Automated Malware Analysis Report for Log in to Slideshare.Htm

ID: 221261 Sample Name: Log in to SlideShare.htm Cookbook: defaultwindowshtmlcookbook.jbs Time: 18:03:06 Date: 08/04/2020 Version: 28.0.0 Lapis Lazuli Table of Contents

Table of Contents 2 Analysis Report Log in to SlideShare.htm 4 Overview 4 General Information 4 Detection 5 Confidence 5 Classification Spiderchart 5 Analysis Advice 6 Mitre Att&ck Matrix 6 Signature Overview 7 Phishing: 7 Networking: 7 System Summary: 7 Malware Configuration 8 Behavior Graph 8 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 9 URLs 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Sigma Overview 9 Joe Sandbox View / Context 9 IPs 9 Domains 10 ASN 10 JA3 Fingerprints 12 Dropped Files 14 Screenshots 14 Thumbnails 14 Startup 15 Created / dropped Files 15 Domains and IPs 43 Contacted Domains 43 URLs from Memory and Binaries 43 Contacted IPs 46 Public 46 Static File Info 46 General 46 Network Behavior 47 Network Port Distribution 47 TCP Packets 47 UDP Packets 49 DNS Queries 50 DNS Answers 50 HTTP Request Dependency Graph 52 HTTP Packets 52 HTTPS Packets 52 Code Manipulations 59 Copyright Joe Security LLC 2020 Page 2 of 61 Statistics 59 Behavior 59 System Behavior 60 Analysis Process: iexplore.exe PID: 4384 Parent PID: 696 60 General 60 File Activities 60 Registry Activities 60 Analysis Process: iexplore.exe PID: 4660 Parent PID: 4384 60 General 60 File Activities 61 Registry Activities 61 Disassembly 61

Overview

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 221261 Start date: 08.04.2020 Start time: 18:03:06 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 25s Hypervisor based Inspection enabled: false Report type: light Sample file name: Log in to SlideShare.htm Cookbook file name: defaultwindowshtmlcookbook.jbs Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: EGA enabled HDC enabled AMSI enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean2.winHTM@3/129@19/8 Cookbook Comments: Adjust boot time Enable AMSI Found application associated with file extension: .htm Browsing link: http://www.linkedin.com/legal/user- agreement Browsing link: http://www.link edin.com/legal/privacy-policy Browsing link: https://www.slideshare.net/ Browsing link: https://www.slideshare.net/w/forgot- password Browsing link: https://www.slideshare.net/w/signup Browsing link: https://www.slideshare.net/terms Browsing link: https://www.slideshare.net/privacy

Copyright Joe Security LLC 2020 Page 4 of 61 Warnings: Show All Exclude process from analysis (whitelisted): ielowutil.exe, WMIADAP.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.61.218.119, 72.247.224.45, 72.247.224.69, 92.122.222.100, 172.217.16.136, 152.199.19.161, 8.253.207.120, 8.241.121.254, 8.241.123.126, 67.27.159.126, 67.26.137.254 Excluded domains from analysis (whitelisted): 2-01- 2c3e-003c.cdx.cedexis.net, e1879.e7.akamaiedge.net, fs.microsoft.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, 2-01-2c3e-003d.cdx.cedexis.net, e11290.dspg.akamaiedge.net, ssl.google- analytics.com, iecvlist.microsoft.com, e1107.g.akamaiedge.net, go.microsoft.com, 2-01- 2c3e-0055.cdx.cedexis.net, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, sb.scorecardresearch.com.edgekey.net, wildcard.slidesharecdn.com.edgekey.net, ssl- google-analytics.l.google.com, auto.au.download.windowsupdate.com.c.footprint.n et, prod.fs.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtQueryAttributesFile calls found.

Detection

Strategy Score Range Reporting Whitelisted Detection

Threshold 2 0 - 100 false

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 4 0 - 5 false

Classification Spiderchart

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Valid Graphical User Winlogon Process Masquerading 1 Credential File and Remote File Data from Data Standard Eavesdrop on Remotely Accounts Interface 1 Helper DLL Injection 1 Dumping Directory Copy 1 Local Compressed Cryptographic Insecure Track Device Discovery 1 System Protocol 2 Network Without Communication Authorization Replication Service Port Accessibility Process Network Application Remote Data from Exfiltration Standard Exploit SS7 to Remotely Through Execution Monitors Features Injection 1 Sniffing Window Services Removable Over Other Non- Redirect Phone Wipe Data Removable Discovery Media Network Application Calls/SMS Without Media Medium Layer Authorization Protocol 2

Copyright Joe Security LLC 2020 Page 6 of 61 Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects External Windows Accessibility Path Obfuscated Files Input Query Windows Data from Automated Standard Exploit SS7 to Obtain Remote Management Features Interception or Information 1 Capture Registry Remote Network Exfiltration Application Track Device Device Services Instrumentation Management Shared Layer Location Cloud Drive Protocol 3 Backups Drive-by Scheduled System DLL Search Obfuscated Files Credentials System Logon Input Data Remote File SIM Card Compromise Task Firmware Order or Information in Files Network Scripts Capture Encrypted Copy 1 Swap Hijacking Configuration Discovery

Signature Overview

Click to jump to signature section

Phishing:

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

META author tag missing

META copyright tag missing

Networking:

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Downloads files from webservers via HTTP

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Uses new MSVCR Dlls

No configs have been found

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 221261 Process Sample: Log in to SlideShare.htm Signature Startdate: 08/04/2020 Architecture: WINDOWS Created File Score: 2 DNS/IP Info Is Dropped

Is Windows Process

public.slidesharecdn.com started Number of created Registry Values

Number of created Files

Visual Basic

iexplore.exe Delphi

Java

.Net C# or VB.NET 3 84 C, C++ or other language

Is malicious

Internet www.slideshare.net www.linkedin.com 6 other IPs or domains started

iexplore.exe

5 153

i2-munuxufknncomduhzgrrfiiuyyrynd.init.cedexis-radar.net cs1404.wpc.epsiloncdn.net

104.225.98.130, 443, 49767, 49768 152.199.21.118, 443, 49753, 49754 20 other IPs or domains unknown unknown United States United States

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches Copyright Joe Security LLC 2020 Page 8 of 61 No Antivirus matches

Domains

Source Detection Scanner Label Link 2-01-2a40-0017.cdx.cdxcn.net 0% Virustotal Browse cs767.wpc.epsiloncdn.net 0% Virustotal Browse cs1404.wpc.epsiloncdn.net 0% Virustotal Browse 2-01-2a40-0015.cdx.cdxcn.net 0% Virustotal Browse sb.scorecardresearch.com 0% Virustotal Browse

URLs

Source Detection Scanner Label Link b.scorecardresearch.com/b?c1=2&c2=6402952&c3=&c4=&c5=&c6=&c15=&cv 0% Avira URL Cloud safe www.youradchoices.ca/choices 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

Match Associated Sample Name / URL SHA 256 Detection Link Context 152.199.21.118 https://kz.f-chain.com/ Get hash malicious Browse moneycrashers.pdf Get hash malicious Browse 152.199.22.144 https://kz.f-chain.com/ Get hash malicious Browse 35.241.56.184 www.provitec.fr Get hash malicious Browse advisegroup.cl Get hash malicious Browse Attachments.html Get hash malicious Browse synovuscoin.com Get hash malicious Browse Copyright Joe Security LLC 2020 Page 9 of 61 Match Associated Sample Name / URL SHA 256 Detection Link Context pcx-ray.com/? Get hash malicious Browse 08Isu8=YImzY1RQRKBrDCUyTBMAUUCtBOVCG2CQi fishfinderland.com Get hash malicious Browse www.wholeyum.com Get hash malicious Browse https://messerlikramer.sharefile.com/d- Get hash malicious Browse sf32239b200b45d2b www.egtenterprise.com Get hash malicious Browse 104.225.98.130 FAXXv_SCN902042019_2_page (1).pdf Get hash malicious Browse Attachments.html Get hash malicious Browse synovuscoin.com Get hash malicious Browse pcx-ray.com/? Get hash malicious Browse 08Isu8=YImzY1RQRKBrDCUyTBMAUUCtBOVCG2CQi www.wholeyum.com Get hash malicious Browse 185.63.145.1 Scan77120.pdf Get hash malicious Browse www.linked in.com/in/ kelleyconnors www.youtube-video-downloader.xyz/ Get hash malicious Browse www.linked in.com/sha reArticle? mini=true& url=http%3 A%2F%2Fwww .youtube-video- downloader.xyz& title= Amazon-Service-Center.docx Get hash malicious Browse www.linked in.com/slink? code=fAqBcUU? Amaz onAccountS tatement Document-Info#ID8474620.doc Get hash malicious Browse www.linked in.com/slink? code=fMfYbGn? APPS831PK Document-Info#ID8474620.doc Get hash malicious Browse www.linked in.com/slink? code=fMfYbGn? APPS831PK

Domains

Match Associated Sample Name / URL SHA 256 Detection Link Context 2-01-2a40-0017.cdx.cdxcn.net https://thechapel.sharefile.com/d-sc8d754399b145a99 Get hash malicious Browse 45.54.49.5 https://thechapel.sharefile.com/d-sdb61375752e4c12a Get hash malicious Browse 35.241.57.45 https://cueinclinetteradford.sharefile.com/d- Get hash malicious Browse 35.241.57.45 s84586667d9042bc9 patinajeenlineamiranda.com/wp- Get hash malicious Browse 35.241.57.45 content/plugins/SPEEDPLUGGIN/SPEED/auth.php www.provitec.fr Get hash malicious Browse 176.58.89.15 https://zdbd12.co.vu/link/login.html? Get hash malicious Browse 192.73.243.209 [email protected] www.argosrl.com Get hash malicious Browse 208.111.40.59 www.argosrl.com Get hash malicious Browse 192.73.240.213 advisegroup.cl Get hash malicious Browse 35.241.57.45 https://linuxsecurity.com/index.php? Get hash malicious Browse 35.241.57.45 subid=689&option=com_acymailing&ctrl=user&task=confirm& key=4LLih9J0wGKpYL FAXXv_SCN902042019_2_page (1).pdf Get hash malicious Browse 45.54.49.5 Attachments.html Get hash malicious Browse 45.54.49.5 Scan77120.pdf Get hash malicious Browse 35.241.57.45 Amazon-Service-Center.docx Get hash malicious Browse 35.241.57.45 https://www.nppa.com.au/consumers/find-my-institution Get hash malicious Browse 35.241.57.45 www.industrialrhythm.com/ Get hash malicious Browse 45.54.49.5 https://photos.app.goo.gl/CNdVEqoUGu9vCY6o6 Get hash malicious Browse 45.54.49.5 synovuscoin.com Get hash malicious Browse 35.241.57.45 pcx-ray.com/? Get hash malicious Browse 45.54.49.5 08Isu8=YImzY1RQRKBrDCUyTBMAUUCtBOVCG2CQi fishfinderland.com Get hash malicious Browse 35.241.57.45

ASN

Copyright Joe Security LLC 2020 Page 10 of 61 Match Associated Sample Name / URL SHA 256 Detection Link Context unknown COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 https://zshorten.com/8xbbP Get hash malicious Browse 67.199.248.11 COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 cbctmagazine.in/cursors/33283/33283.zip Get hash malicious Browse 66.85.166.163 archivo Denuncias.csv Get hash malicious Browse 111.90.156.18 www.springdwnld2.com/ Get hash malicious Browse 18.210.55.222 bsgsgsl.com SharedDocument.html Get hash malicious Browse 95.216.24.32 rufus-3.9.exe Get hash malicious Browse 185.199.11 1.153 https://firebasestorage.googleapis.com/v0/b/auth20- Get hash malicious Browse 104.16.133.229 outlook.appspot.com/o/ind.htm?alt=media&token=0f1a994b- 271e-4be8-be2d-c30401587782#[email protected] Case_notif_929997.xls Get hash malicious Browse 52.114.88.29 169.239.128.168 Get hash malicious Browse 169.239.12 8.168 zrimsbnd.exe Get hash malicious Browse 127.0.0.1 bsgsgsl.com SharedDocument.html Get hash malicious Browse 3.132.140.88

https://kellybroganmd.com/thyroid-dysfunction-and- Get hash malicious Browse 198.61.165.71 treatment/ https://kittysfirstpurse.com/? Get hash malicious Browse 103.229.21 [email protected] 1.164 bDIHUbWRzJ.exe Get hash malicious Browse 104.23.98.190 order.31241.xls Get hash malicious Browse 52.114.158.91 Get hash malicious Browse 52.97.137.146 https://firebasestorage.googleapis.com/v0/b/hhhyyffft.appspot. com/o/index.html?alt=media&token=7b676f2c-b77b-4204- 8999-86a9179bd50a#[email protected] request_contr.2380.xls Get hash malicious Browse 52.114.133.60 ______.exe Get hash malicious Browse 35.208.146.4 unknown COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 https://zshorten.com/8xbbP Get hash malicious Browse 67.199.248.11 COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 cbctmagazine.in/cursors/33283/33283.zip Get hash malicious Browse 66.85.166.163 archivo Denuncias.csv Get hash malicious Browse 111.90.156.18 www.springdwnld2.com/ Get hash malicious Browse 18.210.55.222 bsgsgsl.com SharedDocument.html Get hash malicious Browse 95.216.24.32 rufus-3.9.exe Get hash malicious Browse 185.199.11 1.153 https://firebasestorage.googleapis.com/v0/b/auth20- Get hash malicious Browse 104.16.133.229 outlook.appspot.com/o/ind.htm?alt=media&token=0f1a994b- 271e-4be8-be2d-c30401587782#[email protected] Case_notif_929997.xls Get hash malicious Browse 52.114.88.29 169.239.128.168 Get hash malicious Browse 169.239.12 8.168 zrimsbnd.exe Get hash malicious Browse 127.0.0.1 bsgsgsl.com SharedDocument.html Get hash malicious Browse 3.132.140.88 https://kellybroganmd.com/thyroid-dysfunction-and- Get hash malicious Browse 198.61.165.71 treatment/ https://kittysfirstpurse.com/? Get hash malicious Browse 103.229.21 [email protected] 1.164 bDIHUbWRzJ.exe Get hash malicious Browse 104.23.98.190 order.31241.xls Get hash malicious Browse 52.114.158.91 Get hash malicious Browse 52.97.137.146 https://firebasestorage.googleapis.com/v0/b/hhhyyffft.appspot. com/o/index.html?alt=media&token=7b676f2c-b77b-4204- 8999-86a9179bd50a#[email protected] request_contr.2380.xls Get hash malicious Browse 52.114.133.60 ______.exe Get hash malicious Browse 35.208.146.4 unknown COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 https://zshorten.com/8xbbP Get hash malicious Browse 67.199.248.11 COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 cbctmagazine.in/cursors/33283/33283.zip Get hash malicious Browse 66.85.166.163

archivo Denuncias.csv Get hash malicious Browse 111.90.156.18 www.springdwnld2.com/ Get hash malicious Browse 18.210.55.222 bsgsgsl.com SharedDocument.html Get hash malicious Browse 95.216.24.32 rufus-3.9.exe Get hash malicious Browse 185.199.11 1.153

Copyright Joe Security LLC 2020 Page 11 of 61 Match Associated Sample Name / URL SHA 256 Detection Link Context https://firebasestorage.googleapis.com/v0/b/auth20- Get hash malicious Browse 104.16.133.229 outlook.appspot.com/o/ind.htm?alt=media&token=0f1a994b- 271e-4be8-be2d-c30401587782#[email protected] Case_notif_929997.xls Get hash malicious Browse 52.114.88.29 169.239.128.168 Get hash malicious Browse 169.239.12 8.168 zrimsbnd.exe Get hash malicious Browse 127.0.0.1 bsgsgsl.com SharedDocument.html Get hash malicious Browse 3.132.140.88 https://kellybroganmd.com/thyroid-dysfunction-and- Get hash malicious Browse 198.61.165.71 treatment/ https://kittysfirstpurse.com/? Get hash malicious Browse 103.229.21 [email protected] 1.164 bDIHUbWRzJ.exe Get hash malicious Browse 104.23.98.190 order.31241.xls Get hash malicious Browse 52.114.158.91 Get hash malicious Browse 52.97.137.146 https://firebasestorage.googleapis.com/v0/b/hhhyyffft.appspot. com/o/index.html?alt=media&token=7b676f2c-b77b-4204- 8999-86a9179bd50a#[email protected] request_contr.2380.xls Get hash malicious Browse 52.114.133.60 ______.exe Get hash malicious Browse 35.208.146.4 unknown COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 https://zshorten.com/8xbbP Get hash malicious Browse 67.199.248.11 COVID-19 Statement.jar Get hash malicious Browse 37.48.92.195 cbctmagazine.in/cursors/33283/33283.zip Get hash malicious Browse 66.85.166.163 archivo Denuncias.csv Get hash malicious Browse 111.90.156.18 www.springdwnld2.com/ Get hash malicious Browse 18.210.55.222 bsgsgsl.com SharedDocument.html Get hash malicious Browse 95.216.24.32 rufus-3.9.exe Get hash malicious Browse 185.199.11 1.153 https://firebasestorage.googleapis.com/v0/b/auth20- Get hash malicious Browse 104.16.133.229 outlook.appspot.com/o/ind.htm?alt=media&token=0f1a994b- 271e-4be8-be2d-c30401587782#[email protected] Case_notif_929997.xls Get hash malicious Browse 52.114.88.29 169.239.128.168 Get hash malicious Browse 169.239.12 8.168 zrimsbnd.exe Get hash malicious Browse 127.0.0.1 bsgsgsl.com SharedDocument.html Get hash malicious Browse 3.132.140.88 https://kellybroganmd.com/thyroid-dysfunction-and- Get hash malicious Browse 198.61.165.71 treatment/ https://kittysfirstpurse.com/? Get hash malicious Browse 103.229.21 [email protected] 1.164 bDIHUbWRzJ.exe Get hash malicious Browse 104.23.98.190 order.31241.xls Get hash malicious Browse 52.114.158.91 Get hash malicious Browse 52.97.137.146 https://firebasestorage.googleapis.com/v0/b/hhhyyffft.appspot. com/o/index.html?alt=media&token=7b676f2c-b77b-4204- 8999-86a9179bd50a#[email protected] request_contr.2380.xls Get hash malicious Browse 52.114.133.60 ______.exe Get hash malicious Browse 35.208.146.4

JA3 Fingerprints

Match Associated Sample Name / URL SHA 256 Detection Link Context 9e10692f1b7f78228b2d4e424db3a98c https://zshorten.com/8xbbP Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 bsgsgsl.com SharedDocument.html Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89

Copyright Joe Security LLC 2020 Page 12 of 61 Match Associated Sample Name / URL SHA 256 Detection Link Context https://firebasestorage.googleapis.com/v0/b/auth20- Get hash malicious Browse 152.199.21.118 outlook.appspot.com/o/ind.htm?alt=media&token=0f1a994b- 152.199.22.144 271e-4be8-be2d-c30401587782#[email protected] 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 bsgsgsl.com SharedDocument.html Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89

https://kittysfirstpurse.com/? Get hash malicious Browse 152.199.21.118 [email protected] 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 Get hash malicious Browse 152.199.21.118 https://firebasestorage.googleapis.com/v0/b/hhhyyffft.appspot. 152.199.22.144 com/o/index.html?alt=media&token=7b676f2c-b77b-4204- 35.241.56.184 8999-86a9179bd50a#[email protected] 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 DHL_Doc.html Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://ipv4.login.msa.akadns6.net Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 DOMAIN-Expense-Reimbursement.htm Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://admconsultoria.com.br/EUR/eu/a Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://admconsultoria.com.br/online.html Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89

https://sterlingventures- Get hash malicious Browse 152.199.21.118 uk.com/o/w/a/va/li/da/ti/on/[email protected] 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89

Copyright Joe Security LLC 2020 Page 13 of 61 Match Associated Sample Name / URL SHA 256 Detection Link Context Updated PO.4690.html Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://sway.office.com/Wbsnjth5ePEeS3H6?ref=Link Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://sanaview369.acemlnc.com/lt.php? Get hash malicious Browse 152.199.21.118 s=c11a2b911b6085ae01dd5cddc50a6462&i=208A335A48A16 152.199.22.144 45 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://anandtradingcompany.in/wp- Get hash malicious Browse 152.199.21.118 content/uploads/2020/04/slider/88932.zip 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://viabase53.com/wp-admin/inc/office.php Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://www.filehorse.com/download-microsoft- Get hash malicious Browse 152.199.21.118 word/download/ 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89

www.digitaljournal.com/pr/4643488 Get hash malicious Browse 152.199.21.118 152.199.22.144 35.241.56.184 104.225.98.130 185.63.144.10 185.63.145.1 35.241.57.45 185.33.221.89 https://u15538628.ct.sendgrid.net/ls/click? Get hash malicious Browse 152.199.21.118 upn=tQCliXorQxhmXk- 152.199.22.144 2BACkzOUcV59dmyubMYDY4vQZBp1BPl-2F0- 35.241.56.184 2F1eEaVEViZ-2BmnAISbxhQwreWYuLF- 104.225.98.130 2BwkAMBaAoMocUhF8KrguVL7JN7eQhJ6rgR9vlCIeFhjGg4jy 185.63.144.10 oY-2B2eVsit7_nW- 185.63.145.1 2FcYJDFtO6jDy4wMjQc7KvcYMG6RunZCUYqtLELGYTU1ZV 35.241.57.45 NyBxUzGOznu-2Bl11S0DmpSfAU2Dj7Vo-2B2ylY10- 185.33.221.89 2FYnom2E7LsCqnLofKtGAzMf- 2FuoK3WJOqRxWaFHrkcUgVlaQbyJhCdkuSwtQJATd- 2BnKfjTFwoG0jNFJ6Qbq6tZr59W-2F- 2FppuD1uMRzuRejIM9CgiSNudqRTPXyzauh- 2Buva3ZstcRpSNKWU03AsuFxeQws-3D

Dropped Files

No context

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

System is w10x64 iexplore.exe (PID: 4384 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4660 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4384 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.slideshare[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 871 Entropy (8bit): 5.0715454274167335

Copyright Joe Security LLC 2020 Page 15 of 61 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.slideshare[1].xml Encrypted: false MD5: 5C4AADE1CDCBB041EF9B9767C0735DFE SHA1: A03D79DFEAF82DF8CC992EE89E1CDF0F00D8F39C SHA-256: 45E107B3B618683DE5F8B913EA2F81D705AC46EE3A562DB42310E8B3AC62DF03 SHA-512: 718B88A2DAC2E0DDBDE9DE6B92FCB70847A6966F507206A60E8D43693CFAE98026B163BBD4CC7C0AAFF72145EFF43A8CCEF7855EBE083C417EA0F4B3F4B254 8C Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.linkedin[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 157244 Entropy (8bit): 4.740464099246494 Encrypted: false MD5: 66EA0F3B3A902B42550759238566DCB5 SHA1: 14DC0A0753CC773A7A210B6993A1C7A14B3F46A5 SHA-256: 84F65479EF5E24EA48ECEDBCDB3A43FA4ED737969E15F4A2C66A4E8C3757DE7E SHA-512: 367A9E1F0AD32686E688AFBD42B00D3524F72838E5139D89807022511C7122399C0900BCDE1797E4C42320B639F854E7D1B660B8D83E4735333CEA9E49357CE7 Malicious: false Reputation: low Preview: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.845954722671882 Encrypted: false MD5: 48B2B70FA24293AC9AC08D00186D226D SHA1: A3EEA6F34309E0BD4A62014F05BDC344F41FDB61 SHA-256: 6BFE2FB33E15FAA08409DA187AC842415DC46E86038D037C433F93CDB9301D97 SHA-512: EC11D493EBBC97133086C9B414130E3573AC28D69780C837CDD1437B8ED44250DD5FC5AA97F4402598AA3EC4F15EADB6AD95684292CCD198EA7B1A03AB484D7 4 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED752E72-79FD-11EA-AADD-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 139508 Entropy (8bit): 2.705196891793264 Encrypted: false MD5: B8BA800C750C8F9332C123FFAEF6D875 SHA1: 8DF563F47E79E58B8A3FDBCD2B61054A9683B769 SHA-256: 3D680E500FBC93D138A5D2877F86D121F4BD6B89B6FE95C03BDB11FB33E88D27 SHA-512: B31A400C663FCEE3DB939A9A01A0132BB6DE162DB8A52732886907FDEB9DCDCF983B4F87905E984D45E85626E330871DF10E92BA2BF6A92E068966C025D3AB6 F Malicious: false Reputation: low Copyright Joe Security LLC 2020 Page 16 of 61 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED752E72-79FD-11EA-AADD-C25F135D3C65}.dat Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED752E73-79FD-11EA-AADD-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 16984 Entropy (8bit): 1.5653006014281092 Encrypted: false MD5: EF1FB9AC5B841D225DFF46A1FCA70ABF SHA1: D58A6E171566C3979EB24BB7ED808EF432D50D01 SHA-256: 4C27BB3A5219112AD139E2EFF2FD7DFA6A9620676E046F0FE427E71789524959 SHA-512: 8627902982C0D194837F457298BD41EBBC2D3976B465166B93C5608AF0296A2AC1014E8F99E285FC6E29BCF09BA430E5EC3B6D7B1CD19B70C77DA33A413A0BF4 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.046199220268913 Encrypted: false MD5: 90E5597BC83D67A3A05DD6531944D48A SHA1: DD6ABA3E031706155091EC3F0CDB5AE38883660B SHA-256: 2D0694C35616F27E3230EC8DF75935AE9376FA4334131AA826E689AD9CB678BA SHA-512: 6A9220A7939358086D581BC0E009B081CE37C5D8AA33B7998ACD50ABEA08AD5CAFD8F2C36BEBFFDCE63352ACEEB313C087EF7FFAEF5B02D032B8C0E830BEE F6A Malicious: false Reputation: low Preview: ..0xc3b8ab4c,0x01d60e0a< accdate>0xc3b8ab4c,0x01d60e0a....0xc3b8ab4c,0x01d60e0a0 xc3b8ab4c,0x01d60e0a..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.067672059384835 Encrypted: false MD5: FDDB43E1D2133B3C0B5D7F336A74589A SHA1: 1F18C51DD14FA0D44B179A51242CB2CB3F54D9B0 SHA-256: BB9677A24F2DEE06C1DB17A5A6897981790CE31C9DABAA0E4D96E1B6A383FFF9 SHA-512: 2467EE378E81311A89E3536F4B4E76D75F6902B3BDB9D29C2B8BB0105DE8D700D41BE330C4519DEC06D986D684B8EC9705E7B61DA8A9116CE2526A615178F8DE Malicious: false Reputation: low Preview: ..0xc3a053cb,0x01d60e0a0xc3a053cb,0x01d60e0a....0xc3a053cb,0x01d60e0a 0xc3a229d8,0x01d60e0a..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.050281862032901 Encrypted: false MD5: 7979F56EE805F29C6111D700BAE9D706

Copyright Joe Security LLC 2020 Page 17 of 61 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml SHA1: B7EF23B7D27488B99213BD5C5D89393C6FB69F26 SHA-256: FC68F7FF021264C3BE453A5836B8D0B955F6C3DE5D7F8385CEFC5F5512D1B006 SHA-512: BDA5BEC87446435607352D94B3801461C87FB4CFE657B7CCFAA529E4D664774D2F3F3111F23DAEAEF18BD7A410D1D3F4D98D05F22CF459D7514E1BB2C42B1C1 F Malicious: false Reputation: low Preview: ..0xc3ba750f,0x01d60e0a 0xc3ba750f,0x01d60e0a....0xc3ba750f,0x01d60e0a0xc3ba750f,0x01d60e0a..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.055709717952348 Encrypted: false MD5: CDFB94BFCEDF3D3F53ECACC5447219AB SHA1: 1A04145F29E9657A4E896657D51D457C81C67A31 SHA-256: 2065CCD3BE6AE8F093B345532A0ECC09F779A6A37CE025906F12C10D5EFD1F0A SHA-512: 6FAE0AE38325557A14CB958E9249AEAAC87AB792E468CC15C6B7B86941ECDBEDE476582CB22054C4E6EAFEA6EAE4C5DFF661018323DF0CDAC28D454E16E6E 500 Malicious: false Reputation: low Preview: ..0xc3aa9c86,0x01d60e0a0xc3aa9c86,0x01d60e0a....0xc3aa9c86,0x01d60e0a0xc3ac4 cd4,0x01d60e0a ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.074870332024415 Encrypted: false MD5: FD9BA382C033B7A291419FF91B28CB32 SHA1: 06390DABC5724E2FAE3159255074D2864511B77C SHA-256: E594CB03D4A491206B86B4590F1CC831C648B3821B6C12A49498CCC51518D3AD SHA-512: 110F0F75F7FFBD76D19B3F1F07599141B5D280B70140A2A02933A214D8E5708E1CE428DDA7A10345828C7EDB73C7A8D33026367998E484FE7BACB5CF6DDC7A18 Malicious: false Preview: ..0xc3bc2bd6,0x01d60e0a< accdate>0xc3bc2bd6,0x01d60e0a....0xc3bc2bd6,0x01d60e0a0 xc3bc2bd6,0x01d60e0a ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.061302101967788 Encrypted: false MD5: F88B140609C61CCC7FB62A8A24C4A240 SHA1: 1CA8F8BB62F098173C32FCDCE3646F8C594E9B91 SHA-256: BFDB604E6B56F05AFBCF200B3BFB95C8BE8D6AF88D7F46C3893C8DBDB498891E SHA-512: D7E04584425E551BD4203B2A732CDB257842BBFA24966A3311C725B5977E82DB7CEBF8203A2C945F0C4195F90BB3948C4D185D1F85E3B2024DB7F8E97B177F75 Malicious: false Preview: ..0xc3b196a8,0x01d60e0a 0xc3b196a8,0x01d60e0a....0xc3b196a8,0x01d60e0a0xc 3b196a8,0x01d60e0a ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe Copyright Joe Security LLC 2020 Page 18 of 61 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.069374097931006 Encrypted: false MD5: C73AF7CF07A457EF068E6C4310775505 SHA1: A91B7B4FA08D9CCB11F71DB40C3CA4554AB2A5CB SHA-256: D844CA284A200E0D6FF93A069DE91DB985B4C568AC1F920508BCFB22B634DC97 SHA-512: A8E60C5CC6D05FBA4AB408B3E0D9EAB34FCE7E83CA854325E2C5CB8808B361FF0DF0F7A79264427C780A4C70A59EFB177789DB3A9CFE510E55ADB57F73B54B B3 Malicious: false Preview: ..0xc3ada41b,0x01d60e0a< accdate>0xc3ada41b,0x01d60e0a....0xc3ada41b,0x01d60e0a0 xc3ae1d64,0x01d60e0a ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.029565933168387 Encrypted: false MD5: 351003FB28B33E316974B458A086AAAB SHA1: 7DCDE114DAEDD5C841AF7BEFE4BCA2CDFF49A753 SHA-256: 3BF5510C06B22FCD0BEA261443949347BFC345667A8E9A3C3B020B97FB533667 SHA-512: 72460D8D6AF860A002C08DAD8B3E90A93A44D1B89554B6B64674952EF1E81B3A1F07FA8EA62279ECD46E1070E91496806B20A15AD1AE027CD164B71E6D21ABB 4 Malicious: false Preview: ..0xc3a3e1dc,0x01d60e0a 0xc3a3e1dc,0x01d60e0a....0xc3a3e1dc,0x01d60e0a0xc3a73c52,0x01d60e0a..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.00673973283566 Encrypted: false MD5: 5FE6C2CF865A7FE40598FDD49E1DECE8 SHA1: F6F1E975F8B34D0FF55EACF912A454B71D99A0BC SHA-256: F82064F9D21AECF2B8EFBFFA4EB5C7D7BB6A6CFF68F896F3B2E79BA18BE6997B SHA-512: FF96B5F935E9B48F5CF590E8A6961909FA6B30C27C747B87C70AAE5710C0768C955F104D6FF390A6C9728006CFDBAC28C8890C96560E694D2A996F676EAC9910 Malicious: false Preview: ..0xc3a8e06e,0x01d60e0a 0xc3a8e06e,0x01d60e0a....0xc3a8e06e,0x01d60e0a 0xc3aa38ab,0x01d60e0a..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 24688 Entropy (8bit): 2.3281427155372834 Encrypted: false MD5: F90054DAF328DF1B8224F7EC81092CEC SHA1: E57B78A0B0D76B89FAB658B7CE05B6DBACBD53B2 SHA-256: 7B42329D61C8EE2F5C9241F650C134E75FF77A1EA4A49F0D1148D7D8C233B51B SHA-512: 159AA4DF220DC882A34F71852EE5B2825C73E14DAF9D173806058A13B56B9BC6D4DC47B7052AB2828B9ECC3E03B59AA9F27FDD424B3891E935B7D9F69C886E5 3 Malicious: false

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1xgd5fs98qyllb5hpu2aukgco,95d8d303rtd0n9wj4dcjbnh2c,7vr4nuab43 rzvy2pgq7yvvxjk,9qa4rfxekcw3lt2c06h7p0kmf[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 9451 Entropy (8bit): 5.397325719616986 Encrypted: false MD5: 9C7274EC6184CD8B37A4A8FACEA1C6FF SHA1: 9D4A8803F48422EC98CA4D0A00C86AB4E6BBC3F6 SHA-256: C2FB711730A445E10F1278D597BE0F63267127C2E20E83BF49B22ECBBA906B09 SHA-512: 684248481BA76111AAB455A9693795FC4C463FD9805C87B9703936919C37CAA07C9DA43AE855D7A6969F5DC45FFE525BAEA395659447599F2FA3D8C1323A6F38 Malicious: false Preview: window.LI=window.LI||{};window.LI.RUM=window.LI.RUM||{};.(function(b){var g=0;b.activeTimers=b.activeTimers||{};b.finishedTimers=b.finishedTimers||{};b.timeMark s=b.timeMarks||{};b.startTimer=function(a,c){var d=b.activeTimers;d[a]=d[a]||[];d[a].push(c||+new Date)};b.markTime=function(a,c){b.timeMarks[a+"ClientTimestamp Ms"]=c||+new Date};b.stopTimer=function(a,c){var d=c||+new Date,e=b.activeTimers,f=b.finishedTimers;f[a]=f[a]||[];void 0!==e[a]&&(e=e[a].pop(),f[a].push(d-e))}; b.monkeyTimer=function(a,c,d){return function(){b.startTimer(c);var e=a.apply(d||.this,arguments);b.stopTimer(c);return e}};b.monkeyTimeByName=function(a,c,d){a =a.split(".");var e,f=window;for(e=0;e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\3DBJ8A9H.css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 77693 Entropy (8bit): 5.220201888663314 Encrypted: false MD5: 06A476A6824322DCBA63B8C0FFDD4F2D SHA1: B2330976F45F7FDE096A3238D0930BD730608E84 SHA-256: 365FBA13A868AD9B375446FCC91F63DD2DF0AEA88275782343B114D913E9C835 SHA-512: C51304D7464670E63299B24E0F049A1BE448AA7A8464223293670660130F13B3FB3B9240A186921402A644BE9637FD610963CD2A739AA895E6E7CFBAFE9040F6 Malicious: false Preview: html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strik e,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font- size:100%;font-family:inherit;vertical-align:baseline;-webkit-text-size-adjust:100%}ol,ul{list-style:none}table{border-collapse:separate;border-spacing:0}caption,th,td{text- align:left;font-weight:normal}blockquote:before,blockquote:after,q:before,q:after{content:""}blockquote,q{quotes:"" ""}input[data-ime-mode-disabled]{ime-mode:disabled !important}input[type=file]{ime-mode:disabled !important}.@font-face{font-family:"LinkedIn-Glyphs";src:url('//fonts/LinkedInGlyphs/2.0.7/LinkedIn-Glyphs-16px.eot');src: url('//fonts/LinkedInGlyphs/2.0.7/LinkedIn-Glyphs-16px.eot?#iefix') format('embedded-opentype'),url('//fonts/LinkedInGlyphs/2.0.7/LinkedIn-Glyphs-16px

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4fpohdxp9h505aqtxfp0um5xj[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 64 x 16, 8-bit gray+alpha, non-interlaced Size (bytes): 798 Entropy (8bit): 7.625891970482351 Copyright Joe Security LLC 2020 Page 20 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4fpohdxp9h505aqtxfp0um5xj[1].png Encrypted: false MD5: 4AF00032EA1D17B87618035BF153F587 SHA1: D719B1A566BCAD6E56B1E2271FCEC41D380ACDEA SHA-256: 4BC2E3AEA8085050FAF1A48001CB5AF1F66C95A003F1DC578ED7657DF9B1A7DF SHA-512: 16C479053F339ED17B877386DDE92E4047F4386B771B17269C949C35F9890CCC61004C58F7548B20A5E2FB683EF3D35961FC026FA3E54D0C9FDCA7C7D92BDAF0 Malicious: false Preview: .PNG...... IHDR...@...... IDATH..]h.e...+gf~LP..I..l.H.$...... $.;.+.Y.f.e.JAQi.._Y..$.b(..21-.B..4...h...]fHW.{zs..r.=....=.}s.!.Y...].~.U...Q-8../]'...... D/..'...... vW..r...&...... >@J.V.wHi...R.[.`.tX...,..*..>@..@%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4hiwug533ts8q3sxfiiu969fx,bi0d3kyqd2u67c2uubq3lbl60,90raaznd8b l2ueno6p8bwupkv,11r65h9eujplacqr2m6stxrr9,28vfzntn604yf2k0jo32aleiv,5gw567fe2s0ma0alr8a0m8236,e2lgukqldpqool72t8g7tysag[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 11582 Entropy (8bit): 5.5160427438522195 Encrypted: false MD5: 9201BC509CED395CF20A5CE6F8507413 SHA1: E9813154663A504081F6A1FB2FDF06F7DF0DBE66 SHA-256: 957C85DA3E3412F8CA7FF7924A74A2AFE04D18D5DD8FECB980C556D2072EC3AD SHA-512: 394BC9A3757777A7B1D0FD471BFC5F1B844F40F08D992DB0495C4ABD6492F196AA8718C42F3D124F11EA9BB6B3F05C97DB080B018EFE33D93FC62A556514A9D5 Malicious: false Preview: window.track=window.track||{};(function(f,g){var b,c;c=document.getElementsByTagName("head")[0];f.load=b={};b.script=function(b,d){var a=document.createElement( "script");a.src=b;a.async=!0;a.onreadystatechange=a.onload=function(){var b=0,e;if(!a.readyState||a.readyState in{loaded:1,complete:1})if(a.onload=a.onreadystat echange=null,c.removeChild(a),a=null,"function"===typeof d)d();else for(;e=d[b++];)e()};c.appendChild(a)}})(window.track,window);window.track=window.track||{};.(function( e,m){function n(){a.libUrl&&(e.load.script(a.libUrl,k),a.libUrl=null,delete a.libUrl)}function p(h){this.code=encodeURIComponent(h.code+"");this.message=encodeU RIComponent(h.message);this.unique=h.unique;this.originTreeId=encodeURIComponent(a.originTreeId);this.appName=encodeURIComponent(a.appName);h=encodeUR IComponent;var g,f,b;if(!a.pageKey)if(document.body.id&&0===document.body.id.indexOf("pagekey"))a.pageKey=document.body.id.substring(8);else for(g=doc ument.getElementsByTagName("head")[0].getElementsB

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\5rgksxye7foyswauqiswlpgh8[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 36570 Entropy (8bit): 4.9180060447595375 Encrypted: false MD5: 6157293B172E2A01ED04A8F5AF7914AC SHA1: 01F6F421EE0F540F90D2A38EEFB093E128C94DC7 SHA-256: 08FC20D4F325B1CDC386DA1EB2A9CC1C8EDC7835DD895121798950E7E103D825 SHA-512: B75E8DC363E3C9EE733A16FF0C29B80159F73EB8F8205CEE807B6805C1FA79BA526C62E2F57F62A36CCDB19C4D07DD999C7731C307F3A12A05069CABC3CACE 23 Malicious: false

Copyright Joe Security LLC 2020 Page 21 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\5rgksxye7foyswauqiswlpgh8[1].js Preview: (function(){function c(b,a){return b.write('\x3cscript src\x3d"').helper("assetUrl",a,{},{path:"artdeco/static/javascripts/artdeco.js"}).write('" async\x3e\x3c/script\x3e').partial ("templates/legal/navigation",a,{}).write('\x3cheader class\x3d"header-container"\x3e\x3ch1 class\x3d"banner-title"\x3e').helper("i18n",a,{},{key:"user_agreement_v9__text _plain__headline_user_agreement",templateName:"templates/legal/i18n/_user_agreement_v9"}).write("\x3c/h1\x3e\x3c/header\x3e").helper("ne",a,{block:d},{key:a.get (["lixIntroVideoTreatment"],.!1),value:"disallow"}).write('\x3cdiv class\x3d"legal-content"\x3e\x3csection class\x3d"row"\x3e\x3csection class\x3d"row"\x3e\x3cdiv class\x 3d"introduction"\x3e\x3cp\x3e\x3cem\x3e').helper("i18n",a,{},{key:"user_agreement_v9__text_plain__last_revised_on",templateName:"templates/legal/i18n/_user_agre ement_v9"}).write("\x3c/em\x3e\x3c/p\x3e\x3cp\x3e").helper("i18n",a,{},{key:"user_agreement_v9__text_plain__our_mission_is_to",templateName:"templates/legal/i18

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\668jcq1piruwuvmmxr7cbh4tk[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT) Size (bytes): 47048 Entropy (8bit): 7.98037878104697 Encrypted: false MD5: 68460FFF9400F37F6FB49A0031A8FDA8 SHA1: 69BE312E1CAD6615FF553F7CEAAB215FD2A439FA SHA-256: 48EA4AD483C0A004755FEAE038C350F6A530E9DA401CD1ACFEDB6066C8622FF3 SHA-512: 29CCAF0408EDFCFD5D76645F3A8EEE073A703067B39D0D04C6043C3B2C8A9AED93250ACC2B31E10FE18BFEACE57D4D592CBC0259AC11C28C025A0E8AB2327 1C1 Malicious: false Preview: ...... LP....J .P...... h...... R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.0...$.H.e.l.v.e.t.i.c.a. .W.0.2. .B.o.l.d.....BSGP...... b..ca.b...... (u..3.) 0D.B/N$.%...CH...uM9.D<..o..\M'..2P.".`P.^j3..I.g...*'3(..s.N../4..-.l.@....!Z...A.2.....T..7...SoPp...... n5x.3.h..0X#I.[TO.]....7.....jIs+5....,ri?".B.O...... K%.6...n*.+|....j....`..(.- .F.X..Dj.j....j...\T!eR.B.(/...4.m..6.([email protected]. ....?S.?.;.X}!....bv...&.j..x..W...O....-.J..g.m.H...... =..P..X.).m.\..:I..A.xTAB.....(....I...lRb/.....Bo`.F.q.x..L?..Lt..B.;..X.. 0...h;..u.....^...... F....@..; ...... &..i[..d.!z..;C..@I.`SY....]3...u{....I..AQ..+..3..7.q...=.0...... k..T[wn.6...M,-$.i...... }..Q.j....5x..L...>.....d..E.[p..wX...[OF..[.@..*...Y..Q.^...... ;.R. .Xr63.~@... .2..U.~..]h...37Q2...g.nb....C....v...$.B*...!....?.!(..d.!.. .EI...3 '.d.....x{Z-..^tF...,.H..i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\73d1k79hq5smuhf0cdc0qs7qm[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 7673 Entropy (8bit): 5.410324672699106 Encrypted: false MD5: 77D0E5E76C0B66B64B1CD5A31828702E SHA1: 9E956A005E86439D0AEF36F5D3F7C4AA0DDD001E SHA-256: DF3ABDBA1CD6C26B4070D3B0194A9CB5EF05E5402E21907AE0215B20AB5968A9 SHA-512: 3C05F13332860D79E919BB24A415D164325E66A34EADE88916C2AAE286EDEEAC57763BFF507F9C123361F83B06982B16867548AB26A2EEA30E0A5B58D4C57B7E Malicious: false Preview: /* Auto generated, hash = 4s3imexlury871lvfm4vw75mq */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("jSecure",e):t.jSecure=e()}(this,function(){"use strict";function t(){}function e(){return"undefined"==typeof document?!0:"textContent"in docum ent.createElement("div")}function r(t){return t.indexOf("<")>-1||t.indexOf("&")>-1}function n(t,e){for(var r in e)e.hasOwnProperty(r)&&(t[r]=e[r]);return t}function o(t){return t.r educe(function(t,e){return t.concat(e)},[])}function i(t){t=L(t)?t:[t];var e,r,n,o=0,i="<(?!/?";return i+="(?:",U(t,function(t,a){e=t.tags||y,r=t.attrs||E,n=t.checkUrlAttrs||!1,0!==a&& (i+="|"),i+="(?:"+e.join("|")+")",i+="(?:",i+=M,i+="|"+O,i+="(?:(?:",i+="(?:"+r+")(?:=([\"'])[^'\"<>]*\\"+ ++o+")?",n&&(i+="|(?:"+S+")=([\"'])(?:(?:"+_+")(?::|&#(?:58|x3a);)|(?:"+T+")|[/ .#?]|&#(?:35|4[67]|63|x(?:2[3ef]|3f));)[^'\"<>]*\\"+ ++o),i+=")"+M+")+",i+=")"}),i+=")",i+="/?>)",new RegExp(i,"i")}func

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\9ib240hpygpz81wimzp12436i[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT) Size (bytes): 55828 Entropy (8bit): 7.97664492742899 Encrypted: false MD5: A09C4C9A6FC97F88DAE99124D03A1F1A SHA1: D2EB8D48022FA95C0A4544964E9A9F3A5422F420 SHA-256: DAE6EB5803B57B3C230484E6B945A96BC4F4337813BD64642C57B1DBC5FF41F2 SHA-512: 5E0A1C44797B7B3DC9AA8B74BE9F2EFB028849292D8C0568972DD258D2D6C3A7334D152B59C012A3A3582D5E179646C87FAF90FD43D8A7BE055F2F554787104C Malicious: false Preview: ....P...... LP....J .P...... E...... R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1...&.H.e.l.v.e.t.i.c.a. .W.0.2. .R.o.m.a.n.....BSGP...... U..c;.d..f ...... (u.. 3.)0D.B/N$.%...CH...uM9.D<..o.f\M'..2.G..0(S/5...4.g.....m<...... 0..JV.x.<..m.S...z..ckY....w...p..W..J..?O[.k..f..\.{8.T..+.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SS_Logo_White_Large[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 384 x 102, 8-bit/color RGBA, non-interlaced Size (bytes): 4929 Entropy (8bit): 7.814267202344315 Encrypted: false MD5: 56D1F7A78A60B142DC790000FD1C0ED9

Copyright Joe Security LLC 2020 Page 22 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SS_Logo_White_Large[1].png SHA1: 9181913E182C697685E271EBF7EF2816FDD5AE9E SHA-256: 0AA91AE757D194C2473013D9A2D81B09CE1E25A51031D9E98861F2A7BC419B1F SHA-512: 266922CF6FC093D1AAE24C6795BD072873633D111BD5E361C0E9EFBD7F4FB52E48F449E0178D9EEE36772C845D41BC26D619B10652CD751EA3FEB7E47329F282 Malicious: false Preview: .PNG...... IHDR...... f...... F.....IDATx.t...P..._.Vf..z"..:...... }...Q.J.k...4..V..o.NP.{A...|C....5.h...Y@.../.Z}...... j...... 1...|~>.qe..8...N....A.T..C.Ncff...... I..;..Q+8w.b...vW..... K?...... E{....G.w.&..b.(...K..B...... -.H...V..v.....^Y7...... B...,}..W...P...... FQ>\.....W..C...... 5.zg.....<3..j*...."..wv ..j....b...... @M5..$...... N.,.6k[\..L..o.!TC...... 2<.N..=.".G)]...4g.....cq...... R.. ..t..+..c-...x...B...e..8..i.#R"\..q..LFN...... 8.?...@.... @..+b..Y...*.B...)X3.9"X....5]..y.~.9...'.*..2X.Ck]...2M...;.-7.O_o..|.1f.^c...... ?..n....x{.....?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\app[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 23651 Entropy (8bit): 5.009799849439959 Encrypted: false MD5: A6FCAB3E6EAA32B3046B89F49BE26AE1 SHA1: 54179D1DA91953E2DE396EEECFB4FEDD89F02405 SHA-256: FCF2A6AF7F2DDE79B3CE7C8F9698FA196AB594502D70965257C7DE4520AFC9BB SHA-512: 4184B8BEE3EB80FC1AE9502D84C147ACCBF977978BDAF4AA22C534A143CE0E93E8AFFBBC247A4A69C0B106AFC4184FBC2AAB7939385F87B6B74944AB66A63 A3A Malicious: false Preview: meta.foundation-version{font-family:"/5.5.2/"}meta.foundation-mq-small{font-family:"/only screen/";width:0}meta.foundation-mq-small-only{font-family:"/only screen and (ma x-width: 40em)/";width:0}meta.foundation-mq-medium{font-family:"/only screen and (min-width:40.063em)/";width:40.063em}meta.foundation-mq-medium-only{font-famil y:"/only screen and (min-width:40.063em) and (max-width:58em)/";width:40.063em}meta.foundation-mq-large{font-family:"/only screen and (min-width:58.063em)/";wid th:58.063em}meta.foundation-mq-large-only{font-family:"/only screen and (min-width:58.063em) and (max-width:90em)/";width:58.063em}meta.foundation-mq-xlarge{font- family:"/only screen and (min-width:90.063em)/";width:90.063em}meta.foundation-mq-xlarge-only{font-family:"/only screen and (min-width:90.063em) and (max-widt h:120em)/";width:90.063em}meta.foundation-mq-xxlarge{font-family:"/only screen and (min-width:120.063em)/";width:120.063em}meta.foundation-data-attribute-namesp ace{font-family:false}.joyride

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\background_texture_1280x800[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=2, orientation=upper-left], baseline, precision 8, 1280x800, frames 3 Size (bytes): 53251 Entropy (8bit): 7.827342175753517 Encrypted: false MD5: 89074C2173579338238B13EFF7A11BEC SHA1: F0415A3D2CB0E71E4645BD0E992A41E0329B3437 SHA-256: 7E24918194194A2E7852B11A9BFE584D35F325CD7BE8FDD82A6C8B497515C9A7 SHA-512: A66F516711BC0FD78D50685EC2B4A615D52429D44F68A48E8EB7C537EA6DA8B487DC8542F174A7265BB63DE3B3AD00004144BC56E5B954557FA910D5C622098D Malicious: false Preview: ...... JFIF.....H.H.....XExif..MM.*...... i...... &...... 8Photoshop 3.0.8BIM...... 8BIM.%...... B~...XICC_PROFILE...... HLino....mntrRGB XYZ ...... 1..acspMSFT....IEC sRGB...... -HP ...... cprt...P...3desc...... lwtpt...... bkpt...... rXYZ...... gXYZ...,[email protected].. .pdmdd...... vued...L....view...... $lumi...... meas...... $tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc...... sRGB I EC61966-2.1...... sRGB IEC61966-2.1...... XYZ ...... Q...... XYZ ...... XYZ ...... o...8.....XYZ ...... b...... XYZ ...... $...... desc...... IEC http ://www.iec.ch...... IEC http://www.iec.ch...... desc...... IEC 61966-2.1 Default RGB colour space - sRGB...... IEC 61966-2.1 Default RGB col our spac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bullet[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced Size (bytes): 447 Entropy (8bit): 7.304718288205936 Encrypted: false MD5: 26F971D87CA00E23BD2D064524AEF838 SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9 SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15 Malicious: false Preview: .PNG...... IHDR...... ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...... [email protected]..~.....9..:.....A ..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M...... z`....#tRNS...... /,....mIDATx^..C..`...... S....y'...05...|..k.X...... *`.F.K....JQ..u.<.}.. .. [U..m....'r%...... yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cn02uhl2n5bgosuad135bk15w[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT) Size (bytes): 61544 Copyright Joe Security LLC 2020 Page 23 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cn02uhl2n5bgosuad135bk15w[1] Entropy (8bit): 7.976991628531514 Encrypted: false MD5: D57CAF27BB4785F7706241B11FDDD1E4 SHA1: CC4EE1BC07D362AB3B4E0F902C10D38C859BD623 SHA-256: 8240D98FFB6E1583FCE79F3F2D01B607FF0209668E5F6E51FAC72C2DCB4E61D2 SHA-512: C6F64D3856173186556D2076DDE602A038412D7D84CB6EBCFD38D3CA2261C1BFC354B44604B80326F20498D8677E3833246376201F6F0EBA651EA266F2A71117 Malicious: false Preview: h...... LP....J .P...... x...... R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.1...6.H.e.l.v.e.t.i.c.a. .N.e.u.e. .W.0.2. .4.5. .L.i.g.h.t.....BSGP...... M..N ..Kx...... (u..3.)0D.B/N$.%...CH..:uK..D<..o.L..Oj.d&.".]P.^j3..h....BTNfQl.."...^IwP.12...wD.... ./9.....t..."Z...pp....l..j+Fc..Aw....I.Z.pu.\.\...R.Bw...O..t.....n.;..~.:..l.6.od..cM..2@. ..d...}...... ).....1.a0.D.2....1...... /..y%.1..9..+[..F4.0- ....I...E.\ye.e..L.b.... .x2.-..|.>...Q..J.-..L....#...;.+..,@....D. 6..R...... J....H[..0....6+..$.. Bv.dpy7 .pL....*.z;..&&g....~.ev.J(.}.}.iS....ST.....c\..C..X.....&..=... .`.9?.fe.)..D.s....z.<..E..!+.d?V}w...J..u...i..] m..S...B..u.=..&...g.t....2>.e..j.{...G.6.~6X.3-.....)n...... !.A!....]-5.... A..x.t.9...`..>...... n.m..>I.,.b.X2...o..$.l.w.'R:.F.....E.6.=..0Kc...2P...... ).(...... @.,.dw.W-..Ye"..T*.O.io..jW....G...4....e..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\combined_base[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 23721 Entropy (8bit): 5.229892039035777 Encrypted: false MD5: 4826AF5728147CDC22F171AB9D13ECC5 SHA1: A8C9F2DD00B3562945A5DC1FE414D8F40C8BD5B1 SHA-256: 79E24071137DC49A79438EE82111BE3F4D55A817591E8914EB7CD7FA8D812878 SHA-512: 6E7FF84FE13ADA7F31957CE1DB7ADE9F03F9A5DCD6B11F852238FFF8A9FF085F2661D9BA333947643D0DC50727AF10317A4815E7190178235116E599B944CF28 Malicious: false Preview: var RumTracking=function(t){function g(n){if(h[n])return h[n].exports;var f=h[n]={exports:{},id:n,loaded:!1};t[n].call(f.exports,f,f.exports,g);f.loaded=!0;return f.exports}var h={ };g.m=t;g.c=h;g.p="";return g(0)}([function(t){var g=function(a,b){for(var d in b)b.hasOwnProperty(d)&&(a[d]=b[d]);return a},h=function(){return window.performa nce&&window.performance.timing&&"function"===typeof window.performance.now?Math.round(window.performance.now())+window.performance.timing.navigationStart: (new Date).getTime()},.n="function"===typeof Symbol&&"symbol"===typeof Symbol.iterator?function(a){return typeof a}:function(a){return a&&"function"===typeof Symbol&&a.constructor===Symbol&&a!==Symbol.prototype?"symbol":typeof a},f=function(a,b){if(!(a instanceof b))throw new TypeError("Cannot call a class as a fun ction");},l=function(a,b){if("function"!==typeof b&&null!==b)throw new TypeError("Super expression must either be null or a function, not "+typeof b);a.prototype=Object.c reate(b&&b.prototype

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\errorPageStrings[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 4720 Entropy (8bit): 5.164796203267696 Encrypted: false MD5: D65EC06F21C379C87040B83CC1ABAC6B SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E Malicious: false Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts ";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet conn ection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website \u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the web site you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false

Copyright Joe Security LLC 2020 Page 24 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ga[1].js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hp_desktop_header[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 1320x664, frames 3 Size (bytes): 86145 Entropy (8bit): 7.9741068734796245 Encrypted: false MD5: 858708F93685FB5035E648AAE25D32F1 SHA1: FC6A75B2C177CFAD98518DA43D3B385F38976FB4 SHA-256: 2F14AE2DD622DB39262A6BEA11F013F977668DC7850F17919F4418FDEFA93B3C SHA-512: 2374FE6F24DBD8108C783D8FC96D8ED3B3CDF750BB694398762DF1EFD3FCB3A2D506569630F4EFA8B21AE0B4A76A341D0EEF87B73FAEDB76242DBBA2003E2F BF Malicious: false Preview: ...... JFIF...... @Exif..MM.*...... i...... (...... C...... C...... (.."...... h/.|DM(.Hi%r)D.BiRcJjU&.jU4..Y..J..I...SS.IIai2...... L%PJ...;.x5..:L%t.h..;.....M...`..-S.j\[email protected]. P.D(.k%....C:. a.D...NL.\...q..S\..9..\..D.....)%4..V...CBV"P../..]...i.;....K..d.pUmb.%y.D.5.g\.|.R.T..n.i....-.)SD..5..V...... z...W.b.i.D...*..J.%...... h.Y..=....3|...5;x:M..u....w9..&0:..D...... *D.... Qc....N.\..V[3.ne.4.S-...=2.]Yjs."Y.p.p4..\.R....[CP...... v^5Z./C.y...l..+...M...... S|..p.u...u....HR..2..Nm!.A.K...j.R..Jl...Q...:[email protected].|...fs..U...... h...\...... +3.4..&.I..RjH.c7.$.|.!..,6.)...... !i.....3...T.K..k.d.f].R.2...MhFQ...... py..../.t...i^/C.lwk.\...\..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\in[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 185762 Entropy (8bit): 5.455013971030669 Encrypted: false MD5: B5CE5285FD995B1AAC9DD98B3A466573 SHA1: 5734EF3C1D05056555ECC64FAF4A19D8A055007F SHA-256: A96ED9078F81D3F8C54203D8335C421EB63AFC1374158388C6F60BAC45562597 SHA-512: 433D15BFB2F7D0923300236B63D8E67A3CED582386DD249DD57D49CEEC6AF570ECFD62BA80C2553DE7B74300015FF919AA59F6E49A86E9DFC5D78738C8FF680 C Malicious: false Preview: /* xdoor-frontend: v0.1.168 (Thu, 27 Feb 2020 09:03:05 GMT) */.(function() {..var PAYLOAD = {"ENV":{"widget":{"alumni_url":"https://www.linkedin.com/cws/alumni" ,"followmember_url":"https://www.linkedin.com/cws/followmember","settings_url":"https://www.linkedin.com/cws/settings","share_url":"https://www.linkedin.com/cws /share","share_counter_url":"https://www.linkedin.com/countserv/count/share","company_url":"https://www.linkedin.com/cws/company/profile","member_profile_url":" https://www.linkedin.com/cws/member/public_profile","full_member_profile_url":"https://www.linkedin.com/cws/member/full_profile","referral_center_url":"https://www.linked in.com/cws/referral","apply_url":"https://www.linkedin.com/cws/job/apply","mail_url":"https://www.linkedin.com/cws/mail","apply_counter_url":"https://www.linkedin.com/cou ntserv/count/job-apply","company_insider_url":"https://www.linkedin.com/cws/company/insider","sfdc_member_url":"https://www.linkedin.com/cws/sfdc/member","sfdc_ company_url":"https:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\privacy-policy[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 46834 Entropy (8bit): 5.5745314442083 Encrypted: false MD5: 1EE4B7E06DF7D5F058069A79F177A0B0 SHA1: 965A450A168758FE2CDD08577C7996039BE7B099 SHA-256: 78DE35EC98E3BBE906773E37550F129A1808B6C1F9E10B77F88553C9552281C8 SHA-512: DA6C2853A17BF15570138E8C1AFF4F6996152AD31F4FAB9EE894B3EC3A51623E8402132DD0CD12CB725222C1F7816ACFDF9AF032B9F3B16204E995BA16F6510F Malicious: false Preview: [if lt IE 7]> [if IE 7]> [if IE 8]> [if IE 9]> [if gt IE 9]> [if !IE]> > Privacy Policy | LinkedIn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\providers[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 914

Copyright Joe Security LLC 2020 Page 25 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\providers[1].json Entropy (8bit): 5.396095784273047 Encrypted: false MD5: DAF7E167FD92D7ECFD5A0A3CFC21A2F1 SHA1: 8A2FD1CC53ABFCCED1181B9852065605E1D55D33 SHA-256: 6955FD8BFC8DE4CAD9AAF4A29C1DF21A89AD66BE299F746D4CF58A087A74FBD2 SHA-512: DF5314639252687217700B316AEA8F0F43FA6491B62080DB6BA287A0F282D4953F4605B92EB101E03ACEA94656EE987C4239BAEA3D066337E2CCADF6B1CCEDA A Malicious: false Preview: {"sig":"_CgJqMRAUGHciBQgBEL5YKPKWnvEJMProufQFOOrrt_QFQKyziylKDwgDEDUYwXYgACjzg4CgBFDUotABWhAIAxAoGKTVAyAAKNWCgKAEYAFqE2J 1dHRvbjIuYW1zLmh2LnByb2SCARAIAxAoGKTVAyAAKNWCgKAEiAHUotCxAZABAJgBAA","txnId":2653391730,"providers":[{"p":{"p":{"b":{"b":{"u":"https://pop-ech2.perf.l inkedin.com/l0/ep/clr.gif","t":2},"a":{"u":"https://pop-ech2.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i":39341,"c":11326,"z":1},"a":true},{"p":{"p":{"b":{"b":{"u":"https://pop-vs h1.perf.linkedin.com/l0/ep/clr.gif","t":2},"a":{"u":"https://pop-vsh1.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i":42115,"c":11326,"z":1},"a":true},{"send_rt_timestamps":true,"c": {"c":34427,"b":0,"a":0},"p":{"p":{"b":{"b":{"u":"https://rum4.perf.linkedin.com/l0/ep/clr.gif","t":2},"a":{"u":"https://rum4.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i":34439,"c" :11326,"z":1},"a":true}],"radar":{"master_sample_rate":100,"repeat_delay":600000,"startup_delay":8000}}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\providers[2].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 996 Entropy (8bit): 5.377040295226643 Encrypted: false MD5: 1FCF636ACB6BE8F92708DF2B78F1D55B SHA1: 8A2D47674D0588629397A1BFACD1E19B49D5357F SHA-256: 16E2DFE3838B5CE3EA2FC157EF3157A4C80E899B14B5E348DF07E4864DDEBB1E SHA-512: C81D33CE579B4580B3779B9333B159B7F9384E22BF636B3BF0B6BA024B267C03B9B459E9D34CB45E27499CB16C61D55A2AFA41EFA0B1D1C300ED656A931EA95 5 Malicious: false Preview: {"sig":"_CgJqMRAUGHciBQgBEL5YKKCJu9gKMPzoufQFOOzrt_QFQKz7nw5KDwgDEDUYwXYgACjzg4CgBFDUotABWhAIAxAoGKTVAyAAKNWCgKAEYAFqE2J 1dHRvbjIuYW1zLmh2LnByb2SCARAIAxAoGKTVAyAAKNWCgKAEiAHUotCxAZABAJgBAA","txnId":2869871776,"providers":[{"send_rt_timestamps":true,"p":{"p":{"b":{"b": {"u":"https://rum14.perf.linkedin.com/l0/ep/clr.gif","t":2},"a":{"u":"https://rum14.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i":36720,"c":11326,"z":1},"a":true},{"send_rt_timestamps ":true,"c":{"c":35892,"b":0,"a":0},"p":{"p":{"b":{"b":{"u":"https://pop-ehk1.perf.linkedin.com/l0/ep/clr.gif","t":2},"a":{"u":"https://pop-ehk1.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i": 35893,"c":11326,"z":1},"a":true},{"send_rt_timestamps":true,"c":{"c":34425,"b":0,"a":0},"p":{"p":{"b":{"b":{"u":"https://pop-tmu1.perf.linkedin.com/l0/ep/clr.gif","t":2},"a":{"u":" https://pop-tmu1.perf.linkedin.com/l0/ep/clr.gif","t":2}}},"i":34437,"c":11326,"z":1},"a":true}],"radar":{"master_sample_rate":100,"repeat_delay":600000,"startup_delay":8000}}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\radar[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF line terminators Size (bytes): 308 Entropy (8bit): 4.5422474735618446 Encrypted: false MD5: E2EEE4BE2E72497D767424FC11F44437 SHA1: A6F00FE0761AE2DE3562EB359238E6FE9CF24F75 SHA-256: FE380AED44D80434E92BF1EB65AC7F95777781BBE73AC51D10D89E4405BECD51 SHA-512: A761E2D4C40C040AD40F9EB06C3B6F0D87C8C0DDA02B1C486098273DA4D2F0819C7F720B766112A74D171E2EB56C16ABF11E3C047AE523FBF88D6A5D179CF36 1 Malicious: false Preview: ..302 Found....

302 Found

nginx...... ..302 Found....

302 Found

nginx......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\radar[2].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF line terminators Size (bytes): 154 Entropy (8bit): 4.5422474735618446 Encrypted: false MD5: CFBEAF604823F038B8B46F0AC862B98C SHA1: 7B9EB1DAC48E74FA5F418BC456CB410F88B81D98 SHA-256: 20C1AB602462B7FC0D5B4CBD555CACF127B69A07A737579598EBCBC0F5B21319 SHA-512: C99BF4F1351EFB28A74FA2504429875D9A63EB2D6A145A060ED487F83FF3A42B6C85D94165B960EDCA90ACEEC58D16A6ED37B25F44452BBACD7F5204C15C23C C Malicious: false Preview: ..302 Found....

302 Found

nginx......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\redirect[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text

Copyright Joe Security LLC 2020 Page 26 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\redirect[1].htm Size (bytes): 283 Entropy (8bit): 4.691713841848768 Encrypted: false MD5: 6554CFE14A49B5B2358502AD5E2E8F90 SHA1: 847243475C85E290D96BB83AE1AFB1D1C45D70E2 SHA-256: 3A92FAF364BFEFE9E0E0D323414CB82041729F230BDDB44320EB9B6E03B882D6 SHA-512: C0538C7ED723743F4445420190FEBCC1572DDB4A4909060D5687E4049E8455A9B57D9F597E7F9AC79E5DD06E88A576F9B86CF59E40B976E954D4431B1A465D33 Malicious: false Preview: .. . . ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\signup[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 6137 Entropy (8bit): 5.199344166794492 Encrypted: false MD5: 1E2672CC67BEDBDB0652AEBA75E76551 SHA1: D250A657879C67118C24D17B504CF6D52BF19E0E SHA-256: F461EE3846E7AE7F1E7579FF2580FFCD1D4BA188F33807119A328A0D8F97778D SHA-512: 209EE65EED14A930067E87B901F8151A4FAAB11EBAB12FC1EB4D8A883586720E034AD198FE250BA65F04FFD3D01A9897587E598C0BD4AAE7B0A460D3D95847E 5 Malicious: false Preview: ... . . .. Join SlideShare. .. . . . .. . . Z....a.IDATx..}.`....l....%7..n\..1...8...... !

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-agreement[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 40196 Entropy (8bit): 5.611088177659488 Encrypted: false MD5: 5896DCF78BEA7C455F63C0575944FA59 SHA1: B17F130753B947BDA549A8A93C2DB8986EE7FBC6 SHA-256: 0BE714EC0F285300181F2F538F3452449DEA66719C414BA6FF1837E3C8841B67 SHA-512: 93F225F7C6EE1C1413E7D7CE0440AE4D8BFE18820122CBEA12CC5884E75F3FB82C67B3EDD3EFA9C8A8B134AB3E78F821DD53162D7332CF2523A1701B042124B 3 Malicious: false Preview: [if lt IE 7]> [if IE 7]> [if IE 8]> [if IE 9]> [if gt IE 9]> [if !IE]> > User Agreement | LinkedIn

Copyright Joe Security LLC 2020 Page 27 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\19dd5wwuyhbk7uttxpuelttdg[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 71758 Entropy (8bit): 5.395856102510656 Encrypted: false MD5: 1549C78A2A5046C18F71E4CCBA8186F4 SHA1: 4FCEB7C37CC40B53460775BF81AE2BB2513E055A SHA-256: 1CC63B3144AC41AAC2A87C41270F8CD6573E43833706EF3D2F906BF438DF21D9 SHA-512: B3FB17E993E081CFB9F1C7510F09931AC140099083B0548A3A26F29C451FFBB979F608B80DBA4903628007591AA322D68762EF3709BA729A21F3E29A2AF9793E Malicious: false Preview: LI="undefined"!==typeof LI&&LI?LI:{};LI.i18n=LI.i18n||{};.(function(a,e){var c=e();a.t8=c;"undefined"!==typeof exports&&(module.exports=c)})(this,function(){var a={},e=fu nction(){var a=/^(\d{4})-(\d{2})-(\d{2})((T(\d{2}):(\d{2}):(\d{2}))?(?:\.(\d+))?(Z|([+-])(\d{2})(?::(\d{2}))?))?$/,h={value:null};return{parseDateString:function(h,g){var d=h;if(!(h instanceof Date))if(isNaN(h))if("string"===typeof h){var d=h.match(a),b,k,q=d&&"-"===d[11];if(d){b=0;for(k=d.length;b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1u3t2auh80m38bczkpf50ntsc,83hzedu97iokkw7ozzu58ydgb,3pwbcntusz 0ocsy32k1qj1mld,2ymdh7ymeiade5o1du1v9l56s,5subgtmw79rxcguryek7dgc40,euwg0kjg0qyoxmsz2my965j4r[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 57915 Entropy (8bit): 5.448697895552119 Encrypted: false MD5: B4BE284CEF4278FADAD144518645F659 SHA1: ABEF9398C24E6D02D3E3608071DDF36B4C3F03A1 SHA-256: C9DE81C8C128DEE491BF9EDCA7C7176C62681AFC2EAB2EFBA1604951B74A0992 SHA-512: 05CBFE3D9CC74E0ED31AE71201490F3348D50DD277B2949B12840257CAE8530C088E34A37E3DEAFA287A2869BCF1A4B9083B4C24AFAF4B8B24FD75054C6A2CF 1 Malicious: false Preview: (function(){var b=LIModules.requires("jquery"),n=function(b){return(b=RegExp("[\\?\x26]"+b+"\x3d([^\x26]*)").exec(window.location.search))&&b[1]},l=function(m,p){function g(c,d,e,a,h,g){b.ajax({type:"POST",url:f,headers:{"X-IsAJAXForm":1},data:{source:c,autofilledEmail:d,autoselectedEmailProvider:e,orderOfEmailProviders:a,social ProofType:h,socialProofCount:g,impressionId:k}})}function r(){var a=b("#addconnections .providers,#addconnections .emailProviders"),d=[];a.length&&(a.find("li") .each(function(){d.push(b.trim(b(this).attr("class").replace("one-click",.c)))}),g(e,c,c,d.toString(),c,c))}function s(){var a=b('input[name\x3d"email"]').val(),d=b(".wmi-katy"),q= d.length&&d.hasClass("social"),f=0,h=c;q&&(f=d.find(".profile-pics img").length,h=b.trim(d[0].className.replace(/\bwmi-katy\b|\s\bsocial\b/gi,c)));g(e,a,c,c,h,f)}function t() {var a=[],d=c,f=b('.service-forms .selected input[name\x3d"email"]').val(),d=b(".service-filters \x3e li.selected").data("li-origin")||c;b(".service-filters

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\2jmrsn929i78m7hz03bbg76uc[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 156 Entropy (8bit): 4.908956785171261 Encrypted: false MD5: 2AFE76C5DEB7AB717C29E216C8D0AA64 SHA1: FAE4D84F66DD8A3AB2D49E5964DB5FB649175A78 SHA-256: 68C607DF31401B5FFFE47E3087C3345919C507C376E85435A1709BB2323B5322 SHA-512: ED9F6CC8271F6051F2440AE1DF955B31E7F7872B5B7D5546DC7E68C4B48E645BE62AB1F22AF8E840B3BE37C483FF3ED4FB5B837D52A87951BDF4FEB368DD4F7 E Malicious: false Preview: (function scrollToHash(){var a=window.location.hash.substr(1);a&&(a=document.getElementById(a),null!=a?a.scrollIntoView():setTimeout(scrollToHash,500))})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\56b15ry0f3onptac6r1g7uie8,3ti7256qpio9gkb1m7ftci4rt,8nq0qx4lopg1l46wj6rl 9r93d,c6ct0moql4p4ngtzltmf8l3ly,yi3owa0gd9dosppxx78oxr6q,1o1jaeb56loy3vv8018s13dno,8h514j3fiwnzuwkt66sbxsu8f,di[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 32699 Entropy (8bit): 5.356975291301368 Encrypted: false MD5: 33A3776AB52EB0EEA15FB3DBD26F8D59 SHA1: C0D43EBBFC7E7AAD879A6BA8B1B97AB4DBC3CE48 SHA-256: 750ADA4DBA50E99743049E396DEB0857A2CFE4A23E5B2AD47762A03F33AB3632 SHA-512: 45B95C7D7FBAD67A715F5AF8B86E8F7A3C388214A5909615FD5E702A3BDCA48A52459B6F612691B8473F005F558373A923164BEEAAF71273650875E1CAD7547F Malicious: false

Copyright Joe Security LLC 2020 Page 28 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\56b15ry0f3onptac6r1g7uie8,3ti7256qpio9gkb1m7ftci4rt,8nq0qx4lopg1l46wj6rl 9r93d,c6ct0moql4p4ngtzltmf8l3ly,yi3owa0gd9dosppxx78oxr6q,1o1jaeb56loy3vv8018s13dno,8h514j3fiwnzuwkt66sbxsu8f,di[1].js Preview: /* Auto generated, hash = 79h6mewnpnn41qidzy7i4vlqr */.(function(){..// we're not supporting an AMD / CJS like environment....var exports, module, define;..// locally scope some things....var LI = {. // noop. log: function() {. var token = /LI_JS_DEBUG/,. enabled = location.hash.match(token);.. if(!enabled) {. return;. }.. con sole.log(arguments);. }.};..var globalNavAPI = window.globalNav = window.globalNav || {};..var _namespaces={LI:LI};.var Injector={dependencies:{},register:function(a,b){ this.dependencies[a]=b},resolve:function(a,b,h){var d=[],e=this,f=!1,g,c;if("string"===typeof a)g=b,c=a.replace(/ /g,"").split(",");else throw Error("You must register de pendencies as a string so that during minification they are not lost.");return function(){var a=[].slice.call(arguments,0);f||c.forEach(function(a,b){if(e.dependencies[a] &&""!==a)d.push(e.dependencies[a]);else throw Error(a+" was not found in the registry");c.length===++b&&(f=!0)});.g.apply(this,d.concat(a))}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\5YDQS4FL.js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 365067 Entropy (8bit): 5.572792070870051 Encrypted: false MD5: C8FC43461CD9641AEA341A65552DC370 SHA1: F754F31B0608231B296A6DAB15C012E1DDC8FC43 SHA-256: FAFDF200E11AD59245F81AD6C3C6548B8D330EC10DF288EEC25F00F7075638A0 SHA-512: 939F73CA540F623164B47C8B4D9BB6BA221DD2CD797630DB71E2A0472AA02EF029319881903B66083BFFC2AEEA28B2812F2AC875730D3BD3E336316B4074154B Malicious: false Preview: !function(){"use strict";try{if(window.addEventListener&&document.querySelectorAll&&window.localStorage&&window.JSON&&window.XMLHttpRequest&&Array.pro totype.forEach&&window.btoa&&window.atob){var M="/platform-telemetry/contentsecurity",D="C_M_M",w="C_C_M",A="sv",x="erv",U="sm",H="cv",X="sn",N="vt",c="csp- report",d="document-uri",Y="mms",T="mmf",l="mmi",e="eyJcdTAwNDNcdTAwNmZcdTAwNmVcdTAwNjZcdTAwNjlcdTAwNjciOnsiXHUwMDYxXHUwMDc1 XHUwMDc0XHUwMDZmXHUwMDU1XHUwMDcwXHUwMDY0XHUwMDYxXHUwMDc0XHUwMDY1Ijp0cnVlLCJcdTAwNjFcdTAwNzVcdTAwNzRcdTAwNmZcdT AwNDVcdTAwNzhcdTAwNjVcdTAwNjNcdTAwNzVcdTAwNzRcdTAwNjUiOnRydWUsIlx1MDA2NVx1MDA3OFx1MDA2NVx1MDA2M1x1MDA3NVx1MDA3NFx1MDA2NV x1MDA0OVx1MDA2ZVx1MDA3NFx1MDA2NVx1MDA3Mlx1MDA3Nlx1MDA2MVx1MDA2YyI6MTgwMDAwMCwiXHUwMDY1XHUwMDZlXHUwMDYxXHUwMDYy XHUwMDZjXHUwMDY1Ijp0cnVlLCJcdTAwNjVcdTAwNzhcdTAwNjVcdTAwNjNcdTAwNzVcdTAwNzRcdTAwNjUiOmZhbHNlLCJcdTAwNjRcdTAwNmZcdTAwNmRc dTAwNTNcdTAwNjNcdTAwNjFcdTAwNmUiOnRydWUsIlx1MDA2NFx1MDA2Zlx1MDA2ZFx1MDA1M1x1MDA2M1x1MDA2MVx1MDA2ZVx1MDA1NFx1MD

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\69w33ou4umkyupw2uqgn7za7w[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 604 Entropy (8bit): 5.087945987179285 Encrypted: false MD5: 69FCFA90872EC84E332B5C013A5AC17C SHA1: FA2751EC7B334B0901C51393CCB29E8B2411C8A6 SHA-256: 6C66517000417FAB138F43B9926BCAD36AFDC0422C9331B7B8935D89714105D1 SHA-512: C60B7741988738524D1F20F437C115D142FE7AD16E7BBA6F954D6070F983449F00009B186917EF279A5A1ACE2DDD8947D33C85358BD8D0BCE396868923A74059 Malicious: false Preview: (function(){function d(g,a,b){var c=document.createElement("script");c.src=g;c.onload=a;c.onerror=b;(document.body||document.head).appendChild(c)}function e(a){return b+(/\?/.test(b)?"\x26":"?")+"ch\x3d"+window.encodeURIComponent(a)}function a(a){window.abp={enabled:a};window.dispatchEvent(new window.CustomEvent("abp:r eady"))}function h(a){"complete"===window.readyState?a():window.addEventListener("load",a)}var f=document.querySelector("meta[name\x3ddetectAdBlock]"),b=f&&f.ge tAttribute("content");.b&&h(function(){d(e(1),function(){d(e(2),a.bind(a,!1),a.bind(a,!0))},function(){a.bind(a,!0)})})})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\82i5b2jv41vqmfkb5brdajvv,e7xlsv13j9f9fgq7i82f6mifw[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 10674 Entropy (8bit): 5.206135558159206 Encrypted: false MD5: C35C035E4BEB7DA95CF54DC1B077E186 SHA1: B506E94BB31E13236A7315B26F500D7CFF166676 SHA-256: 21C1CBA99589F609273FD1A2642326A74326696E3D5DF08B31C6A7AA08F7669B SHA-512: 87B380E61441BC78A7F0F68B275A7D1368D080176770002728559BC2F5792C398AF241FAE9BE1DD3874A94F4FE32553A34F1F26FC5DEE1DDB01C6C957A464FD1 Malicious: false Preview: function RumTracking(e){"use strict";var n=true,r=false,t=false,i=window.HEAD_LOAD_TIMESTAMP||undefined,o,a={},u,s=undefined,c,f,m,d,p=0,l=[],g=true,w,T;function y(e){C();a=e;a["enabled"]=a["enabled"]===false?false:true;if(!a["enabled"]){return}a["beacon-url"]=a["beacon-url"]||"/lite/rum-track";a["beacon-service"]=a["beacon-serv ice"]||"lite";a["event-name"]=a["event-name"]||"RealUserMonitoringEvent";a["topic-name"]=a["topic-name"]||"RealUserMonitoringEvent";a["app-id"]=a["app-id"]||"linkedin.rum .tracking";a["is-single-page-app"]=a["is-single-page-app"]===false?false:true;a["cross-origin"]=a["cross-origin"]||false;a["beacon-timeout"]=a["beacon-timeout"]===undefin ed?6e4:a["beacon-timeout"];a["request-sampling-rate"]=a["request-sampling-rate"]||.01;a["user-timing-mark-enabled"]=a["user-timing-mark-enabled"]||false;a["user-timing- measure-enabled"]=a["user-timing-measure-enabled"]===false?false:true;if(a["beacon-source"]&&a["beacon-source"]==="internal-apps"){t=true;a["page-key-prefix"]=a["

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SS_In_Logo_White_Large[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 384 x 102, 8-bit colormap, non-interlaced Size (bytes): 2870 Entropy (8bit): 7.687328070329638

Copyright Joe Security LLC 2020 Page 29 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SS_In_Logo_White_Large[1].png Encrypted: false MD5: 27CED10AEB3CFA73AED359B3FE9A393C SHA1: F4CFB936898A2532DA1BA3B69DBC6AE2AC5DBA51 SHA-256: 73EA5AB92D131E245852A695BCF8C925B9B7C2C89F02953C2ABD57E68C3D074D SHA-512: A8B8EED920DDFA0BA126E73259C46FCA7E992ED15D591301F2D4839CCA71A38BFC20F0C22177C72A3A3299968B40FE1856743E332496FE46EB40500E809C5929 Malicious: false Preview: .PNG...... IHDR...... f...... s...... PLTE...... v....5tRNS..U.....8.~....v..(.....P .4..r...A<...F.eZ...`$zkK.=.L.....IDATx....r.@...#..4.hp!..FT...... G..k2...~~Y..Z..K.)x9];...S....=...$.pWa....$.R.&.[ZH.G..].i.S...... =.ukd@".)20 ...... p....$\.L. ..P.D..J.x5.D....(..i...". d..&..LD....T..y*...q..qB. u.....k"@..3.....6....lC.H.x!..E...W.S5. N.x5b.}.....q..}b!.J..o.'.^.8.....2/..<.O.9.H_....#..d..?...-.k....,.K.8j.D...Y.V[\. ...P..cG.d...r..../.....Xk... b....V..!2.....X= .`..`.....(.O....i.H.e-TS.`..r....X..P...... `.~.Ur..,....G...v....O#.._..Uxo....j>....J.?...... -.3.S..x.Y....9.;..L...... [email protected].&P....X....2.J6..P.l..@.)...M.,...... e....O..4.D..I.X.,...P{ ..a.n..0...&..L.#...{.....ow....G.R..t...... |...... n.....W&...N..`U..~.t).t.z~M.._.....f...GJ0.M.t...... >.^.p..T4...q...+...c.Z....7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\admin[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 5 Entropy (8bit): 1.9219280948873623 Encrypted: false MD5: F9D9DC2BAB2572BA95CFD67B596A6D1A SHA1: 43C88B21F3E2993174087CCBA30D24520D67ABE8 SHA-256: D43CF775E7609F1274A4CD97B7649BE036B01A6E22D6A04038ECD51811652CF7 SHA-512: 63DE7AD63DDF8DC730C68E42328F61286E0D1A54D0575DF2E01B79C9823BCDE9C0941A2642C8714EE90CF04E42455B95C6F97115F9049931E885378B295DCFB5 Malicious: false Preview: GOOD.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ayezjguqc05f3tpbsa8s745u8[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 100044 Entropy (8bit): 5.367023169413609 Encrypted: false MD5: B90F65E3ADB17917D4EBA089C2BF4D90 SHA1: 2359903E94C7857E45E866DD4AF58B8244301195 SHA-256: 4DC12D36C1FBB937723D51E75E2F5A4C52AD0A686E3B528C5BAE672635329E75 SHA-512: 078339731D6F14AFA79560FE940697DE1CD1F90A4A758D356567E4E9CA2554A9782D258500CD7BEDC6CD82C7950E829F006BCB8B9E52087723D7DD3C8D833165 Malicious: false Preview: !function(){var U,ga;function Da(g,h){return g(h={exports:{}},h.exports,Fb),h.exports}function $a(g){var h;g=g.target;return u.lastClickedButton?null:(h=function(c){for(var b=0;c&&8>b;){if(c&&c.tagName&&"button"===c.tagName.toLowerCase())return c;c=c.parentNode;b+=1}return null}(g))?(u.isMouseDown=!0,h.setAttribute("data-is-anim ating-click",!0),u.lastClickedButton=h,void(u.timerId=setTimeout(function(){u.isMouseDown||(u.lastClickedButton.removeAttribute("data-is-animating-click"),u.lastClickedBu tton=.null);u.timerId=null},140))):null}function ab(g){u.lastClickedButton&&(u.isMouseDown=!1,null===u.timerId&&(u.lastClickedButton.removeAttribute("data-is-animating-cl ick"),u.lastClickedButton=null))}function ha(g,h){var c=Array.isArray(h)?h:h.split(" "),b=g instanceof HTMLElement?g.className:null,d=b;if(null!==b){for(var b=b.length?b. split(" "):[],a=0,f=c.length;a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bc9mylrjcby2hgmrrd6v9ajwt[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT) Size (bytes): 58871 Entropy (8bit): 7.973369919768543 Encrypted: false MD5: BF8F2991BFA560D87D95BEE20F72A84D SHA1: 95E873ED0D1990ED77A3383F0C5F13746726FAC3 SHA-256: BCEEA5354F97EEC72B64F80AA15E4156E9ED7EF88535C2D76F9631283B0E01DF SHA-512: 2845A4F6FA23912EDD97A92DBD64190EFCED7F64859A8A6329FE3C34872FE5A0C37E4AE2E56B2FE0CE3F6AD52B74CEC558FFDF43BFACD6964FB3DF88D5FEF E70 Malicious: false Preview: ..../...... LP....J .P...... R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.2...*.H.e.l.v.e.t.i.c.a. .W.0.2. .O.b.l.i.q.u.e.....BSGP...... b..f..go.d<...... (u..3.)0D.B/N$.%...CH...uM9.D<..o..\M'..2G.".`P.^j3..h...-.T...g71.^.3...B..[.....P.. .3..v.N.MS= ...-g.6.8j..E.C.O..V.R.|."P\..l.?...Y.I..<.Z.a..>ef..a.s.Y..pA...... |a.s..z.&s.d T .B.0.4P..].d.e=@.}@.L.....kq.r...d*..+.9...=.s..[..Y..8...=.c>....%D...Md.!..n....=...... [..D.N....Hd...... F....b.e..N..^.w...%Tk.d...*...... JP_.)0...... Tr...... VH...... ]d....d.+.S.0.N...!....h. 5..|.2_E`...2..3S...... 0.*....f.hcz..R.G.d,./%...... P..X.X.b.{a.{.!..T...>.."![.....0B@.~....95.10.0.J....(~$..:.@....>.;...N>S.....K..F..0...... w2.>&q.:?...... =,...x....~..ZR..'Uw...... ~....^1.o .SYHKR.jL.);.h)..&m.....{=...K....R....q..0O.W..(."...... f..5..h..v#.1wT...... p.L..n...&q.!.IA.P~.....h...(..|..#...H.h..bD|....Xi.N...x...... 2?I.|.i..V.4.J.,....`..r.&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\beacon[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 1469 Entropy (8bit): 5.276364639781687 Copyright Joe Security LLC 2020 Page 30 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\beacon[1].js Encrypted: false MD5: 1827F116C73F319409B97F10B8A58ADE SHA1: 16CDF30FCE69405601446632E34FC15706B963B8 SHA-256: A256529BD5B1B8846F8D2536CE7581FB6CEA4479992F222D01535903DFF48D79 SHA-512: 5E15653F5B13B16C7F28C2EA2275056989FA03097EDF324A886669554BD228FC45B56E31685E011C5C7FD16FCF612464F3B982144BF7E2411A4AB973906EB135 Malicious: false Preview: function udm_(e,o){var n,c,r,t,i,p="comScore=",a=document,s=a.cookie,f="",d="indexOf",u="substring",m="length",l=2048,_="&ns_",g="&",h=window,w=h.enco deURIComponent||escape;if(s[d](p)+1)for(t=0,r=s.split(";"),i=r[m];i>t;t++)c=r[t][d](p),c+1&&(f=g+unescape(r[t][u](c+p[m])));e+=_+"_t="+ +new Date+_+"c="+(a.characterSet|| a.defaultCharset||"")+(h===h.top?"":_+"if=1")+"&cv=3.5&c8="+w(a.title)+f+"&c7="+w(a.URL)+"&c9="+w(a.referrer),e[m]>l&&e[d](g)>0&&(n=e[u](0,l-8).lastIndexOf(g),e= (e[u](0,n)+_+"cut="+w(e[u](n+1)))[u](0,l)),a.images?(c=new Image,h.ns_p||(ns_p=c),"function"==typeof o&&(c.onload=c.onerror=o),c.src=e):a.write("<","p","><",'img src="', e,'" height="1" width="1" alt="*"',"><","/p",">")}"undefined"==typeof _comscore&&(_comscore=[]),function(){var e,o="length",n=window,c=n.encodeURIComponent?enco deURIComponent:escape,r=function(e){if(e){var n,r,t,i,p=[],a=0,s="";for(var f in e)r=typeof e[f],"string"!=r&&"number"!=r||(p[p[o]]=f+"="+c(e[f]),"c2"==f?s=e[f]:"c1"==f&& (a=1));if(p[o]<=0||"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bootstrap_combined[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 9396 Entropy (8bit): 5.076550726449184 Encrypted: false MD5: A03591D10D18183F074DB803B6B04E1E SHA1: BDEA8ED6D56BA7785A57FA1966F0740CD3915660 SHA-256: 1EC76BB8964549C28314724C6EBBAAD82485BB4B10218F7C6B2B974775370DC8 SHA-512: 7F79C04EDF7F845EFAF0A5D693D6AEDE34A06DD168D3605146F9DEF642ED45A0BDC266D9E46DC70174B92791A49F97BC1F001975A329F12E7A347CA77357A51F Malicious: false Preview: !function(c){var e=function(a){c(a).on("click",'[data-dismiss="alert"]',this.close)};e.prototype={constructor:e,close:function(a){function b(){g.trigger("closed").remove()}var d=c(this),f=d.attr("data-target"),g;f||(f=(f=d.attr("href"))&&f.replace(/.*(?=#[^\s]*$)/,""));g=c(f);g.trigger("close");a&&a.preventDefault();g.length||(g=d.hasClass("alert")? d:d.parent());g.trigger("close").removeClass("in");c.support.transition&&g.hasClass("fade")?g.on(c.support.transition.end,b):b()}};c.fn.alert=function(a){return this.eac h(function(){var b=.c(this),d=b.data("alert");d||b.data("alert",d=new e(this));"string"==typeof a&&d[a].call(b)})};c.fn.alert.Constructor=e;c(function(){c("body").on("click.alert.d ata-api",'[data-dismiss="alert"]',e.prototype.close)})}(window.jQuery);.!function(c){function e(){this.$element.hide().trigger("hidden");a.call(this)}function a(a){var d=this.$elem ent.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var f=c.support.transition&&d;this.$backdrop=c('<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\c8kkvmvykvq2ncgxoqb13d2by[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 1092 Entropy (8bit): 4.720431421270261 Encrypted: false MD5: CEB75BA28F606D0D389421CFCC75040E SHA1: 7A713CFB574A40C98E1D157DD0BCE761FE7E6692 SHA-256: 76BB5057C17799EDA6C5371F00EB11D964C0289220D5EE5407FC24E42F8E0AF1 SHA-512: D37D435C1748AE477C67779C6F26EF6664FDCB8BF75C7FA42819251F3F3A91782BAD424B55487BA8E3D371F6C7AA91A5B89520C64E5CDB4C888E2C7E65D28DB E Malicious: false Preview: .yui-overlay,.yui-panel-container{visibility:hidden;position:absolute;z-index:2;}.yui-panel{position:relative;}.yui-panel-container form{margin:0;}.mask{z-index:1;display :none;position:absolute;top:0;left:0;right:0;bottom:0;}.mask.block-scrollbars{overflow:auto;}.masked select,.drag select,.hide-select select{_visibility:hidden;}.yui-panel- container select{_visibility:inherit;}.hide-scrollbars,.hide-scrollbars *{overflow:hidden;}.hide-scrollbars select{display:none;}.show-scrollbars{overflow:auto;}.yui-panel-contai ner.show-scrollbars,.yui-tt.show-scrollbars{overflow:visible;}.yui-panel-container.show-scrollbars .underlay,.yui-tt.show-scrollbars .yui-tt-shadow{overflow:auto;}.yui-panel- container.shadow .underlay.yui-force-redraw{padding-bottom:1px;}.yui-effect-fade .underlay,.yui-effect-fade .yui-tt-shadow{display:none;}.yui-tt-shadow{position:absol ute;}.yui-override-padding{padding:0!important;}.yui-panel-container .container-close{overflow:hidden;text-indent:-10000em;text-decoration:n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\cb-insightshealthcare-report-q2-2019-slideshare-190808194702-thumbnail-3 [1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, frames 3 Size (bytes): 14683 Entropy (8bit): 7.9296794405556685 Encrypted: false MD5: E0E4B6CD57E7898BDF9C99D94D13C611 SHA1: 33BEA94A90D604484229E078699297225683A42B SHA-256: 8A3F9E839AF13C7EE25019FA7094DE2B1333DCB4E1F99D9FFF20EF3F5FCE6C58 SHA-512: 307B861DD0BF802778BA010C5480EB1F79D6E4DB37227BB683BCBC823AE0250C3009E7D19EC227C62E04DC8DE0708DDE4F5767F7EBCA2A6F7D961DD7F33B071 A Malicious: false

Copyright Joe Security LLC 2020 Page 31 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\cb-insightshealthcare-report-q2-2019-slideshare-190808194702-thumbnail-3 [1].jpg Preview: ...... JFIF...... C...... C...... @.."...... ?C...... #.8.....!...Uw_.a..d...... Z.o..].oZ..{..._...... =.c.....s...... I.....d..S..!.gj.>z.~..J....?..f...... 2.>O.%...@.._O.^i.=.....]J...... I...... u5.n-.....I._.../H..g'...... ;[email protected]. 3lw]+.u..Ah.....]..uM.+.t\@...... HL...Y.k.r.X...?n...)+..>/...... J...Z........j.Q..j...... kj..ju.5l.Q+.x.M...*..N...YF...:...T...*.*..#.8...... z..n(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\com.linkedin.jet-static_jet-static+1.0.27+_jet-1.0.27_libs_xhr.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 968 Entropy (8bit): 5.346210467183504 Encrypted: false MD5: A268256B000BA8CFB7CF5AD6508C3995 SHA1: D7557A05CB6B0544274AB2D733CB370BC6027E18 SHA-256: CC893248993EF34D4F73B0941FE78EF107D16253CDC422B9429DD5A84968193E SHA-512: 94EB09C985E1219369FE29DC46249D123344E12AB7AE31CE35D150EE3C991C312FC6DB57BA6C7CBADDF7795C66B2ADD4DE879A2CA45D295FC4034CB4847D83 B0 Malicious: false Preview: (function(v,d,m,n,p,g,q,r,f){function e(a,c){var d,h,e,k,l,b,s,t;e="post"===a.toLowerCase()?c.data:null;h="function"===typeof c[p]?c[p]:function(){};s="number"===typeof c [n]?c[n]:2E4;t=c.bustCache?w(c.url):c.url;b=u();b.open(a,t,!0);b.withCredentials=!0;b[g]("X-Requested-With",m);if(c[f]){for(l in c[f])b[g](l,c[f][l]);if(!c[f][r])b[g](r,"application/x- www-form-urlencoded")}b[q]=function(){if(d)h({status:408,body:"Request Timeout"});else{if(4!==b.readyState)return;k&&(clearTimeout(k),k=null);h({status:b.status,.body :b.responseText})}b[q]=null};b.send(e);setTimeout(function(){d=!0;b.abort()},s)}function w(a){a=-1===a.indexOf("?")?a+"?":a+"&";return a+="_"+ +new Date}var u;u =function(){try{return new v[m]}catch(a){return new ActiveXObject("Microsoft.XMLHTTP")}};d.post=function(a){e("POST",a)};d.get=function(a){e("GET",a)}})(window, window.xhr=window.xhr||{},"XMLHttpRequest","timeout","callback","setRequestHeader","onreadystatechange","Content-Type","hdrs");.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\com.linkedin.jet-static_jet-static+1.0.27+_jet-1.0.27_vendor_stacktrace- noamd.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: C source, ASCII text, with very long lines Size (bytes): 5431 Entropy (8bit): 5.447570848549633 Encrypted: false MD5: 9595C9960CC78065A9B08FE81A2C8DD7 SHA1: B4DE5622372B0EC720F3D897962E80E2443A327C SHA-256: C6C800EF65D05E8128E73A2CCD1DB4587CF71387D08D22BEB40B42BE136469B5 SHA-512: 23444C4101656A8618F444D9CF4452697FB778832328B79226666E0BACF365F922C975EFADA51E22B95EE9E39A31FD466B39B2C3350EC130CD8391A573074951 Malicious: false Preview: (function(h,a){h.printStackTrace=a()})(this,function(){function h(a){a=a||{guess:!0};var b=a.e||null;a=!!a.guess;var c=new h.implementation,b=c.run(b);return a?c.guessAno nymousFunctions(b):b}h.implementation=function(){};h.implementation.prototype={run:function(a,b){a=a||this.createException();b=b||this.mode(a);return"other"===b? this.other(arguments.callee):this[b](a)},createException:function(){try{this.undef()}catch(a){return a}},mode:function(a){return a.arguments&&a.stack?"chrome":a.stack&&a .sourceURL?."safari":a.stack&&a.number?"ie":a.stack&&a.fileName?"firefox":a.message&&a["opera#sourceloc"]?!a.stacktrace||-1a.stacktrace.split("\n").length?"opera9":"opera10a":a.message&&a.stack&&a.stacktrace?0>a.stacktrace.indexOf("called from line")?"ope ra10b":"opera11":a.stack&&!a.fileName?"chrome":"other"},instrumentFunction:function(a,b,c){a=a||window;var d=a[b];a[b]=function(){c.call(this,h().slice(4));return a[b]._i nstrumented.apply(th

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fancy_progress[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 40 x 480, 8-bit colormap, non-interlaced Size (bytes): 1684 Entropy (8bit): 7.725321923444639 Encrypted: false MD5: CE1B94076F26B8C1519D640988F8E54F SHA1: 30A9593DA4FC6B95442E68DD0E645F4ED92722D9 SHA-256: C924CFB6A83A9BCDEEE4DD58FC0EE1C0866B6FBDDD0F49203D3598D73CDAAFAE SHA-512: 81D86AAB231D5AA134D36118EA15FE3A0BFBE9AB4DA7F85004323830C75E3A1FA057216B247A8D704040AB06E61E2471F5AFA7D087FFB0A302EC96D3C555FCD 5 Malicious: false Preview: .PNG...... IHDR...(...... 2....PLTE...,,,...JJJ...nnn...... tRNS...... Y...#IDATx....n.J..`.gH...... ,..r7M...... H7....$%{<.6].....3{....jN..t....[.pXp..d.f...e6.2..@.(..n..a.i?.....J.@...*%...... :..3..Xw.ft..8....|]=j`.._.p.'[email protected]...... '.!I.;4...].....3..g.....M...Y.5.. ...]....O..(...... H.J.C.L,;..3.:..p.a...c.3....A.i&.."s.,...... #.2.;l}..ok#puf....}t..;..Nv...!. d..9.Ugvc4s...... g...^[email protected]...... =A....>r.4...7...... %...... L |"33c.../5...V.Q...... n.:K.g..vm.....,J.Ugt;s;s;...pL..Y....O..`.D...V..8s.#...3.3.3..K.^r....3...... l.?R. VX..4.V(...... 1.RIPx.....A..<....g....3.....K..L,8.....K.t&...32f..nV..G./.....+...... [(...... 4h.2,8#l.=...h.f...... `t....p...,9.o^..j.Hr....u.3.\....q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fontawesome-webfont[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), FontAwesome family Size (bytes): 60767

Copyright Joe Security LLC 2020 Page 32 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fontawesome-webfont[1].eot Entropy (8bit): 7.983356702664012 Encrypted: false MD5: F7C2B4B747B1A225EB8DEE034134A1B0 SHA1: 3E63FC9B3DE4580F1F3BEC0631436F755B80F167 SHA-256: CBB644D0EE730EA57DD5FBAE35EF5BA4A41D57A254A6B1215DE5C9FF8A321C2D SHA-512: F8B32EEC082C86A295931F39A38C1B638254F4D298CE97DE8D4C80504340CB922D18770C445A19854AA6BCA27E12E234957C7D17C78361FA19CEEA1DB7E54918 Malicious: false Preview: _...y...... LP...... P...... F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...3...0. .2.0.1.5...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r..... BSGP...... T..q..u..*...... Y.D.M.F..x...>...... )Y.....h..D....pj....f.i..).U.'.&a..;`.*.../.....V.B.....OV..r.n.:..{$2D....:.&...m..d ..CeH.\./o...... U.M....X.`?...?.A...C...@..'.(g~.....% (.Jl.&zw....W#.mw".].At....k...... p...E....[..=.gM...... go..W.R.q..`{.ZwUF...... o ..D.p)A8....$..M.#.>..?...... d.No2..L...... <.t...B..T..a....<...`...... e.SO....cI[.p..E1R*.fMd....>. .2V...... z7..&.+.....f.&#.V.(8....aR.....x.Z\R.e..$.Vw...... K....gs...... *...... dI.....6...... )...rj..:Z."1.'...<....'.Q/...8.).B..5..tgk.AM.)...|~...."...2....+h..(.&.c..sw...(....h.Dg.k...w.zm%. f....//5.%....}...k...... @...[#.D)..J<..?YAT...... o.s%..Z...G).5....#R'...#...)...+R.....Z.z...+._...K&%'5....(b....Y..i_.....|B.>U.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\forbidframing[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 2882 Entropy (8bit): 4.101264567053427 Encrypted: false MD5: 5CD4CA3D0F819A2F671983A0692C6DDD SHA1: BBD2807010E5BA10F26DA2BFA0123944D9521C53 SHA-256: 916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B SHA-512: 4420B522CBE8931BBA82B4B6F7E78737F3BB98FC61496826ACB69CFFF266D1AC911B84CB0AEEADD05BD893A5D85D52D51777ED3F62512C4786593689BF2DF7F 0 Malicious: false Preview: ......... .. .... .... Framing Forbidde n.... .. .. .... ....

.... Error title -->.. .. ..

.. ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fz-1.3.8-min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 27534 Entropy (8bit): 5.488767998668563 Encrypted: false MD5: AD9EC12784FEB3A7CD33F78D4F42B3C4 SHA1: 8BE02264BE2C37A1C5F90496640DBE8EA44F45C5 SHA-256: 2ED885AAC35B47A58E5EE5BDFED8428BB07579ED9B4B9A1E24087A14F25A1EC1 SHA-512: 9E6ACE57F5B6BA3F8293447DE1F6803323CD9A80CE25DB3BF2C78F0C45615224DDCF6F148A2FC40BA9B69AA7320315BEEC3BF5AE8C8CDC704D1B53FA38F101 D6 Malicious: false Preview: (function(b){function n(b,c){for(var k in b)b.hasOwnProperty(k)&&(c[k]=b[k]);return c}function p(b,c,k,h){b.onload=b.onreadystatechange=function(){b.readyState& &"complete"!=b.readyState&&"loaded"!=b.readyState||c[k]||(b.onload=b.onreadystatechange=null,h())}}function G(b){b.ready=b.finished=!0;for(var c=0;c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 12105 Entropy (8bit): 5.451485481468043 Encrypted: false MD5: 9234071287E637F85D721463C488704C SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 Malicious: false

Copyright Joe Security LLC 2020 Page 33 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.su bstring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var pound Index = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild( bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\redirect[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Size (bytes): 291 Entropy (8bit): 4.71296486377934 Encrypted: false MD5: 3E6EBE5AF7D01AA48C5B783BD5A85493 SHA1: B32CF0FEE5DEAA9563BAEC8A1799CB4D89E909CA SHA-256: 298021974EFC37F4A06B730709B8FDA6F2B4411E4F45370EB8D84791CF9A1845 SHA-512: AB7B991D80775AF50BA51E2F2B781CA24F0A3BE8A9A756F1C453E02B2FA8F8A34183F17CC253716FA6D20E516F0C98B3A3B32C7B8D27053A87E6CE93F07853C0 Malicious: false Preview: .. . . ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\slideshare-64x64[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced Size (bytes): 4905 Entropy (8bit): 7.950536833288732 Encrypted: false MD5: 2AED251251E61B660ABC4FCE460CB7E1 SHA1: 3D86A2E30D2993FAF39F687BFC05716B7CCCBFA5 SHA-256: 83C6742FE10C5260E18617C7BA8E5D65D47DF408A0493D2C61AFD6B38D54EC45 SHA-512: 4DC1348A94A2B3AEBB8C8958C1229DD4F185A14FD6AFA4991CAD33AD668432DB9E908E78CB5FF7C70C0226CC90A86C486884C5F0113E14F2CF45AA27257F30C 6 Malicious: false Preview: .PNG...... IHDR...@...@...... iq.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[..T.y..>...3s.\...... T....4bj..V.&MVLl..L..LS....M....`..iY...(.....k..X.$`.A.<.p...q.<...9g..0.1. .%g.33...... }.....59l...n...... Z.z...5.y%.M...@.>.....h-..A.^n.l.. .#?..'.e.O..6^h.._.}...EP?h...?g6...u5..&.....h...... 9..H.m....Z.8.A.|..\...~.T..,c^.%..5.r.|.....A...... B..s'..L|..R.Yx.."... [email protected]*.?.,..c...'M..pH..&...... )..7%.POf.$..&.J*..|..H1g|q...2'.A.o.s...... L.C.b..%..%z..z...... $...6.v...dqR.8..t~...Z.v."...M...!....L...]..U....eJ.#$.."...A...m.ud..v.C?.~...3....}.P..... (..^..8.;....u...=...... A.wZ..\..a0...... F.04S:.$..&n..YA.28w....h...V.'hHdi}..Q.kh~IBZ.bV.L..@...... v....~2.2..fr.<...lv..M...... /..r...5}...... t.k.y..&.yx.\..=12...`.0#..,M../S...fhAP3...l. =....,...'..).).Hr.<.+.B..>...... '.Y....\...... 6Z4..9F..w.....;i_.&k.V.[.~..r^/..Ph.M.D..~pl...S...Gb..q..8`..k!..,.....,w?-?.).~c^[email protected]^...... p.%\.g...W...O.&[kp...ZA .DX

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\track[1].txt Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 4 Entropy (8bit): 1.5 Encrypted: false MD5: 45802158E78DD9584161629098018FE8 SHA1: 7763D377B925FC016D9FDE44FE2AFA2332A30FD2 SHA-256: 278F14E96CC67489E5C0D6CEBEC8A2718FB158EC656FD41FED7ECD031CD472B2 SHA-512: 9592E8C12960603D57A43F5367177C44F0F8C08E4040A9CF380CF6CDEF35B4CFBFA01EED16FEA0C18206994AFEB29D1091E658A310D16CD906D94D84A88A036B Malicious: false Preview: GOOD

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\whatsnext-socialmediatrends2020final-200126152458-thumbnail-3[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, frames 3 Size (bytes): 6724 Entropy (8bit): 7.7430603317502955 Encrypted: false MD5: 762940B08EE80820B8AD567A069680FB SHA1: 60C45E6EF313E00B30BF1199EC530D28CEDDB076 SHA-256: ABEE6522A73AFDBC8993193360D00ABC1645968202B3A39672DFEC046F65440D SHA-512: 45CAECC967D937185A04F5B4C4E87FBA135550009B76FFFE1CDA2DB0B00877D6AA6F403A721AAEBDE3E95FA8A34AEDD015D9528560BCA24C8C9F6AD2154259 F1 Malicious: false

Copyright Joe Security LLC 2020 Page 34 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\whatsnext-socialmediatrends2020final-200126152458-thumbnail-3[1].jpg Preview: ...... JFIF...... C...... C...... @.."...... '.].t..m [email protected]...... i.M&.SN..4@..$L.....)&DM].>`.4.-.W.3...... =...... q...P.IJ..UzP.E.~&.u.....E...... {Q@H...... d..=.#...... >..0y..+.p_i...S..o...... :...yN....y..n8 ^.o7..x./C.].9Q2...:.N!.].C...... I..e'N1..]^...... $....~f...=p.@...... )...... 0...P..67@`...... qI..+..>.....::..0e.?C- bm_H.\...... H6..M..s?....)..z.TwZ...)[...@p.^.n#1,z..Z..Q:..E.2.ug-o....n...... \..W....v..c.Y..dg...Ry..e].'.VWe]..Y..O..Y..2...... }..eV...l.]V[*...e.*....n<..O.^...=..=.02..8.b./...... # gu.;.y.?..R.m.]r.?.y4...~..9.....m.Y.{..F.=...M...#.S..7..2.....g5.A.k.~aO|u.Rkt9...... C.....K

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0[1].txt Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 16 Entropy (8bit): 3.625 Encrypted: false MD5: 611D367C84D0637418B708416C28FDD6 SHA1: CBE9A803E1B44D4C50B3C570AFE8C5FEB8DAE2A0 SHA-256: 8AED5E340CF6A71108B30BD80E05EA7ABFB02B5B9CCF9439CAE12382DF68D2A4 SHA-512: 48C4923B6063FA6C942D2AF6F3A97524FD99B8325B005CFDF10F20189E1E5DBB62879764D16D8EBCFE902234BF8CB25B30A8F5218F920446D203972AB4ED25F4 Malicious: false Preview: // Cedexis Inc..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\3qk7aqkysw7gz575y2ma1e5ky[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 24921 Entropy (8bit): 5.349303914262653 Encrypted: false MD5: 3F22D85CEB6214C689BCCB985A5BFCC2 SHA1: 55AF691D0BFCECAA685A5AC8F325234AB1AFDEE1 SHA-256: 7082BEECE2B33A3168640C2A6F9CE68D6EB89332C174AAC145039D0741654859 SHA-512: E609B42AF7C45C6857D6B89D2CA850F80F4C3E3DB784C1EDF0DCDD9A7F97CD459C1E317C726200B76DEC98B33E5A6319D89D9290DAFA1CE504DD59505434682 1 Malicious: false Preview: (function(f){f.liDustVersion="Package: dust-li; Version: 3.4.0"})(this);(function(f){"undefined"!==typeof f.dust&&(f.liDustVars={cache:f.dust.cache,i18n:f.dust.i18n,helpe rs:f.dust.helpers,jsControl:f.dust.jsControl,pageJs:f.dust.pageJs,filters:f.dust.filters})})(this);.(function(f){function g(a,b,c,d){this.stack=a;this.global=b;this.blocks=c;this.t emplateName=d}function q(a,b,c,d){this.tail=b;this.isObject=a&&"object"===typeof a;this.head=a;this.index=c;this.of=d}function p(a){this.head=new h(this);this.callback=a; this.out=""}function m(){this.head=new h(this)}function h(a,b,c){this.root=a;this.next=b;this.data=[];this.flushable=!1;this.taps=c}function n(a,b){this.head=a;this.tail=b}var e= {},s=["DEBUG","INFO","WARN","ERROR","NONE"],r=function(){},b={},c,d;e.debugLevel=."NONE";e.config={whitespace:!1};e._aliases={write:"w",end:"e",map:"m", render:"r",reference:"f",section:"s",exists:"x",notexists:"nx",block:"b",partial:"p",helper:"h"};f&&f.console&&f.console.log&&(d=f.console,c=f.console

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\772mb9ywqm8na8dkwfwr86u69[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 48862 Entropy (8bit): 5.026271515825907 Encrypted: false MD5: 798E9492D53E707A3E30B29DB5C8F241 SHA1: 1A9EBF514682F2E3C8B1263E35D53A6C18473A3D SHA-256: 18FF0FBF535EB4EE3D80EA61DFDF33EDFA5752EE9D98696D9808B9E74DC91357 SHA-512: C249AD2E494883730BB9A9C059E479DCED71B619B893F36D40662510A1BED6A77B90C309486511D75DFA0EFB87F4571FB1D60DCEB0A01319A0BF64A406F280C1 Malicious: false Preview: (function(){function c(b,a){return b.write('\x3cscript src\x3d"').helper("assetUrl",a,{},{path:"artdeco/static/javascripts/artdeco.js"}).write('" async\x3e\x3c/script\x3e').partial ("templates/legal/navigation",a,{}).write('\x3cheader class\x3d"header-container"\x3e\x3ch1 class\x3d"banner-title"\x3e').helper("i18n",a,{},{key:"privacy_policy_v9__text _plain__headline_privacy_policy",templateName:"templates/legal/i18n/_privacy_policy_v9"}).write('\x3c/h1\x3e\x3ch2 class\x3d"banner-subtitle"\x3e').helper("i18n",.a,{},{k ey:"privacy_policy_v9__text_plain__subheadline_privacy_hub",filter:"mk|s",templateName:"templates/legal/i18n/_privacy_policy_v9"}).write("\x3c/h2\x3e\x3c/header \x3e").helper("ne",a,{block:d},{key:a.get(["lixIntroVideoTreatment"],!1),value:"disallow"}).write('\x3cdiv class\x3d"legal-content"\x3e\x3csection class\x3d"row"\x3e\x3cdiv class\x3d"left_column introduction"\x3e\x3cp class\x3d"privacy-policy-effective-date"\x3e\x3cem\x3e').helper("i18n",a,{},{key:"privacy_policy_v9__t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\SS_Logo_Black_Large[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 384 x 102, 8-bit/color RGBA, non-interlaced Size (bytes): 5692 Entropy (8bit): 7.846196372776835 Encrypted: false MD5: DEBC847FF101AF116DBD3A12E222D257 SHA1: 377B23F8A0803287E5A0815693074AD9E3B46D4D SHA-256: 4331DB7D8E896D07703C8AA1AFCDCDFAD4B5D1972E7F412457EE0D6A4EF1F03F

Copyright Joe Security LLC 2020 Page 35 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\SS_Logo_Black_Large[1].png SHA-512: C68EA44E6D1514BCDE5EB2180CE79B411A45D424D10FC56BD830B01CD0EFED6FCEE4DFDA7A73C38C39E921596C94860D6A29A5449944A50E836B52023F4FA36 0 Malicious: false Preview: .PNG...... IHDR...... f...... F.....IDATx.t...P..._.Vf..z"..:...... }...Q.J.k...4..V..o.NP.{A...|C....5.h...Y@.../.Z}...... j...... 1...|~>.qe..`...(...)..!vf.6..m..`.m.[0o...... >oq..6...E.{m=k==E.o. [email protected]?`...A-1_....t|...... -..(...x....n...... /..[[email protected]..^...M...$..).]..a..^k...... zba...{.LB7..^.H,[email protected]^."..' ..a...U...... *bC...a...... H..5Z|.:w.][email protected]...... h ..M=.+.L...... 8.^...W..]....=.)...@...\0.r.3.P..^p,[email protected]...=~....x....1.).....7....m.L....2...... o.:...W...... 1:.h.d.....u.y./.;...(....(...... R.....(... (.....(...... @..../...0...... V...Z.j.S. J.!b.F....w...J.*..{/o.)b..(.. rU.\9..Qhw....q.].+...Y...P.a..).w..../...Pi..jV.X1...... @.(4.+DV.w..M....'U.P!../...(U.T..-..O...ty....G./.....V..).3.@...(..J...;...... m.m.u}.z...m.m.6.=OU .W..2.t2.;w.N.F.Nr...}N...d=.2...... Qn.....i...fG...... s#.W....."....@1...... `P&...... O.....".....>e..x..T.l..e..-.w.J.|...... f-h...q.^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\_microsites-frontend_stylesheets_legal_artdeco_2col_en_US[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 144612 Entropy (8bit): 5.125399673343457 Encrypted: false MD5: 7D899F275043B4A2AD9C9E953A82BA50 SHA1: 9A3CA611D141ED08EB64241A661812070FED2A49 SHA-256: 5FC827DF7F1517326801DDE08DAE953DD713E8C3D7A7F4D23EFEC726567E9F1E SHA-512: 4C98EC0AF48508C7DA9024FE019E958AE69F5FBD007B44CE7B703492A86B92CBE2D2393FF9303382F9F87FE2AA23B647F8AA8D2075B6D28773D1AA134737C3EA Malicious: false Preview: li-icon[type="linkedin-bug"] .background{fill:#000000}li-icon[type="linkedin-bug"][color="brand"] .background{fill:#0077B5}li-icon[type="linkedin-bug"][color="inverse"] . background{fill:#ffffff}li-icon[type="linkedin-bug"][color="premium"] .background{fill:#AF9B62}.artdeco-premium-bug-variant li-icon[type="linkedin-bug"][color="premium"] .background{fill:#EFB920}li-icon[type="linkedin-bug"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][color] .bug-text-color{display:block}li-icon[type="linkedin-bug"] [color="inverse"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][size="14dp"]{width:14px;height:14px}li-icon[type="linkedin-bug"][size="21dp"]{width:21px;height:2 1px}li-icon[type="linkedin-bug"][size="28dp"]{width:28px;height:28px}li-icon[type="linkedin-bug"][size="34dp"]{width:34px;height:34px}li-icon[type="linkedin-bug"][size="4 0dp"]{width:40px;height:40px}li-icon[type="linkedin-bug"][size="48dp"]{width:48px;height:48px}li-icon[type="linkedin-bug"] svg{width:100%;he

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\_microsites-frontend_stylesheets_legal_artdeco_global_en_US[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 124400 Entropy (8bit): 5.087525871344078 Encrypted: false MD5: 347B7669657F9507139B82705976A599 SHA1: 1EEACB634CB2B2011FF97CF14F2A06AE73CCE0AE SHA-256: 40880A219C332EB42A9C894ADC36BDF92E33883EADD5C9EBF82ADDB549BBA17C SHA-512: B7D46053C916F12888FDAC51BB3E38E24F60DBA206AF36EA220BA5483495D87ED816B5CD1DCC26B2AE59D5CCB7DF9F9AE666DD76E5B452BC0B497762C3E077 92 Malicious: false Preview: li-icon[type="linkedin-bug"] .background{fill:#000000}li-icon[type="linkedin-bug"][color="brand"] .background{fill:#0077B5}li-icon[type="linkedin-bug"][color="inverse"] . background{fill:#ffffff}li-icon[type="linkedin-bug"][color="premium"] .background{fill:#AF9B62}.artdeco-premium-bug-variant li-icon[type="linkedin-bug"][color="premium"] .background{fill:#EFB920}li-icon[type="linkedin-bug"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][color] .bug-text-color{display:block}li-icon[type="linkedin-bug"] [color="inverse"] .bug-text-color{display:none}li-icon[type="linkedin-bug"][size="14dp"]{width:14px;height:14px}li-icon[type="linkedin-bug"][size="21dp"]{width:21px;height:2 1px}li-icon[type="linkedin-bug"][size="28dp"]{width:28px;height:28px}li-icon[type="linkedin-bug"][size="34dp"]{width:34px;height:34px}li-icon[type="linkedin-bug"][size="4 0dp"]{width:40px;height:40px}li-icon[type="linkedin-bug"][size="48dp"]{width:48px;height:48px}li-icon[type="linkedin-bug"] svg{width:100%;he

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\app_critical[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 156912 Entropy (8bit): 5.125179051115714 Encrypted: false MD5: DC5CB4F89637190EC1DE8E2148235AC9 SHA1: E279D87E0BB1553D2F2BFA9296A4409C40633013 SHA-256: 1D9F9091C44DE7852EE1A3C2B023DB0AB94ACE43F4EED1AD20CF458852F13B5A SHA-512: 55C1AC742E707EDDA0B43DE55854041864DC75AC212E1D3CB3EC6A715734B57E9460E3BBDE66F4FDBEEF0541634627B807F3F04B73CD2697D8EE5C1FC966196 1 Malicious: false Preview: @charset "UTF-8";/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.button-link:focus,a:active,a:hover{outline:0}.invisible,.reveal-modal{visibi lity:hidden}.alert-box,body,sub,sup{position:relative}.button,.vevent abbr,a,button{text-decoration:none}.icon-bar .item.disabled,.tooltip>.nub{pointer-events:none}html{font- family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu ,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{ display:none}a{background-color:transparent}b,optgroup,strong{font-weight:700}dfn{font-style:italic}mark{background:#ff0;color:#000}sub,sup{font-size:75%;line-h eight:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0;max-width:100%;height:auto;-ms-interpolation-mode:bicubic}svg:not(:root){overflow:h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\artdeco_critical[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators

Copyright Joe Security LLC 2020 Page 36 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\artdeco_critical[1].css Size (bytes): 31504 Entropy (8bit): 5.098527699842894 Encrypted: false MD5: 1972A65095EFCD4229C43F3D84DA4142 SHA1: E8F82B5D4E95FB4630EA8203A146DE55127AFD60 SHA-256: C8A0E07A95F307DDC0EBA03F1645607810937831BFBD8902E2C7067BF435620B SHA-512: 1C6285FF87A5E7635E0A03324AC82FD24C154FD5C695801E8BCDE842D9621A7372A46EEFBD55F3E326B64AB99C9C1654B9B4F7B3D2CFB09DBC7597B98E00913 3 Malicious: false Preview: a,hr{padding:0}b,mark,strong{font-weight:700}.large-header,.large-text,.medium-text,.small-text,body,h1,h2,h3,h4,h5,h6,p{color:rgba(0,0,0,.85)}em,i,mark{font-style:italic }.large-text,.medium-text,.small-text,blockquote,body,h2,h3,h4,h5,p{font-weight:200}article,aside,details,figcaption,figure,footer,header,hgroup,hr,label,menu,nav,section {display:block}a,a:active,ins{text-decoration:none}.alert.error>div>button:disabled,.alert.success>div>button:disabled,.alert.yield>div>button:disabled,button[type=submit ]:disabled,input[type=submit]:disabled{opacity:.4}abbr,address,article,aside,audio,b,blockquote,body,canvas,caption,cite,code,dd,del,details,dfn,div,dl,dt,em,fieldset,fig caption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,object,ol,p,pre,q,samp,section,small,span,str ong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,ul,var,video{margin:0;padding:0;border:0;outline:0;font-size:100%;vertical-align:baseline;background:0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\background_gradient[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3 Size (bytes): 453 Entropy (8bit): 5.019973044227213 Encrypted: false MD5: 20F0110ED5E4E0D5384A496E4880139B SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255 SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5 A Malicious: false Preview: ...... JFIF.....d.d...... Ducky...... P...... Adobe.d...... W...... Qa...... ?...... %.....x...... s...Z...... j.T.wz.6...X.@... [email protected].%...m..D.25...T...F...... p...... A...... BP..qD.(...... ntH.@...... h?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\beagreatproductleader-amplifyoct2019v5-191007205738-thumbnail-3[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, frames 3 Size (bytes): 4391 Entropy (8bit): 7.462808356936795 Encrypted: false MD5: F38F918592E143CA2AFDEDAF776ABEB4 SHA1: 1EE6693BB17CF501FD11E3BEAEB40ABA4FFEA6F3 SHA-256: DFC3C26FF92E556453CE343673CD5B6F35C58A3636EF927D758B9BC3E0C6E563 SHA-512: 09E2CA326012AC162D738516519302FD5341925A7C77A310D422C754C02D6CC7702234CEDFE12E3FA06C40E922AB60C1DAAA139495A3017377AFD48038D9FEB4 Malicious: false Preview: ...... JFIF...... C...... C...... @.."...... ZY;..J.iU..+...j8.@...... :5.C...W>.._{..[PZ.(....`.../tx:.`.U..~Y]iW*.....|.....i.._.)...... +..X...O..z.{7.j.f...o../..,U.e.u.`v..4...i..m{...... #...... @..0...... J...g]....S...."....6E.~SWK.sZ....iI.U.. ..t.6p..N.B..!...... Z.0..A...1.'..K....e\.stk...r..05.q.....}Ch ."....rN.n....Z..l..xk6.P..j.6.;..u.p/...... {`.r..W1&...7.y...L....\...Y.Y....R...... b..]5Lyf.9\t..N....5.. .-.^l.-.l...... h.%...,oG6Am....l..T..rK.'...l....U..D..ea1..e..L..P.;..:U...f0..J...... ]..o..1.....5...... !1..Q"Aa..0R`... 2Bbq...... ?..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\c52xqty03kc2uumayfdgw52ha,6eb15yl27eoj4wlyl799ae32f,9isvvzw61f pveso9doy1mzsas,2qk68hrxrqya74okuimf9dv0c,613o3z852fmufuoq56wjec8bn,aibd4bc52tilbqe5gz50e4sem,8bia7ha4sns3oejhxmne1c0iq,[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: assembler source, ASCII text, with very long lines Size (bytes): 51919 Entropy (8bit): 4.981186425625171 Encrypted: false MD5: E2560C06A911248E94AD0A217F7BC204 SHA1: F2ED16E0B6B53A47DAE5CDC060EB6100D306FC5B SHA-256: 5F12B4F37DDFC56BADDD9F2F254D5B4ECEDD8309F10D7411C987BC97767EF759 SHA-512: 78383154D99241A6D8146B2C5D3B808B080E5407442B1AD062198D888CE1271ADCD6FCC7C2861AF2441C267A9349BF9B8E8999C936215817992D4AA6B5D11621 Malicious: false Preview: .accounticon{background:transparent url("/img/sprite/sprite_global_v8.png") no-repeat;display:inline-block;height:16px;margin-left:5px;text-indent:-119988px;overflow:hidd en;text-align:left;vertical-align:top;width:15px}.jobseekericon{background-position:-600px 1px}.premiumicon{background-position:-500px 1px}.openlinkicon{display:none !important}.icon-beta{color:#C60 !important;font-size:11px;font-style:italic;font-weight:bold;vertical-align:top}.icon-beta.super{vertical-align:super}.icon-new{background-co lor:#c60;color:#fff;display:inline-block;font-size:9px;font-weight:normal;line-height:1;padding:2px 3px;-webkit-border-radius:2px;-moz-border-radius:2px;-ms-border-radius :2px;-o-border-radius:2px;border-radius:2px;text-transform:uppercase}.network-degree{display:-moz-inline-stack;display:inline-block;vertical-align:middle;*vertical-align: auto;zoom:1;*display:inline;vertical-align:baseline;-webkit-border-radius:2px;-moz-border-radius:2px;-ms-border-radius:2px;-o-border-radius:2px;border

Copyright Joe Security LLC 2020 Page 37 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ck2u8j60r58fu0sgyxrigm3cu,dksuef1kjeuyovuvqowr79mf0,v92lm05fvu dk7z77wwe1zyaq,bcsoaoe97gad4n2pqczks46hi,6cvyrt0du5t5h6ozmr87aapap,7lhg6q1fo0fl3txf9lktbwa26,d4k6vtd49sfpqjcyqc49f5mwx[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 28806 Entropy (8bit): 5.543967773047582 Encrypted: false MD5: 04B740CF0AC1D9BCA231B4D8949E9F4A SHA1: 7D699965DE07A44A9CA593D1EFB46D343E773057 SHA-256: 9FC55215695D5ED4C9A356038AFBF420D07519C4E3ACEE962ED2F9DA1744CAAE SHA-512: 2E8B449DA805AA0C9783D2C2074D62EB9325B9C2241D2B9856FA30E4397610176E85623FE1C806B1B9EF46CCD5B5D401325D81D091E0D2C23F7A33CF33957284 Malicious: false Preview: !function(t){function e(r){if(n[r])return n[r].exports;var i=n[r]={exports:{},id:r,loaded:!1};return t[r].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var n={};return e.m=t, e.c=n,e.p="",e(0)}([function(t,e,n){n(1)(n(7)),n(3),n(4),n(2),n(5)},function(t,e){t.exports=function(t){function e(t){return t.replace(a,"<.")}function n(r){for(var i=[],a=0,o=r.le ngth;a]*\/>)/gi;if(t.htmlPrefilter)return i=t.htmlPrefilter,void(t.htmlPrefilter=function(t){return i.call(this,e(t))});var o={init:t.fn.init,html:t.fn.html,before:t.fn.before,after:t.fn.afte r,append:t.fn.append,prepend:t.fn.prepend,replaceWith:t.fn.replaceWith};t.fn.extend({init:function(t,n,r){return"string"==typeof t&&t.indexOf("<")>-1&&(t=e(t)),new o.init (t,n,r)},html:r("html"),before:r("before"),after:r("after"),append:r("append"),prepend:r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\combined_bigboot_layout[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 561578 Entropy (8bit): 5.4505863072596075 Encrypted: false MD5: 100575B1AC5D2AB60ACEA681E42E51BA SHA1: E813FD92371581653DD48DCA7BA099869C14AEC4 SHA-256: 4E24FED2B3F51A37619835F8A99AEE8BE8090925D6F5D666A902081CF19A6E11 SHA-512: 599900DDB85AB0B36A64027E652648439CEAB2F8A5938A33302E59F8CDB275EFF5737C3B568167D3C1C6E689F12570736119681E7968623FB1144AE59736A6B8 Malicious: false Preview: (function(){function c(a){if(!s.test(a))return!1;if(r.test(a))return!0;for(var b="",d={},c={},f=!1,e=a.length-1,g=a.indexOf("-"),h=0,j="";j=a.charAt(h);h++)if(h===e&&(b+=j),"-"===j ||h===e){if("x"===b)break;if(i.test(b)){if("undefined"!=typeof d[b]){f=!0;break}d[b]=!0;c={}}else if(V.test(b)&&h!==g){if("undefined"!=typeof c[b]){f=!0;break}c[b]=!0}b=""}else b+=j;return!f}function a(a){if(void 0===a)return new A;for(var b=new A,a="string"==typeof a?[a]:a,a=J(a),d=a.length,f=0;d>f;){var e=String(f);if(e in.a){e=a[e];if(null==e||" string"!=typeof e&&"object"!=typeof e)throw new TypeError("String or Object type expected");e=String(e);if(!c(e))throw new RangeError("'"+e+"' is not a structurally valid language tag");for(var g=e,h=e=void 0,g=g.toLowerCase(),h=g.split("-"),g=1,i=h.length;i>g;g++)if(2===h[g].length)h[g]=h[g].toUpperCase();else if(4===h[g].length)h[g]=h[g ].charAt(0).toUpperCase()+h[g].slice(1);else if(1===h[g].length&&"x"!=h[g])break;g=S.call(h,"-");(e=g.match(z))&&1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\combined_foundation_base[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 514641 Entropy (8bit): 5.416190691867978 Encrypted: false MD5: 57AE1F1B0170AD81CD783901DFD80721 SHA1: AEAF0275EA954ADAD130EEB108E80CAC92AEC316 SHA-256: BF136156A757BD9D574D89D90910CAC6BBEB0AEB45143EBC1C6FAE1788383512 SHA-512: 53927DF5313E6D89A5A57DB3897A4C73AC19EDEA52645336C2F0CF66B94E037A3A9D91DB35EE145CD9D54C66ED638EE5C4B59F44F4B6BCAEBE3F0AE12D2DA DF2 Malicious: false Preview: function MobilePromo(e){"object"==typeof e&&(e.cooloffDays=e.cooloffDays||7,this.config=e,this.init())}function MessageBar(e){this.config=e||{},this.slideDownTime=this.co nfig.slideDownTime||500,this.init()}var ssClientUtils=function(e){function t(r){if(n[r])return n[r].exports;var i=n[r]={exports:{},id:r,loaded:!1};return e[r].call(i.exports,i,i.ex ports,t),i.loaded=!0,i.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([function(e,t,n){"use strict";function r(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var n in e)O bject.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t["default"]=e,t}Object.defineProperty(t,"__esModule",{value:!0});var i=n(1),a=r(i),o=n(3),s=r(o),u=n(4),m=r( u),c=n(5),d=r(c),l=n(2),h=r(l),p=n(6),y=r(p),f=n(17),g=r(f),v=n(19),b=r(v),_=n(20),w=r(_);t["default"]={li:a,tracking:s,lang:m,fn:d,string:h,svg:y,events:g,dom:b,url:w},e .exports=t["default"]},function(e,t,n){"use strict";function r(e,t){if(!e)return null;var n=o[e];return n||(n="slideShare"+(0,a.ca

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\combined_index[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 24850 Entropy (8bit): 5.163546218965777 Encrypted: false MD5: CF1C59F62B37175D4306F3671E3FE451 SHA1: 21BC2050321C60F68A73D6E8C19EFB308DD9DEB7 SHA-256: 7608969B4AECD3B36B2691B86401C94F9AC6F4A7B89988D09CD360A1C70CD228 SHA-512: 0129753AA2BDBBF7F1981609B7562F14FE8280B714C924F8DC7DC9C1D4C3760BDD0AD1144C1B338E82E4EA02516781EC8E25E14A4C66D5FDC6FC1CF443FAF44 E Malicious: false

Copyright Joe Security LLC 2020 Page 38 of 61 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\combined_index[1].js Preview: function ModalShare(e){this.config=e,e&&this.init()}function ListPageModalShare(e){this.config=e,e&&this.init()}function MobileModalShare(e){this.config=e,this. shareTracker=new slideshare_object.ShareTracker,this.init()}ModalShare.prototype.init=function(){this.$container=$(this.config.el),this.$shareBtn=$(this.config.btnShare), this.$shareEmailMsg=this.$container.find(".j-share-email-msg"),this.$addMsgButton=this.$container.find(".j-add-msg"),this.$emailSentButton=this.$container.find(".j-email- sent"),this.$shareEmailSend=this.$container.find("#share-email-send"),this.$shareEmailForm=this.$container.find(".j-share-email-form"),this.$linkURLInput=this.$ container.find(".j-share-link-url"),this.$close=this.$container.find(".j-modal-close"),this.$contentWrapper=this.$container.find(".modal-content-wrapper"),this.gaTrackCat egory=this.$container.data("ga-track-category"),this.gaTrackAction=this.$container.data("ga-track-action"),this.shareTracker=new slideshare_object.ShareTracker, this.creat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\esvcomwdy4sm3mwz4ddxjod5e,17fh3inrygzt66bkxyd45zwr8,4k2jxds8qt do2192sqg4wnfhh,23emcrlxjzaq3h601mkxyhhq7,imdjtbvltif3utjem7vjdr6y,4hwzx6zzk2fxl3nay8eqzyk8t,c071fafmnzxfkunfxzk7ky254,8v[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 26247 Entropy (8bit): 5.30804738462948 Encrypted: false MD5: 79FB527CC7A7A1B2A368F8E2C09E52CB SHA1: 311B872A974EAE6E21D04C1FCCDA589B10649502 SHA-256: E71CDF702E195ED4DC4E329CE6B2F34A2EEA48975932BA084FDBAA891440D761 SHA-512: E0554B067375C6D12A40295B0FCE2F6385CAEC319F2592CE31529EFEC7D4AED0FCC54449E1EB3FCF716A40F5FCD1605115B11DC089ABCF5321B6083662FC9502 Malicious: false Preview: Element.prototype.matches||(Element.prototype.matches=Element.prototype.matchesSelector||Element.prototype.mozMatchesSelector||Element.prototype.msMat chesSelector||Element.prototype.oMatchesSelector||Element.prototype.webkitMatchesSelector||function(a){return-1!==Array.prototype.indexOf.call(document.querySel ectorAll(a),this)});.Element.prototype.closest||(Element.prototype.closest=function(a){a=(this.document||this.ownerDocument).querySelectorAll(a);var b,c=this;do for(b=a.l ength;0<=--b&&a.item(b)!==c;);while(0>b&&(c=c.parentElement));return c});(function(){window.addEventListener("load",function(){Array.prototype.slice.call(docume nt.querySelectorAll(".video iframe")).forEach(function(a){a.src=a.dataset.src;a.dataset.src=""})})})();(function(){window.addEventListener("load",function(){Array.prototy pe.slice.call(document.querySelectorAll("img.deferred")).forEach(function(a){a.src=jSecure.sanitizeUrl(a.dataset.src);a.dataset.src=""})})})();(function(f){function c(a){var b,d,e,c;if(a=a.t

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\f5k70zdjshxhrwjeuvarazb6[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 70588, version 1.0 Size (bytes): 70588 Entropy (8bit): 7.9896587023120755 Encrypted: false MD5: 071C48540FD727A032C53CE511EEA442 SHA1: 2FADBF8A560C6138C89D991D230ACACE5256B15C SHA-256: B51210361680DC35FE3FB44EE63B68651C29D35AE292554CDF9BB567F4AA576E SHA-512: 35D079481210F8E86779DD05666AA5BEE926982DA1AB9B4C703C45F68242453FFC0D7BEB7919EE95E198DB05D96FF69761014F4607C21B1D5B50D04F69F0CEAB Malicious: false Preview: wOFF...... {T...... +...... OS/2...X...V...`..).cmap...... t.8..cvt ...... D...D.O..fpgm...... 8...... gasp...4...... !..glyf...D...`..-./^.Ihead...... [email protected]...... !...$. >.ahmtx...... 3.kern...... =.6.loca...... %...... S.maxp...... name...... "...~}b;.post...... 2prep...... %...x.c`f..8...... ).....B3.1.1.100q.03..K...... /.(.....R....>..b8.|...... cba:...... >..x.c```d`.b...... P..h...X.8.I..8.I...S.W2.a>...... `.`..FQXQIQMQO.I.M._IHITIJINI[.C)A)U...... Q....h...1..7...+H(.((...b. .\I..)`s...... W./. ...N...... C.f...j=Tz(.`....v.....O..w?.~...... }.;.W..w...r.b."p...... `6....5.d.(.[.j.v.-.:.p.?.(.T.v.:.5.p.....A...... S...y...... ,..x...=K.0...[O..r.".!...;uH..Z.d.....w...d.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\forgot-password[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 23153 Entropy (8bit): 4.880970888039649 Encrypted: false MD5: 912DC6C33CC432E529BEC69835F594D5 SHA1: 887E3FE8E690F56F18F4EA9C8FFA0DF1D32E22D2 SHA-256: AB40C3F5B87D712B8138B64EA40F3274C03B39E90A9736771CD9ACA4554FB27F SHA-512: C7A2D6F206CBA32C4E226F636F3E7EAA9FE39F2A473257D2498913CDACAA0CA6030B3DBE66560B14BA48F430FB3CE34879258819FC77007234CBF50B7833D82F Malicious: false Preview: .. . . Forgot Password. . . . . . . ... .. userobject starts here-->.