ID: 406830 Cookbook: browseurl.jbs Time: 09:36:59 Date: 07/05/2021 Version: 32.0.0 Black Diamond Table of Contents
Table of Contents 2 Analysis Report https://hmk- my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3zcU0H7s6bMwEg? e=4%3ajV6tDZ&at=9 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Startup 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 9 Contacted IPs 15 Public 15 Private 15 General Information 15 Simulations 18 Behavior and APIs 18 Joe Sandbox View / Context 18 IPs 18 Domains 18 ASN 18 JA3 Fingerprints 18 Dropped Files 18 Created / dropped Files 18 Static File Info 52 No static file info 52 Network Behavior 52 Network Port Distribution 52 TCP Packets 52 UDP Packets 54 DNS Queries 57 DNS Answers 58 HTTPS Packets 59 Code Manipulations 60 Statistics 60 Behavior 60 System Behavior 61 Analysis Process: iexplore.exe PID: 4292 Parent PID: 792 61 General 61 File Activities 61 Registry Activities 61 Analysis Process: iexplore.exe PID: 5400 Parent PID: 4292 61 General 61 File Activities 61 Registry Activities 62 Analysis Process: dllhost.exe PID: 6600 Parent PID: 792 62 General 62 File Activities 62 Analysis Process: explorer.exe PID: 3440 Parent PID: 6600 62 General 62 File Activities 62 Analysis Process: iexplore.exe PID: 724 Parent PID: 4292 63 General 63 File Activities 63 Registry Activities 63 Disassembly 63 Code Analysis 63
Copyright Joe Security LLC 2021 Page 2 of 63 Analysis Report https://hmk-my.sharepoint.com:443/:b:/…g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3zcU0H7s6bMwEg?e=4%3ajV6tDZ&at=9
Overview
General Information Detection Signatures Classification
Sample URL: https://hmk-my.sharepoint. com:443/:b:/g/personal/cd YYaarrraa ddeettteeccttteedd HHtttmlllPPhhiiisshh1100 ark3_hallmark_com/ESso PYPhahiirissahh diiinneggt e ssciiitttee d dd eHetttteemcctlttPeedhd i (s((bbhaa1ss0eedd oonn iiim… Cn...llmark_com/ESsoCnIn 0KVAvpl8nR3eDlkBbuLER PPhhiiisshhiiinngg ssiiitttee ddeettteeccttteedd (((bbaasseedd oonn llilomogg… AJv3zcU0H7s6bMwEg?e= 4%3ajV6tDZ&at=9 HPHThTiMshLLi n bbgoo dsdyiyt e cc odonentttaeaiciinntses d llloo (wwb a nnsuuemdb boeenrrr loofffg … Ransomware
Miner Spreading Analysis ID: 406830 HHTTMLL ttbtiiittotllleed ydd ocoeoesns t nanoionttt s m loaawtttcc hhn uUUmRRbLLer of mmaallliiiccciiioouusss Infos: malicious Evader Phishing MHToonMniiittLtoo rrtrsist l ecce edrrrotttaaeiiinsn nrrreeoggt iiimsstttrarryyt c kkhee yUyssR ///L vvaallluu… sssuusssppiiiccciiioouusss Moonniittoorrss cceerrttaaiinn rreeggiissttrryy kkeeyyss // vvaalluu… suspicious Most interesting Screenshot: cccllleeaann SMSuuobbnmitoiiitttr bsb uuctttetttoortnna iccnoo rnnetttagaiiinsntssr y jjja akvveaayssscc rr/ri iipvptatt clcuaallllll clean
Exploiter Banker Submit button contains javascript call
HTMLPhisher Spyware Trojan / Bot
Adware Score: 56 Range: 0 - 100 Whitelisted: false Confidence: 100%
Startup
System is w10x64 iexplore.exe (PID: 4292 cmdline: 'C:\Program Files \Internet Explorer \iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 5400 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) iexplore.exe (PID: 724 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:82952 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) dllhost.exe (PID: 6600 cmdline: C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D} MD5: 2528137C6745C4EADD87817A1909677E) explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D) cleanup
Malware Configuration
No configs have been found
Yara Overview
Dropped Files
Source Rule Description Author Strings C:\Users\user\AppData\Local\Microsoft \Windows\INet JoeSecurity_HtmlPhish_10 Yara detected Joe Security Cache\IE\OTUW0Q90\ESsoCnIn0KVAvpl8nR3eDl HtmlPhish_10 kBbuLERAJv3zcU0H7s6bMwEg[1].htm
Sigma Overview
No Sigma rule has matched
Copyright Joe Security LLC 2021 Page 3 of 63 Signature Overview
• Phishing • Compliance • Networking • System Summary • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Phishing:
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
Mitre Att&ck Matrix
Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Impact Valid Scripting 1 Path Process Masquerading 1 OS Query Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Interception Injection 2 Credential Registry 1 Services Local Over Other Channel 2 Insecure Track Device System Dumping System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Security Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 2 Memory Software Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery 1 Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Scripting 1 Security Process SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script Account Discovery 1 Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups Local At Logon Script Logon Binary Padding NTDS File and Distributed Input Scheduled Protocol SIM Card Carrier Accounts (Windows) (Mac) Script Directory Component Capture Transfer Impersonation Swap Billing (Mac) Discovery 1 Object Model Fraud
Behavior Graph
Copyright Joe Security LLC 2021 Page 4 of 63 Hide Legend Legend: Behavior Graph Process ID: 406830 URL: https://hmk-my.sharepoint.c... Signature Startdate: 07/05/2021 Architecture: WINDOWS Created File Score: 56 DNS/IP Info Is Dropped
hmk.sharepoint.com hmk-my.sharepoint.com 2 other IPs or domains Is Windows Process
started started Number of created Registry Values
Phishing site detected Number of created Files Phishing site detected Yara detected HtmlPhish10 (based on logo template (based on image similarity) match) Visual Basic
Delphi
iexplore.exe Jdllahovsta.exe
.Net C# or VB.NET 5 84 C, C++ or other language
Is malicious 192.168.2.1 unknown statics-wcus.onestore.ms 8 other IPs or domains started started Internet injected unknown
iexplore.exe iexplore.exe explorer.exe
2 47 333
blob.bl6prdstr14a.store.core.windows.net cs1227.wpc.alphacdn.net
spoprod-a.akamaihd.net hmk.sharepoint.com 3 other IPs or domains dropped 52.239.152.74, 443, 49800, 49801 192.229.221.185, 443, 49777, 49778 10 other IPs or domains MICROSOFT-CORP-MSN-AS-BLOCKUS EDGECASTUS United States United States
ESsoCnIn0KVAvpl8nR...cU0H7s6bMwEg[1].htm, HTML
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright Joe Security LLC 2021 Page 5 of 63 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link https://hmk- 0% Virustotal Browse my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3z cU0H7s6bMwEg?e=4%3ajV6tDZ&at=9 https://hmk- 0% Avira URL Cloud safe my.sharepoint.com:443/:b:/g/personal/cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBbuLERAJv3z cU0H7s6bMwEg?e=4%3ajV6tDZ&at=9
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Copyright Joe Security LLC 2021 Page 6 of 63 Source Detection Scanner Label Link www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.mercadolivre.com.br/ 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe www.merlin.com.pl/favicon.ico 0% URL Reputation safe https://www.microsoftstore.com.cn/surface-pro-x-configurate 0% Avira URL Cloud safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe www.dailymail.co.uk/ 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://assets.onestore.ms 0% URL Reputation safe https://www.microsoftstore.com.cn/surface/surface-pro-7 0% Avira URL Cloud safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe www.galapagosdesign.com/DPlease 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe www.etmall.com.tw/favicon.ico 0% URL Reputation safe www.etmall.com.tw/favicon.ico 0% URL Reputation safe www.etmall.com.tw/favicon.ico 0% URL Reputation safe www.etmall.com.tw/favicon.ico 0% URL Reputation safe it.search.dada.net/favicon.ico 0% URL Reputation safe it.search.dada.net/favicon.ico 0% URL Reputation safe it.search.dada.net/favicon.ico 0% URL Reputation safe it.search.dada.net/favicon.ico 0% URL Reputation safe search.hanafos.com/favicon.ico 0% URL Reputation safe search.hanafos.com/favicon.ico 0% URL Reputation safe search.hanafos.com/favicon.ico 0% URL Reputation safe search.hanafos.com/favicon.ico 0% URL Reputation safe cgi.search.biglobe.ne.jp/favicon.ico 0% Virustotal Browse cgi.search.biglobe.ne.jp/favicon.ico 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/surface/surface-pro-x 0% Avira URL Cloud safe search.msn .co.jp/results.aspx?q= 0% URL Reputation safe search.msn.co.jp/results.aspx?q= 0% URL Reputation safe search.msn.co.jp/results.aspx?q= 0% URL Reputation safe search.msn.co.jp/results.aspx?q= 0% URL Reputation safe buscar.ozu.es/ 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/surface/surface-go-2 0% Avira URL Cloud safe search.auction.co.kr/ 0% URL Reputation safe search.auction.co.kr/ 0% URL Reputation safe search.auction.co.kr/ 0% URL Reputation safe www.pchome.com.tw/favicon.ico 0% URL Reputation safe www.pchome.com.tw/favicon.ico 0% URL Reputation safe www.pchome.com.tw/favicon.ico 0% URL Reputation safe browse.guardian.co.uk/favicon.ico 0% URL Reputation safe browse.guardian.co.uk/favicon.ico 0% URL Reputation safe browse.guardian.co.uk/favicon.ico 0% URL Reputation safe google.pchome.com.tw/ 0% URL Reputation safe google.pchome.com.tw/ 0% URL Reputation safe google.pchome.com.tw/ 0% URL Reputation safe www.ozu.es/favicon.ico 0% Avira URL Cloud safe search.yahoo.co.jp/favicon.ico 0% URL Reputation safe search.yahoo.co.jp/favicon.ico 0% URL Reputation safe search.yahoo.co.jp/favicon.ico 0% URL Reputation safe https://hmk-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47TTR 0% Avira URL Cloud safe
Copyright Joe Security LLC 2021 Page 7 of 63 Source Detection Scanner Label Link www.gmarket.co.kr/ 0% URL Reputation safe www.gmarket.co.kr/ 0% URL Reputation safe www.gmarket.co.kr/ 0% URL Reputation safe www.founder.com.cn/cn/bThe 0% URL Reputation safe www.founder.com.cn/cn/bThe 0% URL Reputation safe www.founder.com.cn/cn/bThe 0% URL Reputation safe https://www.microsoftstore.com.cn/surface-pro-7-configurate 0% Avira URL Cloud safe https://www.microsoftstore.com.cn/surface-book-3-configurate 0% Avira URL Cloud safe search.orange.co.uk/favicon.ico 0% URL Reputation safe search.orange.co.uk/favicon.ico 0% URL Reputation safe search.orange.co.uk/favicon.ico 0% URL Reputation safe www.iask.com/ 0% URL Reputation safe www.iask.com/ 0% URL Reputation safe www.iask.com/ 0% URL Reputation safe https://www.microsoftstore.com.cn/surface-laptop-go-configurate 0% Avira URL Cloud safe service2.bfast.com/ 0% URL Reputation safe service2.bfast.com/ 0% URL Reputation safe service2.bfast.com/ 0% URL Reputation safe www.news.com.au/favicon.ico 0% URL Reputation safe www.news.com.au/favicon.ico 0% URL Reputation safe www.news.com.au/favicon.ico 0% URL Reputation safe www.kkbox.com.tw/ 0% URL Reputation safe www.kkbox.com.tw/ 0% URL Reputation safe www.kkbox.com.tw/ 0% URL Reputation safe search.goo.ne.jp/favicon.ico 0% URL Reputation safe search.goo.ne.jp/favicon.ico 0% URL Reputation safe search.goo.ne.jp/favicon.ico 0% URL Reputation safe www.etmall.com.tw/ 0% URL Reputation safe www.etmall.com.tw/ 0% URL Reputation safe www.etmall.com.tw/ 0% URL Reputation safe https://www.microsoftstore.com.cn/surface-go-2-configurate 0% Avira URL Cloud safe www.amazon.co.uk/ 0% URL Reputation safe www.amazon.co.uk/ 0% URL Reputation safe www.amazon.co.uk/ 0% URL Reputation safe www.asharqalawsat.com/favicon.ico 0% URL Reputation safe www.asharqalawsat.com/favicon.ico 0% URL Reputation safe
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation microsoftwindows.112.2o7.net 15.237.136.106 true false high blob.bl6prdstr14a.store.core.windows.net 52.239.152.74 true false high cs1227.wpc.alphacdn.net 192.229.221.185 true false unknown aka.ms 95.101.18.109 true false high logincdn.msauth.net unknown unknown false unknown assets.adobedtm.com unknown unknown false high statics-eas.onestore.ms unknown unknown false unknown assets.onestore.ms unknown unknown false unknown ajax.aspnetcdn.com unknown unknown false high mem.gfx.ms unknown unknown false unknown statics-neu.onestore.ms unknown unknown false unknown statics-wcus.onestore.ms unknown unknown false unknown cart.production.store-web.dynamics.com unknown unknown false high statics-eus.onestore.ms unknown unknown false unknown hmk-my.sharepoint.com unknown unknown false unknown amp.azure.net unknown unknown false high spoprod-a.akamaihd.net unknown unknown false high offertooldataprod.blob.core.windows.net unknown unknown false high
Copyright Joe Security LLC 2021 Page 8 of 63 URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation search.chol.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.mercadolivre.com.br/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp www.merlin.com.pl/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp https://www.microsoftstore.com.cn/surface-pro-x- script[2].js.11.dr false Avira URL Cloud: safe unknown configurate www.dailymail.co.uk/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp https://assets.onestore.ms RWBtR2[1].htm0.11.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe www.asp.net/ajaxlibrary/CDN.ashx. privacy-in-our-products[1].htm.11.dr false high www.fontbureau.com/designers explorer.exe, 00000006.0000000 false high 0.387549826.000000000B1A6000.0 0000002.00000001.sdmp https://www.microsoftstore.com.cn/surface/surface-pro-7 script[2].js.11.dr false Avira URL Cloud: safe unknown fr.search.yahoo.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp in.search.yahoo.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp img.shopzilla.com/shopzilla/shopzilla.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.galapagosdesign.com/DPlease explorer.exe, 00000006.0000000 false URL Reputation: safe unknown 0.387549826.000000000B1A6000.0 URL Reputation: safe 0000002.00000001.sdmp URL Reputation: safe URL Reputation: safe https://aka.ms/PrivacyReport iexplore.exe, 00000001.0000000 false high 2.612625527.000002014EDE7000.0 0000004.00000001.sdmp msk.afisha.ru/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.reddit.com/ msapplication.xml4.1.dr false high busca.igbusca.com.br//app/static/images/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp www.autoitscript.com/autoit3/J explorer.exe, 00000006.0000000 false high 2.599412167.000000000095C000.0 0000004.00000020.sdmp
Copyright Joe Security LLC 2021 Page 9 of 63 Name Source Malicious Antivirus Detection Reputation www.ya.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.etmall.com.tw/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp it.search.dada.net/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp search.hanafos.com/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 URL Reputation: safe 0000F293000.00000002.00000001. sdmp https://www.skype.com/en/ microsoft-office[1].htm.11.dr false high cgi.search.biglobe.ne.jp/favicon.ico iexplore.exe, 00000001.0000000 false 0%, Virustotal, Browse unknown 2.601781877.000002014C333000.0 Avira URL Cloud: safe 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.xbox.com/sI1 iexplore.exe, 00000001.0000000 false high 2.612518520.000002014ED7B000.0 0000004.00000001.sdmp https://www.microsoftstore.com.cn/surface/surface-pro-x script[2].js.11.dr false Avira URL Cloud: safe unknown search.msn.co.jp/results.aspx?q= explorer.exe, 00000006.0000000 false URL Reputation: safe unknown 0.390892245.000000000F293000.0 URL Reputation: safe 0000002.00000001.sdmp URL Reputation: safe URL Reputation: safe buscar.ozu.es/ iexplore.exe, 00000001.0000000 false Avira URL Cloud: safe unknown 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.microsofttranslator.com/BVPrev.aspx? iexplore.exe, 00000001.0000000 false high ref=IE8Activity 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.ask.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.google.it/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.microsoftstore.com.cn/surface/surface-go-2 script[2].js.11.dr false Avira URL Cloud: safe unknown search.auction.co.kr/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.amazon.de/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp sads.myspace.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp
Copyright Joe Security LLC 2021 Page 10 of 63 Name Source Malicious Antivirus Detection Reputation www.pchome.com.tw/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp browse.guardian.co.uk/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp google.pchome.com.tw/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp list.taobao.com/browse/search_visual.htm?n=15&q= iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.rambler.ru/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://aka.ms/TimePlayedStat privacy-report[1].htm.11.dr false high https://aka.ms/privacyresponse privacy-report[1].htm.11.dr false high uk.search.yahoo.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.ozu.es/favicon.ico iexplore.exe, 00000001.0000000 false Avira URL Cloud: safe unknown 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.sify.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp openimage.interpark.com/interpark.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.yahoo.co.jp/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://hmk- iexplore.exe, 00000001.0000000 false Avira URL Cloud: safe unknown my.sharepoint.com/_layouts/15/images/favicon.ico? 2.612249561.000002014EC9D000.0 rev=47TTR 0000004.00000001.sdmp www.gmarket.co.kr/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.founder.com.cn/cn/bThe explorer.exe, 00000006.0000000 false URL Reputation: safe unknown 0.387549826.000000000B1A6000.0 URL Reputation: safe 0000002.00000001.sdmp URL Reputation: safe search.nifty.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://support.office.com/en-us/article/accounts-in- microsoft-office[1].htm.11.dr false high office-628ea040-f265-49de-b986-be09c3ebf8a9
Copyright Joe Security LLC 2021 Page 11 of 63 Name Source Malicious Antivirus Detection Reputation www.google.si/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.soso.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.microsoftstore.com.cn/surface-pro-7- script[2].js.11.dr false Avira URL Cloud: safe unknown configurate https://www.microsoftstore.com.cn/surface-book-3- script[2].js.11.dr false Avira URL Cloud: safe unknown configurate busca.orange.es/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp cnweb.search.live.com/results.aspx?q= iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.twitter.com/ iexplore.exe, 00000001.0000000 false high 2.612344223.000002014ED04000.0 0000004.00000001.sdmp auto.search.msn.com/response.asp?MT= iexplore.exe, 00000001.0000000 false high 2.601264147.000002014C240000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390766778.00000 0000F1A0000.00000002.00000001. sdmp www.target.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.xbox.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.612625527.000002014EDE7000.0 0000004.00000001.sdmp search.orange.co.uk/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.iask.com/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.microsoftstore.com.cn/surface-laptop-go- script[2].js.11.dr false Avira URL Cloud: safe unknown configurate search.centrum.cz/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp service2.bfast.com/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp ariadna.elmundo.es/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp
Copyright Joe Security LLC 2021 Page 12 of 63 Name Source Malicious Antivirus Detection Reputation www.news.com.au/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.cdiscount.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.tiscali.it/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp it.search.yahoo.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.ceneo.pl/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.servicios.clarin.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.daum.net/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.kkbox.com.tw/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.goo.ne.jp/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.msn.com/results.aspx?q= explorer.exe, 00000006.0000000 false high 0.390892245.000000000F293000.0 0000002.00000001.sdmp list.taobao.com/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.nytimes.com/ iexplore.exe, 00000001.0000000 false high 2.612344223.000002014ED04000.0 0000004.00000001.sdmp www.taobao.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.etmall.com.tw/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp
Copyright Joe Security LLC 2021 Page 13 of 63 Name Source Malicious Antivirus Detection Reputation ie.search.yahoo.com/os?command= iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.cnet.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.linternaute.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://www.microsoftstore.com.cn/surface-go-2- script[2].js.11.dr false Avira URL Cloud: safe unknown configurate https://www.xbox.com/7J iexplore.exe, 00000001.0000000 false high 2.612518520.000002014ED7B000.0 0000004.00000001.sdmp www.amazon.co.uk/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.cdiscount.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.asharqalawsat.com/favicon.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.google.fr/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp search.gismeteo.ru/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.rtl.de/ iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp https://hmk- iexplore.exe, 00000001.0000000 false Avira URL Cloud: safe unknown my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47q6 2.612249561.000002014EC9D000.0 0000004.00000001.sdmp www.movable-type.co.uk/dev/keyboardevent-key- mwf-main.var[1].js.11.dr false URL Reputation: safe unknown values.html URL Reputation: safe URL Reputation: safe https://mem.gfx.ms RWBtR2[1].htm0.11.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe www.soso.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.univision.com/favicon.ico iexplore.exe, 00000001.0000000 false high 2.601781877.000002014C333000.0 0000002.00000001.sdmp, explorer.exe, 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp
Copyright Joe Security LLC 2021 Page 14 of 63 Name Source Malicious Antivirus Detection Reputation search.ipop.co.kr/ iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp www.auction.co.kr/auction.ico iexplore.exe, 00000001.0000000 false URL Reputation: safe unknown 2.601781877.000002014C333000.0 URL Reputation: safe 0000002.00000001.sdmp, explorer.exe, URL Reputation: safe 00000006.00000000.390892245.00000 0000F293000.00000002.00000001. sdmp
Contacted IPs
No. of IPs < 25% 25% < No. of IPs < 50%
50% < No. of IPs < 75% 75% < No. of IPs
Public
IP Domain Country Flag ASN ASN Name Malicious 52.239.152.74 blob.bl6prdstr14a.store.cor United States 8075 MICROSOFT-CORP-MSN- false e.windows.net AS-BLOCKUS 95.101.18.109 aka.ms European Union 16625 AKAMAI-ASUS false 192.229.221.185 cs1227.wpc.alphacdn.net United States 15133 EDGECASTUS false
Private
IP 192.168.2.1
General Information
Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 406830 Start date: 07.05.2021 Start time: 09:36:59 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 8m 56s
Copyright Joe Security LLC 2021 Page 15 of 63 Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://hmk-my.sharepoint.com:443/:b:/g/personal /cdark3_hallmark_com/ESsoCnIn0KVAvpl8nR3eDlkBb uLERAJv3zcU0H7s6bMwEg?e=4%3ajV6tDZ&at=9 Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 24 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 1 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: MAL Classification: mal56.phis.win@6/325@21/4 EGA Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://go.microsoft.com/fwlink/? linkid=845480 Browsing link: https://privacy.microsoft.com/ Browsing link: https://account.microsoft.com/privacy Browsing link: https://aka.ms/PrivacyReport Browsing link: https://privacy .microsoft.com/privacy-in-our-products Browsing link: https://go.microsoft.com/fwlink/? LinkId=521839 Browsing link: https://www.microsoft.com/microsoft- 365 Browsing link: https://www.microsoft.com/en- us/microsoft-365/microsoft-office Browsing link: https://www.microsoft.com/en- us/windows/ Browsing link: https://www.microsoft.com/en- us/surface Browsing link: https://www.xbox.com/ Browsing link: https://www.microsoft.com/en- us/store/b/sale?icid=gm_nav_L0_salepage Warnings: Show All Excluded IPs from analysis (whitelisted): 13.64.90.137, 104.43.193.48, 92.122.145.220, 88.221.62.148, 13.107.136.9, 23.32.238.115, 23.32.238.104, 23.32.238.153, 23.32.238.138, 92.122.213.216, 92.122.213.248, 104.43.139.144, 168.61.161.212, 20.82.209.183, 152.199.19.161, 92.122.213.247, 92.122.213.194, 92.122.145.53, 152.199.19.160, 92.122.213.240, 23.218.209.163, 84.53.167.109, 23.210.253.93, 23.50.97.161, 40.126.31.8, 40.126.31.139, 40.126.31.4, 40.126.31.137, 40.126.31.141, 20.190.159.132, 20.190.159.134, 40.126.31.6, 2.20.142.210, 2.20.142.209, 92.122.213.176, 92.122.213.193, 13.107.246.45, 13.107.213.45, 88.221.228.182, 2.17.185.83, 65.55.44.109, 92.122.213.200, 92.122.213.219, 92.122.213.195, 92.122.213.163, 52.155.217.156, 23.218.208.236, 2.21.61.5, 20.54.26.129, 23.218.208.56, 52.236.25.6, 20.82.210.154 TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, cn- assets.adobedtm.com.edgekey.net, iris-de-prod- azsc-neu-b.northeurope.cloudapp.azure.com, i.s- microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net, a1945.g2.akamai.net, statics-marketingsites-eus- ms-com.akamaized.net, au-bg- shim.trafficmanager.net, modern.akamai.odsp.cdn.office.net, account.microsoft.com.edgekey.net, global.vortex.data.trafficmanager.net, ris- prod.trafficmanager.net, compass- ssl.microsoft.com,
Copyright Joe Security LLC 2021 Page 16 of 63 lgincdnvzeuno.ec.azureedge.net, assets.onestore.ms.akadns.net, statics.onestore.ms.edgekey.net, skypedataprdcolcus15.cloudapp.net, c- s.cms.ms.akadns.net, modern.akamai.odsp.cdn.office.net- c.edgesuite.net.globalredir.akadns.net, ris.api.iris.microsoft.com, lgincdn.trafficmanager.net, cdn.account.microsoft.com.akadns.net, a1531.g2.akamai.net, spoprod- a.akamaihd.net.edgesuite.net, c.s-microsoft.com- c.edgekey.net, compass- ssl.microsoft.com.edgekey.net, spo-0004.spo- msedge.net, cs9.wpc.v0cdn.net, a1985.g2.akamai.net, e9412.b.akamaiedge.net, compass-ssl.microsoft.com.nsatc.net, i.s- microsoft.com, consumerrp-displaycatalog- aks2eap-europe.md.mp.microsoft.com.akadns.net, statica.akamai.odsp.cdn.office.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadn s.net, e12564.dspb.akamaiedge.net, part-0017.t- 0009.t-msedge.net, go.microsoft.com, prod-video- cms-rt-microsoft-com.akamaized.net, arc.trafficmanager.net, prod.fs.microsoft.com.akadns.net, 160c1.wpc.azureedge.net, displaycatalog- europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod- azsc-neu.northeurope.cloudapp.azure.com, ie9comview.vo.msecnd.net, cs22.wpc.v0cdn.net, mem.gfx.ms.edgekey.net, a767.dscg3.akamai.net, login.msa.msidentity.com, firstparty-azurefd- prod.trafficmanager.net, c.s-microsoft.com, e7808.dscg.akamaiedge.net, go.microsoft.com.edgekey.net, a1963.g2.akamai.net, 19820- ipv4e.farm.prod.sharepointonline.com.akadns.net, az725175.vo.msecnd.net, e13678.dspb.akamaiedge.net, query.prod.cms.rt.microsoft.com, displaycatalog- rp.md.mp.microsoft.com.akadns.net, wcpstatic.microsoft.com, mwf- service.akamaized.net, e13678.dscb.akamaiedge.net, sw-prod- appgwpublicip- northeurope.northeurope.cloudapp.azure.com, a1902.dscd.akamai.net, e11290.dspg.akamaiedge.net, www.microsoft.com- c-3.edgekey.net, query.prod.cms.rt.microsoft.com.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, e11070.b.akamaiedge.net, watson.telemetry.microsoft.com, a1778.g2.akamai.net, e10583.dspg.akamaiedge.net, fs.microsoft.com, displaycatalog-rp- europe.md.mp.microsoft.com.akadns.net, statica.akamai.odsp.cdn.office.net-c.edgesuite.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, www.tm.a.prd.aadg.akadns.net, statics- marketingsites-wcus-ms-com.akamaized.net, modern.akamai.odsp.cdn.office.net- c.edgesuite.net, web.vortex.data.trafficmanager.net, e10583.g.akamaiedge.net, e55.dspb.akamaiedge.net, store-images.s- microsoft.com, blobcollector.events.data.trafficmanager.net, privacy.microsoft.com.edgekey.net, www.tm.lg.prod.aadmsa.trafficmanager.net, e2699.dspg.akamaiedge.net, account.microsoft.com, au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, arc.msn.com, 19820-ipv4.farm.prod.aa- rt.sharepoint.com.spo-0004.spo-msedge.net, www.microsoft.com-c- 3.edgekey.net.globalredir.akadns.net, mscomajax.vo.msecnd.net, storeweb-cart- prod.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt- microsoft-com.akamaized.net, statica.akamai.odsp.cdn.office.net- c.edgesuite.net.globalredir.akadns.net, ctldl.windowsupdate.com, Copyright Joe Security LLC 2021 Page 17 of 63 e1723.g.akamaiedge.net, web.vortex.data.microsoft.com, lgincdnvzeuno.azureedge.net, privacy.microsoft.com, dual.part-0017.t-0009.t- msedge.net, e13678.dscg.akamaiedge.net, www.microsoft.com, a1813.dscd.akamai.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtReadVirtualMemory calls found.
Simulations
Behavior and APIs
Time Type Description 09:38:09 API Interceptor 1x Sleep call for process: dllhost.exe modified
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\account.microsoft[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13 Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aKb:JFKb MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FE D
Copyright Joe Security LLC 2021 Page 18 of 63 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\account.microsoft[1].xml Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8FD3AC5F-AF52-11EB-90E5-ECF4BB2D2496}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 60616 Entropy (8bit): 2.1305538489110543 Encrypted: false SSDEEP: 192:r6ZtZn2SWTt1fqlMJGzfisr1c1DUW1n1/19n1uW1S15a1swW:rmD2RRtnJGzz1c1/1n1/1Z1F1S1U18 MD5: 6CE613D093E2E702852BFBE6746AFC7F SHA1: 43A003559FCC5126A21908D7E2E24A632D2BA561 SHA-256: 51BC96C19CD360866FF2CD94F594EE10731939CBFDA5F829E80C01E8300112F6 SHA-512: 28A16F6EE9890B5E31BB8413F1A72FB171B99097A6BCE1FB2F90D40F0C9A2829A631203B67800551F6B72D7E02C884E9D76D3109ECCA74D690F92A73C4DC8234 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FD3AC61-AF52-11EB-90E5-ECF4BB2D2496}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30676 Entropy (8bit): 2.2935133193249273 Encrypted: false SSDEEP: 192:raZLQ36Rkijh2gWVMRLgSBcxJ52mxaue4OkXSA:rGkKCcQ3W5ZBcB6FkV MD5: 9C0F4E57A814FCFEA0406193D1092924 SHA1: 42E5FDC94D6E302AE1D2817E92CBC3D2364E0A70 SHA-256: C510401BA8691B66D587DE88EA8342A1E3CAC9EE93D3138D0A95943E03252449 SHA-512: 016A878563A6B12752AE309130FFD1CF4BC692FB47AB24ACE9088FB7982E5BD5621BF9633491DB241FCE757D9AF81B7EFAA389A7F7A4EF0F248D76E28453F96B Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FD3AC62-AF52-11EB-90E5-ECF4BB2D2496}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 19032 Entropy (8bit): 1.5834867644445703 Encrypted: false SSDEEP: 48:IwUGcprgGwpaNG4pQ4GrapbS9GQpK3G7HpRaTGIpX22MGApm:rIZoQv6GBSHAWTeFZ0g MD5: 3ECBE34FBC6020E11A59802CFE13D033 SHA1: D979FE016954377633A903FD37A4657EC824AAFE SHA-256: F9831A07A523ED38E02DC1C91739AE19249FA8692A874BBA7DD3CD82AD4F464D SHA-512: 9471730D385662DB22F63A44F8935A1917F1BB7084D1488AD856D85EA6DAF3FF8AE343F7651360F596DA90773C2A5D174DFF74981C3F642A4A981F2D080EE405 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4BA84C1-AF52-11EB-90E5-ECF4BB2D2496}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document
Copyright Joe Security LLC 2021 Page 19 of 63 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4BA84C1-AF52-11EB-90E5-ECF4BB2D2496}.dat Category: dropped Size (bytes): 210746 Entropy (8bit): 2.575162376234432 Encrypted: false SSDEEP: 768:m/AJNpMAbiWlclQgORnktpgORnkdQ1i+i4u:m/AJNqAeWlclQgORnktpgORnkdQo+i4u MD5: EB88DBA1BF9F713D32555F113EE342E9 SHA1: 5EC920E2878401A61DA5CD2534F418ED8D08752A SHA-256: 4DF355BF752BE8083EBCF2863EB25AD1D69DEE06C332A80364CABD79FCCCE584 SHA-512: AF949B0C8DBD1F943DF04E36A9A930F1A03B70E4C3BABC409E14DB58CBA171729395AAD05649D98DF9065200CA068F7FD7D884C28CF64837109C1E917D566B41 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF67BF26-AF52-11EB-90E5-ECF4BB2D2496}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5640352242967088 Encrypted: false SSDEEP: 48:IwjGcprHGwpaDG4pQKGrapbS7aGQpK2G7HpRhTGIpG:rZZRQ168BSeAhT3A MD5: D2FC88F8A671997BF9AC8D5FC7088B6A SHA1: 443A38390A2EE9D94A10414674ABFBCA1A817EF7 SHA-256: 1A069B79FB679E504AB8D08C88D5A1F39585C329BD2F97ABF07C90070D071F0E SHA-512: 144C745284FB93D8179A626016C74F8589542FCBA2D3B41FA99F5253FAE7E83CA50C2972EAEB0891B30AE0449B1E61ED96B90D88F535567DB0A31DDE5AE2BF0 C Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.11109886757603 Encrypted: false SSDEEP: 12:TMHdNMNxOEuV4nWimI002EtM3MHdNMNxOEusInWimI00OVbVbkEtMb:2d6NxOOSZHKd6NxOUISZ7V6b MD5: 25E8087BF1AB3D3CC6A31C0BCE9EB68F SHA1: E189B2A910817E8EF8F4095F26CE0FE738C4F18C SHA-256: 0728D074F082B39EDC709CD41C51F2DC3080B65471FEC119150573F246B48952 SHA-512: 4F7CE343790D37609D09FB1D98B8056BD837F291A32A196B410F50A5A34604B32FA2635CDD49807FDB9F30591708C843AD5D56FA0AF41DCBEEEFBD262E99BCE 9 Malicious: false Reputation: low Preview: ..0x678790ba,0x01d7435f < accdate>0x678790ba,0x01d7435f0x678790ba,0x01d7435f 0 x6789f31a,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.1268735647612385 Encrypted: false SSDEEP: 12:TMHdNMNxe2khW8nWimI002EtM3MHdNMNxe2khTanWimI00OVbkak6EtMb:2d6Nxr4SZHKd6NxrdSZ7VAa7b MD5: C64A5BBDB8A4769D1811C6AA1155676F Copyright Joe Security LLC 2021 Page 20 of 63 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml SHA1: 5D0FAD43102A2E28A6F9DF62CED4FD4C91DDEA98 SHA-256: E759F3D012EF50CBCCA63E58224D50275AABB81292D537EE501D519DE0DEB4BC SHA-512: 5BD4DD8872C78BEC20785000E0354E31D446AE6A1382B1E00678150C95E6110FA6FF84D864A62CA7198896977DD17DF0F92E7A5FBF5B5C45AD4474811780C8F3 Malicious: false Reputation: low Preview: ..0x676af481,0x01d7435f 0x676af481,0x01d7435f 0x676af481,0x01d7435f 0x676d56ce,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 665 Entropy (8bit): 5.126500113667578 Encrypted: false SSDEEP: 12:TMHdNMNxvLbcInWimI002EtM3MHdNMNxvLbcInWimI00OVbmZEtMb:2d6NxvvcISZHKd6NxvvcISZ7Vmb MD5: D40886AA8BB07B244A341422118F1AEF SHA1: BCE9244F59B12C61F30D7D183C1C57FB86538BAA SHA-256: 39A70E5543B30ED320E7571AFE27FF4372185387D88A51F55103241357798C20 SHA-512: 6750B3B1D5F3DAC947158FFDD8ECB24FDAAECAF4756BD0EDC051CA29A7237FD32D90250FA5672DF42E896D166E05795DBDBC738336385D8DB653B1832E03D3 C8 Malicious: false Reputation: low Preview: ..0x6789f31a,0x01d7435f 0x6789f31a,0x01d7435f 0x6789f31a,0x01d7435f 0x6789f31a,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 650 Entropy (8bit): 5.13198567536282 Encrypted: false SSDEEP: 12:TMHdNMNxiAGBnWimI002EtM3MHdNMNxiAGBnWimI00OVbd5EtMb:2d6NxHGBSZHKd6NxHGBSZ7VJjb MD5: 55F700F7D4B899A1B0F6C4FED416A716 SHA1: C6803B6899275F0F483261B953B5F5262218599D SHA-256: 27CC92CAA5CF66653B42BEAFE509E513FDDFEE6614E47331CD8EF84CEDDAE788 SHA-512: C17972582C1C9AAAA7445FE380F48B0AB6A21FA83E9D7F567365DE4D0A943E73665F24720A7E8C6445B4C88A6BAADA8B30F48566A47C40D63B000DA574F46ED4 Malicious: false Reputation: low Preview: ..0x6782cc24,0x01d7435f 0x6782cc24,0x01d7435f 0x6782cc24,0x01d7435f 0x6782c c24,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.126555751783129 Encrypted: false SSDEEP: 12:TMHdNMNxhGw6VkVBnWimI002EtM3MHdNMNxhGw6VkVBnWimI00OVb8K075EtMb:2d6NxQ3VkVBSZHKd6NxQ3VkVBSZ7VYKG MD5: E66FCC24F366E047FCB1D7DC772D16F7 SHA1: 0B664405A89E98002CDFC5B187F42C2ECF558BBC SHA-256: 00ECCA87113B1973B0BE468835D5C30855E6CA717503F2C284E539EF6D059F98 SHA-512: A0E154D72DA7605AB98272ED038AC28EBFE6C6A0B87B2116D72EA8BBB771361504C9677E6F45CB9A0015F78AD5EEB48F70ACA518B0FB8C147D2EDAAD2208B5 CF Malicious: false
Copyright Joe Security LLC 2021 Page 21 of 63 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Reputation: low Preview: ..0x678c555d,0x01d7435f < accdate>0x678c555d,0x01d7435f0x678c555d,0x01d7435f 0 x678c555d,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.128635604290243 Encrypted: false SSDEEP: 12:TMHdNMNx0nT/fnWimI002EtM3MHdNMNx0nTi4nWimI00OVbxEtMb:2d6Nx0T/fSZHKd6Nx0TXSZ7Vnb MD5: 9687EA80D2105462592E65858544614F SHA1: A48D99CCEBB5B028E1A8CA8DA04310A64EA58575 SHA-256: 517EFCF870D686E9EA075360397101CF2E48B707FEDD41FFEC556D6301C7F926 SHA-512: 9BF4B4583C60529AB6BC1C25E382F7719BF84D62F1C4B59335C3E71419C03DC5BE7D1FF6B4AF0FFE5B0A88C5EAB27179E3B4313DECA998AC1B60550CE6784E0 7 Malicious: false Reputation: low Preview: ..0x67852e63,0x01d7435f 0x67852e63,0x01d7435f 0x67852e63,0x01d7435f 0x6 78790ba,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.159593506936219 Encrypted: false SSDEEP: 12:TMHdNMNxxT/fnWimI002EtM3MHdNMNxxT/fnWimI00OVb6Kq5EtMb:2d6Nxx/fSZHKd6Nxx/fSZ7Vob MD5: 55FD6EA030CD602104BFDEDC1C45B2D1 SHA1: F6F2C09396CF57B440B64BF38FF86188F3956436 SHA-256: 1E72A10A706D2970B1DFEA493CC7CAC189EC403301262E309CD1BFD20614F21E SHA-512: AC722331FBBC80F52FC1102F702BC149468B675CDEDDDC7642058BC4C7A87DECCD7F1A831E1CFFC52A3E00741E44DFF32C7D0BEF731ADCA20986BBBD142F25 08 Malicious: false Reputation: low Preview: ..0x67852e63,0x01d7435f < accdate>0x67852e63,0x01d7435f0x67852e63,0x01d7435f 0 x67852e63,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 662 Entropy (8bit): 5.106248347127767 Encrypted: false SSDEEP: 12:TMHdNMNxc+xmnWimI002EtM3MHdNMNxc+xmnWimI00OVbVEtMb:2d6Nx2SZHKd6Nx2SZ7VDb MD5: 662D7ABA4C054A6C3AA6875E3E309C17 SHA1: 1FBEF96E5AC7AF8C99A451718F46380F6E853135 SHA-256: EF583AD646440138F7DE8605559553D903A308F255FECBA2A107A65E495F4105 SHA-512: 9D0F8C9B60668DD17881263C01F6394F55842812AAA3ADE85875F180482468CB5291DCC909512768852841B02C8052905FB9F90A908724DA8E4232851B30A554 Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 22 of 63 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Preview: ..0x677e0748,0x01d7435f 0x677e0748,0x01d7435f 0x677e0748,0x01d7435f 0x677e0748,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.130071879638101 Encrypted: false SSDEEP: 12:TMHdNMNxfn3nWimI002EtM3MHdNMNxfn3nWimI00OVbe5EtMb:2d6Nx/SZHKd6Nx/SZ7Vijb MD5: 807C31A22F584A5DBA3BE644DA66C8E3 SHA1: 1DCF6F5B07B7ECCACB21C748F652D49B35642C82 SHA-256: 27393F5B219E5E31C72312632A6FE2C703B75DD7BEF24E0ACFA1C6E4C4506AD8 SHA-512: 8E2717596F630A4A0B460C4012871097DE4744A4959DB61BED7D8EA1A3A3828FA149095CCCDE63731720A3D5F442107A37F7B941EC09B16B5523F020A6DA9966 Malicious: false Reputation: low Preview: ..0x67806995,0x01d7435f 0x67806995,0x01d7435f 0x67806995,0x01d7435f 0x6 7806995,0x01d7435f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 53748 Entropy (8bit): 3.040763521380881 Encrypted: false SSDEEP: 96:6bJbpbObBb4QQQQQRbAVPVvVmVnViQQQQQpVIQQQQQ5:6bJbpbObBbhbAVPVvVmVnVrV5 MD5: 40AB6BAA7632CE4BE66064E3885D4E99 SHA1: 9C8E1A4589FE72DF116416B532E4351D08E26746 SHA-256: 4FBC7E95A0A78101374271EE839009732EF3A729273E10EDAFECDBD17978FCBA SHA-512: 897365D2BA0F3E2F950B71EB29792811C8F6E86357E119698C007697C68DDE86189C01EEDF2DC388B54E5D224727876DCB42DAC212D3EF7C61B67F63FD63FAC0 Malicious: false Reputation: low Preview: (.h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.f.a.v.i.c.o.n...i.c.o.?.v.2.~(...... h(...... (...... (...... "P...... """"""""""""""""""" """"""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333333333333333 3333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333 333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...33333 3333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel05_PriorityFeature_GetThingsDone[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1083x609, frames 3 Category: downloaded Size (bytes): 82499 Entropy (8bit): 7.929709265889236 Encrypted: false SSDEEP: 1536:D+/aDyi5ndvHchs3E7QQ4wXMerLzABKiFayePHK5I9kNuBiAWzaI:1vtdk2BwXMmOphdhNekz5 MD5: CC8FC2C800FB0D31BD3A7278205F5C6E SHA1: 424937FF1943C15C120539308040CB8458AF36BB SHA-256: FCCA2300C62E9D6C52CA72A39014F2C1F2E50869E368F76DBA93B24D14A6F532 SHA-512: 0F8865EE340DCF1D42E06248E7AC51E962620D51DE98CD626AED5F5BA75E877B3CDB4D502C992AF428289BE4956E2F4FA83C47B01F43CC44115BBC0EB6ADAA 3A Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel05_PriorityFeature_GetThingsDone.jpg?version=13e5d2fd-d77c-856e-89c2-ec3e26afd368
Copyright Joe Security LLC 2021 Page 23 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel05_PriorityFeature_GetThingsDone[1].jpg Preview: ...... JFIF...... a.;...... S.4.%'')99I..$9...... `...&$.QJ*1J.Q .T"...1...c....QQ...C.[.$6.&.')99..$.LL...... I$..TTc....1Q..c..AF1QQJ)%...R.$..Nd..L..lnL$0...... 0....IF**1.Tc..*.PQ...b...E%...... )I.R...6..`...... ]\...I(...... F1.c..1Q.c..A(.(...... 9I.).JL...... Uo...nn+Q.F....$...Q..b....1.c...1.TTb..J ..4..6.m..M.'!..!..&.../....N.!.t.N..c.j$R.Q..Tc...1.c..F.1..TR.D.$...qlc...... r$.'0....C..F1.a..0.c....".QQQ.b.....1.c..*1PQ.QJ). . .n.C..rm..NC..6I...... `....1J..c..aDI(.....F1P.Tc.(.1Q.b.....B.4.....lr.rnNm...!...... Tc...1.#.k)E%.1Q..T.T.a..F1.c....E%...... 662Rrr.r..H...C.....JQ.c...*1.a.Q.i$...... F1.c..*1.c.....%. .@...+... m.rr&.&..6...... u.P.#...*1.c.S..(.J*.F1..c..1.b....F)F1"E"1...2.k.D..6.2NNRr&.r.rLL..L...S.c..(.1.c.N...J*.*1.T`...1.Tc..F1QQ".....n"4.i...a')9."a0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel06_PriorityFeature_Security[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1083x609, frames 3 Category: downloaded Size (bytes): 103695 Entropy (8bit): 7.961657089831012 Encrypted: false SSDEEP: 3072:4ZAWzMnaBHWdXCuGPCa8W2LT0RzPMRRBmDDp:mfMnaBWETPC1zcNMRXmp MD5: A84228D4332C54C51C1E62EFEBB660EB SHA1: 16987B2CC452D47D20144EC15E96C06AF864E02C SHA-256: 8D950288E2E73430E7DA955F7E53DC29A992E555F0CEB39F873266DF5227551F SHA-512: 2B592844D8B9863ED79F4B32DC55165B20AF09B56E6A68C419A067939EC04A88DD82801505EDA975AEBB4A87ACE32B629B472F697D197D9B58ACC2137D6ABB8 9 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel06_PriorityFeature_Security.jpg?version=337ab095-a478-29e6-b662-acd078436dd2 Preview: ...... JFIF...... a.;...... we.v}...... q.*%.cJ.{6.q...KX.. [Ca..*.T*|.....N..T...... df..E%.g..6>-.6...7...VS.r..nJ...1..1..y6..<.v.w/Z...... x..HN.G...<1....iN.g-...9].~....f....;XX.,c...k.*...... w...... 0.1k*F.u..2i.dg.^'.~.6..Z..*.m.R.r...... eW.X...r.11...X9....^....x...... 6.%....9....2..Nw...... ~...I..w-eR.Z.f...z4...... x...... p<.-..]Y.k..|....~..z...\<.^..<.).v.FNf....wW.4.' V...8..l..!m...... ~...... #L.R.l..g..Vune..l7.R.^.6M/+..Y.r..z.N^...e...... Kf.aK6..y.....r..Wa.V.cl...... g[S.L+.Y...... ,X.M.L...:Wg5..s....O/q...s~a.}..HF..Ci.f.b).9.^.t...o...... ".4 .V...B8..W..j...... \..YV..o....`.'..BZ..?F....Wv....0.g:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel14_2Up_Windows10Pro[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 494x278, frames 3 Category: downloaded Size (bytes): 43334 Entropy (8bit): 7.979107621058478 Encrypted: false SSDEEP: 768:DFotYZOHT++ejJGeBJBGgpzDH+niAxBi9L0Qd+FdgbNJIb6R:hvMyttGeDBVFqniUEN0giUJI8 MD5: 1C71338BE0EEC515A77B50F1552CFDC4 SHA1: 94CCD7F000B3D1AFAA945D90037327D29A1E5B8B SHA-256: 42A7A88F3DE86AF4B9C85B4AD00659A476B919C57FFDBA26670476EDC38A340C SHA-512: AF2C8865D7AEFE345F3C57E9E586EE35705F1BBDC2FD0A60AB630330BA0898FBFFF3DC676392D987ECFD9700B3AAA385E22BABF8923058398F46F0956F5A75B C Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel14_2Up_Windows10Pro.jpg?version=b65db043-0a0d-3ecb-3876-b4ccbe822733 Preview: ...... JFIF...... UUuU1.g...E....&.-.#.....:"s.Na..` [email protected] ...... tN.Iz..(..`..)..R..j':._.1.s%.P.Oh...... !J.+..d...o...s/.).#v..yj.s>..(..^9...U.k.#....)J.(..R ..k.;..:...e\*b.D..kD..v...... :...8..j..7K)J.R...,.N...... q...Dt...$.~.]....&X<.O.... V.}I...67..yc..L...q..bg..slE..'.g...3W....L.=}_.[....N...... 6K...... eeZ\J[O...=..t...;..,..8x...3..#.&..NI..E.....j..g...J6e..E..?Q..N.d...,.H+a._.....<.G.uv.>|..(2....S.e....s..+.k...V..}../.0F... e.p.%-x;.NT.LTkD...C.x.ZF...t.O.v..F..m.....k..k.....p...... x."..t..$._.M.....W/g...x.E..R65!(.W...wy.u..Us9Yg..{..].0.0.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel14_2Up_Windows10[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 494x278, frames 3 Category: downloaded Size (bytes): 32552 Entropy (8bit): 7.969130025076461 Encrypted: false SSDEEP: 768:atPIUgsqRLzve/2dAvDEKWDMh8gOlWdLA+4Ubd:atwUg9JzG+AvuMqgvk+H MD5: 7BFBD3F6E08785326F7E93E24503638C SHA1: 757919A0E31449A5899C37B6EF632EB924BB56CA SHA-256: 97B15DA8128CED23E186F1F3E9CC7D01A2403AC1272E254E8A5331F4220F4E06 SHA-512: E060BCF7CE34679F4F6E450B129D27C860E0317F22B4E8595982D47A8C8E27A9FE333F1583D1E32ABFA89880DFBFFA289B49383CB6FBA0CBC2B660A1ED849F4 9 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel14_2Up_Windows10.jpg?version=777e2f92-66b3-9883-714f-0eb3d7c62ca5
Copyright Joe Security LLC 2021 Page 24 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel14_2Up_Windows10[1].jpg Preview: ...... JFIF...... `...... SE..3d.6...... W .& ...... r.v+....Cu@.#j...T...... q....5[Fxs=.j...w.3..|..u...... WR..#...=.....R*l`...t./..w...... VmX..zh.].yw;..v.iP.....$...... v.4d.....c/...... 9|[email protected] ;G.L(..; ~...j.x.V(.l..y"..@..".?...:;V..I.....Vvy.6.s.. 9.F9.;.&.].r...S.N6.....a....H.l.F.e...... 1d..t1.%m..q;....&.....x+.].+.t.6f...ZK}g...p1..+...V ..h.0.u%.+....y'..t...... u.q.F.,....gW}.....?...... 0`. ].b.L...O...d.t..M..3..`...J.)jUM..p`..j#...F..q..sw}[email protected] ..|.^q...v...)..|...P...... a.*...BQ...... 9m..[[email protected] ..,.._...U...&...... ]._.H.v....L...uw.k.]BF..y.|...). .-.t.<...... ]kN..N....g4k.I0.....^.....%sN.-I._WL..Mw..&&e%..$.z.YgN.A..q.Rpo8....L.oY.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel15_Mosaic_Item1_Gray[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1083x400, frames 3 Category: downloaded Size (bytes): 20032 Entropy (8bit): 7.502955298274388 Encrypted: false SSDEEP: 384:wlDY+ngX4zrTb52TyqydrTDZnaygTjwpykpw4blytWOUcqP2:wJRnhsyqsjZnayEkp7bUtWOUcqP2 MD5: 60B33E181A383283E6E96A9F40BF4045 SHA1: 7BF1BE1FE9AE44A1F94BFF9DA0C53D75715328C6 SHA-256: AD6C804544415CFE232BC74D83F39989F4D2D4EB187A6ACB07FD6ECDE2493A33 SHA-512: 11EAA578B152228D4C2611106F8D34CD59556C0614DDED6418EFC8714AC39C88A7EDDDA61DC751ADF5FA979F4D30B8353540992960249AA9E927F8E94452C0DC Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel15_Mosaic_Item1_Gray.jpg?version=38f7b9fc-53ec-4997-cd72-7fedd363404d Preview: ...... Exif..II*...... Ducky...... K...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1083_Panel24_3Up_Footer_Surface[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 321x180, frames 3 Category: downloaded Size (bytes): 18894 Entropy (8bit): 7.974846897993118 Encrypted: false SSDEEP: 384:fS+FzrzE1nFNwigLKvTDce4ItWSDgbesh9eEPAQIt214ttB5lVVbM0bW/318:LExFNQgAe4II9Cs9PAHx6Z2 MD5: D34A4DB8A6BC6C261819816DD9F0E6B8 SHA1: EB4B0CB144768071E72DDADCAFA2E567F28ADC02 SHA-256: 43D1D7F12F25D15182097B756EB63C9452B338387907C4D18BE6CF158E8EF8F9 SHA-512: 1E1303A8B8BABB9F46CDA09BA3CF2A8A116EA297EED8C0AEF3399387F406D7A041830D216300BBB43980AEB96C5B13EE6C6A087EDADB123A11CE61B3FCE0C 011 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel24_3Up_Footer_Surface.jpg?version=d7a44b09-8bdf-5e60-ad90-b6765c8eb98d Preview: ...... JFIF...... A...... *,r....M...... P'{.{..E..kTG...... J|.K.j5."tg$o9Q..,....#b....>..yY..>o..}`.I.:K...^...ZU.6U.D.z.ET..\.....Ny..3[...... H.9..\;K9.M...6{...:Yk:E./R..Dy.;kW..PK.b...B...>Z....n...wDJ>....N...JyO+!.cQEe.9zI...=.. .O./...u...dy'...i.'...... {.u..."85...o...wM.t.#+.Q.h]...2..)R.I0...... a.SC.,.....5...}oS.DS.}.....Fk.u..\....n...e.(....^..[...y...`.0.d.O...... ,b..=Eu..6(.:....?..0C...Z....Yg.=..,=")*...U.I.}..}.....3 .L.....D...... v&G.3..c...tB....!.a..$.^...[/....T.>^^.,...;[email protected] .[..^.*...:....!....`..&M.."....=i[...+..L..5".F..Ge...... gLRRS._...y..g)z...ieMI.T..+U.1..`....U....Ka....r.. ..,...K...... ,[....4g..Q.4\...p&$..c^....=....aH.iZ..V)..R...`...YD..8T..b..Lw'W...(..)#..a..-V#..iI)+LN[69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\17-f90ef1[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 135290 Entropy (8bit): 5.2254562447372 Encrypted: false SSDEEP: 3072:1f/HuFzpxJIS20i9d1EwgXA95KSqDCE4t:1f/HuXIZRjt MD5: 07CB1B6723F61F949C862B399E06B3BF SHA1: 83ABC38AB7E787F719E859E3EA97D4A634FE61FC SHA-256: 82A7ACB7D942575069E4067375BEC0C33F1949EA2864BE8BD12E9D6DB74A345D SHA-512: D520D31E12A3D2D316347D96E4E3D20D7E5C988A4824228097D1DF0A5AB3F12334096C2ADD5D0A7345EF8A2E674712F84D9F8CFC2E973A2A4DEDA546337C94C D Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 25 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\17-f90ef1[1].js IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0- 251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4- 898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17- f90ef1?ver=2.0&_cf=20210415&iife=1 Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */ .var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){ for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){ for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c =y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel14_2Up_Windows10Pro[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 740x417, frames 3 Category: downloaded Size (bytes): 86814 Entropy (8bit): 7.986027164403489 Encrypted: false SSDEEP: 1536:B5fk4UFF7FBWH8FTZMDikG2IhDPIsBMlk0E4wLIJ7j27fRpmEpBiprgc2S:B5fC/7FTZMDi92IhDPIjl6IJ7CRiprh MD5: 5151E7B1B0D609E7BD36FBE000ACF8B1 SHA1: B698B876CDAA190408EF96A8B771A4F2215A9280 SHA-256: EE8059A6BCF5A90CC552C7EFA41C6561384BC061035BDA8D6AD1893A85C6CFF8 SHA-512: 941AF557B506344331756DB495DBCADDB07DA3B80A2B225F83D021B27A8FD206639FF8BFADE3C0E490A2DA34E51B605D3EF93AC7945CE1CC4F78F8961BB7AE E9 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel14_2Up_Windows10Pro.jpg?version=5bd63bc4-65f7-c238-ad66-c64c0d11f5d7 Preview: ...... JFIF...... i.9.P.(&.2...?X....I...... 1.6..;...(.W.).c.M_.$...Fg.a.e.L.(...;...R...^i...... e.9]V...u..;...M4.M\.Jr.....U.QC..`.0.%]....'..t...R...... !KI..4\...... p.<.r.....SIB.4.1.]Z?...... =W.*[n.0.&.0.$."-..[..R.wq@...)..jGM. .p...E.9W.~A._(.c...... eq.k../...... <...... 8B .SJ".)..E..../..p....V0.+.YnptL.WP.7....e.?..F..M...... G;.A..n.K...$...t..r@......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item1_Gray[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 890x400, frames 3 Category: downloaded Size (bytes): 15776 Entropy (8bit): 7.430669868094102 Encrypted: false SSDEEP: 384:wy93GvSFm2UHh+sfD0CHb3AEUTyeMcn/pVuc0JlmwW:wCGvSF6JfD0CHbwEUTyeMc/pkc0Hm MD5: 18745574B82CD2657FE5469381124E0F SHA1: F90EE5A06FFB4446A173E33C9958839CA642FB82 SHA-256: B550A20C433EA98D69FC606003183CF0CBDD955DC0B9C9AF59BF3E3F6B60AAC8 SHA-512: 1BC4B696957D81BF560FEA88E45EB47240824A8A58CB70F2D9A4610B4DD00CDFB2D9F03CBBCDEE54D9FC5370BD35CD3090473F211C0C0257A7BFBBC1ECAC9 233 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107 Preview: ...... Exif..II*...... Ducky...... K...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item2_Apps[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3 Category: downloaded Size (bytes): 33753 Entropy (8bit): 7.971163442571784 Encrypted: false SSDEEP: 768:Gtpqngm9Y+IRYxML+xMMNfID6UaM+bqWf/WkkDad1mC:0MgDiQ5mQ/N22rDep MD5: 163AE76EE04CF2E69F57E4B35FA10266 SHA1: 1A39E9C38F863ECD62FB9DC0D7A1C730C840B6E0 SHA-256: 9C90311B80F54C53E9ABB4C146325ED71A17D566948D75199474373B44A028EA
Copyright Joe Security LLC 2021 Page 26 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item2_Apps[1].jpg SHA-512: 66E16A68D91D90133B673FF3CCAB1E271DDB54ED2BA45CE75C718D6C86493F77C583FBDA87AAA498742402612564047C41DA6A07337ABC182AEAB8E343FE9F3 8 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item2_Apps.jpg?version=89cd3a8f-76f7-64b9-0fa0-72a1bbf1bb90 Preview: ...... JFIF...... 4.66.BY..U-v..r....s.1..P.D..=..d b..Y.. z...<>...!..L.A."..k.9.<....0...6..1"a..&.%.x..y..X=b..*?..C.6.fc.h.|.=.G..e.UO4..=.....Z`.Y.b.7..45.NmR...r.>g..=...h...CC`[email protected] .. LY...6.d....Dh.?I.f0.0.h .4.C`....1...... ~...4.H...`..z-....b.5...S.>.t...... 1bm.'.)].F....5.1F..)T...y...... ,.Z.....=.RxV+....#O?.P.j.K..C-M4.d#$....f.!n..;\...n./....0y.O>...... 10..z..-...m.2.Q...... ~....fz..}....`.b..N.. {...... #Q.]...... i.`..m..[...m..|..*Y.,2.. .zU.u...... {m}(..M.o....C...X.Y.Z...... ;.|.[h...... 8P.}...... >....q.|)Umd../.}c..2...s..>3...f...0...V.t.yW.[~
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item3_Lenovo[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3 Category: downloaded Size (bytes): 27942 Entropy (8bit): 7.936119416177169 Encrypted: false SSDEEP: 384:fg+BL+89mhvMDvlVuBHqs43UIZWv5kT2LLlMaHEyVr5IsfTo5L3mYh0jU:I+BS8UmwM3UuwCKVkyVr5IiT8L3mw0o MD5: 6173503CE3F00A780A6670C9DC70F827 SHA1: 4BC8B0609EE1206C853FCE3D439E88BBD37B6E69 SHA-256: B682745215FD5A4E6B868EA1F0C74F393FD112F9926ECF778C0302DDD1760C75 SHA-512: E4704D541438B7D68615AB549E0A86ABEFD3D4E466153D1A71A799F3A463CA32A5BCABE5F2CDFEC507AF1BD579B453984A6397A8B300720FEFD5D581DCC5C6 3E Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item3_Lenovo.jpg?version=8de5791c-f31b-2106-bbe6-da0d0114083c Preview: ...... JFIF...... %!.N/!2Ri.M.....J1...i1E.q%7 ... !....Q.M.J5.6!....2D..."M...... ,tn...... $J2cR.'%!$...... o...i4.H..3.0m.(..G..`5'...... Z...6..C..j1hm.(....].w..X..d.).A'...... @J....U...... v8..58.L% .AN*I..q.8qj.g.h...... TLR.2E.).`A6. .x..Zj.\7>...... /u..m..$.\.HD...... R...\9O5r...... S.E.1L..R# 2.M...... 8&...v...... 6A.).|'/...... 9...... U. 9.q..&...19.6.'.1.x...5..=.=..Y..8.r.10..&.....s.....e...C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item4_Laptop[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3 Category: downloaded Size (bytes): 29197 Entropy (8bit): 7.912570848111608 Encrypted: false SSDEEP: 768:KW0ns7jIIjz+8W1Y1fvbUNYW5H+x3OTHysMB:KW0sPIIj67Y1fY7JY3O+fB MD5: FB97AEC9612294AB06BA6B9DEDC89883 SHA1: 247C3E4E9CEF5DDDD2EE28593AA079E5C2C85E2D SHA-256: 0A6CF55F2709D61ECB5F7D7D00623949EF2832D682F439560B55230D2EF8B9EB SHA-512: 634FB7410F42E19BAB84ED5ABC89376EA580E4535AC9FDCDF6C161BCE8A6BE42B76BC2B9720890E21E42E64E14B89F59C6F1570295F1EEBD124B4ED12D246B 87 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item4_Laptop.jpg?version=f0064a2e-27a2-92cd-adb6-98d8fa9518f5 Preview: ...... JFIF...... `.G..h.~..Y..6.k...o.x...m...z...... S....8^f.g...=.._..P..rg..=..<..>.3c..o..sk..w."?.=.K._?..?.._...Q...... G.o..:..3a.d.....lvi...... N...... {_n.....esu.20....{;....)...~.....{..{....2.~.....1...p~....^_....l.z.....{...[...... =^.mt.9>[..... c...... ?.Vy...../....?.iz...... z...... 9...l....j..P~....}.ym\t.L.vz.;...... 9.C....{...j.b...{...;..J.Z.>.....m..=Id....}..1.Q.q.E..L;:Yo....R.m|.1.....l..Km...!.1.D..?...]}.\..e...... .S.....t9 ...\ym..).5o..4c..{...=?g...+....>.x.....+.....t..o...u...._....~....}-.1.<8pc...)...>...Kc..c.c...... j.g.b...... |....g...\X.S..X.p.....+.X..eX.}..1...W....c.L5.Z..s.\5.8....7.o.`...<..~...c_]j.c....pk...... +..._...... z...... c.....Y....Ek.f..r}b.4...(.c.f...2N^.K{cgg6..{Mr.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item5_FingerPrint[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x425, frames 3 Category: downloaded Size (bytes): 33923 Entropy (8bit): 7.947833372756695 Encrypted: false SSDEEP: 768:OWcBlOZneG/+Hz4biqn+tuPJcgki+nwxjMXe:ObTOZn5/m4biZtKkiQ4jn MD5: E9C9090F342613396B11AD28B49074E3 SHA1: B01241A8F003B6F9771ADC02E9A87CED7F5D3C7F SHA-256: 65AD9702736D35C677712659D86108D310E0990B4FD84D2B8B5884DB5ACF0367
Copyright Joe Security LLC 2021 Page 27 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item5_FingerPrint[1].jpg SHA-512: 05C1630F3F86E543ADC05549935A64C2B0516ACCEE9BD7E77295B6CCB911E32456521056F67A00FA8A9623A86DA5CEFB2B3FDC2390363B1827733669C2CAFC2E Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item5_FingerPrint.jpg?version=cfeec1b3-0aca-ea61-5d21-82f3fc9bd1a7 Preview: ...... JFIF...... d..%lD Z.h..X.. ...H$..BHD.Z.H.2.. X.d.....e`.... 0.$ Hd.I+^..`.XI..l%M...... ". ..{.C$....^.....R.$.Hd.I...G{ .....2....3.$2@`..`0...... [Ih.".....'-...... B-...?...BI...... 21.d>.r/t>.."AEb..{...... v1.vVV^_ ..3..9..3.u...i.kC...... ]. k2...... e|....YKAx...%.....0.Y.e.....Y9y..~f.....2V.^..m.6...k..e...... D...0.yj...K.nnK...v..k.....C?#R...... iabM....k5.fC...... f.....Z.M.S{.Z...].k^....egeg...i..X.2...e....f]..c...=.YY99.... ._!$.K.mick...Z.k.....fS...... }-....7...../wF^._|.7+%.y.y.Y.yGDI.^....6...v...H,.cX.?%..99.99...... c!,..fg=.....b..q.^../k5.c..5..Ca..6...... nw1...|j.$..krY...... {.u..KBd$...~u....; VNzz...S...._Oe...nC...O0....y2Bd1...\?.u.....'.p.G..3...]6..9.{.22...... `..^..=..%.&d...'.q..j...... ~..#..3:.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1920_Panel15_Mosaic_Item6_Blue[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 890x425, frames 3 Category: downloaded Size (bytes): 5648 Entropy (8bit): 1.743138723448018 Encrypted: false SSDEEP: 24:lK1h6A1aWwh82lYSgeobh9VbgbhGT3TyJEumGumNG0jJdYOkda:y11Lvn+Uh9RMhGCJEdGdNVJHr MD5: 206E4799EBAD60F1C70129252BC5A7D1 SHA1: 4AFC730F7C9F2AD753E7F040F1B692E7C2AF9854 SHA-256: 260D43BC3C998FE12ABAD302F3BD0F41A4660EF8924269F970DE79F3AB33957A SHA-512: AEB398356C740CCBF0916AFCE49A45B5A484AD671154646B45C9081315F7F70ED803B4C3ED5D7092EEEB9DC48BDA735F9250589D435B7004717CCC6A8C8458E4 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8 Preview: ...... Exif..II*...... Ducky...... K...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\64-b46b82[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 169165 Entropy (8bit): 5.043574839315944 Encrypted: false SSDEEP: 3072:jzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCxh:jlZAjLkJeTC MD5: FC80EE0EE4C1195A0A3573C1F22E53A8 SHA1: 82AEF853A84BE4A2C3684E67ED83F577DF61557A SHA-256: 1B61B75684F6AC70F426526277CC6730A26CA157B7632FF0EB6A2DC4D15D94C8 SHA-512: C367661A89582A133F88D6E141BAF95AF4C3DA42ED27954B856DD52B1D2593A9ED8B1EFE4BC176F845F5BD2FCDF14CEEA172AF7F68ACB334ADA871CD99F2BA FA Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/de-d4f5a9/33-fa7e00/4c- 0b4a50/72-2965a5/41-e4e079/cd-a6d564/2b-bd61b8/64-b46b82?ver=2.0&_cf=20210415 Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third P arty Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github .com/necolas/normalize.css */.body{margin:0}.context-uh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\94-3cd1e0[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 68489 Entropy (8bit): 5.371151075731659 Encrypted: false SSDEEP: 1536:7tV81ICDVRgJhAiUinqgDRQ7wYv6uxhBANIu:7v81+einqgD8Q MD5: 5D7F2F04176CC5D3CAE1BCDB15EED40C SHA1: 86E9C4DF0796E3A8146B751D3BB168860F838A82
Copyright Joe Security LLC 2021 Page 28 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\94-3cd1e0[1].js SHA-256: BABE97146AADB62C442E7BE58A72479B4F1760F76D45B7027C8347F00964662A SHA-512: EA448E9DF2780A804F1FA86AD667C6CAD6D112F7448C84A0B86DC2917390014C2367B3E057DEEA112B8C99607985DE99CD9561193B389B3DE4F02D7C76331F08 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/MICROSOFT-365/_scrf/js/themes=default/9e-bcc229/94-3cd1e0?ver=2.0&_cf=20210415 Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){n.cookiesToCollect=["_mkto_trk"];var t=window._pageBITags.pageTags;return n.ix={a:t.userCo nsent||!1,g:t.userConsent||!1},n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2,INFORMATION:3};awa.behavior={UNDEFIN ED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE:8,CONTEXTMENU:9,TAB:10,CO PY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20,PROCESSCHECKPOINT:21,COMPL ETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61,SEARCHINITIATE:62,TEXTBOXI NPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFROMCART:86,PURCHASECOMPLETE: 87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOINSTALL:93,SIGNIN:100,SIGNO UT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\94-3cd1e0[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 68375 Entropy (8bit): 5.370837839922446 Encrypted: false SSDEEP: 1536:gtV81ICDVRgJhAiUinqgDRQ7wYv6uxhBANIu:gv81+einqgD8Q MD5: 53475B50CF354A3E5CCBB0740A2AE553 SHA1: 9166969D9B0D89321B6BD0A754E3DEE54C2B7B11 SHA-256: EEA90E1F236FD6CED5D08C19B424BC7D36A1679C3B87B71C560365AED4888FF3 SHA-512: D53A98168F82CFDCC02CEF55D73EE40D4F1D32EDB8AC85256182D88F3609FEEAB7A5186B4527BC7B5AA77CB06930E324C8A56CB49F3CC71E1A02D5B53943963 7 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/78-6f121b/94-3cd1e0?ver=2.0&_cf=20210415 Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){return n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2, INFORMATION:3};awa.behavior={UNDEFINED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE :8,CONTEXTMENU:9,TAB:10,COPY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20, PROCESSCHECKPOINT:21,COMPLETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61, SEARCHINITIATE:62,TEXTBOXINPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFRO MCART:86,PURCHASECOMPLETE:87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOI NSTALL:93,SIGNIN:100,SIGNOUT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNITY:125,SOCIALFOLLOW:126, VOTE:140,SURVEYINITIATE:141,SURVEYCOMPLETE:142,REPORTAPPLICATION:143,REPORTREVIEW:144,SURV
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Blog-high-contrast[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 1204 Entropy (8bit): 6.620936303411696 Encrypted: false SSDEEP: 24:11hSWwjx82lY2T3v4VgugAyJ3VmCQT+2eGUwnXAKuz3qVEZ+Lc:bBNn2z4wJ30CrBwQKuYnc MD5: C0158ABD85F9C71344A95631C5C5B80E SHA1: 21456B3E187FA8262BBDDF87629F9E8E2252BC10 SHA-256: FD351788DDD8A404E52617F00DCA9CA802D2FBD642D713133116E899A9E322AE SHA-512: 5645CDB367444E5FC7657E78622041B85B7D0D2D54349E85EC429AB53683C111702ED1A2A877E87FE0AA830C1D323CAA16CEE17AF5D7A2D3802C2117EE3A0595 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/fa9a23e2/office.testdrive/images/social/Blog-high-contrast.png Preview: .PNG...... IHDR...... tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp..... d...... %IDATx..N.1..q....08.g .Br2...77..W...)...... 3.$.:.....r...^.M.J.p...8.....\..R.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\FeedbackXS_AMC_UX[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 1575605 Entropy (8bit): 5.352421826820805
Copyright Joe Security LLC 2021 Page 29 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\FeedbackXS_AMC_UX[1].js Encrypted: false SSDEEP: 12288:9e993VMzCynjcLAIaRAiadI0va8SesKEuq8/Xq:9e96CynFIaRAiadI0vhSesKEuq8/6 MD5: ED1B73F69411A660CDB837C7C4A297CD SHA1: CEA729ABB8DD169D649BFAC9BDDBBD85F062E9BE SHA-256: 3C527EBDA7CF124CE6C6C2986345B3D12727F16D9571E655B48CEF053BC98537 SHA-512: 66E0FE57B2BF1E0DC7E356A2A2AA3CE893ADBA0FC105975393C688145EE072EB3CF3D2C8D1085D4A31E1568F1884D07E46D8F2F958ADDDEC440CC2BA2C4DA D05 Malicious: false Reputation: low IE Cache URL: https://account.microsoft.com/bundles/scripts/FeedbackXS_AMC_UX?v=MloYSV4zwRFKfmenyAV3EJhlFmRQ5AEGkW4zdO2gn2w1 Preview: /*! For license information please see 2.d1718eba.chunk.js.LICENSE.txt */.(this["webpackJsonp@amx/app-feedback"]=this["webpackJsonp@amx/app-feedback"]||[]).push ([[2],[,function(e,t,r){"use strict";r.d(t,"c",(function(){return o})),r.d(t,"a",(function(){return i})),r.d(t,"d",(function(){return a})),r.d(t,"b",(function(){return s})),r.d(t,"e",(function() {return l}));var n=function(e,t){return(n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)t.hasOwnProperty(r)& &(e[r]=t[r])})(e,t)};function o(e,t){function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)}var i=function(){return(i=Object.a ssign||function(e){for(var t,r=1,n=arguments.length;rC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\MS-Execs-2015-07-Nadella-Satya-24-2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 799 x 532, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 364559 Entropy (8bit): 7.985439976531035 Encrypted: false SSDEEP: 6144:6/nuJ2eZXp8OjVeEdITlsGHNjh99kV++ztjkoeBcxtFvOUcVgEo996/I/:suJZZXSK3ImwNBa++zXvx/GgNZ/ MD5: 6B79DCA87C4B7796A73A6BBC5D9583AE SHA1: 82E4133376B208DB5F7F7029B63E9CBDAE5AE0F9 SHA-256: 7E453099D8FD62936873D71F8B755FB4F930007B8050DE2950C7EAB700620C86 SHA-512: A6FC03300DBFFCE0E14DC0EAF9DDAE75120B3235334B7A9F1FD0FCC07E0ADC8F5178C3984231D8481C4BC6B5A759E429581B723BD70920A6D25C8834BD55B0C D Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/MS-Execs-2015-07-Nadella-Satya-24-2.png?version=1df74ca3-80d7-9ffe-593c-05292a3f8f87 Preview: .PNG...... IHDR...... {...... IDATx...Y...Y....z...a....G=hl.&$YX..0...Uv.Tl..*_.B.*.r.'[email protected] $K...... hIt..O.>.>{X.;..\...C...t...S...9...... y...?..Q.EQ.EQ.EQ.EQ.E Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ .EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ..#.....|.}i.s.!.>...%....w.i.....&.....(! .| ...... z.. .J...(..B.\...... ).G9._...H.h.....t.#.4..k..QX..I. %...Z.Q.....=..F...!.M"`Y...... `.@)M".m.. K..{.R `].$..j..Q.m.V...... :G.....n...-..8k1R...=&.l....<...q.3....!. ...DJ.sx...... (.X...h...- M.iaH.@"8:Y...NS.2.]6...D....JpHDp....M....s[9{j...... B..."...... (...... 8.;;[email protected] <*...... [email protected] ..;.]k1B...Z.rUaRM>.!..n.!)%u.b....F.1U.*....aF9.B.<..IF.BH..l.k2.H ..V..zD.X..I.....(r...../...... ~.FT+z.Q...$x..R.u..iI..u..<.t....,..^...... lV-:.h.p....J#MJ[m.{..g.|kwGZ.Fz'.T.m-J...... B...`...Y
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\MWFMDL2[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 11480, version 0.0 Category: downloaded Size (bytes): 11480 Entropy (8bit): 7.941998534530738 Encrypted: false SSDEEP: 192:QNhlpX236n8/cliy01vRGeJsqVZJZmKgiiwEkyaGG1QfPujdI5v9QtAOcAue2HCZ:QnjX23W8UcvRaqVZdgiiyRQf2+5v9Q0q MD5: 5ED659CF5FC777935283BBC8AE7CC19A SHA1: A0490A2C4ADDD69A146A3B86C56722F89904B2F6 SHA-256: 31B8037945123706CB78D80D4D762695DF8C0755E9F7412E9961953B375708AE SHA-512: FCCBE358427808D44F5CDFCF1B0C5521C793716051A3777AAFDE84288FF531F3E68FBC2C2341BBFA7B495A31628EAB221A1F2BD3B0D2CC9DD7C1D3508FDE4A 2F Malicious: false Reputation: low IE Cache URL: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.23.1/fonts/MWFMDL2.woff Preview: wOFF...... ,...... NH...... OS/2...X...H...`JZxhVDMX...... ^.qcmap...... ph.cvt ...l...... *....fpgm...... Y...gasp...|...... glyf...... 7.oV."head..'X...0...6. k..hhea..'...... $....hmtx..'....v.....F.Eloca..(...... Y..maxp..)...... name..) ...... b.post..,8...... Q.wprep..,L...... x...x.c`f..8.....u..1...4.f...$...... @ ...... 8.|...V...)00...... x...S...... _..m.m.m.m.m;e..y.~...... ...O.g...E.2|....o.w...C.1..~..._.o..08...... ?..0$...... x..AHTq.../..$mk...E#.L.<.X,..D..P..:T.$Y.x.*...!.u...!J..(.X
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\MemMDL2[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Membership MDL2 Assets family Category: downloaded Size (bytes): 114769
Copyright Joe Security LLC 2021 Page 30 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\MemMDL2[1].eot Entropy (8bit): 7.982277330274733 Encrypted: false SSDEEP: 3072:W1d9M81KVhyI7TYdngVLGVoNOhMa57rlfilPrxZ:cdrIPtTYhgWora57hUP9Z MD5: 64AF9F96AF20D9C94FA946AB21CEFC93 SHA1: 83F270578723E0B83DF61F3BD189C4B0F0C088FE SHA-256: 3EDD1064D5C98B4F26AA77630947FDB57F330526E2825FB965DD3134E7C9DF87 SHA-512: 776DF2CF3EAA01C10207891431791D3F3D89057A78233010813BF19FAFB775F7BC06E4B2C8255E1C133EB7E895FC416EEA661B87F6B6FFAC6E62C51FB684B2D3 Malicious: false Reputation: low IE Cache URL: https://account.microsoft.com/Dist/OneUi.Razor/Public/Fonts/MemMDL2.eot? Preview: Q...o...... LP...... wnS...... ,.M.e.m.b.e.r.s.h.i.p. .M.D.L.2. .A.s.s.e.t.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .4...2.2...,.M.e.m.b.e.r.s.h.i.p. .M.D.L.2. . A.s.s.e.t.s...... (u..3.+...... A'...i#yH;.zn...%..|A.W1.c..[...;...... h...4...... ;.(..L..j..u.x..2...... V...!..x.BU?...... '..I...>7....m....cy.)V",.....L..m.h.2.4}....24.?..C....NOw.G...... !.;.~...e]..BT!.[)X..=t(....Nc. tu. ....B=..-...... e+. L.1X.v.w^.5.....r.M....V....6!.<.....e...1..$...%[email protected] ...:.`...#.I.'H.Q...po.q0....[y0y..@m{vZF.kh'.R..,........... L..&.k...pL....).T<...... 8+...._I....:..i.o.!.v..t.isL....*...W..V..#..]5..0...i...... `[email protected] ...... y.nzk|W\l.7.....gB.O.]..h6...... k.@...... W;.n7.s..f&...G.q...sF.Vr.r..J...... 0....!.2....j..6..O.m`..J..%..t.`=z..D...#&r..+...wHY.HB...... Y.b.k.X[.Xn....Zc%./
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\NewErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 1612 Entropy (8bit): 4.869554560514657 Encrypted: false SSDEEP: 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk MD5: DFEABDE84792228093A5A270352395B6 SHA1: E41258C9576721025926326F76063C2305586F76 SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284F D Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/NewErrorPageTemplate.css Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #00 0000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt; ..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Prefooter_Icon-21_InsiderProgram[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Category: downloaded Size (bytes): 1275 Entropy (8bit): 4.386840594449584 Encrypted: false SSDEEP: 24:tu1jkD8d79oOafB/UTY93mewLp3liprJ7Ta3/bvsNkhWCoEk:0j88dW4S3mDVCpGTvcSWCq MD5: 81A31DA5DD04FD4857AB1857541A6FFE SHA1: 5EF03C52F40F8E86374D7CF037AD75739AC6EBBE SHA-256: 38057E8200F4CD79C7C483BAC5CFDD09415F1BE64A67CE4A3DE8D2B273AD78FB SHA-512: B644BD5390605554678185D19D585951C292CB8773C99B24159C4B1132E1C7CE1589150FA8066D88F0436667243DF64B54EED158A8DC7584F5B03E3982E54686 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68 Preview: Prefooter_V ectors C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RCd6437c73cb924b9aab22805dce17d69d-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 4176 Entropy (8bit): 5.251620614585481 Encrypted: false SSDEEP: 48:DGNEjnt/BuGNEjG3Uqj7MrCs3N+azrHXxvbG8qkvddqGQNCoKx33/baoesXbu02l:qNEjnBBfNEjowYaU678NTm//jLTfO MD5: EAEFCA712110974FCB0E6B5BFA5EA2D8 SHA1: 57A58F8C859DB8F3E4FC9E8FF0164C9451D23723 SHA-256: A50D1B8E006E9D7444CDD6ACAF218C0A02B62B997329154BB3D952A1761B9858 SHA-512: 144535A7807480BCFC00783AE52759446D02DC4133CA9795BD05750AB813531A5012DFE164A4630B4EC0519DE910B81C7012A575F9F9E49DA978C168F9637E62 Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCd6437c73cb924b9aab22805dce17d69d-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCd6437c73cb924b9aab22805dce17d69d-source.js`.._sa tellite.__registerScript('https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCd6437c73cb924b9aab22805dce17d69d-source.min.js', "null! =window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,n,r){r(\".surface-clearfilters button\").on(\"mousedown\",function(){r(this).attr(\"data-bi-bhvr\",\"REMOVE\" )}),r(\".c-checkbox input\").not(\".surface-hmc-ans-block INPUT\").each(function(){try{e=jQuery(this);var t=r(this).next(\"SPAN\").text();e.attr(\"data-bi-name\",n.tlcStr(t));var e =r(this),i=r(this).is(\":checked\")?\"APPLY\":\"REMOVE\";r(this).is(\":checkbox\")&&(i=r(this).is(\":checked\")?\"REMOVE\":\"APPLY\"),e.attr(\"data-bi-type\",\"option\"), r(this).attr(\"data-bi-bhvr\",i)}catch(a){n.debugLog(\"Error tagging name for Checkboxes section. Error: \"+a)}}),r(document).on(\"mouseenter\",\".c-choice-summary button \",functio
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RCea4f316b14c64f09ba5ccdd90edaa2e0-source.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 23070 Entropy (8bit): 5.125107450849343 Encrypted: false SSDEEP: 384:vKmvxE/hY1T2HnCW9duHw8HwYBiYDfneswTrdff:bvxE/hY1SHCW9IHpHwYnesk MD5: 8EAC6F61E0C629AFB2D0F2ED231B7BF9 SHA1: 602F6B556BA29107DC4D10EC1DCB0DA20A70B130 SHA-256: 88956F17AE91B971373B25BB5ED5C2316A57EE3090491640158D2AEFA86C6351 SHA-512: E823AD3F7F9CEEDD953F5DA3899C370275D17AAF96A632FEC3428C41EF5A623A5C2C8F67A399CA7925E5E70D26BFA3D48748444C1E0A05CC3C011DBCD4C17D 6D Malicious: false Reputation: low IE Cache URL: https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCea4f316b14c64f09ba5ccdd90edaa2e0-source.min.js Preview: // For license information, see `https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCea4f316b14c64f09ba5ccdd90edaa2e0-source.js`.._sa tellite.__registerScript('https://assets.adobedtm.com/5ef092d1efb5/4c272e8cc694/780347338875/RCea4f316b14c64f09ba5ccdd90edaa2e0-source.min.js', "null! =window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,o,s){window.location.hostname;var i,r,n,c=window.location.pathname;o.tagMSStoreBehavior=function(){ return\"PARTNERREFERRAL\"},o.isMicrosoftStore=function(t){return t.attr(\"href\").match(/microsoftstore/i)||t.attr(\"href\").match(/microsoft\\.com/i)&&(t.attr(\"href\"). match(/\\/store/i)||t.attr(\"href\").match(/\\/p\\//i))},o.tagChooseContentType=function(t){return 0C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE1Mu3b[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced Copyright Joe Security LLC 2021 Page 32 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE1Mu3b[1].png Category: downloaded Size (bytes): 4054 Entropy (8bit): 7.797012573497454 Encrypted: false SSDEEP: 48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d MD5: 9F14C20150A003D7CE4DE57C298F0FBA SHA1: DAA53CF17CC45878A1B153F3C3BF47DC9669D78F SHA-256: 112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960 SHA-512: D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C4 87 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31 Preview: .PNG...... IHDR...... J...... tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp..... ...... DIDATx..\ ..UU.>.7..3....h.L..& j2...h.@.."...... `U...... R"..Dq.&.BJR 1.4`$.200...l...... wg.y.[k/
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4DYKe[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 32618 Entropy (8bit): 7.932029777088156 Encrypted: false SSDEEP: 768:AQ7pjox6/lklTyGYowns0AOUEA27Rlmwr8Czffq:JE6ylTyGtwet+nmCrfq MD5: CF71F9E00FBB4A4ADDDD4DD1FBBE84DC SHA1: 8C122D67140B1824BC5999A972A3203A5A851E2F SHA-256: AEF5D072CE73D9E0745B6A0D85AF15A1630F30D38DCEBF5FA995027D71BA172D SHA-512: C1AD7BE6A009F88C7C3314C2456C73D93646C40144DAAACC8848E2A2C9D19DA808AA4835071296F12CD4A3634A30FB2FE93AE4700E15FFB37F6F6009122DC93B Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DYKe? ver=f845&q=90&m=8&h=500&w=1920&b=%23FFFFFFFF&l=f&x=0&y=0&s=3840&d=1000&aim=true Preview: II.. ...$..o.N.K..=wv...... $..B...... $..B...... ~...... WMPHOTO..E.q....0...,8:B...... V-.}...... @.....@...!.D..BFa@).K...UV..Z.n. V...... UWUUUU...A..4,[fm....L1,Q....v.4.]..%...... u_...... Jf....x.....o./....].N..WK..p.A..u.>._+...WWUW]U]UU_..}{U...r..-..../c.,...... t...wW;.U..{....Z...u.uU..U..W UU_...N.g-.g.k.W....O..N.....d.Wuw (;..x7..U..W|.UuW]..uUW]U]U.....:+..~^..%>.2>.m..>r..r..O...... _...*.n...... u...]U.]...... [+.I....._:...D..W...a.o!.!./.....n.A..uuWU.t.....uWUwJ..... {._....Z...... J_Z.\.6.*.c._..G.?...wK...... eu].....Uu.uU__.....'..fu[Y#.".CW...... )....dX&.9.L....]puU]W...5?.h...... {..WS.pU.U.....D.[.2pW..x.&e.e.A.}.S.{.....W*4~._W;. ...}Cg...U__....]w.m.f.H....uuW*/.1..W.d[....7 _...... Gk.>.F..]U]T{.WN.\>.....z.....k.i.....R+C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4ehRc[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 316 Entropy (8bit): 6.731641279105737 Encrypted: false SSDEEP: 6:6v/lhPVjnDsp7Ak6KdbvIipRNVyTVWP6y6prZRmU32mW4YT3gkp:6v/72VAodrfPjyTV04rZRRDYDgm MD5: 29881F87128556D17FDC14D9984DE9F5 SHA1: 6A403B1CAF7D5D18CA122DC4730699307C648454 SHA-256: 9B39648E8762950685F1523F2267AC267EB579163702789ABA99644D1AA6DF33 SHA-512: D3CA35F4A8107B29A711198837D10B01187B309EEFD1595C1D380D2CE5E65FDDF272AFB38DB9B134953A299F593D40D00AAB5700DCE71DBA242B059F15100A64 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4ehRc?ver=b78c Preview: .PNG...... IHDR...... a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b`.h..O.....J.b} [email protected] (w"....z..|...... @..|....Bt.PP...... 1....@..!.@...... !.6 .q<...@v.....@...... 9..~h8`..PA.R.m.z.f...F.\F.F.-....x>4....D...CSY R,L$:=.]...... PC?R...].Hr...>4.H...... M...#.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4mC0d[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 868
Copyright Joe Security LLC 2021 Page 33 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4mC0d[1].png Entropy (8bit): 7.626519929810959 Encrypted: false SSDEEP: 24:D7vhfsQEExhJjEIaLwEedI+oL9JANwE2O:DThUVEpEadIhLTAN92O MD5: 1B826E41C07DD105BD50FF670B7E173D SHA1: 1D91F345C8E307B63FAE58E3B874F592A45B3E5F SHA-256: FF36491FC74750022E980E0D47BE7B4A7D7B3CF4DFDA6302218910CF1A1C06B0 SHA-512: 7C90E1D94D26BCB904C0C59A0038DD5B41CF1D5FE0A47B8F96907A1BB46FF7A33876B887D82040316DDC4DE3652521B29608487B5C4CAC9B1D1C61FCD78401D D Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4mC0d?ver=1bad Preview: .PNG...... IHDR...... a....sRGB...... gAMA...... a.....pHYs...... ]...... IDAT8O].YHTQ...sgt.e...... R...2....1[P...^T$&...!.J...... L*.Q....Ds.Q3+sk6....t...;Nf?..s...... ;W...G C....s." *X...... [[email protected] ..."1..:....?.j....4=..Y.....4.p.s.u.j,..%.ah..{..J|...yh.m#.P..xS.iM.i....PJIE..bwr.vFI1...... j.z.N| ...... h5.Q.P..3?...yv.Q.....|.....`:...... +_..}...... Vv.E/,.. 7.....y..]n....]n.....}.VA....X...!.g.\OPJ.9....DT.*2?."....i.../B.d.... .4.Q.a..L.W..r.@>.t..X. D...b....9.Ok....#..VI%@B....D.$*X.Pr\C...R..$.(...(C$H..A..B.(....D..E.P...+>.....R....N.R.. ..a!.T..]>x...... ?:...j{^..{.D.`7v.{.....f..n..?lB.s..#[.L.8.G...... L..t..p.q.9..}i.6[..-..bt...2.S.x...V#....L.....p..d..B...... xR....( /R....*A.V9..6^+Pc...f2.O.Y.3uM.p.n..i.....1..3.....`...... D.u.>z..=V..vAB.*.w>Mf...Z...... l..f...... IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4qAnG[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 5413 Entropy (8bit): 7.951039229881226 Encrypted: false SSDEEP: 96:t6KjOzvhODvGnw99kawCBFPs5tyLWqB/HfBm2+atws/gzi+4ZXK22m7j/19aZwHO:sqOzUDuw9+nCBFU5sL5B/Hfo2+48i+kA MD5: B41DB2ADF616D2D1401F6D9758A2F5E2 SHA1: E19803DEA1ED29FEAD76E477121F6113E213748A SHA-256: 463F9125D2CF6BA709593CF478F6305E5622AF686C9C3BF54501339F150783CD SHA-512: A0285FEBB5EBEB1CB51A265356E953E7FA346BC171786FA97B83573D9FBCE9131838B23F4CFD30E079632326552FEB8CCA9F6C5CC60D9E6BA301B526F9F29B7 9 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4qAnG?ver=7bce&q=100&h=75&w=75&b=%23FFFFFFFF&aim=true Preview: .PNG...... IHDR...K...K.....8Nz.....sRGB...... gAMA...... a.....pHYs...... o.d....IDATx^.[[.].y^..~.5..CB...$...... E.<..Vj%^..}.E}..Vj+U..T..4...J}H..B.PZ..!.`c ...mf.dY..Y .k..z..09e..`.Ph..I....[C.n..H....H.h.v.....G..b.%(....y|.H...u..L.b...[[...7...... B....+..1.zN*.Lr.a9,e#_..C.&4.X.....Zl....I. ..H(..W.3@....$...&Y.UD...... |Q.....j..a.%...../9...... 0.P..E.(.....`.[. XWp.E...^E..(...v=.IF2.d...T3..KR~...... N.".._.B.M.~..NJ.7H.[...h.v.T.^..X{Cklr*..2E..X..&..>.[..v....N;....3B... ..^2.K/..!.j..=>...... o~.....W...p....w.dG..5".f1~..}gG.4.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4qAnJ[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6256 Entropy (8bit): 7.9630433435493035 Encrypted: false SSDEEP: 192:zeTXunquuDgXH3GqnYpmd5NCkUy3S7/UtvLwai1:WXunhuDcHHYo5AQmp MD5: 1097651F5185E40360B3A57FDA3E3503 SHA1: 0EDAECE4856953DA6DBDB55C0894D067134D6D88 SHA-256: 15CE9F918CF28D32287F45765434B6CE68FDE667E67DBFD8BFBD64FC419E2CFF SHA-512: A508644ADEE0683F9E051B305387F9A9A9D95B743DAB3B7742BDE44C8590E31203EDECE608959EBB7BB8C7EF7E2300D102F491059E097A8A335DD1B67F130CE 1 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4qAnJ?ver=e135&q=100&h=75&w=75&b=%23FFFFFFFF&aim=true Preview: .PNG...... IHDR...K...K.....8Nz.....pHYs...... +....."IDATx..\i.\.u..Mw.Y.".!y...[...... *...... +.2.@.(8...... Xl(6.0...... h.I#...4{.L/..s.y}.M."i...E..{.~.w.}K.!n>o.F.s.F..1...9X...n... U.+O.UVD...... {..LU...q&.-...... c._Q.<.D.3...... h.PS0.G".1s...i.M..?zR..WW...)...t,...... {...... ^=..j.w...... ;&..c.3...q`}.Q...9yc.F|M..Z.d..Q..FL".0U..Z..(HA-.....&U.X..e.|..w...... O...mjk,.O...... t..d...x..B.p...F..i.$....I. e..-..\QQ1...... 7].tow.C....5%J{9.T.Zq.._..N.K2.=.IV..B.$.L2a.2".)...... X,>?.J}.w.w.vw...... `...z....U.X..H...p+.|PXUZr"O.h..E..1 .x|Z4..)^..F....u..u...13...+j..Xx..^S..6.L..T.....!!.@)<"+...... "L2...x<...... 7.....}.S...F=.s..]..~bUjQ,...... p...... V...... $.'TO...E.\_y.}?.].43.`m.ra.P...... *"".#.H..K5..0{.._,...J...... n. ....8c.JdF...X.....D,z7..y..xh..q...... Ft.i_i...... "9k.../_x.._<.:Z.c..;..p....]...... T.....A...B..Nq0...Y.g.p...... _...... N8jFM..}....>s..r..h...... [.N..X
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4qAnQ[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6616
Copyright Joe Security LLC 2021 Page 34 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4qAnQ[1].png Entropy (8bit): 7.961404625118966 Encrypted: false SSDEEP: 96:aYy3IY9DArXSTUr26m97IduPIuo7NV03bqqhVgdKftjuYMGoqKZBA2W:YYY9Dq26IkuPcOGMftBPfKZBHW MD5: 69243F2B5BD6F58521F0EAD1E79D9F34 SHA1: E811662E96A5987B66AC82900A25D13F754530A7 SHA-256: 6E1646FD8249CF51C7A431F5CEEB2FDBD5E431463D8D99570C3843D336F265A3 SHA-512: 8112266FE2E50E0278E71915BD0019333A4A3B2DFD4DADFF390EBAD280E65526C2B8AA5AD4C3DF97B3243CEFAB67F929B9242044B1AA277A47131B9A925147C9 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4qAnQ?ver=674e&q=100&h=75&w=75&b=%23FFFFFFFF&aim=true Preview: .PNG...... IHDR...K...K.....8Nz.....sRGB...... gAMA...... a.....pHYs...... o.d...mIDATx^.\..egU^.<...L;...... B.R).. .%..B1.D$..+A.X).L..b.F.H .h..(..$4...P:...%}L;....{.....Z..s...t..z .k...... 93.(<...... E...... *....N[GZ.../....,.kKR.....Xj.. >R.....7.L.}...R...j.kt>...h7..!7.....O_^kun.z.Q.er..g&/.<.:...QAJUP.'>,u....)g.."dH..Fj.[...... $....[....k..c.J&cE....J./...0ma&..T,/T.F ...... l4`[email protected] .;..s..Q.Wk..S.NK.....Dyv`.(L..uB....YX.K....@=}.OC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4qv5D[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 4562 Entropy (8bit): 7.948632367069261 Encrypted: false SSDEEP: 96:Dddbl1LGzDX/fIfWSYbul3cz11y9GEuYN9eod:BdLKXnIOfql3cz11yRh MD5: 136B32B7071B807ADB2D6584E588FD43 SHA1: CBDB0ED90EAB044D20CE7E7A28FAF65847ADA0D6 SHA-256: 6CE8A385E408C1E20CB10AE0CBAA1AE25D386400FF396DF5C02E14C02FDB0292 SHA-512: 95D943192120D76018D4045D0E730BB81C09C16397902D3AB57207A89B5E23B0E2AB921324867387E6D42676522B26FF4623441927FE2713727CBC7F70148054 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4qv5D?ver=6b44&q=100&h=75&w=75&b=%23FFFFFFFF&aim=true Preview: .PNG...... IHDR...K...K.....8Nz.....sRGB...... gAMA...... a.....pHYs...... o.d...gIDATx^.\...e.>3wyk..bY*[email protected] !!. .4!.....F..T.q.-E$...... Z#*..Tj.Z..}...... ?....{ySP...3g. ...?g...g.mi/.b/...... EbO.|..8.(,...<....._.j&.Q+.M.....6..L....8i..yC4.p..t.."%....R5?C./.$...../...n@k..}c..E.s>...|C...ph2.cshd...I9...B..;N.q....i...... a..rK.+.X..C..i.3.s:.D)...!:..M\.`..&..ce}.^.../V'd...... ".Y.v..<.x.fJ+.#=.>7.z.f.A...51,Z...... s.(.X-N..JZ-...6 !..S....z...... 3..&...&...... V.u.~....d...z..HF`.%.,n1s..m.f~6,...*m....=u.#..p._...V.<.}...8...._.U"^.b.I...... 3..XS.|Q..ycT.;".?.....c.4<....4J.....7K....^.....&...... X.....)i./T.j.ZS...... J"[email protected] {=o...<.E..Zu>.n....)...m2..7...... F.~UfD..GUJju...8...... -\....E...G ...f...... CU.|...... l.df6..n..|.K..Hg.....7(...9.. .<..T.....1M2M
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4r1Ep[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 18784 Entropy (8bit): 7.877587401875228 Encrypted: false SSDEEP: 384:zWo0628AMR/Gj6rU72iG6J2HID/LLucPaG7yoDTXdfEZUH:qoh3llG+rU72wP/LMoyWTXdfEZq MD5: 1440321C4FBCDD65C0CA5D103E61CDCA SHA1: 02DC3ECDF222BB74D6616A0344B80DCFDDC2B004 SHA-256: 8CD535A704EC7D251B3D77B48021AEFE804803E4AD584481B5E0CCD02768EBBB SHA-512: A4FA7C926D176ACB4B949376E31215498CA1AB053AFD7A600680A8BF699BAFBA0865D77266DE96F36B3CEF684A126140EC2422FAFE255A6C2A9575CABAE8627 7 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4r1Ep? ver=4ccc&q=90&m=6&h=180&w=321&b=%23FFFFFFFF&l=f&o=t&aim=true Preview: II.. ...$..o.N.K..=wv...... A...... $..B...... $..B...... H...... [email protected] ...... %..>4...... 0-H.Eo".....v.r`g...n.O.i.9..h. .d.%.j.4...... v...... dod..9...yF.~.^...Ld..F.....O...sH..R"Vc...... b+{..{....Y7...i....|.#&...%...8V.U.&T....O<..8.Iy'...{..HI.v...U%E...... `= F.\v.Zv)...f~.c).:\..*n..P...5LL.GW.(.W.fk. ...Wvh...Y...... iKp.I.....|..j.%". .I`..p.l...>.!QA...... H....iQ..(.i.[...m....O..0y.f?8.....!.%...L.Q.".H....q$f..+gn.p....\..t9.K..b]....2.... Zi...."..*S7e]Y..\.n....t..(.0..a....u...%...t2.ncQ..e ..q8.....s?.EK.xX..K..e.5....-S.&\.Qy..#M.r....-,]..!....DE...C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4r3A9[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 45 x 40, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 1053 Entropy (8bit): 7.7017669448567725
Copyright Joe Security LLC 2021 Page 35 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4r3A9[1].png Encrypted: false SSDEEP: 24:UTzrCAVU1QZa/yYuzGO/YflmFO9gW3ltYXg3Z4WoTUEkqkU:UP5UbuzGhoF4hltggloTU5qkU MD5: 4B6CAF9BD4AEBE8C13A8AD1D5D45EFA2 SHA1: 288469CB0D517195D51E73D2FD69A8061AA41F23 SHA-256: 181B0B8418F439177E62EB4802E0C6970289F8BC111C46CD533B8AFEEBC0E53F SHA-512: E0E9AC774E6090D11294743311A854BFE070DA9F90804F34F3F674AB7085B097188EE987F7FF5DB6947CE626666CF4DF08D45BBE49A971D0A6B68619488ABB06 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4r3A9?ver=e442&q=90&h=40&b=%23FFFFFFFF&aim=true Preview: .PNG...... IHDR...-...(.....j.s)....pHYs...... +...... IDATx...KTA....^..`....Q!..=...D...[?...^..j....!d..`..d!.....B[>.b... ..N.v.q..]W...... 3g.|..3sg.LH...... \.'Im.W...e..~2. a...... 1PAc..yC$^R ..?^.{...i"2...l..A.;.d#.#...h.x.]=t{...... x..}.z+~...s..Q.c}.G..z...#)...... Z.K$..ty...IX].oA)t.s..E..#.=.5.i.j...E...B...... {.>..Iu .v).>Hy.&.w e..1...R...!Ix.$...... )...ra+n..[..M.n.. .O.. .Tn..T.=..B.? .#8.z..rF._.-.nR..>...... nZ.F...... T.c...r}....I.H..)u...... #...p...... _D...Q_.~...<.!l..hw...2.$...0.mT..h.S.e.e.e..g..${....U9Yr...x.|\..l...A.Vdrr..s(.Q.v.)|>.lMM..p.z||.....\G. ...\..2,..K.[.%..`6.G...... [email protected] .) .*.a..0...'.}Bi...qa.n....y...ivvv~hh(.n..fKKKnYYY.i.1..@`.9.f6.....O....a..A.....V.9.'&&~..h4j...... &..j....b,..Nx. ..l.....o.Xz.Z`.p.8.i....t...... y..`".V(..g....4.5...644...... L..++[9p....g...... A;.|..x..VQtn....*.y.6..|]]....(.v...}.....#0....Q^....;$n.E`..u...u.6.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4r4UB[1].wdp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG-XR Category: downloaded Size (bytes): 13472 Entropy (8bit): 7.909838986250562 Encrypted: false SSDEEP: 384:HrIsjwJefhr7zQGaXLPN3AkU9wWFrGTQgXlmmHkP0:8sjwJepr7zQGGLPOfiWFiUAG0 MD5: D5CAE4A05CF2A40076F2110ACB6BA327 SHA1: B07CD3ACADC0035C155D24847AE423B43F6CB855 SHA-256: 4DEED85457D7BA9BAF22CC867E9BD1967C73209FE94407B54BE787AD21A2977F SHA-512: 2E83200ACCD8A1269CC2E2FD66EB5D57BE0551E63B8E51C92F571A6AA96572F55F387EDD6A1FC82A3BE15F7B5B52BA7855578F6F48B3F8E9056A5C6CCAD658 D7 Malicious: false Reputation: low IE Cache URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4r4UB? ver=3307&q=90&m=6&h=180&w=321&b=%23FFFFFFFF&l=f&o=t&x=558&y=161&aim=true Preview: II.. ...$..o.N.K..=wv...... A...... $..B...... $..B...... 4...... [email protected] ...,8:B...... 1o...... L...... Q5.bn.2)g.6~.].|...R...... - ..&x...... a..'R..V.F.).D..Y...... /(.#h.rN...... 0|.x...... r...l..Q.FME..$z. o"...l....r..=0...r...r..-..C....G.,.e.lxU02.. .DL_.~e!#v..X...EFknS.M..QS.Ca.`...G..xR)#..OE.h...?K.H. .*..HbUU92V...... M*mB...v.IxT..o.2..o...)p..|K...YI...e....I.3.$W..b.7.>A".ND...|....;LU...2-./..K....5e71.##..`!}..?...$.....\t<.u.1..j...qQ...Dn Z..{1t.Y.P.h..or...^.+E...C.).D.Gdn..B.... c./F...J..m..j.n.W...k5Dl.U.e.2#+4`..U.:l...... !.....D.... T.t.A..@!...... D...... !l...W... . .$H..)...... Y..3...... 2OU..1...m`..I..._..\@D.Q....d...6....D.Qy.|R._..G...B'..(....N..`x..I...DN.h ... D40..R....@@....jnF.Xw4y....X....%$a...j...i...... LAH...l..*[email protected] .(..5.Y..-g!...... H...!....$G..GA...$...F.....ZG
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\RE4tZqs[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 4697 Entropy (8bit): 5.2050625467985885 Encrypted: false SSDEEP: 96:AxwrjOGEre+Urre+U/Xre+U3xre+UB4rxpLLUMyU1dUzaULCRpg49Pm+MPfpecKS:AOO++UW+UC+U4+U2rxRLPyCduaUCR64a MD5: 22D5D8B53A1E0BB5EFB9ED9541CB242E SHA1: CD2C70D66108368074C91A406F8B13154C9D39DC SHA-256: 55C794150CA6D29C83DC45C94CBA27B34BAED2E578A502A8625B5D37C4A5C73C SHA-512: 909BD1CB667E0A6D430855599F56EE5664581F9BC65C3997589BA93660E0D4C8F29437F6EC2F53EE905773E672039213D1514D6DE2273ABEC547C62DB6FB8024 Malicious: false Reputation: low IE Cache URL: https://prod-video-cms-rt-microsoft-com.akamaized.net/vhs/api/videos/RE4tZqs Preview: {"captions":{},"transcripts":{"en-us":{"url":"https://prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE4tZqs-tscriptenus?ver=7fa4","link":{"href": "/vhs/api/videos//transcripts/en-us","method":"GET","rel":"self"}}},"snippet":{"activeStartDate":"2021-03-24T02:30:28","culture":"en-us","supplier":{"name":"","source":{" name":""}},"thumbnails":{"extrasmall":{"height":0,"width":0,"assetId":"RE4tWN0","url":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileDa ta/RE4tWN0?ver=466b","link":{"href":"/vhs/api/videos//thumbnails/extrasmall","method":"GET","rel":"self"}},"small":{"height":0,"width":0,"assetId":"RE4tWN0","url":"http:/ /img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tWN0?ver=466b","link":{"href":"/vhs/api/videos//thumbnails/small","method":"GET","rel": "self"}},"medium":{"height":0,"width":0,"assetId":"RE4tWN0","url":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4tWN0?ver=466b" ,"link":{"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ReactCoreBundleName[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 131789 Entropy (8bit): 5.379177537920651 Copyright Joe Security LLC 2021 Page 36 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ReactCoreBundleName[1].js Encrypted: false SSDEEP: 1536:VaQ1S6Ulqs8E0hMtKgxL852wptOg9pm/yT7SOrY42RYSl9/vX+Xm6a7ET:QQo628EGA0X1pL7SO842R5l9/8m6aIT MD5: 31D19491686FD907A89B820489BB1676 SHA1: 3EEEA753528CF0C8FB39E50F77FAB79EAA3089A7 SHA-256: 93ACCEB6EE31BA6A6732541566324373AF51CC300B43DC07F789C83BABCF6137 SHA-512: 6FF9BFFB4F4B10F4449F10AD494E72EAF8208F980EE6099583EC904E28B5E756EE761453E1E0B0ABAC3BB34CFED34435267EE2E89B7B900AB55DD098AF66717 6 Malicious: false Reputation: low IE Cache URL: https://account.microsoft.com/bundles/scripts/ReactCoreBundleName?v=eErLwX6Z3CpL_xRpHL3Lj_K1Eqnjh6alwGLWZJ8vkYM1 Preview: /* MinifyError..(204,472-479): run-time error JS1019: Can't have 'break' outside of loop: break a..(186,434-441): run-time error JS1019: Can't have 'break' outside of loop: break a.. */../** @license React v16.12.0. * react.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT lice nse found in the. * LICENSE file in the root directory of this source tree.. */.'use strict';(function(v,m){"object"===typeof exports&&"undefined"!==typeof module?module. exports=m():"function"===typeof define&&define.amd?define(m):v.React=m()})(this,function(){function v(a){for(var b="https://reactjs.org/docs/error-decoder.html?invariant= "+a,c=1;cC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ScriptResource[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 26954 Entropy (8bit): 4.516288580103467 Encrypted: false SSDEEP: 384:EMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:ZLEiJSdo11vIYHqb5Klo8v MD5: 3DBD97A205B8CE59D755AB94F8C42964 SHA1: B0520226342BBA131160A510BA3B57A1E8B7B80C SHA-256: 36F7B9FE80A026A5D933855DE494AC6B7A4D01A93C26CE8A8737EED0C79367F4 SHA-512: 82BE6F1015CC346811EB736BD78F4949C855E49F8B4CC8493B22AE0F8D329EFA34205599E1138E57D33302B8A7B76F085DED053530B0F79D0DC71E257C99D80D Malicious: false Reputation: low IE Cache URL: https://hmk-my.sharepoint.com/ScriptResource.axd? d=usAenUEZKaiM6PigmDWhp0VT6PqSvP8y9MoqiD3TtRPq4ghwstulvISql1gqWfrMv7ti1173DeAAiDmSsDJrn39aVMlp5spzwi7QckkPqYBXL1nR952- 3iSsZazn4C8gVqMY0yPrDUqjffi4MxxGAI1hthGNt41Jc6hMKRTpmr41&t=ffffffffe191061b Preview: .var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(t ext|password|file|search|tel|url|email|number|range|color|datetime|date|month|week|time|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. va l.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidators Valid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ScriptResource[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 40329 Entropy (8bit): 5.24641079736423 Encrypted: false SSDEEP: 384:ovrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:oTaYB4Hy7mTzcaTKStrwSAwBaPUTdE MD5: AECA88483779AC14B47F14389139050F SHA1: B2D6ADDFD778216B8577A9788144F6313900B05E SHA-256: 38DEAF33D1C84196E4C4F3C76C67587090CF261D423B9BEF9BADF535BC146A2F SHA-512: 31E647B1ED341AD8D5DB4E991008F3A79169CCC0DC68E63DA0F0533E1F9875B871336B5B5C953B267AE4788F0ADFCE6F54E3492C4FEB8E087021AB84258F16B E Malicious: false Reputation: low IE Cache URL: https://hmk-my.sharepoint.com/ScriptResource.axd? d=eoFGiUfkjfGfx7uVosszvGbgwNoIvNmaVISTq2nPZEkSGiJ5MEZWwbhY9vb9wiBZIOXqEs6DyNolFrDqbi_ckpSxPy8auqDEVeev9pJgvOd4gjLXAz1RGLXGFwdnNLCxKb MULCRJuh5AQFMBwabE9_6T6X0qqF19PDm0rui-J-dwWkCrsCzkBHqH28Asnw9W0&t=363be08 Preview: .//------..// Copyright (C) Microsoft Corporation. All rights reserved...//------..// MicrosoftAjaxWebForm s.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentM odel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase (this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function() {return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone (this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.En dRequestEventArgs=
Copyright Joe Security LLC 2021 Page 37 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Home_HMC_HighlightFeature_Spring_21_V3[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1083x609, frames 3 Category: downloaded Size (bytes): 108363 Entropy (8bit): 7.73712689985087 Encrypted: false SSDEEP: 1536:obtgpksUDLDa0m2aJ03SmGGibsHdzA6S6LXZyKKSP1irqhaBnTrTw:oGYLZnRSCS6LhGUujw MD5: 874525EFBEFACDBC1978DB66EC8A425D SHA1: 15FD6F3D5DC30E6F0580E06D39FD76C58371F53B SHA-256: 2582FEC675E13149EF0F30D28C49A6E7C7FF5F6824A48AA9BD17A221D60B2F7B SHA-512: 758512B48E1492F081AD13590EAED9631488B0E8CA9F634E460947828986D05726A32889921CF1F84F707D5B4A567399A45FF1FA66B6CED134D9140D5F8F0F02 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Home_HMC_HighlightFeature_Spring_21_V3.jpg?version=17ed238e-248a-2dce-797d-c09f34bf67fa Preview: ...... Exif..II*...... Ducky...... d...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Home_Mosic_Fall_20_Pro_7_en-us_V2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1067x1204, frames 3 Category: downloaded Size (bytes): 84455 Entropy (8bit): 7.77136423116986 Encrypted: false SSDEEP: 1536:z3yDuUDFJO8WFT8ps+qHXQEgp6EqbD3dcJBvNmVMNv1yY6f7OSEg:z3yDPDbIQpL+X26gMG1yYIYg MD5: 29CD928A7759977814463142E1743CBA SHA1: 70E37BB64A815DC96BF1D17F26AFA82DCBC95BE2 SHA-256: 0DAAD443F33F70CD837A58DF57CFB2977C57970BBA95873A6DEABF2D6008EFDB SHA-512: 1D09BB444571747717A4E0E02D367973194CAF49D2B5D1AFBC18AD50A7ACC77A6AF00B34A72F1F7C3742473ED4A7108CC1950C9860AB1C7E920A8959E8BF3B60 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Home_Mosic_Fall_20_Pro_7_en-us_V2.png?version=6c0adf39-24f3-f078-1f7c-5024b798b7a4 Preview: ...... JFIF...... +...... ].\.f...... 95@...... >P...80...'-.;Wm....v...;gk.|.T...... of<...pb....|..~_.v..._h.}..v...y...... mkL.fB.x5.u0`....8.K...r ...... J...mkM..)...~R.J..:V.....~..P...... Z.i...P...V..+JV..+Zv..|...... H...... /.8~.kM.3i..DV+Z..+J...g...... W...... +.....]|...~...... {..v..Zm6L..V+X.+ZV..k^c...... \w..p.o...... /..p.cg>|..3.g.>_
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Home_Mosic_Fall_20_Studio_2_en-us_V2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1067x1204, frames 3 Category: downloaded Size (bytes): 65223 Entropy (8bit): 7.654821000346925 Encrypted: false SSDEEP: 768:owa5TqsH9Rk5gw0PQE5pcx66V7sGFXsqR/Se/voVMQ7pryXHdo9MahGMn8jMHBa0:IzH9RkCKt9seSe/vKlgran8zIcijYeZ MD5: 5B7962F8382200712B20A18026AB88D3 SHA1: 61D43D9EC3785CD4831CC44C3532E5F580B26195 SHA-256: 0E6E7B32EBBCFA08DD1E10F08B5CC5CAE44B5715FF6C088CB726F3B2E191AC91 SHA-512: 885D9AC6B62F9FE6E49B309F1D44E7BC3FC0FF05CBF7985452779EE7518223EABC41B9A606FEE72B94AB58CA69775D48CDDDAF5589FCCF7349A8C0B89E0D73 0C Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Home_Mosic_Fall_20_Studio_2_en-us_V2.jpg?version=baee2e89-216e-2abc-0a9c-736048910609 Preview: ...... JFIF...... +...... }$...I(..b.IP...... s.E;...... W.....X. .XX..h.@.),RYD...N@...... mw$.K.dR..,Y`....a}...... Y@...../.~...... 8.._.>..,,(..**Q(EK).)**.e.O....<...... ).T...,.BT.e.,YH.U...... *.E.P.Q,...)..T..}g...... p..F .x=..,...e.Yb...*X*..K*YS/.]k...... p?.>.x=...... YH...."...... g...... 8.._....R.%.*TT.Ie...... e.K.{..[...... p..>>...... @T...!`.....b.U...T...... {.HT....YR.R.B.`T...2...S...... c.....R*.... .P...).*..J.|R._..o...... _.z0....%...... b.T..,P.).R.R._.
Copyright Joe Security LLC 2021 Page 38 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Home_Mosic_Fall_20_prox_en-us_V2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1067x1204, frames 3 Category: downloaded Size (bytes): 63548 Entropy (8bit): 7.671112778180409 Encrypted: false SSDEEP: 1536:8Uh4Q5CgIBCw7RYOw/8NhPzkrWxn0XOFMj9W2ckm:8Uh4Q5CVCoRYOw/KmCIkYckm MD5: BA155B87BB69F066D9680807546EB0F6 SHA1: 9D03B33EE42E202BE4F0DD256FB537521B067157 SHA-256: 3B3EDB8EA36632AC8E1DD0A968CADA29D23B7E8D945CDDF2062BCA157926EE35 SHA-512: 4F4881CA5EBE2DE413D051EDC1F5DAABEB60BF514ED5832236C43AD0BCECA75F9D6E76EA1F4BEF94658B10C6CC960D4976CBC6BD8E279A8BAB561CA24A14 C431 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Home_Mosic_Fall_20_prox_en-us_V2.jpg?version=6e558777-a774-ffde-1c71-4b10336b7d7a Preview: ...... JFIF...... +...... )P...... Y.]..Y...... Z.o...... y.#...... 2..;.}k...... y..u.g....._...... 3...... ?.t{O..Z.._]..w...... x...a...... 7...8.*.jJ.....3....G.>s.i.w.;...... r\&Wc..q1-...... ;/..P...... -gg..}-.c...`ku...@....._..`}G.H...... y.....:...... 0...z'..V..j...... ^..oOz.E...... |..h.gtY..Y.].i.w3r...... =m|g...".E..u4...... x..U.}..X8.\..+%j...... ~.....2/..s..} .....w.Z],.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Home_Mosic_Spring_21_BS_color_V2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1067x1204, frames 3 Category: downloaded Size (bytes): 63402 Entropy (8bit): 7.646554757635543 Encrypted: false SSDEEP: 1536:6pjWQOjJNwcNnAQAsi/rGUx+D21mE9cTw:6pS1ndAQFiDGpDYmE9uw MD5: A02FEB2551527C6A2C9172894762BCE4 SHA1: 2089DCBDD30A8201578061C2F50B373786A6B1C9 SHA-256: 8BCFF365A3C2FF0E724C116C965D9CC5814B778C0A3D97A281AAA3DD0978744E SHA-512: 198B6E3ACEB3960A3BA7420015657BEAE70A666D661459377F058683233973EEFC30AF0C7117BAB8F6F05D64D5098A1DCAA44030794568833B777A8520112222 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Home_Mosic_Spring_21_BS_color_V2.jpg?version=1d3808d0-131a-8d23-05fc-ed64de87784c Preview: ...... JFIF...... +...... t...... #.r6...... 5.n..z'F...z%.@...?!...!...o..6...... }...^..:/H.z62U.W.....?.}.n.l.q..E.{...+...... G.... .:7F...u.,.2.YCw.vo.C...... |.....r.#]T...... ~.+.s..v...... W.tn..7F..+.jY.1[8.|.d.]...... f...k.=..`...... d..+..m}=-..?..t444tt....;.s...... j...t...:?G.=CB...1.k...... s.a.3.fR.w..u.....?.w ..)c...5.4..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Surface_Lg_Generic_ContentPlacement_3UP_20_Business_V2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 321x180, frames 3 Category: downloaded Size (bytes): 22129 Entropy (8bit): 7.965327363975181 Encrypted: false SSDEEP: 384:rAA7g0vjdZPa8O2LJ+nHi04WDbZdhaHnln090bomH1BkQvsSgYOoLGpXx:rAAdZPz9Jz04WZYnOmdpOoLGpB MD5: C766D24566658FAB6CC360AE0059B822 SHA1: 7AF74159F2CED01FEB9C231DE122BEBC71B3EF54 SHA-256: 3AEB1CFF75E02A1D197AE7E2CF269A0200D0D92539FF4ECD14F4502A8B7DB9B0 SHA-512: 4A34160F728752A21DF42B6E5323FEC17B091D62DA5894B1411D7248CB9BE482BEAB3444212B0F77BFEEB1886670B74D9589A1E8BB20CEB31E8C9FA679523D0E Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/Surface_Lg_Generic_ContentPlacement_3UP_20_Business_V2.jpg?version=4f2896bd-0349-796d-e115-cc617291dce4 Preview: ...... Exif..II*...... Ducky...... P...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
Copyright Joe Security LLC 2021 Page 39 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\c9-860587[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 329510 Entropy (8bit): 5.296805049284341 Encrypted: false SSDEEP: 6144:xAuXzUqR1s9g0qRORPvksdmXc73pNq9Y/2j:xvzUBg4va MD5: 2AD97B5247231BADA701690195F58D49 SHA1: 54228153AFA3E4376304786FAD035FF2E69CED10 SHA-256: F865BAB33F2C7FEABCFD4A25110FEB3CBF18D81CCAB514B149CA45F597139CF9 SHA-512: CA0A46FC633F3D6ED5432F2D91417678269DEDE11615C992FFC2178BF52296452464E32AA3BFB70E4D46EBBD28EC8CA7CA7613A55CCFD893A08D90182AA950A 8 Malicious: false Reputation: low IE Cache URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/mscomhp/_scrf/js/themes=default/e1-a50eee/e7-954872/77-04a268/11-240c7b/5c-0bb0c0/81- a5a694/2f-63ce8f/6a-f6eed8/dc-7e9864/4f-5115f8/7d-266f10/4a-abd94b/ab-b04110/fd-7cc407/a4-fd2a9b/7b-131f20/66-c19a96/d0-633018/74-b70f5f/84-e0fd46/cb- abee28/1d-c29f1e/80-c05e42/a5-ef9ca1/f8-6a3735/b8-96db64/b4-d9c6d1/59-aa2448/d5-2b21b0/c5-346220/d6-6bf74f/d0-f92af8/b8-527d75/57-0776c0/7a-fdafe7/18- 91dd3c/88-3094ff/bf-4fabe5/1f-ec472a/12-fd63db/85-b1c94b/6a-582442/64-02965a/37-f22d3d/33-eb67f7/fb-890cea/c9-860587?ver=2.0&_cf=20210415 Preview: define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions"],function(n,t,i,r,u){"use strict";Object.defineProperty(t,"__esModule",{value :!0});var f=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;rC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\cartcount[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF line terminators Category: dropped Size (bytes): 2566 Entropy (8bit): 4.393500974386876 Encrypted: false SSDEEP: 24:KPv6HUY5+yAZFAXJqiXZXTMxPv6HUY5+yAZFAXJqiXZXTMK:EyHgyYFGMEZo9yHgyYFGMEZoK MD5: EB42BF181717EC1B1C4D9458A7AEA1C4 SHA1: 69FE74312A74D5D71FD4124F96D58D35AA1FFCFA SHA-256: 8F6ABC9668C8AA27926673F6FD5118AFFCA717A124A565F96D4DE4143B96DFAB SHA-512: A73A12DCE699ED7E1F60EA6C6C097F68FB7397044A4E275C79A0206D3EA18986B606FD45E81E6704463827BC97A081352BEF59B79E3B5A024FD7C104F243C982 Malicious: false Reputation: low Preview: ...... ....
.. title ...... ...--> -->
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\wdg-global.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 5805 Entropy (8bit): 5.278923653755367 Encrypted: false SSDEEP: 96:UKbTXTwvME3A3UmUZZH//iuLXFgH5XsrhUfGtA4DtPigKUZwr9reeKMQTesOnOsA:5bTXTwYwHn6C1UfGtzB6gvPziI3 MD5: EF4613E3C20BFE5E3F07B49BD0B66C1E SHA1: EDE2835F716750EDC0245E2AF061732427F5A8ED SHA-256: 3DC7C03D651B5E29363C365C3B83B83A508865A194639070A20ABD863FBBC054 SHA-512: D8D6F060B4FCB2C781C8574BE01368BB8F25C314098BEF844859452DF88B77C9E7D088F190F111135F44C80F82F47F9AF4822240FEDEDD4F040F991CAE20EDC6 Malicious: false Reputation: low IE Cache URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWfyex Preview: (function(n,t,i){"use strict";./*!. * Some of the plugins here are extracted from WET. Details below.. * Web Experience Toolkit (WET) / Bo.te . outils de l'exp.rience Web (BOEW). * wet-boew.github.io/wet-boew/License-en.html / wet-boew.github.io/wet-boew/Licence-fr.html. * v4.0.25-development - 2017-05-04 . */.var r=t.wdg||{};r.doc=n(i);r .win=n(t);r.html=n("html");r.siteMuseCtaSelector=".mscom-link.c-call-to-action";r.modules=r.modules||{};r.jqEscape=function(n){return n.replace(/([;&,\.\+\*\~':"\\\!\^\/#$%@\ [\]\(\)=>\|])/g,"\\$1")};r.modules.refactorSitemuseCtas=function(){n(r.siteMuseCtaSelector).contents().wrap("
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1-WebBrowsing-01[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 800 x 370, 8-bit/color RGB, non-interlaced Category: downloaded Size (bytes): 31965 Entropy (8bit): 7.9519959589170695 Encrypted: false SSDEEP: 768:G2+elgXGKSKgipe/3Nj2X8f2BS+oiJRKFYcWA:G2+esGKQiOcX2aSWc MD5: 255DD67FA877795019867502F4095E85 SHA1: 0B3E8F077AA858C6F3613D1607CDF7BA699E6FE5 SHA-256: BB88C60C19E587AD0793648DE59E089D35F424ECF0BFF9FD28CF33D16ED1A767 SHA-512: 96F6569C42781418C23B59F7209CF095BA5D54C47572B33B0F04DEA94DA1CD6882A6AF94241B09164CF518D66CC1D7739C834801CD62EBB252E1310C7186C818 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1-WebBrowsing-01.png?version=280edfb3-3250-3e5d-5f4f-35711788a8a7
Copyright Joe Security LLC 2021 Page 48 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1-WebBrowsing-01[1].png Preview: .PNG...... IHDR...... r...... ).....pHYs...... 8".@...$zTXtCreator....sL.OJUpL+I-RpMKKM.)..Az..jz.... .IDATx...y.\.] .s.^U].U....e.%...o...... 3d..0.....yC^`x...... d.$C..Y..qb..^c.l.-Kj. .}..k...3.\..j.^..R..~....{...... *..x.^..eg.....X...N..z...G...... 0..X.....&...... d.`...... ,...... A...... `2...... L...... 0..X.....&...... d.`...... ,...... A...... `2...... L...... 0..X.....& ....p...x.g..cl..)...B...SJM9,...`#...za.%I.8.?3.c...I5.,UUu]7.,...... 1.x<,...,..0..q...,.B.z:....H .....|...<.1.q,.*...*L....p.(r.k...C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel01_Hero_Learn[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1083x609, frames 3 Category: downloaded Size (bytes): 102835 Entropy (8bit): 7.97436682526349 Encrypted: false SSDEEP: 1536:Gc4NfCgWmvigTQjRVKsvqSJKx0PJcb2H2u7Jni/h0iDcYxYcmM+aJZJt08c1bTIT:gNqgP6gTkpvqSFGCR/OccYaRReIc1sWS MD5: AB8A276540C6C272AB0621E6901C0B00 SHA1: 8E4497D7F340F135C4BB8CE8414286ED6517B6EB SHA-256: D389C7C132D06613F122314AE2A3323516CC23F8E40749FC8A1EFC860A6D80A0 SHA-512: B01499DC5A75A3B3720F957627EF6A52DB2C251DFD25852725D30860566ABDCD04F743F08F509DC5E338BA791A4DCB5200542684E84E14B14108E6D809E70E76 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel01_Hero_Learn.jpg?version=04fc79b2-1359-03f3-da94-5607fb00390f Preview: ...... Exif..II*...... Ducky...... K...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel09_4Up_Neurodiversity[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 235x132, frames 3 Category: downloaded Size (bytes): 11580 Entropy (8bit): 7.954733378524952 Encrypted: false SSDEEP: 192:fRe0woFQVu1RPDi5X8KlHRKVDjg38DxXSSPkUVWS3P05or91pt9biYfYc6n:fRMSO8KlcVDdxX1kU33P0i3PRgc6n MD5: C554F0D5DF98B10639BC93A609ECCC14 SHA1: AE402520266438B5E858CE0E617A7D302CA920FC SHA-256: 55425CB965D81C286510E7D829E9291C1EF1A60F00B118B1F7B0AEA2587F84BF SHA-512: FC2290344D9B051D7B2029A7C79F071571CC8D1A0C31BCA8FE52C620869CD454A5631FA3B5F0B94A38BBC93DC2CA93A020D0868444CD2E9181987BD88DE8857E Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel09_4Up_Neurodiversity.jpg?version=9aa5cded-e1a4-b4d2-050d-a701c224ccd7 Preview: ...... JFIF...... !L.x....T..D...By..JY3RR...9...... S .b..^..~0V-..X.S7.O..o...... A%[...."*...eEAW4....H..+yB....x..].Q.,aT.^...*..L.P.9._hZD.>.u^.:...... w7..@.>..c..W.x..]*.5`[email protected] ...>.T.MC.])U.P..%.:.6..Y...) k...v.%...;.,q5.9.....95z..].`D+9..:}.B-S...fr.....0.....-G"...;..:.7V.o.8\..+....._..)..sJ.[o...C..Y...M..9....u."....dW..3{....u.q...r...<...... ,.CwoA....<.g/d4.G...... e.. S..m.A.O\Y.....)..w*9..R....?...... -f...)K}#:."U2.\...GU.....`....J.K..V..[.m.B..r...C$..~W...hC)Y...T..W7...>.t.."....e.&..q....sm.,...... `..s0.}6..$.<.U....U..... t~.v.B$.E..7..N..o.w.n...... t...... tt-$..`.s..NR..QP..%[email protected] .;k...yjp.J.+O"...t.:/..H.?n.....).Xv...... (9r.S.t...m.w..I9....1....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel11_4Up_Bring[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 235x132, frames 3 Category: downloaded Size (bytes): 15843 Entropy (8bit): 7.957779161804108 Encrypted: false SSDEEP: 384:fRfFw0eE8Lw9kbt0JSpfCjuD1x+pZqeQvlNYWkuKdcP9nNc:XneRwauqzoZ90H1ny MD5: 462C2D56CFB5C593FCE7407CC213095A SHA1: E3DD9BAF8B6152382FCF68B6FF9A0EB232346BF5 SHA-256: 86A7AE3291829AECCEE68676300D01B9432A5896F0FD21621D49C8611EFE4C5C SHA-512: 9FCF91A1DF39CB372A66D96EF4393EFA793CB7D149AB2345CB17CEA4A283906CA489F9430C227EDAB244987D48FFAC2DEA080DF31E99AF0BC9A781F6A201D4 6C Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel11_4Up_Bring.jpg?version=726838f7-7b1f-dd61-b955-83ae17937d14
Copyright Joe Security LLC 2021 Page 49 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel11_4Up_Bring[1].jpg Preview: ...... JFIF...... D<.Wi.e..2Fi..n.>.U....t.L.Z..3.. P...;S8...... T.>.r=....O.8i.>...... 7..7..wC...... 7%...d.5#.JY48.D..R(.w.G..p.IF...)..m.#E..M.KJ9.;Z.&o.....%....Y..Rln...... C%.lGY?A.hCj9..v..et*..H...... |..\..M.g..E...;L....n.q.. T...... 8....\.....J...5.e.n+...X...... w.m2.~.M..H.K.k...^.....Q.=.s_l...0.>..3G)..G[.....9....z...=...d2.&SD.E...*.Ns..Xp.y.}=....k+..S...$.k ./.]...... M..{W>.....j.n#.j\4z....j$rB.R,A^:.gN. <.Ly.:.y...... [..72P1i..e.w.M..|.&.S.2R.9.zn...:...... A..q7vv.s.....r.OS..{w...q.[.^.x..,....._..kP...*...... )K..6...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel11_4Up_Connect[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 235x132, frames 3 Category: downloaded Size (bytes): 12404 Entropy (8bit): 7.948199997454495 Encrypted: false SSDEEP: 192:fXjtyuUFdHP5FTRKszT5Sp8tZV1yuuxzfTzaEVxVR5SVSbtFi7cTX38yZMbPusi:fxyuOdK4jpbuxzVvMSbtFOcTX3BmKr MD5: D52561EAC6469C35465D7639A146A2CC SHA1: 8E4E958A970C9B3C5F716F16DB17F37AFB498063 SHA-256: A7F50F3EA0D7299ABE57EAD317C245C3554DDF9DE988F3AD0193358A06D585CA SHA-512: D823D62EEEC2C80D3A482792C4C478B8DFD83A8BE5F66B89809F42FF1863F8BD6F3BBF20294A6EF1E0EC6A5695DCEE114127313ECAC610914600D62FF5A0C2E 8 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel11_4Up_Connect.jpg?version=51092e16-9af5-8743-55c5-9351870d39b4 Preview: ...... JFIF...... {g.1{Z.{.X...... _2.f.._Ky.3...... { .....y.r.....N#*..)...Z...... c..)."[email protected] .^mT....:z..>.....@...... mN.Bw..{...... 9..#[email protected] .<...... 9...NBfz.@...... z..=....'9PM.u...... P_5....e.?Zu_Jkz..>.K-z..(. M.;...... x^...... @.....;.fFY..}k.S.;....P.....^...... &9..W....o..GO..d.=m.y...... i\....f.c^][email protected] .... Fgp....h....`..y....h..m..M..Yo..c.....U..B.fSZ.5....[U...... m..I..F].0k...k'm{
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel12_HighlightFeature_Thousands[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1083x609, frames 3 Category: downloaded Size (bytes): 130539 Entropy (8bit): 7.975633866430243 Encrypted: false SSDEEP: 3072:1KbWIhM9U2kR5hGj1NHRh5qn/gwvD+si476pRqCeEHueN/ez:MbJGS2AhKNHRh54vSWOpRneEHueN/0 MD5: 78BAB2CE7F638AFFB90AC48728D44E98 SHA1: 014F337935324E1D93C856128455829C25B9D404 SHA-256: DEA29CCEA08C4D9D185F9CF5833136EA61CB8E0EC6E6C9A87ABF59C00BF8C703 SHA-512: 9F6988E9D8F6788AE4DEC063B8541D9BDF017E4BE42ED548353A87059890C68965F0CA528234950A4B2319AB58D65A844868F48D74FFF6B77BBCC465172D5F76 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel12_HighlightFeature_Thousands.jpg?version=cedf617f-04ce-f46f-33ed-931987f75eaa Preview: ...... JFIF...... a.;...... f...... =.s..|E...R.J..t.7...._& .W.O.u.6.'..[U.V.Z.j...... k.O...... f1$...O.z...D.i}<...... R`...... Wj.uF...{....5.T.V.N.._+..bo*p.D..I.yJ.*.V..bcV.Z.w.H.1x.H..>..c...(..5.iv.....w.O....y.[..m....._.i.>9b.5jU...... |..Q..m..4]Z.. {..^3.p..V.[...b..Z...O....B(...Q....Iex...... 7.f...a.f..~n...... g...... V.N....sF..m..gWo.<.Aa.:I...Z..O|.R.J.{.1..f..%?....W..0F..FZ.Cy...>...aZ...... <@....O...... SuV...J.J.k\.S.m=V..>W.}..{ ?Pr.z..o.....~n.V.J...x.g.`...W.-.0#.....]..?..'eV.k.q.F..do.*...5W...... |...... s...z.j..Z.%.|...... _yjO..wCO..V.Z...../..~6YW...%.F.Z.w~..K...._...V..u..B...../nkL..->va@..?T.Sd..M...... 'R.Z.z+..s}[....u.T...|....%aW..F...qV.Z...... w..cK.t...... t...:..k..[..{.~o,..O)....V....Mqp....n{._....D[._.r..W.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel15_Mosaic_Item4_Laptop[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 542x400, frames 3 Category: downloaded Size (bytes): 42567 Entropy (8bit): 7.941014499152077 Encrypted: false SSDEEP: 768:Eeqa9zdAGAm6Ewrdn7gXZrWcaj0egE0RFkp285A/ERLUI:N9om6Pl7gXZIiVRup7AoLh MD5: B06A38BB0B8188A7D087E7C93C6D4D93 SHA1: 00C17256DC77B808B49CFDF9A78BFF4FA25A060B SHA-256: ABE78AFD1D07DB9551726E0B4E06C3DA55F51D235627EB623132F86EDC36B9FF SHA-512: EAD96FF4BA8A2BA54F8604167303CA5FDDE66C7B8720A17D87F696AE56789371CD8D94D6DAA71D88F6C3FBD44C470B4EDDF965E006155A5819A93EF578B3F98 8 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel15_Mosaic_Item4_Laptop.jpg?version=0399319c-2ac1-81ee-d9a1-24c44796d919
Copyright Joe Security LLC 2021 Page 50 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel15_Mosaic_Item4_Laptop[1].jpg Preview: ...... JFIF...... 0.....l..tl.c.u..{...... O..^.]o.._...... h...... +..XE...u.Y..M....7.w.^[..?u..?.<...omS..z..C.?R..|...,>.~wed..s.n..>...O9..]..z.._g/.O.z...}v...... /...... }...&S.]...~E....n.Ogc{.v.;{...?..S..Gs..4.T...O...?.....d...... y[....jm}..~.W..;...y....m...=n},;_....[..g..7...... 7.4G..tkg.tw;..U..o.(j.}/.t....k...y.Q...... |..^..}K...... N.Wn]M.Ck...2.z/.}...... =.....ksx.yNv.....0...... o..{.m]....f.l...... u8~n.K..;[wm u...... ]...._. .?..."ck..=I.m....._3...... zOC..V8...... +...... o.k..bQ.J....j...V5x~w.j...m.wy..U..~....K.....&.u.j...U..q.._U..l2...u....]....'...... K.....{:7...... V.....l...... c...... f....y..U. [.x.f..7.,1.Wc;1...e.l...... =..O?C....Yez.x.3..l.5.....w..fv
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1083_Panel15_Mosaic_Item6_Blue[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1084x400, frames 3 Category: downloaded Size (bytes): 6212 Entropy (8bit): 1.6100658993341477 Encrypted: false SSDEEP: 24:lK1h6A1aWwh82lYSgjgh9V0hGT3TyJEumGumNG0jJdY3dK:y11LvnMh9GhGCJEdGdNVJp MD5: 51AB8389477226C75A09B794182FAE41 SHA1: 39F40C7E3FB67F8744D0FC8D9D4862D67FDCC1D7 SHA-256: 724754E5EC6EBAD1B2A30240E7127FC39AD3622D8326AAF1ED80FBAEB05493D8 SHA-512: 54F3419DFB073F964588EAAC152A2A5BBBB9083237EE31EEAC69B2CB86F1C421F2F8AE1217BB3A4369A12D74EF482EDA1F2B1EA581F727372F930E486DFCD6F 1 Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1083_Panel15_Mosaic_Item6_Blue.jpg?version=b055c5ea-fc4e-ade1-57d1-79faffe1d713 Preview: ...... Exif..II*...... Ducky...... K...... http://ns.adobe.com/xap/1.0/. ....Adobe.d......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1920_Panel07_PriorityFeature_GamePass[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1040x585, frames 3 Category: downloaded Size (bytes): 194936 Entropy (8bit): 7.984735984852966 Encrypted: false SSDEEP: 3072:VPq1EfH4ipm/OpRBTr7/AUdjGwMac4+Ahcn6jBEWwNkUF3JzWzRk4uvHeA3:km4is/0jjZJGYEWwN3ZJ6+vd3 MD5: 3C2411D672DD60168176D3B62635AD4C SHA1: 53D18AC4194069581949AB08781137F3FCE6C85F SHA-256: 3C60463AC0955E563DA69B5D767654B5508BB596F848C39DD03E298ED88B80DE SHA-512: ADDF61092699862BB063CB417FAC389D44CD626171F83AA23B335D82B3EE17006D2CB2218E633B5DCFF2AB839DBCD3345A7443CA2120A46E1F6C6F6F2210C36 C Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel07_PriorityFeature_GamePass.jpg?version=67718e36-854a-a201-1dd8-12a68d406d7f Preview: ...... JFIF...... I...... L..&....P.....*"%u*"."..""""....d.A ....*..Z....R..,Y....vf...C!$...P..P..QQQ+J.P...V.E.....D.A..A...... u.u...c...^...5.B.....T..B....kTJ.T.$..Q.kEDEE. .A....(UTU....EPD.9gwk.....<0...... (P.**.."".!.(UDTDZ.k...A .. X..U.+...... B..f...... [.1-!...... *..DUY....*."."*...... Z....i..DQ....\..;Z.?...... T..."...!...... ([email protected] .]u.U5SMu"..L..3...kY...12@@...DUX.([email protected] ...@.."..Q...... h...DU...1v..f....$. ....,X...... ,d.(P....UT.$....E.B...U.QM..UU%b.....v{I....0.$"..."... [email protected] @...B..A....,P.U...... )...Q`.....d{...0.!.E...H..C..,[email protected] ...... z(...... D...D.kDJ...... *....j...,.F.....0.4.L.. ..@ .....|U.*..XlkM...{..A...... &+l2.k-..{-.s.Yc.aiO...... UV...... <...2Ba.I 2...I.7...=.v..Q..,.&Fs>f.cv....5...z..8.:..l...v.DP.j..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1920_Panel09_4Up_HearingTool[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 358x201, frames 3 Category: downloaded Size (bytes): 29813 Entropy (8bit): 7.98015026340844 Encrypted: false SSDEEP: 768:hpYp+TQWt1kB0/vQ9hcU3SvrfbuMCdHKQB5z75noAn1qa:DYp+MWiWySvHe975n31/ MD5: 46BC776ACF2EFB6A721AEC68798C8780 SHA1: 2FF7F13336540435D5A06DA8F91D4FE3914FDD87 SHA-256: 943CD3F7A7801A61C6D855DDE3C78CC4447DD3F556BC5120418ADD6AB0C749B9 SHA-512: 586E196C30749450962A522867A514F46636C9D6A912540D98ABB85DA3BC2FEF99A198FE328A72850BE72196BCA7E39E4DB1A53873EF26CBDC5449B27F97406E Malicious: false Reputation: low IE Cache URL: https://c.s-microsoft.com/en-us/CMSImages/1920_Panel09_4Up_HearingTool.jpg?version=a25700ba-e0b6-2a8c-da8a-68dfbde01dd4 Copyright Joe Security LLC 2021 Page 51 of 63 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1920_Panel09_4Up_HearingTool[1].jpg Preview: ...... JFIF...... f...... r.H8.W.c....ih.....H..e/....i.q....!-. [6.W.s.,...... 5...S.1U.0i6...v...0.>.j...6v.J=K.i.E.]..v...-...... ^6w.:.xJh..?....C..I..>..-..s.yX=.'.}..V|..99Tc...a^.fU...QS.\.v.~.Nb.._.C+VU....:Q.t2`...... 9.+\Jf.N}@..7.....W..WL.)cw... ?A..E....X.kXs..$$...<.Nyf^@f....;.3o.b.s.>W.._}.Y.b.....'.a0qf.i'..$....d.!.4...... }..x...X_D.K..Z.g<..j.%.Uc}.5#.(...c.|..\t.hQ0..wZE+>....>[..m.F.k.1~O...... H,.^H....c.u..2....>.]. .w.T.C...~.m.{.t..Wb.&...... [email protected] ..}.(.C...... =Js...... K...W..$gn.+...m...O.R...... o.}.U..H...... ,.."..E.).';u.O.P.].C.k....>..}...PJ...]....0j.....:(.N.....%..8KD.^.l..+.G W.9.Iz...R.v....z.JwH%....c..l.;{mU..!.-...... M....O..z...].1u.v...v.w...Tc&.4K.%.....ZY..q..u.A.+..0..a&A...W$V.7..0.5.}Y.}%[.,..e.r.L....
Static File Info
No static file info
Network Behavior
Network Port Distribution
Total Packets: 120 • 53 (DNS) • 443 (HTTPS)
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:38:45.166186094 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.166241884 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.206942081 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.206969976 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.207071066 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.207122087 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.214654922 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.214930058 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.256936073 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.256966114 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.256989956 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.257011890 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.257028103 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.257045984 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.257046938 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.257077932 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.257098913 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.257589102 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258274078 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258305073 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258327961 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258343935 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258361101 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.258362055 CEST 49778 443 192.168.2.6 192.229.221.185
Copyright Joe Security LLC 2021 Page 52 of 63 Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:38:45.258383989 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.258388042 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.258434057 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.267605066 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.267704964 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.268241882 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.268305063 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.268416882 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308528900 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308564901 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308593988 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308621883 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308633089 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308690071 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308712006 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308743954 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308860064 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308897972 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.308931112 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.308950901 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.309380054 CEST 49777 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.309504986 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.310333967 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.310400963 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.310421944 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.310440063 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.310484886 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.310487986 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.310514927 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.310524940 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.310555935 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.310587883 CEST 49778 443 192.168.2.6 192.229.221.185 May 7, 2021 09:38:45.390266895 CEST 443 49777 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.393088102 CEST 443 49778 192.229.221.185 192.168.2.6 May 7, 2021 09:38:45.792418003 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.792552948 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.847383976 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.847445011 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.847564936 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.847692966 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.848539114 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.848602057 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.903357983 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.903407097 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.905819893 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.905864954 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.905904055 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.905941010 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.905992031 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.906032085 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.906038046 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.906043053 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.906102896 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.906169891 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.913777113 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.913795948 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.914138079 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.968676090 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.968703985 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.968811035 CEST 443 49780 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.968885899 CEST 49780 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.968925953 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.969055891 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:38:45.969130993 CEST 443 49779 95.101.18.109 192.168.2.6
Copyright Joe Security LLC 2021 Page 53 of 63 Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:38:45.991609097 CEST 443 49779 95.101.18.109 192.168.2.6 May 7, 2021 09:38:45.991770029 CEST 49779 443 192.168.2.6 95.101.18.109 May 7, 2021 09:39:02.046267033 CEST 49800 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.047511101 CEST 49801 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.170921087 CEST 443 49800 52.239.152.74 192.168.2.6 May 7, 2021 09:39:02.171026945 CEST 443 49801 52.239.152.74 192.168.2.6 May 7, 2021 09:39:02.171039104 CEST 49800 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.171124935 CEST 49801 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.172327042 CEST 49800 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.175080061 CEST 49801 443 192.168.2.6 52.239.152.74 May 7, 2021 09:39:02.299223900 CEST 443 49800 52.239.152.74 192.168.2.6 May 7, 2021 09:39:02.299247026 CEST 443 49800 52.239.152.74 192.168.2.6
UDP Packets
Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:37:42.417897940 CEST 54513 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:42.473541975 CEST 53 54513 8.8.8.8 192.168.2.6 May 7, 2021 09:37:43.559392929 CEST 62044 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:43.611175060 CEST 53 62044 8.8.8.8 192.168.2.6 May 7, 2021 09:37:44.258059978 CEST 63791 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:44.326512098 CEST 53 63791 8.8.8.8 192.168.2.6 May 7, 2021 09:37:44.511786938 CEST 64267 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:44.569169998 CEST 53 64267 8.8.8.8 192.168.2.6 May 7, 2021 09:37:45.642199039 CEST 49448 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:45.690948963 CEST 53 49448 8.8.8.8 192.168.2.6 May 7, 2021 09:37:47.817643881 CEST 60342 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:47.866616964 CEST 53 60342 8.8.8.8 192.168.2.6 May 7, 2021 09:37:49.383008003 CEST 61346 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:49.431874037 CEST 53 61346 8.8.8.8 192.168.2.6 May 7, 2021 09:37:50.746812105 CEST 51774 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:50.809143066 CEST 53 51774 8.8.8.8 192.168.2.6 May 7, 2021 09:37:51.613428116 CEST 56023 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:51.674907923 CEST 53 56023 8.8.8.8 192.168.2.6 May 7, 2021 09:37:52.380040884 CEST 58384 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:52.428946018 CEST 53 58384 8.8.8.8 192.168.2.6 May 7, 2021 09:37:53.006890059 CEST 60261 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:53.169765949 CEST 53 60261 8.8.8.8 192.168.2.6 May 7, 2021 09:37:53.761915922 CEST 56061 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:53.823405027 CEST 53 56061 8.8.8.8 192.168.2.6 May 7, 2021 09:37:53.972574949 CEST 58336 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:54.031388998 CEST 53 58336 8.8.8.8 192.168.2.6 May 7, 2021 09:37:54.136883974 CEST 53781 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:54.185694933 CEST 53 53781 8.8.8.8 192.168.2.6 May 7, 2021 09:37:55.449343920 CEST 54064 53 192.168.2.6 8.8.8.8 May 7, 2021 09:37:55.515945911 CEST 53 54064 8.8.8.8 192.168.2.6 May 7, 2021 09:38:00.262427092 CEST 52811 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:00.314573050 CEST 53 52811 8.8.8.8 192.168.2.6 May 7, 2021 09:38:01.266959906 CEST 55299 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:01.315788984 CEST 53 55299 8.8.8.8 192.168.2.6 May 7, 2021 09:38:02.194528103 CEST 63745 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:02.243423939 CEST 53 63745 8.8.8.8 192.168.2.6 May 7, 2021 09:38:03.152626991 CEST 50055 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:03.205969095 CEST 53 50055 8.8.8.8 192.168.2.6 May 7, 2021 09:38:04.206264019 CEST 61374 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:04.271400928 CEST 53 61374 8.8.8.8 192.168.2.6 May 7, 2021 09:38:05.388993025 CEST 50339 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:05.450931072 CEST 53 50339 8.8.8.8 192.168.2.6 May 7, 2021 09:38:09.660644054 CEST 63307 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:09.722592115 CEST 53 63307 8.8.8.8 192.168.2.6 May 7, 2021 09:38:10.327157021 CEST 49694 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:10.386727095 CEST 53 49694 8.8.8.8 192.168.2.6 May 7, 2021 09:38:11.292145967 CEST 54982 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:11.342839003 CEST 53 54982 8.8.8.8 192.168.2.6
Copyright Joe Security LLC 2021 Page 54 of 63 Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:38:18.377919912 CEST 50010 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:18.432353973 CEST 53 50010 8.8.8.8 192.168.2.6 May 7, 2021 09:38:21.587620020 CEST 63718 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:21.639100075 CEST 53 63718 8.8.8.8 192.168.2.6 May 7, 2021 09:38:21.986836910 CEST 62116 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:22.051100969 CEST 53 62116 8.8.8.8 192.168.2.6 May 7, 2021 09:38:22.406426907 CEST 63816 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:22.463510990 CEST 53 63816 8.8.8.8 192.168.2.6 May 7, 2021 09:38:22.599391937 CEST 63718 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:22.659938097 CEST 53 63718 8.8.8.8 192.168.2.6 May 7, 2021 09:38:23.404380083 CEST 63816 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:23.453069925 CEST 53 63816 8.8.8.8 192.168.2.6 May 7, 2021 09:38:23.699790955 CEST 63718 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:23.751368999 CEST 53 63718 8.8.8.8 192.168.2.6 May 7, 2021 09:38:24.412749052 CEST 63816 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:24.461469889 CEST 53 63816 8.8.8.8 192.168.2.6 May 7, 2021 09:38:26.533607006 CEST 63816 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:26.582303047 CEST 53 63816 8.8.8.8 192.168.2.6 May 7, 2021 09:38:26.845130920 CEST 63718 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:26.898526907 CEST 53 63718 8.8.8.8 192.168.2.6 May 7, 2021 09:38:27.876755953 CEST 55014 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:27.940932989 CEST 53 55014 8.8.8.8 192.168.2.6 May 7, 2021 09:38:28.257164001 CEST 62208 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:28.317039013 CEST 53 62208 8.8.8.8 192.168.2.6 May 7, 2021 09:38:28.949089050 CEST 57574 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:28.958969116 CEST 51818 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:28.984229088 CEST 56628 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:29.012680054 CEST 53 57574 8.8.8.8 192.168.2.6 May 7, 2021 09:38:29.016211033 CEST 60778 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:29.022725105 CEST 53 51818 8.8.8.8 192.168.2.6 May 7, 2021 09:38:29.049554110 CEST 53 56628 8.8.8.8 192.168.2.6 May 7, 2021 09:38:29.067718029 CEST 53 60778 8.8.8.8 192.168.2.6 May 7, 2021 09:38:29.099458933 CEST 53799 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:29.099502087 CEST 54683 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:29.162856102 CEST 53 54683 8.8.8.8 192.168.2.6 May 7, 2021 09:38:29.180320024 CEST 53 53799 8.8.8.8 192.168.2.6 May 7, 2021 09:38:30.305332899 CEST 59329 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:30.374386072 CEST 53 59329 8.8.8.8 192.168.2.6 May 7, 2021 09:38:30.539602041 CEST 63816 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:30.588143110 CEST 53 63816 8.8.8.8 192.168.2.6 May 7, 2021 09:38:30.853735924 CEST 63718 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:30.905529976 CEST 53 63718 8.8.8.8 192.168.2.6 May 7, 2021 09:38:32.190252066 CEST 64021 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:32.241624117 CEST 53 64021 8.8.8.8 192.168.2.6 May 7, 2021 09:38:36.749115944 CEST 56129 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:36.811682940 CEST 53 56129 8.8.8.8 192.168.2.6 May 7, 2021 09:38:37.266287088 CEST 58177 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:37.340826035 CEST 53 58177 8.8.8.8 192.168.2.6 May 7, 2021 09:38:37.449244022 CEST 50700 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:37.508037090 CEST 53 50700 8.8.8.8 192.168.2.6 May 7, 2021 09:38:37.607266903 CEST 54069 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:37.671894073 CEST 53 54069 8.8.8.8 192.168.2.6 May 7, 2021 09:38:38.555568933 CEST 61178 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:38.565552950 CEST 57017 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:38.616978884 CEST 56327 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:38.625065088 CEST 53 61178 8.8.8.8 192.168.2.6 May 7, 2021 09:38:38.650015116 CEST 50243 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:38.668486118 CEST 53 56327 8.8.8.8 192.168.2.6 May 7, 2021 09:38:38.716366053 CEST 53 50243 8.8.8.8 192.168.2.6 May 7, 2021 09:38:38.849637032 CEST 53 57017 8.8.8.8 192.168.2.6 May 7, 2021 09:38:41.079509974 CEST 62055 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:41.145318031 CEST 53 62055 8.8.8.8 192.168.2.6 May 7, 2021 09:38:45.090842009 CEST 61249 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:45.163724899 CEST 53 61249 8.8.8.8 192.168.2.6
Copyright Joe Security LLC 2021 Page 55 of 63 Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:38:45.739283085 CEST 65252 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:45.789643049 CEST 53 65252 8.8.8.8 192.168.2.6 May 7, 2021 09:38:46.600588083 CEST 64367 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:46.660100937 CEST 53 64367 8.8.8.8 192.168.2.6 May 7, 2021 09:38:55.107261896 CEST 55066 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:55.171190023 CEST 53 55066 8.8.8.8 192.168.2.6 May 7, 2021 09:38:55.383951902 CEST 60211 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:55.494899988 CEST 56570 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:55.495002031 CEST 53 60211 8.8.8.8 192.168.2.6 May 7, 2021 09:38:55.546113968 CEST 53 56570 8.8.8.8 192.168.2.6 May 7, 2021 09:38:56.040810108 CEST 58454 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:56.333193064 CEST 53 58454 8.8.8.8 192.168.2.6 May 7, 2021 09:38:57.318428993 CEST 55180 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:57.370022058 CEST 53 55180 8.8.8.8 192.168.2.6 May 7, 2021 09:38:57.581460953 CEST 58721 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:57.760310888 CEST 53 58721 8.8.8.8 192.168.2.6 May 7, 2021 09:38:58.316101074 CEST 55180 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:58.367599010 CEST 53 55180 8.8.8.8 192.168.2.6 May 7, 2021 09:38:59.064949989 CEST 57691 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:59.125859976 CEST 53 57691 8.8.8.8 192.168.2.6 May 7, 2021 09:38:59.228961945 CEST 52943 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:59.236172915 CEST 59489 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:59.286861897 CEST 64022 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:59.295314074 CEST 53 59489 8.8.8.8 192.168.2.6 May 7, 2021 09:38:59.296804905 CEST 53 52943 8.8.8.8 192.168.2.6 May 7, 2021 09:38:59.328252077 CEST 55180 53 192.168.2.6 8.8.8.8 May 7, 2021 09:38:59.348948956 CEST 53 64022 8.8.8.8 192.168.2.6 May 7, 2021 09:38:59.379579067 CEST 53 55180 8.8.8.8 192.168.2.6 May 7, 2021 09:39:01.328418970 CEST 55180 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:01.379933119 CEST 53 55180 8.8.8.8 192.168.2.6 May 7, 2021 09:39:01.949397087 CEST 60023 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:02.014708042 CEST 53 60023 8.8.8.8 192.168.2.6 May 7, 2021 09:39:02.211958885 CEST 57193 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:02.269254923 CEST 53 57193 8.8.8.8 192.168.2.6 May 7, 2021 09:39:05.872334003 CEST 55180 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:05.923827887 CEST 53 55180 8.8.8.8 192.168.2.6 May 7, 2021 09:39:06.454734087 CEST 50248 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:06.517085075 CEST 53 50248 8.8.8.8 192.168.2.6 May 7, 2021 09:39:06.963140965 CEST 64413 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:07.025496006 CEST 53 64413 8.8.8.8 192.168.2.6 May 7, 2021 09:39:08.012900114 CEST 60429 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:08.115453959 CEST 60345 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:08.177206039 CEST 53 60429 8.8.8.8 192.168.2.6 May 7, 2021 09:39:08.183339119 CEST 53 60345 8.8.8.8 192.168.2.6 May 7, 2021 09:39:09.139431953 CEST 58730 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:09.198896885 CEST 53 58730 8.8.8.8 192.168.2.6 May 7, 2021 09:39:11.073504925 CEST 53830 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:11.134599924 CEST 53 53830 8.8.8.8 192.168.2.6 May 7, 2021 09:39:15.513430119 CEST 57226 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:15.516606092 CEST 57880 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:15.519337893 CEST 60850 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:15.523466110 CEST 53187 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:15.527554989 CEST 55830 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:15.576613903 CEST 53 53187 8.8.8.8 192.168.2.6 May 7, 2021 09:39:15.580584049 CEST 53 57226 8.8.8.8 192.168.2.6 May 7, 2021 09:39:15.581377983 CEST 53 60850 8.8.8.8 192.168.2.6 May 7, 2021 09:39:15.589286089 CEST 53 55830 8.8.8.8 192.168.2.6 May 7, 2021 09:39:15.599076986 CEST 53 57880 8.8.8.8 192.168.2.6 May 7, 2021 09:39:17.063244104 CEST 55145 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:17.126997948 CEST 53 55145 8.8.8.8 192.168.2.6 May 7, 2021 09:39:24.605655909 CEST 64091 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:24.680123091 CEST 53 64091 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.466079950 CEST 55728 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.470467091 CEST 55694 53 192.168.2.6 8.8.8.8
Copyright Joe Security LLC 2021 Page 56 of 63 Timestamp Source Port Dest Port Source IP Dest IP May 7, 2021 09:39:25.506815910 CEST 53926 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.515475035 CEST 65531 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.520313978 CEST 65437 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.520618916 CEST 54590 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.520838976 CEST 51318 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.528075933 CEST 53 55728 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.529679060 CEST 53 55694 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.575953960 CEST 53 65531 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.579745054 CEST 53 53926 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.579766035 CEST 53 65437 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.579782009 CEST 53 51318 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.597511053 CEST 53 54590 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.611557961 CEST 60888 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.615684986 CEST 58474 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:25.674088001 CEST 53 60888 8.8.8.8 192.168.2.6 May 7, 2021 09:39:25.747349024 CEST 53 58474 8.8.8.8 192.168.2.6 May 7, 2021 09:39:42.956907988 CEST 64575 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:43.023061037 CEST 53 64575 8.8.8.8 192.168.2.6 May 7, 2021 09:39:45.615497112 CEST 59092 53 192.168.2.6 8.8.8.8 May 7, 2021 09:39:45.679204941 CEST 53 59092 8.8.8.8 192.168.2.6
DNS Queries
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class May 7, 2021 09:37:53.006890059 CEST 192.168.2.6 8.8.8.8 0x36e8 Standard query hmk-my.sha A (IP address) IN (0x0001) (0) repoint.com May 7, 2021 09:37:55.449343920 CEST 192.168.2.6 8.8.8.8 0x4209 Standard query spoprod-a. A (IP address) IN (0x0001) (0) akamaihd.net May 7, 2021 09:38:09.660644054 CEST 192.168.2.6 8.8.8.8 0x751a Standard query hmk-my.sha A (IP address) IN (0x0001) (0) repoint.com May 7, 2021 09:38:28.949089050 CEST 192.168.2.6 8.8.8.8 0x618b Standard query ajax.aspne A (IP address) IN (0x0001) (0) tcdn.com May 7, 2021 09:38:29.099458933 CEST 192.168.2.6 8.8.8.8 0x6ad6 Standard query assets.one A (IP address) IN (0x0001) (0) store.ms May 7, 2021 09:38:38.650015116 CEST 192.168.2.6 8.8.8.8 0xb18a Standard query mem.gfx.ms A (IP address) IN (0x0001) (0) May 7, 2021 09:38:45.090842009 CEST 192.168.2.6 8.8.8.8 0x43a4 Standard query logincdn.m A (IP address) IN (0x0001) (0) sauth.net May 7, 2021 09:38:45.739283085 CEST 192.168.2.6 8.8.8.8 0xe756 Standard query aka.ms A (IP address) IN (0x0001) (0) May 7, 2021 09:38:55.494899988 CEST 192.168.2.6 8.8.8.8 0x881b Standard query amp.azure.net A (IP address) IN (0x0001) (0) May 7, 2021 09:38:59.236172915 CEST 192.168.2.6 8.8.8.8 0xe59c Standard query assets.ado A (IP address) IN (0x0001) (0) bedtm.com May 7, 2021 09:39:01.949397087 CEST 192.168.2.6 8.8.8.8 0x75e8 Standard query offertoold A (IP address) IN (0x0001) (0) ataprod.bl ob.core.wi ndows.net May 7, 2021 09:39:15.516606092 CEST 192.168.2.6 8.8.8.8 0x4bcc Standard query mem.gfx.ms A (IP address) IN (0x0001) (0) May 7, 2021 09:39:15.519337893 CEST 192.168.2.6 8.8.8.8 0x68eb Standard query assets.one A (IP address) IN (0x0001) (0) store.ms May 7, 2021 09:39:15.527554989 CEST 192.168.2.6 8.8.8.8 0x1c5f Standard query microsoftw A (IP address) IN (0x0001) (0) indows.112 .2o7.net May 7, 2021 09:39:25.466079950 CEST 192.168.2.6 8.8.8.8 0x3485 Standard query assets.one A (IP address) IN (0x0001) (0) store.ms May 7, 2021 09:39:25.470467091 CEST 192.168.2.6 8.8.8.8 0xe815 Standard query mem.gfx.ms A (IP address) IN (0x0001) (0) May 7, 2021 09:39:25.520313978 CEST 192.168.2.6 8.8.8.8 0xc4e7 Standard query statics-wc A (IP address) IN (0x0001) (0) us.onestore.ms May 7, 2021 09:39:25.520618916 CEST 192.168.2.6 8.8.8.8 0xd660 Standard query statics-eu A (IP address) IN (0x0001) (0) s.onestore.ms May 7, 2021 09:39:25.520838976 CEST 192.168.2.6 8.8.8.8 0x9f30 Standard query statics-ea A (IP address) IN (0x0001) (0) s.onestore.ms May 7, 2021 09:39:25.611557961 CEST 192.168.2.6 8.8.8.8 0xd234 Standard query statics-ne A (IP address) IN (0x0001) (0) u.onestore.ms May 7, 2021 09:39:25.615684986 CEST 192.168.2.6 8.8.8.8 0x74dc Standard query cart.produ A (IP address) IN (0x0001) (0) ction.store- web.dyna mics.com
Copyright Joe Security LLC 2021 Page 57 of 63 DNS Answers
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class May 7, 2021 8.8.8.8 192.168.2.6 0x36e8 No error (0) hmk-my.sha hmk.sharepoint.com CNAME IN (0x0001) 09:37:53.169765949 repoint.com (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x36e8 No error (0) hmk.sharep 1115- CNAME IN (0x0001) 09:37:53.169765949 oint.com ipv4e.clump.prod.aa- (Canonical CEST rt.sharepoint.com name) May 7, 2021 8.8.8.8 192.168.2.6 0x36e8 No error (0) 1115-ipv4e 19820- CNAME IN (0x0001) 09:37:53.169765949 .clump.prod.aa- ipv4e.farm.prod.aa- (Canonical CEST rt.sharepoint.c rt.sharepoint.com name) om May 7, 2021 8.8.8.8 192.168.2.6 0x36e8 No error (0) 19820-ipv4 19820- CNAME IN (0x0001) 09:37:53.169765949 e.farm.prod.aa- ipv4e.farm.prod.sharepoin (Canonical CEST rt.sharepoint.c tonline.com.akadns.net name) om May 7, 2021 8.8.8.8 192.168.2.6 0x4209 No error (0) spoprod-a. spoprod- CNAME IN (0x0001) 09:37:55.515945911 akamaihd.net a.akamaihd.net.edgesuite (Canonical CEST .net name) May 7, 2021 8.8.8.8 192.168.2.6 0x751a No error (0) hmk-my.sha hmk.sharepoint.com CNAME IN (0x0001) 09:38:09.722592115 repoint.com (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x751a No error (0) hmk.sharep 1115- CNAME IN (0x0001) 09:38:09.722592115 oint.com ipv4e.clump.prod.aa- (Canonical CEST rt.sharepoint.com name) May 7, 2021 8.8.8.8 192.168.2.6 0x751a No error (0) 1115-ipv4e 19820- CNAME IN (0x0001) 09:38:09.722592115 .clump.prod.aa- ipv4e.farm.prod.aa- (Canonical CEST rt.sharepoint.c rt.sharepoint.com name) om May 7, 2021 8.8.8.8 192.168.2.6 0x751a No error (0) 19820-ipv4 19820- CNAME IN (0x0001) 09:38:09.722592115 e.farm.prod.aa- ipv4e.farm.prod.sharepoin (Canonical CEST rt.sharepoint.c tonline.com.akadns.net name) om May 7, 2021 8.8.8.8 192.168.2.6 0x618b No error (0) ajax.aspne mscomajax.vo.msecnd.ne CNAME IN (0x0001) 09:38:29.012680054 tcdn.com t (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x6ad6 No error (0) assets.one assets.onestore.ms.akad CNAME IN (0x0001) 09:38:29.180320024 store.ms ns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xdbe4 No error (0) prda.aadg. www.tm.a.prd.aadg.akadn CNAME IN (0x0001) 09:38:37.340826035 msidentity.com s.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x979c No error (0) consentdel firstparty-azurefd- CNAME IN (0x0001) 09:38:38.668486118 iveryfd.az prod.trafficmanager.net (Canonical CEST urefd.net name) May 7, 2021 8.8.8.8 192.168.2.6 0xb18a No error (0) mem.gfx.ms cdn.account.microsoft.co CNAME IN (0x0001) 09:38:38.716366053 m.akadns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x43a4 No error (0) logincdn.m lgincdn.trafficmanager.net CNAME IN (0x0001) 09:38:45.163724899 sauth.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x43a4 No error (0) cs1227.wpc 192.229.221.185 A (IP address) IN (0x0001) 09:38:45.163724899 .alphacdn.net CEST May 7, 2021 8.8.8.8 192.168.2.6 0xe756 No error (0) aka.ms 95.101.18.109 A (IP address) IN (0x0001) 09:38:45.789643049 CEST May 7, 2021 8.8.8.8 192.168.2.6 0x881b No error (0) amp.azure.net 160c1.wpc.azureedge.net CNAME IN (0x0001) 09:38:55.546113968 (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xe59c No error (0) assets.ado cn- CNAME IN (0x0001) 09:38:59.295314074 bedtm.com assets.adobedtm.com.ed (Canonical CEST gekey.net name) May 7, 2021 8.8.8.8 192.168.2.6 0x75e8 No error (0) offertoold blob.bl6prdstr14a.store.co CNAME IN (0x0001) 09:39:02.014708042 ataprod.bl re.windows.net (Canonical CEST ob.core.wi name) ndows.net May 7, 2021 8.8.8.8 192.168.2.6 0x75e8 No error (0) blob.bl6pr 52.239.152.74 A (IP address) IN (0x0001) 09:39:02.014708042 dstr14a.st CEST ore.core.w indows.net May 7, 2021 8.8.8.8 192.168.2.6 0x68eb No error (0) assets.one assets.onestore.ms.akad CNAME IN (0x0001) 09:39:15.581377983 store.ms ns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x1c5f No error (0) microsoftw 15.237.136.106 A (IP address) IN (0x0001) 09:39:15.589286089 indows.112 CEST .2o7.net
Copyright Joe Security LLC 2021 Page 58 of 63 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class May 7, 2021 8.8.8.8 192.168.2.6 0x1c5f No error (0) microsoftw 35.181.18.61 A (IP address) IN (0x0001) 09:39:15.589286089 indows.112 CEST .2o7.net May 7, 2021 8.8.8.8 192.168.2.6 0x1c5f No error (0) microsoftw 15.237.76.117 A (IP address) IN (0x0001) 09:39:15.589286089 indows.112 CEST .2o7.net May 7, 2021 8.8.8.8 192.168.2.6 0x4bcc No error (0) mem.gfx.ms cdn.account.microsoft.co CNAME IN (0x0001) 09:39:15.599076986 m.akadns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x3485 No error (0) assets.one assets.onestore.ms.akad CNAME IN (0x0001) 09:39:25.528075933 store.ms ns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xe815 No error (0) mem.gfx.ms cdn.account.microsoft.co CNAME IN (0x0001) 09:39:25.529679060 m.akadns.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xc4e7 No error (0) statics-wc statics.onestore.ms.edge CNAME IN (0x0001) 09:39:25.579766035 us.onestore.ms key.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x9f30 No error (0) statics-ea statics.onestore.ms.edge CNAME IN (0x0001) 09:39:25.579782009 s.onestore.ms key.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xd660 No error (0) statics-eu statics.onestore.ms.edge CNAME IN (0x0001) 09:39:25.597511053 s.onestore.ms key.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0xd234 No error (0) statics-ne statics.onestore.ms.edge CNAME IN (0x0001) 09:39:25.674088001 u.onestore.ms key.net (Canonical CEST name) May 7, 2021 8.8.8.8 192.168.2.6 0x74dc No error (0) cart.produ storeweb-cart- CNAME IN (0x0001) 09:39:25.747349024 ction.store- prod.trafficmanager.net (Canonical CEST web.dyna name) mics.com May 7, 2021 8.8.8.8 192.168.2.6 0x74dc No error (0) cart.north sw-prod-appgwpublicip- CNAME IN (0x0001) 09:39:25.747349024 europe.pro northeurope.northeurope. (Canonical CEST duction.store- cloudapp.azure.com name) web.dy namics.com
HTTPS Packets
Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 7, 2021 192.229.221.185 443 192.168.2.6 49777 CN=identitycdn.msauth.net, CN=DigiCert SHA2 Mon Jul Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 09:38:45.257028103 O=Microsoft Corporation, Secure Server CA, 20 20 49195-49200- 424db3a98c CEST L=Redmond, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Washington, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US CN=DigiCert Global O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- Root CA, CN=DigiCert Global CET 13:00:00 61-60-53-47- OU=www.digicert.com, Root CA, 2013 Fri CET 10,0-10-11-13- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 10 2023 35-16-23-24- O=DigiCert Inc, C=US 01:00:00 Mon 65281,29-23- CET Nov 10 24,0 2006 01:00:00 CET 2031 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 CN=DigiCert Global Root CN=DigiCert Global Fri Nov Mon CA, OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 May 7, 2021 192.229.221.185 443 192.168.2.6 49778 CN=identitycdn.msauth.net, CN=DigiCert SHA2 Mon Jul Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 09:38:45.258343935 O=Microsoft Corporation, Secure Server CA, 20 20 49195-49200- 424db3a98c CEST L=Redmond, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Washington, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US CN=DigiCert Global O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- Root CA, CN=DigiCert Global CET 13:00:00 61-60-53-47- OU=www.digicert.com, Root CA, 2013 Fri CET 10,0-10-11-13- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 10 2023 35-16-23-24- O=DigiCert Inc, C=US 01:00:00 Mon 65281,29-23- CET Nov 10 24,0 2006 01:00:00 CET 2031
Copyright Joe Security LLC 2021 Page 59 of 63 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 CN=DigiCert Global Root CN=DigiCert Global Fri Nov Mon CA, OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 May 7, 2021 95.101.18.109 443 192.168.2.6 49779 CN=go.microsoft.com, CN=Microsoft RSA TLS Thu Jan Fri Jan 771,49196- 9e10692f1b7f78228b2d4e 09:38:45.905904055 OU=Microsoft Corporation, CA 01, O=Microsoft 07 07 49195-49200- 424db3a98c CEST O=Microsoft Corporation, Corporation, C=US 22:45:54 22:45:54 49199-49188- L=Redmond, ST=WA, C=US CN=Baltimore CET CET 49187-49192- CN=Microsoft RSA TLS CA CyberTrust Root, 2021 2022 49191-49162- 01, O=Microsoft Corporation, OU=CyberTrust, Wed Jul Tue Oct 49161-49172- C=US O=Baltimore, C=IE 22 08 49171-157-156- 01:00:00 09:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2024 35-16-23-24- 65281,29-23- CN=Microsoft RSA TLS CA CN=Baltimore Wed Jul Tue Oct 24,0 01, O=Microsoft Corporation, CyberTrust Root, 22 08 C=US OU=CyberTrust, 01:00:00 09:00:00 O=Baltimore, C=IE CEST CEST 2020 2024 May 7, 2021 95.101.18.109 443 192.168.2.6 49780 CN=go.microsoft.com, CN=Microsoft RSA TLS Thu Jan Fri Jan 771,49196- 9e10692f1b7f78228b2d4e 09:38:45.906102896 OU=Microsoft Corporation, CA 01, O=Microsoft 07 07 49195-49200- 424db3a98c CEST O=Microsoft Corporation, Corporation, C=US 22:45:54 22:45:54 49199-49188- L=Redmond, ST=WA, C=US CN=Baltimore CET CET 49187-49192- CN=Microsoft RSA TLS CA CyberTrust Root, 2021 2022 49191-49162- 01, O=Microsoft Corporation, OU=CyberTrust, Wed Jul Tue Oct 49161-49172- C=US O=Baltimore, C=IE 22 08 49171-157-156- 01:00:00 09:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2020 2024 35-16-23-24- 65281,29-23- CN=Microsoft RSA TLS CA CN=Baltimore Wed Jul Tue Oct 24,0 01, O=Microsoft Corporation, CyberTrust Root, 22 08 C=US OU=CyberTrust, 01:00:00 09:00:00 O=Baltimore, C=IE CEST CEST 2020 2024
Code Manipulations
Statistics
Behavior
• iexplore.exe • iexplore.exe • dllhost.exe • explorer.exe • iexplore.exe
Click to jump to process
Copyright Joe Security LLC 2021 Page 60 of 63 System Behavior
Analysis Process: iexplore.exe PID: 4292 Parent PID: 792
General
Start time: 09:37:50 Start date: 07/05/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff721e20000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Analysis Process: iexplore.exe PID: 5400 Parent PID: 4292
General
Start time: 09:37:51 Start date: 07/05/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:17410 /prefetch:2 Imagebase: 0x1320000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol Copyright Joe Security LLC 2021 Page 61 of 63 Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Name Type Data Completion Count Address Symbol
Analysis Process: dllhost.exe PID: 6600 Parent PID: 792
General
Start time: 09:38:09 Start date: 07/05/2021 Path: C:\Windows\System32\dllhost.exe Wow64 process (32bit): false Commandline: C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D } Imagebase: 0x7ff716560000 File size: 20888 bytes MD5 hash: 2528137C6745C4EADD87817A1909677E Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Offset Length Completion Count Address Symbol
Analysis Process: explorer.exe PID: 3440 Parent PID: 6600
General
Start time: 09:38:10 Start date: 07/05/2021 Path: C:\Windows\explorer.exe Wow64 process (32bit): false Commandline: Imagebase: 0x7ff6f22f0000 File size: 3933184 bytes MD5 hash: AD5296B280E8F522A8A897C96BAB0E1D Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Copyright Joe Security LLC 2021 Page 62 of 63 Analysis Process: iexplore.exe PID: 724 Parent PID: 4292
General
Start time: 09:38:23 Start date: 07/05/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4292 CREDAT:82952 /prefetch:2 Imagebase: 0x1320000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Disassembly
Code Analysis
Copyright Joe Security LLC 2021 Page 63 of 63
