interlaced Category: downloaded Size (bytes): 449 Entropy (8bit): 3.445261288153401

Copyright Joe Security LLC 2021 Page 31 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo-ms-social[1].png Encrypted: false SSDEEP: 3:yionv//thPk9k1C0OaYpmbKaNXNac7kEbXDoe9AWlWsUQ8ttP0o000000000000R:6v/lhPk9kNvXNaAveWlHWrxL917Ndp MD5: FA769BA2FD25C9BDD269A736E0942218 SHA1: 046BC4E1C9CC27618D0390EAF9E35705A1A77356 SHA-256: 2D59B358C254D5467046E6F341825949AAFECFE46AF27B541FAE72850C9FC41F SHA-512: 696BD75A822AB202715D54B2F3947E072DEDF66E6469653888425C75EDA2B13811A1428892BE005968C0CE87CC9944AC1A3F093C477F6F04E81B34A26E2AE439 Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png Preview: .PNG...... IHDR...... r.+.....PLTE...... P"...... 6.:....mIDATx...Q..0...... ,.9...i..!.u..G...... k&I...... 2R]#I.t...... V..w...... IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mascot-cloud[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 227 x 180, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 29477 Entropy (8bit): 7.989993725628794 Encrypted: false SSDEEP: 768:cvrrZdSd73XYCbMMVl5byMvY98hSSNHD/1IgUs:gr/SFXoe5bpkS7Os MD5: F2CC40707E9C427F3B103C035925BCF7 SHA1: 680DA7A0A236F260CF758B2BBFC7879C05AEA02D SHA-256: DCF33C0BB996CA88ED45034DA9EAD5AADE0EE9A538E94C7111617A98320AC3DD SHA-512: CA518568580F6C6B8AB23C17B9C4AADB1599912F5418156005411C21839453E8280E3E0F9809EB506B697342B40CBD36B6684472B86CCCB3DCAE24D05B4BD5AC Malicious: false Reputation: low IE Cache URL: https://docs.microsoft.com/en-us/media/learn/home/mascot-cloud.png Preview: .PNG...... IHDR...... f...... 4zTXtRaw profile type exif..x..Y....E...^..a9..0{;....."ER.d.,.2.CD..;8B...... :j...#.8y....x...... s..{....._oD^..>....'..?....a...._...u.....O...~.H^...... q> O....K]_...... 7...... ~z..%+.(.xRH...+H...... )..g...!.ok% ?-...?.. .{.~.....~._.H..~.'.}#._^.#...... W..~c.0...... Z..|V7s%....^.....E...Z.....O..oRn~....#D.r]....7...... s<...... S.#....?..F..I.....k...o..- ...8X.+...... `.O...... 2.9..S$$.....o?_..?...J...sg...!V...VzyN|...i...}...q...D.|....|...@.;..\yL9.2.J..E.R....un....l,.F..6...jj.f.I.r..O...%.\J.....(...k...*..-..J....F.=..K....G.#....QG.}.1gt..M.5... .WZy.UW[}.57...... {Z.d..Uk.m.<.....SN=..3...M7.r.m..q...}e.O?."k.+k.eJ.k....o...... o.....3.!...)g~D..D..(7.2F...... =w.d...... sN....#u...o.f...2..B..'...O...)R.??....;q.}...A.&..g.R ....T....c91.Y.=...M...,.wS.,....1.6r...... i...5..Y9...A...r;.wV.e.\.UF...T.*.....z..t..)...2.k...&.....6v...h.).6."....j-&.q.....;...+.n.<.LT...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\meBoot.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 158941 Entropy (8bit): 5.548138629397904 Encrypted: false SSDEEP: 3072:UiJTI1f9EHWetidPRqfg5ihEGYZ4gWifqSASP:DJc7etiXGcWYqSASP MD5: 1565506CD069A120046FE607C380061B SHA1: F12FD29476706045370F51A1B5E0F0DB357171C0 SHA-256: A1E1703E2F692C757EA67C8A045849C7F9F07D27E7C3CDDDD211BFDA2B612189 SHA-512: DA412A16323D3FA04B24EFCF11D094E4B6C1E1013C890316E77A21CA6100BF50D0A22ED2941A324016865A1BF884F08A2DF038DBB031802D3B1FB1FAE4DEA0C 4 Malicious: false Reputation: low IE Cache URL: https://mem.gfx.ms/scripts/me/MeControl/10.21153.1/de-DE/meBoot.min.js Preview: MeControlDefine("meBoot",["exports","@mecontrol/web-inline"],function(t,w){"use strict";var c=function(){},i={},u=[],p=[];function S(t,e){var r,n,o,i,a=p;for(i=arguments. length;2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\navcancl[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 2713 Entropy (8bit): 4.1712007174415895 Encrypted: false SSDEEP: 24:r3avxU5hzsIVmVMeLmVMyHf63lboxMCLxvriN6LOAPAnQay78eLx5Tb87nVkEhML:upU0GVeLVGBXvrp4n/1a5TI7Ve/G79KX MD5: 4BCFE9F8DB04948CDDB5E31FE6A7F984

Copyright Joe Security LLC 2021 Page 32 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\navcancl[1] SHA1: 42464C70FC16F3F361C2419751ACD57D51613CDF SHA-256: BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228 SHA-512: BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/navcancl.htm Preview: ......... .. .... .... .... .. .. .... ....

.... Error title -->.. ..

.. .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\override[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 1531 Entropy (8bit): 4.797455242405607 Encrypted: false SSDEEP: 24:Udf0F+MOu2UOqD3426TKgR2Yyk9696TkMYqdfskeEkeGk/ksuF9qaSm9qags:Ud8FYqTj36TKgR2Yyk9696TkMYO0keEW MD5: A570448F8E33150F5737B9A57B6D889A SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248 SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC Malicious: false Reputation: low IE Cache URL: https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css?c=7 Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call- to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c- call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page- wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI, SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g- nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\override[2].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 1531 Entropy (8bit): 4.797455242405607 Encrypted: false SSDEEP: 24:Udf0F+MOu2UOqD3426TKgR2Yyk9696TkMYqdfskeEkeGk/ksuF9qaSm9qags:Ud8FYqTj36TKgR2Yyk9696TkMYO0keEW MD5: A570448F8E33150F5737B9A57B6D889A SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248 SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC Malicious: false Reputation: low IE Cache URL: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7 Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call- to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c- call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page- wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI, SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g- nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacystatement[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 345181 Entropy (8bit): 4.862306319265469 Encrypted: false SSDEEP: 3072:Aq6o8dTd87wNHDmBS9v+6WjUi0/VYryCGTtLruCkUIx4z7ZV/BdQZyBKRkugyZCX:A387yjrtR/Or2tn8yQIyZCSDH+BdN Copyright Joe Security LLC 2021 Page 33 of 48 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\privacystatement[1].htm MD5: A71BC6FC93354DFA73B0102B726B69A6 SHA1: C3E8FD836F52FF1E0BDD5A4B43AB847C4503B3F1 SHA-256: 04254087D06FA9B5164AB02BFAC3D4B02E73BF636BD87B2752F99A939A36AD72 SHA-512: 28DEDB2D4415F1D9673B0FD95B86EE6F88F3E7F85D0D530F83AA1E9E264857D00E131A866DA9F4CE94A69FFB08E5BCF128D79EAFF63958AB9B807432D3487937 Malicious: false Reputation: low Preview: .