automated malware analysis report for eula.rtf - generated

ID: 138843Sample Name: eula.rtfCookbook:defaultwindowsofficecookbook.jbsTime: 14:22:34Date: 05/06/2019Version: 26.0.0 Aquamarine

244466677888888

89999999

10101010101010101011131314141415154242424545454546464646464850515252

Table of Contents

Table of ContentsAnalysis Report eula.rtf

OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview

Software Vulnerabilities:Networking:System Summary:Persistence and Installation Behavior:Hooking and other Techniques for Hiding and Protection:

Behavior GraphSimulations

Behavior and APIsAntivirus and Machine Learning Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs

Joe Sandbox View / ContextIPsDomainsASNJA3 FingerprintsDropped Files

ScreenshotsThumbnails

StartupCreated / dropped FilesDomains and IPs

Contacted DomainsURLs from Memory and BinariesContacted IPsPublic

Static File InfoGeneralFile IconStatic RTF Info

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsCopyright Joe Security LLC 2019 of 58

525253535353535353

54545455

57575757

58585858

58

StatisticsBehavior

System BehaviorAnalysis Process: WINWORD.EXE PID: 3184 Parent PID: 692

GeneralFile Activities

File CreatedFile DeletedFile Read

Registry ActivitiesKey CreatedKey Value CreatedKey Value Modified

Analysis Process: iexplore.exe PID: 3772 Parent PID: 692GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772GeneralFile ActivitiesRegistry Activities

Disassembly

Copyright Joe Security LLC 2019 of 58

Analysis Report eula.rtf

Overview

General Information

Joe Sandbox Version: 26.0.0 Aquamarine

Analysis ID: 138843

Start date: 05.06.2019

Start time: 14:22:34

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 7m 40s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: eula.rtf

Cookbook file name: defaultwindowsofficecookbook.jbs

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Number of analysed new started processes analysed: 12

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis stop reason: Timeout

Detection: CLEAN

Classification: clean3.winRTF@4/260@24/3

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .rtfFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMBrowse link: http://www.microsoft.com/exportingScroll downClose ViewerBrowsing link: https://www.microsoft.com/Browsing link: https://www.microsoft.com/en-us/exportingBrowsing link: https://www.microsoft.com/en-us/exporting/overview.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/exporting-information.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/massmarket.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/ccats.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/faq.aspxBrowsing link: https://www.microsoft.com/en-us/exporting/contact.aspxBrowsing link: https://products.office.com/en-us/homeBrowsing link: https://www.microsoft.com/en-us/windows/Browsing link: https://www.microsoft.com/en-us/surface


Warnings:Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, dllhost.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 13.107.3.128, 13.107.5.88, 52.114.128.8, 104.121.171.150, 23.54.112.217, 23.10.249.49, 23.10.249.8, 152.199.19.160, 92.122.35.76, 23.10.249.27, 23.10.249.48, 157.55.134.142, 157.55.135.130, 157.55.135.134, 65.55.44.109, 40.126.9.67, 20.190.137.97, 40.126.9.5, 40.126.9.65, 40.126.9.7, 152.199.19.161, 104.123.135.167, 23.54.112.134, 2.21.52.21, 23.54.112.23, 23.54.112.229, 95.100.56.216, 92.123.45.66, 40.77.226.250, 23.10.249.42, 23.10.249.40, 172.217.168.14, 172.217.168.46, 172.217.168.78, 216.58.215.238Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, cn-assets.adobedtm.com.edgekey.net, vs.login.msa.akadns6.net, uhf.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, ytstatic.l.google.com, query.prod.cms.rt.microsoft.com.edgekey.net, login.live.com, c.microsoft.com, e11070.b.akamaiedge.net, pipe.prd.skypedata.akadns.net, e10583.dspg.akamaiedge.net, cdn2.pricespider.com.edgekey.net, afdo-tas-offload.trafficmanager.net, uhf.microsoft.com, e7808.g.akamaiedge.net, s-0001.s-msedge.net, lgincdnvzeuno.ec.azureedge.net, e8252.a.akamaiedge.net, assets.onestore.ms.akadns.net, c-s.cms.ms.akadns.net, bn2.vortex.data.microsoft.com.akadns.net, youtube-ui.l.google.com, e55.dspb.akamaiedge.net, lgincdn.trafficmanager.net, cdn.account.microsoft.com.akadns.net, c.s-microsoft.com-c.edgekey.net, e11095.dspg.akamaiedge.net, products.office.com.edgekey.net, login.msa.akadns6.net, cs9.wpc.v0cdn.net, cn-assets.adobedtm.com.edgekey.net.globalredir.akadns.net, client-office365-tas.msedge.net, a1985.g2.akamai.net, www.prd.aa.aadg.akadns.net, mobile.pipe.aria.microsoft.com, e-0009.e-msedge.net, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, prd.col.aria.mobile.skypedata.akadns.net, go.microsoft.com, mscomajax.vo.msecnd.net, config.edge.skype.com, poc.cms.ms.akadns.net, pipe.cloudapp.aria.akadns.net, 160c1.wpc.azureedge.net, e1693.dscb.akamaiedge.net, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, mem.gfx.ms.edgekey.net, geo.vortex.data.microsoft.com.akadns.net, www.prdtm.aadg.akadns.net, web.vortex.data.microsoft.com, lgincdnvzeuno.azureedge.net, c.s-microsoft.com, pipe.skype.com, go.microsoft.com.edgekey.net, a1512.dscg2.akamai.net, web.vortex.data.microsoft.com.akadns.net, e13678.dscg.akamaiedge.net, az725175.vo.msecnd.net, www.microsoft.com, e13678.dspb.akamaiedge.net, query.prod.cms.rt.microsoft.com, pstrack1.trafficmanager.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryAttributesFile calls found.

Show All


Detection

Strategy Score Range Reporting Whitelisted Detection

Threshold 3 0 - 100 true

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 5 0 - 5 false

Classification


Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Initial Access Execution PersistencePrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Command andControl

Valid Accounts Exploitation forClientExecution 4

WinlogonHelper DLL

Port Monitors File SystemLogical Offsets

CredentialDumping

File andDirectoryDiscovery 1

ApplicationDeploymentSoftware

Data from LocalSystem

DataEncrypted 1

StandardCryptographicProtocol 2

ReplicationThroughRemovableMedia

ServiceExecution

Port Monitors AccessibilityFeatures

Binary Padding NetworkSniffing

SystemInformationDiscovery 1

Remote Services Data fromRemovableMedia

Exfiltration OverOther NetworkMedium

Standard Non-Application LayerProtocol 2

Drive-byCompromise

WindowsManagementInstrumentation

AccessibilityFeatures

PathInterception

Rootkit InputCapture

Query Registry WindowsRemoteManagement

Data fromNetwork SharedDrive

AutomatedExfiltration

StandardApplication LayerProtocol 2

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious


Signature Overview

• Software Vulnerabilities

• Networking

• System Summary

• Persistence and Installation Behavior

• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Networking:

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Checks if Microsoft Office is installed

Uses new MSVCR Dlls

Persistence and Installation Behavior:

Creates license or readme file

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Behavior GraphCopyright Joe Security LLC 2019 of 58

Behavior Graph

ID: 138843

Sample: eula.rtf

Startdate: 05/06/2019

Architecture: WINDOWS

Score: 3

iexplore.exe

7 88

started

WINWORD.EXE

39 50

started

microsoftwindows.112.2o7.net mem.gfx.ms 2 other IPs or domains

iexplore.exe

3 279

started

track4.pricespider.com

13.93.106.254, 443, 49776, 49777

unknown

United States

cs1227.wpc.alphacdn.net

192.229.221.185, 443, 49733, 49734

unknown

United States

19 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

Time Type Description

14:25:16 API Interceptor 3x Sleep call for process: WINWORD.EXE modified

Source Detection Scanner Label Link

eula.rtf 0% virustotal Browse

eula.rtf 0% metadefender Browse

No Antivirus matches



Simulations

Behavior and APIs

Antivirus and Machine Learning Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains


https://www.virustotal.com/file/5e499529aaa0f92ff57d67f6464f46cf5a04187807aa200419383431d2eed1f3/analysis/1375110630/

https://www.metadefender.com/#!/results/file/ZDE3MDMxNHIxcGVfT2tfSG9sQjFBbF9keWRTc2c/regular/analysis

Source Detection Scanner Label Link

usetermassembly/dealbuilder_live/DealBuilderNET/dealbuilder.aspx 0% Avira URL Cloud safe

https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1 0% Avira URL Cloud safe

No yara matches

No yara matches

No yara matches

No yara matches

No yara matches

Match Associated Sample Name / URL SHA 256 Detection Link Context

192.229.221.185 Skype Business VM.pdf Get hash malicious Browse

https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|[email protected]|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0

Get hash malicious Browse

New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html


Ceisa Semo Proposal.pdf Get hash malicious Browse

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html


https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/


https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D


https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs


https://view.joesandbox.com/analysis/98274/html/none?idtype=webid#static

https://view.joesandbox.com/analysis/98274/html/none



















www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa


https://943d.app.link/ Get hash malicious Browse

https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp


CRY INV#98634.htm Get hash malicious Browse

https://onedrive.live.com/?authkey=%21AASAmH1WjDg4yc8&cid=24A8D43B2F0EB8A2&id=24A8D43B2F0EB8A2%21547&parId=24A8D43B2F0EB8A2%21139&o=OneUp


https://user37377377733.z22.web.core.windows.net/index.htm?=en-US&[email protected]


https://rxyfngwfcvdwy.z13.web.core.windows.net/index.htmGet hash malicious Browse

https://onedrive.live.com/?authkey=%21AGWIFswGorQUzp0&cid=1B6C6333518D19B8&id=1B6C6333518D19B8%21122030&parId=1B6C6333518D19B8%21121842&o=OneUp


https://seolinktop.com/redirect/[email protected]


https://adtdoor.com/oauth2/data/ff787c4ca2f35e704030e1812d2d06bf/3kmw75o8x8w1st54hoya2p2q.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1


13.93.106.254 dn.bytefence.com/rtop_setup.exe Get hash malicious Browse

52.239.151.138 https://via.intralinks.com Get hash malicious Browse

#Ud83d#Udd0a_vm Fri May 31, 2019 at 0902__AM.wav.html Get hash malicious Browse



microsoftwindows.112.2o7.net alamin.co/cpseses8294783.html Get hash malicious Browse 66.117.29.228

isaacharvey.xyz/COI/one/next.php Get hash malicious Browse 66.117.29.228

https://exclusivecars.ma/?a Get hash malicious Browse 66.117.29.228

Invoice for PO# 1021874_02.pdf Get hash malicious Browse 66.117.29.228

June 2018 LE Newsletter - Customer.pdf Get hash malicious Browse 66.117.29.228

normals.ipq.co/kjf78s/office365/page/login.php?cmd=login_submit&id=fbba252ad174914c91de3e5cc57bbf50fbba252ad174914c91de3e5cc57bbf50&session=fbba252ad174914c91de3e5cc57bbf50fbba252ad174914c91de3e5cc57bbf50

Get hash malicious Browse 66.117.29.228

Lori%20Janny[1].pdf Get hash malicious Browse 66.117.29.228

Invoice for PO# 1021874.pdf Get hash malicious Browse 66.117.29.228

hyperurl.co/tb7aal Get hash malicious Browse 172.82.206.20

https://www.petanihebat.com/wp-content/plugins/add-to-any/office/one/index.php


https://events-handling-svc.cordial.io/c2/226:5bec8c998caf4ebd3e52208d:ot:58b5e62a6e05abd5fe526eca:1/c04e3ea2?jwtH=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9&jwtP=eyJpYXQiOjE1NDIyOTYwMDYsImNkIjoiLmNvcmRpYWwuaW8iLCJjZSI6MjU5MjAwMCwidGsiOiJtc2Z0IiwibXRsSUQiOiI1YmVkNzQyMDIzYjkyOWMzMjY4YjQ1NjciLCJsaW5rVXJsIjoiaHR0cHM6XC9cL3d3dy5taWNyb3NvZnRodXAuY29tXC9odXB1c1wvbG9nb24uYXNweD9jbWQ9ZWh1cF9hY3RpdmF0ZSZzaWQ9ZTJkNzVkNjQ5NTk1NDFmNzk1NGZhYWYzZTI4ZTkwMDEmY3VsdHVyZT1lbi1VUyZjb3VudHJ5X2lkPVVTJnNvdXJjZT1ta3RlbWFpbCJ9&jwtS=WRxmI2JiCko6FEZrs2zIAonA-U9P4_7xU0kVW1y_pDI


PO-KM19-141701.doc Get hash malicious Browse 66.117.29.228

Document1.doc Get hash malicious Browse 66.117.29.228

lnvoice and Contract Agreement-2 10.49.36 AM5.00.35 AM (1).pdf


Domains
























































https://u9748100.ct.sendgrid.net/wf/click?upn=Dl5IZUZzLck2kDpfEgueoVFccFB5YZJ-2B-2FZY7xK8WjaKpjP6raSE2SvTs2s9rhcpDQKjZ-2BbM7-2BNgFsI4XcAZC8A-3D-3D_o5AVXp8blFgDP4X4xNGd2BB9-2FkNuF3MHGtJV8JcGy90si2g-2BpE2m97Djhpz2R5wyNeeJAKSA1VuhdT1DeYYHfDPlHOzIYXWmSFr37E4-2FNpENoCLGncq0g9LvZQWZjppyrKV-2FvEE3TKRCyZ9BUNuUaZ8xoh3M-2Fxkf2svoJIQpRaxIs2O3cCYbFqT8PRjteRasAojMo8-2FLiPHlVyuRKMrtCbdNJWyzJYWjsSBT9vgythU-3D


x.co/6nli6 Get hash malicious Browse 66.117.29.228

go2l.ink/1uZa Get hash malicious Browse 66.117.29.228

Invoice for PO# 1021874_02.pdf Get hash malicious Browse 66.117.29.228

x.co/6nkwK Get hash malicious Browse 66.117.29.228

swift7737.doc Get hash malicious Browse 66.117.29.228

cs1227.wpc.alphacdn.net Skype Business VM.pdf Get hash malicious Browse 192.229.221.185

https://jglshop.com.br/?y=ZGFtaWVuY0BhdXN0cmFsaWFuYmFsbGV0LmNvbS5hdQ==&data=02|01|[email protected]|0ada4032a36546c6d13b08d6ac0f8494|363ab79152b7474a91175bf36bde2b94|0|0|636885580035963490&sdata=+0eEs7qSCBrK5wHALHN4ZON9LKqFQEk8Liayanza9jQ=&reserved=0


New Seccure File 7.24.05 PM.xlsx Get hash malicious Browse 192.229.221.185

https://storage.googleapis.com/aoffice365-journalistically-202255390/index.html


Ceisa Semo Proposal.pdf Get hash malicious Browse 192.229.221.185

hasib-musinbegovic.com/wp-includes/OneDrive/Secure/home.html


https://1drv.ms/b/s!Ai3YLFZQP4zmgnQbLlTwyMGNlcOa Get hash malicious Browse 192.229.221.185

https://login-microsoftonline-com0compliance-security-alert.ml/sharepoint-online-policies/


https://u10520081.ct.sendgrid.net/wf/click?upn=jYlCtn5-2BPW5ucXpaCyqStVH3HEQUa2UKlpMzTVoldFM-3D_9mVef8XBOHUAB1Yp8VbE5b6cE7OrBvd4swG8dKZc1sPHvUY2cvsa2domirFVgsA7wTpafr9ZcbLjQDgrwzRN1Sfz5gUDTAosURfQrkaiHQa9xhTrZ7vxiPsOVhaDJBvhQGmXib5DzN3yHHWyi1-2Bs4dHWxanwSL0UHC4LH5kW-2BXt-2F7dR3iEvUlCpV-2Bigo7RxS8gDytzsBNig0TTG2iACzti9Cn3fcuAB9gNnTJ0mFlqA-3D


https://1drv.ms/b/s!AhJu8bKGuybLclKouKsoIXrGDx8 Get hash malicious Browse 192.229.221.185

www.housewittorp.com/wp-includes/images/crystal/of_nw/of_nw20-10-2019/off.sss/786f23d16213fff8ba639cedee5f69a8/login.htm?cmd=login_submit&id=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa&session=bbe3bfe87c61dd28e1a018fb1af599aabbe3bfe87c61dd28e1a018fb1af599aa


https://943d.app.link/ Get hash malicious Browse 192.229.221.185

https://protection.office.com/threatexplorer#/threatexplorer?dltarget=Explorer&dlstorage=Url&viewid=allemail&query-CanonicalizedUrl=https://onedrive.live.com/?authkey=%21AKOGMaypqRvjuxE&cid=30A2F54D2B9B8460&id=30A2F54D2B9B8460%21170&parId=root&o=OneUp


CRY INV#98634.htm Get hash malicious Browse 192.229.221.185

https://onedrive.live.com/?authkey=%21AASAmH1WjDg4yc8&cid=24A8D43B2F0EB8A2&id=24A8D43B2F0EB8A2%21547&parId=24A8D43B2F0EB8A2%21139&o=OneUp


https://user37377377733.z22.web.core.windows.net/index.htm?=en-US&[email protected]


https://rxyfngwfcvdwy.z13.web.core.windows.net/index.htmGet hash malicious Browse 192.229.22

1.185

https://onedrive.live.com/?authkey=%21AGWIFswGorQUzp0&cid=1B6C6333518D19B8&id=1B6C6333518D19B8%21122030&parId=1B6C6333518D19B8%21121842&o=OneUp


https://seolinktop.com/redirect/[email protected]






















































https://adtdoor.com/oauth2/data/ff787c4ca2f35e704030e1812d2d06bf/3kmw75o8x8w1st54hoya2p2q.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&loginpage=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1




unknown request.doc Get hash malicious Browse 192.168.0.44

FERK444259.doc Get hash malicious Browse 192.168.0.44

b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js


Setup.exe Get hash malicious Browse 192.168.0.40

base64.pdf Get hash malicious Browse 192.168.0.40

file.pdf Get hash malicious Browse 192.168.0.40

Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40

request_08.30.doc Get hash malicious Browse 192.168.0.44

P_2038402.xlsx Get hash malicious Browse 192.168.0.44

48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22

seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40

Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40

QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40

pptxb.pdf Get hash malicious Browse 192.168.0.40

unknown request.doc Get hash malicious Browse 192.168.0.44

FERK444259.doc Get hash malicious Browse 192.168.0.44

b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7f3cd4e5bb150a4.js


Setup.exe Get hash malicious Browse 192.168.0.40

base64.pdf Get hash malicious Browse 192.168.0.40

file.pdf Get hash malicious Browse 192.168.0.40

Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40

request_08.30.doc Get hash malicious Browse 192.168.0.44

P_2038402.xlsx Get hash malicious Browse 192.168.0.44

48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22

seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40

Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40

QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40

pptxb.pdf Get hash malicious Browse 192.168.0.40


9e10692f1b7f78228b2d4e424db3a98c DOC1212122211111.pdf Get hash malicious Browse 192.229.221.185

https://cardinalhealth.finance/disribution/ Get hash malicious Browse 192.229.221.185

here.skynnovations.com/availible/ Get hash malicious Browse 192.229.221.185

www.bit.ly/[email protected]&&25.63.34.80&&cc0_34k3=safety-cuttingtools.com&[email protected]&NOI8E6JE=safety-cuttingtools.com&[email protected]&&7165&&cc0_34k3=pascal%20martinet&YY0G3FG=safety-cuttingtools.com&[email protected]


store.zionshope.org Get hash malicious Browse 192.229.221.185

https://ware.in.net/pro/Onedrive/index.php Get hash malicious Browse 192.229.221.185

Updated SOW.pdf Get hash malicious Browse 192.229.221.185

www.egtenterprise.com Get hash malicious Browse 192.229.221.185

https://www.truesyd.com.au/000/Ovvice1/[email protected]


ASN

JA3 Fingerprints














































































https://www.truesyd.com.au/000/Ovvice1/[email protected]


www.zionshope.org Get hash malicious Browse 192.229.221.185

Invoicepng (1).pdf Get hash malicious Browse 192.229.221.185

Review.xps Get hash malicious Browse 192.229.221.185

https://lootart.com/qtext/ Get hash malicious Browse 192.229.221.185

meadowss.gq Get hash malicious Browse 192.229.221.185

https://nameserverip.xyz/sgn/D2019HL Get hash malicious Browse 192.229.221.185

https://orlando.in.net/[email protected] Get hash malicious Browse 192.229.221.185

https://angleshelf.sharepoint.com/:b:/s/ShapiroMasseyLLC/EZ2wTj09HkpIouJm6biidOwBQ1TN1ia5jLFP6D3lYHu1_Q?e=KJ4ytm


https://thedevcomp.net/pop/login/index.php Get hash malicious Browse 192.229.221.185

https://tryanmcv.com/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-userid&userid=



No context

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Dropped Files

Screenshots
























System is w10x64

WINWORD.EXE (PID: 3184 cmdline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE' /Automation -Embedding MD5:

EFDE23ECDF60D334C31AF2A041439360)iexplore.exe (PID: 3772 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 1224 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.microsoft[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Size (bytes): 135

Entropy (8bit): 4.70441587317972

Encrypted: false

MD5: 93F3B782CE905ADC89E3C829447FFA5C

SHA1: 099AAA88952A4AF1A6DDA2DF1FD8EA47E639D2F1

SHA-256: 3A2AF843EFBCD0885514DA8EB1BA56D1FBA6A6FE514A14B2A11AB93E76FDDCF8

SHA-512: 033C13D37793827A3FBB13D48602B4D202475F8010DE7A15731857EFEF015D6D3A4ADD979B7A44F9CD95E08B464B3AFD7A6D17645693B078BBD3D1D3394D3176

Malicious: false

Startup

Created / dropped Files


Reputation: low

Preview: <root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="2675531600" htime="30743525" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.microsoft[1].xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FFF1C50-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 33368

Entropy (8bit): 1.8570397486263495

Encrypted: false

MD5: 911698A3C86593C8631790D5C5BFE2A8

SHA1: D4E32016CFCC9683599B4F4F14C17D8B2AB0DBE3

SHA-256: 7DDCDA597BA9F517EA7032E36646D77D521CE309C0054973718A1D14D81D2122

SHA-512: 5DDF9DD451F9043E1CCCF8FAF747354721C5C75BD06144670ED13B1FFEDC57C4371969B95621CAE03AE8F71F12536B4DDA02775BD7C467A196FDCC8B30311B36

Malicious: false

Reputation: low

Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 325074

Entropy (8bit): 3.1954758803624035

Encrypted: false

MD5: 1047AA0B4180ABB015BA51542755B92A

SHA1: 4A226740B98725A3B5C2D91A4610E11964428486

SHA-256: FF311B66AB84E226F65BC32E9B4563C63E887E0C31059DC4B601404966CD58A4

SHA-512: EF9EE91F26D155C51CE40E49CAF035E8843E055606AC16F052C5F240473E085A0D026CF9683B1DF016A1399D9C2E62855C72001E677FD0FE51E47C517516425B

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A851318B-87D8-11E9-AADA-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 16984

Entropy (8bit): 1.5648393622864463

Encrypted: false

MD5: 0BC6B2ED8A9482D8D4623AD6BC52ADF4

SHA1: 7604B5B3457397926457579A3B81B296B984EEDF

SHA-256: E87D2DBDCF5CE003362D5BC1CC3E42581B6CD3B8CBBCA7CC51AA94D873081D9C

SHA-512: 5479E6AF11401C37174FC32244C3C4E1B2EEC389C5103704EE9411D72A8AD7A7BFFE5391111BD748827BEDCCAA8160192E3E3653328606C992FDDDC94082094E

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.100735291788594

Encrypted: false

MD5: 3669339530FA67E9855DABE90673578C

SHA1: A50F884336F0B25AAB80696F938B8B8190590139

SHA-256: 0C379EE27F581B53D83D4E512521BBBDD05FCFDA049DFAF37FF0E09265DAF9E7

SHA-512: 0745BBF73053D468DDFF9CBA24FDD84B769343766460EFB4CBC5E312082E18C5CB5814A513B8C25D285CF3CAAD4C609C08743A75C74222A664A6D8A51D7268C2


Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x579b1723,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x579b1723,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml



Size (bytes): 653

Entropy (8bit): 5.107229244201319

Encrypted: false

MD5: 1C56A484480CC0706807B9731093F0D5

SHA1: 1E461DEC3F1F10526CACA96B42E5077A8BE5B4DA

SHA-256: DE54F8725D0E31F7ABE70A56D0EF15E37CF718CCC1A39A8B011CF18FC8DCB6E8

SHA-512: 140E9BCB105212736256ABB17D2E215FE058769B28C685A6C24D979FFD0748FDD21D1BAC83633B7B534DF994B6BB5C275347C2E12980593CCFD31D8CDFE528E0

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x578935a5,0x01d51be5</date><accdate>0x578935a5,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x578935a5,0x01d51be5</date><accdate>0x578e0e4c,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..



Size (bytes): 662

Entropy (8bit): 5.0957840179859115

Encrypted: false

MD5: AD66F1CFC7F006B1550523246AC44486

SHA1: 1E69B64DBFE94008CDB50396271CEBC84CA8D733

SHA-256: 83D55157C7A8A26B80D4F6A47AE8E4598F1B046E95A6AEDEAC8340EAC6FEF07A

SHA-512: EF4E71AB2E4DAD1CC234AC1CC5FF27BB997EB4B20BA330302BF60025E6AEB130623A8E1A68A45401A3F5DF2C5D1EC6F85CB0029827CDF7A54625DB1F5BE0E6C8

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..



Size (bytes): 647

Entropy (8bit): 5.100641526487655

Encrypted: false

MD5: F7A8D9AC81B6A7A21765773674122773

SHA1: 28F5914511D10E355B0E7BCE5669607CA38DA23D

SHA-256: 643F08557EB4BFB17E14742BABA1E9F453ED0D9DEE63567E56FFDE369B555F35

SHA-512: E3A95BA8D4DDB76DACD1F47617F0C2B4671AD644BD9DE208B3720DC5C9837F9F14BC3B0ABF7775F2A40DF89E4846FC7117B51BFA6596BC0262007ECCC6B7F383

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x579593db,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x579593db,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..



Size (bytes): 656

Entropy (8bit): 5.107725535749784


Encrypted: false

MD5: A6906C6F09297AF9756936ECA5F99A2B

SHA1: 7527AA4C611DE628B9AD2C89FAEA34EFCBD93AD2

SHA-256: 2A29FE6E720FF4DCDDD91A19991DF940049AD7DC03BB6E654C0EAC2319BC9CDE

SHA-512: DB8AD13161B6E6F44B6591BC50AF16E00E6CB90AB3C02788F4C4BC7214EC5F4A8B74A4BE3357F453029A0F190AAB546B9B8903367553E44E59A7500DB9741902

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x579d8bd1,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x579d8bd1,0x01d51be5</date><accdate>0x57a0165b,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml



Size (bytes): 653

Entropy (8bit): 5.093087965920084

Encrypted: false

MD5: 88494A0F2530E893297CBB43F624966B

SHA1: CB2901CB2D00AF2D799982FEE552FE07223CB808

SHA-256: 25B0481EF57D63F5DCC22D0887E9DA5DF10AB41470151F4E2C61A0D668B7A4D1

SHA-512: 11D76A97828E647F66E87E0C6F65B9194EBACBB0632A124BE02AAF07E768D48D80CC3B1C61846FD0FCD3B2045F9F344B07CCF2F6A9DE3DD2B0C432C60E89FAD0

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x579b1723,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 656

Entropy (8bit): 5.119033855296752

Encrypted: false

MD5: 4FF0B3797E7206576ABD4DA42F6D87C5

SHA1: 94BAD88305A9B4F034900374AF5A3D5A1FE86BAE

SHA-256: E49F3AD7D86ED91D9A030A645D7C1154E975A820407E70C30D91CA3BEA242573

SHA-512: 60E81548B9B0EE17DDD6A2B0283F616D3F45FF2ED6AF1A6274C8F659579D602C560EFA719ACDCAA304697051D02881BED47C7F38A9FFB944A8C4F2F83FA9FDD8

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5798a1fb,0x01d51be5</date><accdate>0x5798a1fb,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..



Size (bytes): 659

Entropy (8bit): 5.071939074208257

Encrypted: false

MD5: 535B637B739C7B9D13AC25AA8C1A43B1

SHA1: 52A7C83E96F29D32944FB468DB9842DC40C6D27C

SHA-256: BA2B33C68784E2663848FEEAF2B0EB5376786F58A3FDF2DD8547F63BC8451C5B

SHA-512: 359578E453E191286111DD7B5BE0FB8CB5A84253C6412980AF20B44B1F1CCC6DB074BDA8A3CA57E3BAFFA56F433A6914ED69463F0B5ECD9528032CB3131038FF

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x579095ee,0x01d51be5</date><accdate>0x579095ee,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x579095ee,0x01d51be5</date><accdate>0x579095ee,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..




Size (bytes): 653

Entropy (8bit): 5.086086476864212

Encrypted: false

MD5: A2686A832B772E84C2DFBECF12A73000

SHA1: 826F887D4E65287414E814844F139FD972BA2C37

SHA-256: 71D36CA99D01097FA10CBE987AC50F285E72D513F0D061E1466F710ADB04516F

SHA-512: 2B636AEC7C7C5937D06E41BA02CD874F0599DB57072B0DCA36F7786E32E17D50724664EBAC6D5FEAD0E356BFE5286FC7ABB22AE6CC6EE8030BCB25EF39CDE3A6

Malicious: false

Reputation: low

Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x57931e65,0x01d51be5</date><accdate>0x57931e65,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x57931e65,0x01d51be5</date><accdate>0x579593db,0x01d51be5</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 35788

Entropy (8bit): 3.0353060764090576

Encrypted: false

MD5: 8B456063CC860B9C49F37AB64AA6C68A

SHA1: 5E264982E55A38654E973901F2FF48B6EB527D8B

SHA-256: A678DBBB1B024C22B8B532755341E3E56D93B91DECDE698457CE4BE2A2B8D3D9

SHA-512: 0CFDE175A85F5DF80E828B863B01AD7937FF4FA1DCD0F61CD25A935CF0B17315F0D1BC254B88F408C1B2F171D79EF033A2AF5685F26234D8734A304F0869BB6E

Malicious: false

Reputation: low

Preview: %.h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.f.a.v.i.c.o.n...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-walProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: SQLite Write-Ahead Log, version 3007000

Size (bytes): 4152

Entropy (8bit): 1.1776981398409248

Encrypted: false

MD5: 4BF3C1BAFD6A70E6BE64E4D2EA74436C

SHA1: 37EE16DAD09A16FF909968A8A640BF9FB32D26CE

SHA-256: 74016F254BFD6B1B6C2DE6E07AF1C17D2E2E12DCE8B4C6AACBE9DAD1E40E8A95

SHA-512: C1A4B00FEB623F2FF4D928FBF2ED5D3EE58D81141CA5B80AD2E74B82F300C61ADFD99641DD8FE43A96989CAC2DABD2B0A0A584115608E3087D86A0716FAE411C

Malicious: false

Reputation: low

Preview: 7....-............*_-$/B4....(............*_-$/B.p8..cp1SQLite format 3......@ ..................................................................................d....d.g..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.sessionProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: SQLite 3.x database, last written using SQLite version 3019003

Size (bytes): 12288

Entropy (8bit): 0.9293919750949183

Encrypted: false

MD5: 804F578DA99BA14B6E2BC0B55D608B5A

SHA1: 396C9C8507F8B6E96784F8025737008EDD17A007

SHA-256: 571434B7C55334D1911F8F3653760F24E61EBB527BD1F5F80AFBD495A5DE1046

SHA-512: DFD3D600C499C5DAA77B922E20AE4C2A556E6E71197B0C1DA093376F6D81459F1BB0AD36D6B834B3153E5C8CDDB4F5B5054E0B402B44DDE118B430FF81429043

Malicious: false

Reputation: high, very likely benign file


Preview: SQLite format 3......@ ..................................................................................d....d.g......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session

C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session-journalProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: data

Size (bytes): 13360

Entropy (8bit): 0.9081777503395082

Encrypted: false

MD5: 0F74DF9FC80C71945A5E46C76D8918EE

SHA1: 62F43E50701F207D5F09670EBFE6B29EE2DF4F93

SHA-256: 3C748DD3A09B338B0E589F48830A48A49638AB038BFD285D59168A4F321EDC7F

SHA-512: 0709EB41CC6788C898ED24660C6016399296D8A8090AABD20232C43486C0F2910F780921C90F051A1FD25F8D0DCFDF23F0CD044270FD128B232CABB127218B89

Malicious: false

Reputation: low

Preview: ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..................................................................................d....d.g..................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{064698D9-EB56-4E21-AE1B-3CAA0529CF6A}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: data

Size (bytes): 1024

Entropy (8bit): 0.05390218305374581

Encrypted: false

MD5: 5D4D94EE7E06BBB0AF9584119797B23A

SHA1: DBB111419C704F116EFA8E72471DD83E86E49677

SHA-256: 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1

SHA-512: 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4

Malicious: false

Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0A7F7147-4827-4ECC-806D-F76BF8CFA213}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: data

Size (bytes): 1536

Entropy (8bit): 1.6328672162113287

Encrypted: false

MD5: 1EA507D0487291F497063157B17B28FD

SHA1: CC7930AD38FA549EFDCEC0E299AFE80804B9A6A6

SHA-256: B7B9F72846C2022A5AD7EC950016C4BBA01F4094A38AAB5F4F0CDC75D013AE76

SHA-512: 4584E28C91C7B21E7503B94A15B9C5C339D184AC4473B41BEE858BDC240D4F217DF119613AD8B3295D250AAD01A84438EEE4C91A62C51F10EAFCF4EB5ACF6A46

Malicious: false

Preview: ..1.2...1.2...1...1...1.2...1.2...1.2...1.2...(...(...(...(...(...G.u.c.c.i...G............................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...(.......2...6...:...>...B...N...R.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmpProcess: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File Type: data

Size (bytes): 52244

Entropy (8bit): 3.8739875038469673

Encrypted: false

MD5: B56CE37C6EE81A084A6C20A4A2A48822

SHA1: CF684A701AB4C8B2E6682B45222DE80B00DF9A3D

SHA-256: B11D68ECCE4CC3810CF2D91C5816BCCD960DBB0548506C72F489269DEA710F71

SHA-512: 41930FE8CFC5EA2BACDC872421321B2C4C65593641A1FC23237F6C5D1BBE0A9411B18275A001598ADC84FF3C56FBBE102DD6EDE1464E2E1FB80BC4030D819992

Malicious: false


Preview: M.I.C.R.O.S.O.F.T. .[.P.R.E.-.R.E.L.E.A.S.E. .].[.E.V.A.L.U.A.T.I.O.N. .].S.O.F.T.W.A.R.E. .L.I.C.E.N.S.E. .T.E.R.M.S.0.0.0.0.0.0.0.0.d.b._.b.u.i.l.d._.v.e.r.s.i.o.n.2...6.d.b._.c.h.a.r.g.e.r._.d.o.c.u.m.e.n.t._.r.e.f.e.r.e.n.c.e.8.9.7.9.d.b._.c.h.a.r.g.e.r._.c.l.i.e.n.t._.n.a.m.e.t.b.c.d.b._.c.h.a.r.g.e.r._.m.a.t.t.e.r._.n.u.m.b.e.r.t.b.c.a.u.t.o.s.a.v.e.f.a.l.s.e.o.w.n.e.r.R.E.D.M.O.N.D.\.j.e.s.s.c.o.d.b._.m.a.s.t.e.r._.r.e.f.e.r.e.n.c.e.U.S.E.T.E.R.M.S._.O.T.H.E.R.S.U.P.E.R._.E.N.G.L.I.S.H.d.b._.m.a.s.t.e.r._.v.e.r.s.i.o.n.2.0.0.6.0.3.2.9.d.b._.m.a.s.t.e.r._.c.l.o.c.k.4.8.9.d.b._.m.a.s.t.e.r._.n.a.m.e.L.i.s.t. .o.f. .B.e.t.a.,. .E.v.a.l.u.a.t.i.o.n. .o.r. .S.t.a.n.d.a.l.o.n.e. .S.o.f.t.w.a.r.e. .L.i.c.e.n.s.e. .T.e.r.m.s. .L.a.n.g.u.a.g.e.s.d.b._.m.a.s.t.e.r._.d.e.s.c.r.i.p.t.i.o.n...d.b._.o.u.t.p.u.t._.f.i.l.t.e.r._.r.e.f.e.r.e.n.c.e.d.b._.b.a.s.e._.u.r.l.................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FE2C1C0E-8D93-49BE-95D9-2FBFCBD8E7CC}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1399_Panel7_Mosaic4_Budget_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x400, frames 3

Size (bytes): 2032

Entropy (8bit): 1.084618340227828

Encrypted: false

MD5: 34C2ED5605DA4B29F5884DA176F78963

SHA1: 99BF9F0ACC72D646E3CE65899A84EFF18C9D392C

SHA-256: 57A334A4E1B8CC0BA35038432424F0EA3EF4ACB2AE4653D184127279F0C8E3EE

SHA-512: DB59CBD9E4DBD1EFCE3E21F405A29134BFEC8C15A9CA4C99CCE5B07863ECC62862F60484BD9B36770CEB520F658F4B9512178749028D2335223241F35E9F4D01

Malicious: false

Preview: ......JFIF..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1399_Panel7_Mosaic4_Budget_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 13459

Entropy (8bit): 7.909540353881409

Encrypted: false

MD5: 313F53DE1654C42422F6069917530EA4

SHA1: 654F753375C28AD4528978CC18538302675E0CC3

SHA-256: C2A1A970063632C65FE1CCFF75DB16F5D997F838A1230224B515E692BFE69E1B

SHA-512: D0DF1C8D4E58F09E6358176C9DA0E2005208EF3BBBE6A3CD68DC9F4484292DA855193EF606C501E8B1AEA0641C94C78EF9D5A2D36168457F71DEFEFEC6E733D9

Malicious: false

Preview: ......JFIF........................................................................................................................................................^....................................................d.*fVq1.....y.x.y.g.yg...D$...Q...DDFq.y.y...yg.y..Z......'8."3..<..(..,.,...,IJ....c8..(..,..<..<.....IL..LDg..e9.q.y.Y...x.?.i........#<....<.2.<...(..I)R.DL...FY...FY.x.Q.c....)J...."2.<..3.<..,..8.<...AJ.....g..q.g.y.y.Yg.yg......2.bfg9.3...<.8.<..,..3....R.f&f#8..,..(.8.<....8.2..I..fbbb"3..<..8.<..,..(.<...I%$L.LL.q.y.Y.g.y.X.g..G$...bb"g8.<.s.<..,..<...D..L.s....yNYe.Q.y.Y.9.q..$.)......8.(.,.(.3.,..,.9..I)R.DD.19...Y.S.Y.ye.y...IL...."b#<..<c,....,.....3..$...1..D.g.q.Ye.De.........>.....J.S11...s.g.y.Q.t.../=........*fTDDD.q.y.X._)..2.>..z....)S)D.D.3.y..7....8O...5n.o.m.......b:g.x.u....~.u`..~..%*eL.1.?.|...'aM.......)BJ8?....>.e...1.~...J~. .o..-~....66.`~.$........m.`.lcc.L`..\.t............60c.0a....{.8....8.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\18-d72213[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines


Entropy (8bit): 5.225176216325186

Encrypted: false

MD5: 59AD05CBCCE6803FB00314310F20FC45

SHA1: F7A094F6E0E60CD5C5B20D10788AF8A8F71CFEFF

SHA-256: 55AFD02F9CA1FE1B8D3705EF8EBA7C9A8E2F0BA4B8D1AB8853A2A10FAE9E4AC8

SHA-512: 7EDCE6C4078519C8E623B5CC32F47E8033E400673F17BEDBF59A8C6DAB551705E2C33000D158CAB2C7EB164281D6C5980B81FE0F297B38AF05061F086C121D09

Malicious: false

Preview: (function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel3_GlobalPromo_SP6_platinum_V1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x120, frames 3

Size (bytes): 17481

Entropy (8bit): 7.811317522255113

Encrypted: false

MD5: A38B9B7FAB08B32B98ECB1FF488D247F

SHA1: A78DB6DCFD82248BAEF37B2F54F241C4047AA8A9

SHA-256: 358CB902778D7D6704B869D0A110B31D7D8047B6D355829AAF70934A4CF99B43


SHA-512: 5BE53045F9CF2187C40A16EA8F5A8DC48979A167D139455BEAC6AA4A144B3E1FDFCD587A6F521BE62F3B3CA772B0586A901BA15A3806B7F54FD84F83EBD736BF

Malicious: false

Preview: ......Exif..II*.................Ducky.......d......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BB7079BCF92011E8A02A90944F8E2CAB" xmpMM:InstanceID="xmp.iid:BB7079BBF92011E8A02A90944F8E2CAB" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="B450E593EEF1D7864A307CCBF5665893" stRef:documentID="B450E593EEF1D7864A307CCBF5665893"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................x.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel3_GlobalPromo_SP6_platinum_V1[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel5_carouel_Office[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.965027776866983

Encrypted: false

MD5: 5150E94A5F46F2154AA3866DA020DAC3

SHA1: 0BCE96C758A1F6715D6408C8182DE04D49D1EE25

SHA-256: D4FE0AB01008DD9D65E892F5BF9B9514FF92EB3870ADF03D23CCF5E231EF1BFC

SHA-512: E30750D350C7418453795FB170F79C0CF481EFF3C6D107B78E05D45D5585249FF99D3846FEEFB2A6048D8B97EC5A043A7D8A0C591F7824BCB2506964DFF6FF69

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!.1A..Qa".2B.q.R#.....b3.C...r.$.S....cs4D...T%...d&..tE.......................1.!AQ.aq..."2.....BR.b.#.r....3.S.4d............?.....@...(%@...b...P:.($($(...................f........v.....2..=0@...'(.O..p.R.,.&.w..3S3s.qBo...........W+r.Uh..h..D('..PX.A|0I,..H^G.Tq5-Y-..[.!.....LA.....)..>-...w~.........>....~}.w......n16|h.$..}..$q&.....l.U<..^i..k.-.{u`...;.tXXp.NnS.g. .S.n..(.^-.Vu.k...}..[...y........l..L.....3.....'..'..e}...~7.?'.....}.....].R.4I,..E ...n.....O...pr0.'....|G.....dr:.X...../K.....g..1;.v.....j.rG...@=.$../..^.T...W~....''...../.._}...;zA...;.....C..'..){.I.....gu.6.G.~....q....5..../......~.}H.....[.Ac.............\:..I....v...J............+.c.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel5_carouel_Outlook[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.958897740921402

Encrypted: false

MD5: 88CD7B802727590C8B1CBF17C0C9C7DC

SHA1: 9D0B037DD2FCD7305E9F422521C2F303775656CE

SHA-256: 742AE16D85F495C63261F5224F4142985653847799498DCAE94EE49A10DA57EC

SHA-512: 905464C02B19EE687895ED48BFA81BDF4920D78C65619E37800D2C85905FE41B0DD6EA3490144084414CDEBC64E1B57D7B0626E00F18C36497D236B27666FA07

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d..............................................................................................................................................................................................................................................!1.AQ"..aq.....2R..Bbr.#S......3C.cs.$T...4D.%&d...t5E6..e'7.......................!1..AQa....q.....".2BR.b..#................?..:...l.}....`.f7{......y..}S...'..b...%.5eY..Y..*I...).3....s..j#.x.0./.}.. n%.v,3....}5.>..O.....?T......k&.......(..G........M...X...g.~.....~.nO.0+..gi..I8C.,o..|~..q.#.._]..c3......|s.......%?:._Uz0..........s...b>.?../...Z9....c....6...]..s...3.....#.mnO.}i..d... ...%J..;|yc..........CY?Po..R}..d<.I.q.3..i..q.?.<.w{..9...i=......".(.}...~.JcE.........#.9~..P.!....*.p).+_....<k0.^D...2Y..U..p,@..B.K..#Z.(..J.u ..e.... ..A9..LW..Tj..HIX...<....EW.r.a........E..n6.Q.s..s.R..:j/[email protected]..\...9}A.X..[HG.O.........=..x...O.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 2548

Entropy (8bit): 0.901535278192056

Encrypted: false

MD5: 1BA5DC09EDF3AF5333A032BE866D02C0

SHA1: 374276053DC0B9857C5A6E4D4A404299C1653AE1

SHA-256: 4DCF9569D44505F5254E6C2789837471070FA80C4B445937C4CB620CDECD9015

SHA-512: 4DCEA434AE1FD32A3D234C61A1E1049534A6AF9B1A58F8A7508981AABBC1443BC36C641851FEBBDFE6943C3E595817EAADA71D66BDB99FBC0C3287FFF4F62CF7

Malicious: false

Preview: ......JFIF........................................................................................................................................................R.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 16833

Entropy (8bit): 7.914215771445709

Encrypted: false


MD5: 4B6F27319D38726232417DE950503969

SHA1: 14535685D897316FE4706BF525EC06D966887F1B

SHA-256: BA60967BDB1208C988350357FA68B4086B05919F5BD1732D81539656B516B6F3

SHA-512: 636FB7B6717AE4D492B81A85239BEF2E0C19BBF9F217F7864421A193BF3F7C33570631BBF48017189DED6C8A47112A268A22D2666714D7D43835FAA3CAF86AB9

Malicious: false

Preview: ......JFIF...............................................................................................................................................................................................................)g9..1.g8.'..r.%.bx..9.r.19....0.K+8.s....q<c...).x.%.Ns.....%.R$....g...g...9.R..<.S..K......K".V.q.c...fr...S.'..8..9.x...V.eeag9.1<.x...r......9bS...K.. .Y.r.....1,O...,Fq.'..r.%..x...Z..Iac..q<O..'..s.#)O..%9NS......Ied.s....e..x..9.X..<Ns..9.s.....Ig+9.1.O...<K3..9.r...3...Nx.....Y...q.bx..K..9Jr....r.#.NX?..,..9.s..y.'9.r.'9.s..).x..9......$......s<O3..)....9Nq..,.r.#.K.....Y..g..y.1,Jr...s..).....S.3.d!%......1.....)Nx..)J2.'9.q..)..4..Vs..c9.%.Ns..<Nr..8.S..).s...A$..X.q.c8..9.S..9.r..)K..%..S.....Y..3.c8..9.S..,NS..(.s.(...Q...A$.......s<Ns..9K...).Q..<K.....uWO..I%..g..'......S..).3..8....z\...O.lFL...c...bs..9.r..9.q.q.]...~..Z...U.BYY..q.c...9...q).S.c.o.._U..m....I$...9.g....9.r....]..K..>..]6......YY..q..9.'<N\g..7.tK}.m.n.c....V..K9Y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Device[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel7_Mosaic4_Budget_Hello[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 40929

Entropy (8bit): 7.96876739707999

Encrypted: false

MD5: 5431194804F8A8ED6707811D6C4AE574

SHA1: F12DEF8E6893CC92A4C23A8EB21D79C9E86158D7

SHA-256: A3BF19827812BA8D022951E93178E8A318FFAFFB44758032DB1C464A66418183

SHA-512: 459A73529C45CD6CB7018B767D56DD1C41EFC175F1859994ECBB60B34D36550548F515E571F95AC1C79265301260BECB31486C03A254D2C14F0D3194288AC5B0

Malicious: false

Preview: ......JFIF.............................................................................................................................................................................................................\....1.-$..a.....R....-234,Lh....c...D.`e....#d...!xLi...Hc.WY".RE1EXNc.%...X....+B...I.Y...^...^.....!....$.LP..=...5fHd.$hKBKG%.1.g.HP..H..$...z.d.I...$..I0..k.n. +.._....xP..Y./"..`>.........W.\.I#\...4,\..Mw..W.?]?,..R.)_....u~m...K1!..Q.d.Jr.;....@ ..)?8$.c.|...0..[y.>:L......}....*V@...$#..C....>n.,.)HB...H.1.o.?..R....7...-.ll.G....ZN8V....."._g.+.0).@.....>j...Ga.y ...^_...]l h.o>..WB.."$O.sy.......?.$.c...>......t.......P..o..Iv.~..).~z.$..bk......Sf....D. .H..u.W..G./..p. ._..P.......m..~_..ULC.f..[?..W...<..DQ$.eq.QZ.e.k.2.....1X"2.).q...:..S....i..H.d;l.W9V...MN...s...{........6....6.u .cmy.Z.U....uXUj.~.....CY.....D.$.....S.StK.oy}~..E..[..iy\|..O.u........t+.. .e....j..V.>5.....;...#....?..dz/....A.FU.y.d.ZW]US..%U%yX..p.F?..m.l.q...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel9_3up_Photos[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, baseline, precision 8, 485x273, frames 3

Size (bytes): 26609

Entropy (8bit): 7.934082765857674

Encrypted: false

MD5: B6A91D2AC4B9FEA765FB7139FD60D870

SHA1: FD4470F392829CFE06FF323AAC5E2E378DDFEAFF

SHA-256: 63D53790F3F4C25946DEE9506E25C90029BDAF8DCB787BD382C3ABE7E38F4E91

SHA-512: 190C16AEDE4F6A8C444143CF7171A07D1A956C90FF4985DB74EA9AC8AD0C24A2C9D74EC38AB1EC1C52C0A841260E7C90BB1CBB0BD89D748B9FE856B5609558A9

Malicious: false

Preview: .............................................................................................................................................=....Adobe.d.................................................................................................g..............!..1A.."2QSq...RTVar.......#45BCs.............$%&'()*36789:DEFGHIJUWXYZbcdefghijtuvwxyz............................................................................Q1............!Q..1S....2ARaq...."#3br..........$%&'()*456789:BCDEFGHIJTUVWXYZcdefghijstuvwxyz.....................................................................................?.....=Vq~..{.{.x..e...3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.U._....L..5..3...*.._8.Y..O..4.+.L.].3:..I.%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1920_Panel9_3up_Snap[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, baseline, precision 8, 485x273, frames 3

Size (bytes): 45635

Entropy (8bit): 7.957850688880408

Encrypted: false

MD5: AC9BED7803D9CB48DE79FC023F716C10

SHA1: 3470895DD7BFA6BB73005C77B0BF77BA2DA0C89E

SHA-256: 71826360339D8F89FE7704CB419C4D2D7758561F34263C7BF8EA2DFAC8E24318

SHA-512: 463F75CE3A3E4BEDA3BD5FCF580FC219077A000DCA448E8900EC2CCF9CA0E47FA2BC2E43910D529DEF6E1B89DA70ADE4F58D144807BE47AD1D5B41693D5107FA

Malicious: false

Preview: .............................................................................................................................................=....Adobe.d..................................................................................................a.............!1A.."Qa..2q...#BRr......$34CSTU......%(78FVbsu............&')*569:DEGHIJWXYZcdefghijtvwxyz.........................................................................l............!1A.Qa...."23Rq.....5BSbr....#4C............$%&'()*6789:DEFGHIJTUVWXYZcdefghijstuvwxyz.................................................................................?.7....y.:.T..q.)r.!$..7....Sm.B..M$...>R.7#18."I(eK....J\m#2V.M.0..N.Z.c7E.y.g2.....;Qz.&.L..,4.%.r{.hk..u.9."..+...a*..N.J.ILS...].l.....'a.....C.}....?m..........aRz....0].........k.`..#;.P=.I.n..v.Fw.{....q..,..J%..|...$...T.u.F.T.lUIB..vi.U.`..W..4.^q.D.O4...%[email protected]...~..x...5..e...!..\......:.}.......mVh.S.NYR...l7,..i.9,mk....c..&.:.m{.D..46..LR

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 66442


Entropy (8bit): 5.367460973044008

Encrypted: false

MD5: 4961852D115763E46C5B485CC764BAB5

SHA1: D437D676AEB7284E5141F80382E6B11552408728

SHA-256: 4EBB716903FC9B9DABF6A74FF88C4B8CB38FBBB89190175F4DAF7CE29AE6DB08

SHA-512: 7560A45ACA5995C4FD0163271CF678E9B1F7773300A2EF7CD3CF77FE4D3017F967C74133005FF3D9D57F1F31382C01DF54510981B33E9E779FBECA9E7411CE99

Malicious: false

Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){return n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2,INFORMATION:3};awa.behavior={UNDEFINED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE:8,CONTEXTMENU:9,TAB:10,COPY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20,PROCESSCHECKPOINT:21,COMPLETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61,SEARCHINITIATE:62,TEXTBOXINPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFROMCART:86,PURCHASECOMPLETE:87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOINSTALL:93,SIGNIN:100,SIGNOUT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNITY:125,VOTE:140,SURVEYINITIATE:141,SURVEYCOMPLETE:142,REPORTAPPLICATION:143,REPORTREVIEW:144,SURVEYCHECKPOINT:145,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1e-fd610f[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 66556

Entropy (8bit): 5.367791117419677

Encrypted: false

MD5: 67C11847493C9A15E9A3341BDC8E935B

SHA1: 104FDD629C1DF8F4839916F714AF0B0BBA89939B

SHA-256: C20B13598CFC3B29774A3909D1EE5927FF2947A6EBFE7064575D3B1738DD7548

SHA-512: 77E7AFB1A21F6F0A37C66834823EE1C5E0AC1AD67AB5A99F9617357051C36C37360AB6488957DC7B4E0F259E34C8F78C0AB5A30E32AF7A7702E0D1E5F5C392EC

Malicious: false

Preview: var awa,behaviorKey;define("jsllConfig",["rawJsllConfig"],function(n){n.cookiesToCollect=["_mkto_trk"];var t=window._pageBITags.pageTags;return n.ix={a:t.userConsent||!1,g:t.userConsent||!1},n});awa=awa||{};awa.isInitialized=!1;awa.verbosityLevels={NONE:0,ERROR:1,WARNING:2,INFORMATION:3};awa.behavior={UNDEFINED:0,NAVIGATIONBACK:1,NAVIGATION:2,NAVIGATIONFORWARD:3,APPLY:4,REMOVE:5,SORT:6,EXPAND:7,REDUCE:8,CONTEXTMENU:9,TAB:10,COPY:11,EXPERIMENTATION:12,PRINT:13,SHOW:14,HIDE:15,MAXIMIZE:16,MINIMIZE:17,BACKBUTTON:18,STARTPROCESS:20,PROCESSCHECKPOINT:21,COMPLETEPROCESS:22,SCENARIOCANCEL:23,DOWNLOADCOMMIT:40,DOWNLOAD:41,SEARCHAUTOCOMPLETE:60,SEARCH:61,SEARCHINITIATE:62,TEXTBOXINPUT:63,PURCHASE:80,ADDTOCART:81,VIEWCART:82,ADDWISHLIST:83,FINDSTORE:84,CHECKOUT:85,REMOVEFROMCART:86,PURCHASECOMPLETE:87,VIEWCHECKOUTPAGE:88,VIEWCARTPAGE:89,VIEWPDP:90,UPDATEITEMQUANTITY:91,INTENTTOBUY:92,PUSHTOINSTALL:93,SIGNIN:100,SIGNOUT:101,SOCIALSHARE:120,SOCIALLIKE:121,SOCIALREPLY:122,CALL:123,EMAIL:124,COMMUNI

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\51-6d3a1e[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.050717299586406

Encrypted: false

MD5: 6178D19989D7964964A1CC7BED82F341

SHA1: 8B0DBA5CCCCFAC4ED390F900F85B275A5507215A

SHA-256: 3ABC05CF7FCD206115A9F2871547BE6A8649C34B2EFC0D1F77441147A5A78BC8

SHA-512: 120F92E7C4F785EADC0B000F0035E475977ECAAA4131500E3D2EE3C4CE9D1A368DB3C07D16BEB58DE46AD2F6857503A3445DFE06BEA23F59646424FFA1946F81

Malicious: false

Preview: @charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\LinkedIn[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 19 x 20, 8-bit/color RGBA, non-interlaced

Size (bytes): 315

Entropy (8bit): 7.022483950744116

Encrypted: false

MD5: 02734A460C03D20B8C4AEA1D9A7B7DCD

SHA1: 0A642B81EB3E0F66D2D4CDC49339C3A60845B427

SHA-256: E495966DD87033EC1E3F55C58062DE559B251AAD1CABF20DD2AF44CD34675CD6

SHA-512: 1E4A8E8812BD061828D52B106AD91A03FB49B55A051DC0D433C731CE3F3A968A3C2BFF63B2FACDC8B220D37169FDB88EDAED6802667C6F0672B8941C05D8B958

Malicious: false

Preview: .PNG........IHDR.............oU.t....sRGB.........gAMA......a.....IDAT8O..=j.A...Y-$.""........ ..Y..x..A...z.....[{O`B"[email protected].......[....L..*.j.........,].*.G..z..`...%^qS..!.w!.P.....gd.......$>1.?ts.......|.6..X.......=....J#.\.....+...w.r.&[email protected].*...a`.j..Y......mw....c^.>.H.E.RG.>*..5....IEND.B`.


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC31570345bb96413b898d9ee318090731-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 8645

Entropy (8bit): 5.281702034488803

Encrypted: false

MD5: 1C147059F5B20EB1BA0A41125FD0F1E6

SHA1: 70340E471B4DEBCB50C55D7367A2305B81604200

SHA-256: A67711B070FCFC486CDC4D1624A2885543FA7B59572F6033D2E7C96D0E85112B

SHA-512: C2301637B1C65B5093CCA70144CD9FB8CFCED1CD80330AAF77A5EC56DCDABFEA409FC53B21D1511F3D7A9E931A37D609B07FE582CFABB7AC78F8F8EB74B0B569

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC31570345bb96413b898d9ee318090731-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC31570345bb96413b898d9ee318090731-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&(window.wdgtagging.jsll.vt=window.wdgtagging.jsll.vt||{},function(t,o,a,c){var e,d;o.checkpointCntnr=function(t,e,n){try{this.cpPercent=t,this.textValue=e,this.parentCntnr=n,this.hasFired=!1,\"start\"===this.textValue?this.behaviorVal=\"VIDEOSTART\":\"finish\"===this.textValue?this.behaviorVal=\"VIDEOCOMPLETE\":this.behaviorVal=\"VIDEOCHECKPOINT\"}catch(i){a.debugLog(\"Error in the vt.checkpointCntnr function. Inside video tracking script. Error: \"+i)}},o.checkpointCntnr.prototype.fireEvent=function(){try{if(this.hasFi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC6093e61065034898a18b3abc92c03214-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 6457

Entropy (8bit): 5.377021157550868

Encrypted: false

MD5: B56CF5A5EF2E87296D580C8A794C498A

SHA1: 2932D980FA1EAF52466411F7E8BC61573639A633

SHA-256: 35994410F65280AFD34D519183E9EF9A8BDCFCC6D26ECD73464B35368A155E2B

SHA-512: 38F0FF5E39C88BAC6E07A7EDBBE8EAC706613D0376D66FA19233BB00BE21E918F518537125501EA12C3742272E3DC58494C3B50C6A66311A3FA1F3EC95A0D665

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC6093e61065034898a18b3abc92c03214-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC6093e61065034898a18b3abc92c03214-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,e,w,f){window.location.pathname;var m=window.location.href;w.wdgVideoTagging=!1,w.videoTaggingInit=function(){var g=awa.ct.captureContentPageAction;w.wdgAttachedEvent={},w.wdgVideoName={},awa.ct.captureContentPageAction=function(o){if(239<o.behavior&&o.behavior<253&&240!=o.behavior&&250!=o.behavior&&251!=o.behavior);else if(253==o.behavior)g(o);else if(240==o.behavior){var i=o.contentTags.vidid,d=o.contentTags.vidnm,c=!1,r=f(\".c-video-player > .f-core-player\").find(\"video\");r.length&&r.each(function(t){

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RC90de3d91e87d4e289cdf12d9ed2d405c-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1725

Entropy (8bit): 5.485144962170923

Encrypted: false

MD5: B686714B718573BE57DAA70E297645CC

SHA1: 37D29EE2E3397C2A60223A6947DF0FD5A0C127B8

SHA-256: 61D751350344890B9203BC5F1ACEB096F9E524CE830A7BF0EE1881EF35C7DCB2

SHA-512: 5C6FD62AD0C2F38753DB35B2101DEA33FA2D941FEECDC15DE8517D4CFB1A37519920D832C1C3D468FC9C8ED7C08753EF47A22A92E850E3C76C73FE1586B18CF0

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC90de3d91e87d4e289cdf12d9ed2d405c-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC90de3d91e87d4e289cdf12d9ed2d405c-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,e,n){n(\".surface-clearfilters button\").on(\"mousedown\",function(){n(this).attr(\"data-bi-bhvr\",\"REMOVE\")}),n(\".c-checkbox input\").not(\".surface-hmc-ans-block INPUT\").each(function(){try{i=jQuery(this);var t=n(this).next(\"SPAN\").text();i.attr(\"data-bi-name\",e.tlcStr(t));var i=n(this),a=n(this).is(\":checked\")?\"APPLY\":\"REMOVE\";n(this).is(\":checkbox\")&&(a=n(this).is(\":checked\")?\"REMOVE\":\"APPLY\"),i.attr(\"data-bi-type\",\"option\"),n(this).attr(\"data-bi-bhvr\",a)}catch(c){e.debugLog(\"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2OdIC[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG-XR

Size (bytes): 65750

Entropy (8bit): 7.914829833769577

Encrypted: false

MD5: 050E542580D0E4F21509BEB5C9B80ECC

SHA1: 33D8A9DC17D7BAF17DB2AED3BC40C851186384FC

SHA-256: 891F6C532C5034FE5F28515EA619070AFE73908D3CFF3B9F3FE5A3C8F2D7C72F

SHA-512: 885DE7F234BFABF7EC0E9F41536C4780EBC6E4069EA3817726E532E5EDCCC0621E93191193D2BA0F31C50246515697BCE041DE213998A9E87007CC3DBDF3AEA1

Malicious: false


Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B....................P.......WMPHOTO..E.q....0...,8:B.. .....m@.........@0<.....@. .......{.R....`[email protected]&.!ku.W.Q5...E....N..._..{h..$... .......b......q...UUUUUr..M............./.sH.A..?C%wr..XCM!..T.../......!dD.h,6".:V..........J..2.t6..&.s..hSrGl}on.......v...s.......!e...d@.<....|...;....U.*.........P>....`[email protected]|c....{[email protected]_b.j7....0S.*..UUUUU.K.....N>....NZ\TiX.....ti.:.L....%S......##..Zh..i>6....ip'.0m...l.....r"%Wt...........]Lm....d.!*[email protected].]h..........fI.. .W..>..XSy...R.&{o..DL[L]..9....*......U..o.5J.m..MZ......*~.a|..=...`....Q...~.\...1.......iK.3`Z...r...C....:r...........wf]M..5Re..v.j..Q..0?.........2.4J..u..^\..)$...7..O..Tr..2......,2..J^7.....C.T...WG..I.7i..2.1....k.!{.....e1s.i...}v*\.....{U%..XA,_P..X.}.@}. +.DD..uP..UQ.....].wj?......&&.4Z*e.J.&.%..*W.'..X .0....d^:./ k....r"....yf..r#^n...k.n....K..wP

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2OdIC[1].wdp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2QTP2[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 66149

Entropy (8bit): 5.432481644807615

Encrypted: false

MD5: 893F8FA395F6743BEA0F48F8673CD5B9

SHA1: E0C648D51F31959F5E265077BA53F527C34AE29D

SHA-256: 6D28F6751A087565F3F0AD4CD93443385FF1C3491F9E20C5783BA0A9EEF8F120

SHA-512: 9D523897489A1D2D8B3A3547A4A13289145434B0A3E795ABE8A932C7C8956BA00796B9C6A80CAA745D83253FB059449C3645EA718F76FADCF37647330D385208

Malicious: false

Preview: ......<!DOCTYPE html>..<html lang="en-us" dir="ltr">..<head data-info="{"v":"1.0.7083.39717","a":"44bd8749-0983-4b73-9521-3642f942bd36","cn":"OneDeployContainer","az":"{did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2019-05-25T06:03:54.0000000Z}","ddpi":"1","dpio":"","dpi":"1","dg":"uplevel.web.pc.ie","th":"default","m":"en-us","l":"en-us","mu":"en-us","rp":"/en-us/videoplayer/embed/RE2QTP2","f":null,"bh":{}}">.. <meta charset="UTF-8" />.... <meta http-equiv="x-ua-compatible" content="ie=edge" />.. <meta name="viewport" content="width=device-width, initial-scale=1" />.. <title></title>.. ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RE2QZ2T[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.981911310963697

Encrypted: false

MD5: ABB80F67593EB8983BCC999265CC0AB3

SHA1: 7DCEB7A8B3DED82ABFA218BA2F8D5C5EB77AAB45

SHA-256: 20EB444DBEA7E554C5BC52D052D0C17CA46D840F7C10C7AB2F34AFF5C986A306

SHA-512: 0B11832F864EA9C87D0D49818857BB21A5FC9D542D9559C88C19E2C5ADB31CD02F1B9E5F357D65DAC5BB857169ABE35A8D11555B40E16CE95D47D18708AD3680

Malicious: false

Preview: ......Exif..II*.................Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="F9B4E7158645D5F41928335C6554A8E6" xmpMM:DocumentID="xmp.did:EC5F4535608111E9B745A83179CD6C5E" xmpMM:InstanceID="xmp.iid:EC5F4534608111E9B745A83179CD6C5E" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ec5b2b3e-8629-4f79-b3fd-a35e06f5c134" stRef:documentID="adobe:docid:photoshop:1eecbba5-e501-e748-9f93-528a5bfc760a"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...HPhotoshop 3.0.8BIM..........Z...%G........8BIM.%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_1_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.979795327197334

Encrypted: false

MD5: 7CD862696D20D3E75D66384FCE70AEFD

SHA1: F7C794C2B19219C3F1DBE6A1F25EAC6DFA12B061

SHA-256: 8278A09661789A604CD87DD3B5D91D03A5F8447CABB9E45A046DB2865EFBB36F

SHA-512: E5107AA3A57EA3A19150CB302B3613CC8CA2A260151DB3D4362A5DCC1503E54FDEFC15222E85F5AD859EE4370FE771D3A215972F0C2CC2BBF8E871928F56702D

Malicious: false

Preview: [email protected]..#XHm.6.. .Aa#.P..R..*q.c'..._..%.|Y........./._...........................`............................`............................`............................`.......................4M.\.$..$I.$I.....$I............B.......................................................0..........i...k/m{...|.......8>71..\Xj.$I.$}>......(.....n.Y.>.H..a(.MJ.K/.e..cff...3.......L....M.a2...$.#5s..~....t..wv.difd....yF.....f.....~..r..D...D)G..,/......^O......\..\..;./_...V..|nKD*r.......|........7.g.}.O....*....<..m;......Q..NxL...u...s.z]j...l.W_.-.%u..==....GG........\..h.....K....]..H '..........E............w..........fK.NG......-..D[.UQp...r...s..=.n....#=O'..{*.....~8....Q.......'......k+.T..K..E:..9.!.....@.......... .N........L&s9\..,+j.Y..#...A...FC...i.<J)y0.......k..?........-.VE.....f........GFFrSSS.R.t.Ap.BY.U....'"...........*O*.............?......^......eYV..f.;8 ....~ .V;<...d...aS...<....mK.X.z;..X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_3_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.969893467816012

Encrypted: false


MD5: F8C8E458D0B326116D8DB4394FEACA42

SHA1: 3AFBA82A4BDEDC50EF34C53ED7878569F2EAF6C4

SHA-256: FA8BE65CE75F47DF685C2F02EC01BD46375AFEBBC9468E9E24EBEB6F3CE2EF93

SHA-512: B677FC593E2A6197A24A9EA128BD12E82010AFEBD178FE808FD853584290909828A75E22BAAA2510FA1DA126CA5248EE2FD30BACCD25ABA2533A73A61D91566D

Malicious: false

Preview: .PNG........IHDR.............k.....2FIDATx...... .. _..............@zk.......................@y.=..rd;.0..8'.....|.=....5......%8..J.23C|Z.;.]....zkm.Z..Ph!EG.B,.<y2...t-"..X .B.9a&.....H.`k.`o....O...O.../{..;7No.k..^gz..)..RJ)..R.......RJ)..RJ)....Z.l..vs...x.....7..Z...N[.S.ID.H.Kq..8......5..)@{XF.b..06.c)1.i#....s...#...~l...,.^..f....f..s.....G#.a>+;.....J)..RJ).....g*..RJ)..R.z..v........^.mz)z..Z{.E.l.EI..];U.q.8..8".N.N..!$....Q.!!....$l.C..@ .Nf...W.._....72i...8}a.....L._M0c$.W......{O.>.;M.OZk?.c..?....^......n.....RJ)..RJ.....z..RJ)..RJ.u....c.iH'#...........W.._\..^=......6..=.H..>O.".....`.&".b.7a.w........D._=.L^].{.........6j.}"Z.....zI....*...`.X........8....I:.....7V...o.1..#.....X.. ..v;~...RJ)..RJ)..D.l6.RJ)..RJ).....2...f.e..._.z..j(^[email protected]...:;...IH....\.w...$A..c..(.....b..)..}....FJvl..... .D..1.........q.~u.!..BD4$c...y..;...W......7.|id.3..d..d....f...j...r..../../.....XSJ)..RJ)....7J)..RJ)......[K..|.8...^.y..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_HL_ImagePanel_3_V1[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_HighlightFeature_Panel_1_V1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 74933

Entropy (8bit): 7.859097020161532

Encrypted: false

MD5: 94EF7CDB82E6F7E5778A4DA0D0FD56AD

SHA1: 2450D47112E00E0BB26992676BEB2444BAE4E595

SHA-256: 26EE58DA2512916C69FFF0566C35C8BFF0984629ECC94A6DE73566B38272DA92

SHA-512: 35E6AAA752E04A95EE616F51153A954CAEDF0E02DF12574ECB24E26C744B69D714655C3C55B45B88A35B3A77392AE8329FAFDFF397126C4F73F1ABD1BE10622E

Malicious: false

Preview: ......JFIF......................................................................................................................................................X.@......................................................zR.zQ.J=)G..G...G.R..J=(.GzQ.......[6.......4.I%9.r..9.))NS.....4.....s..h....0.....T(P.......a..........zR.z=(........G......J5Z.Ggvg,KbF ..UU&..M%4..9NRH.R..).r.JI).s..4..sI.Q....UP".UP.@......`..................W..]..Wz=(.G....Gw.;..r.N...U..&.9.s..)Nr..)NS..).s..$..9.'4..h...UE@.....(U....R.a...6.oXz=)G.)JQ....^.w....zQ..JQ.GzQ..wvgfr.N....U.&.9.r..8.S..9NR..)[email protected]..=f.zR..(..)J;.w..(.zQ.J;....(...;.3.9..e.UURk9..9.s..).r..9JS..9I%9.i$..s.I&......P"..UP.........6..........(..h.zQ.J;.G...G....JQ..g...P.f'...B.DE..&...9NR..)NR....S..9Ns..9.s..i4E...........B.....a..a..a.JR.z..JR.JQ.J;.G...G..J=..z;..vwffbN;l.U...5..9.S.g9Jq..9Jr.g).r..S..9.s.NsDY."...*...P.*..\...........)J=+J=)G.^.w.R...J;...........Fvv.X.v..UUU..&.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_1_new_V1[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.954945224320037

Encrypted: false

MD5: C11E05BA111DBED391CA4C1185D4B631

SHA1: C3DDDFD8810D0D74BC2FB40E1AE9A65A814C5ABF

SHA-256: 87300ED19ED6D6EB09AD4F14C3E41E068F7C382CD7985340554BD701FBB9601E

SHA-512: 4B89E201482B36F4F5D059C67E57F7014899F96003D3EFFC46082DC11963456490A0F4C8D9F3ADB127C86C37746DD38563BEC0E96B71B284F82E4AF6BEADDB14

Malicious: false

Preview: .PNG........IHDR.............k.....7DIDATx..[r.6..P..U..u&.....G..j.v.D. .....................................<..c...~..K.....f?..........F.}.4....xc.f.}.c...:.w...?......<........6.q.......\..O:b.>/ym=k...[.=...o....](..{...x.....X.8g......Z^=....z......b-.]..q6.Y...l.e...M....mp=.....xP.......?..t.n...~..8..}.W).,..../...-A......i.....{.3{........i_Y.XW..t{.....pb...C.......3.uZf....).kC..].j.[.6.x.gw<W6.x.6.:.!...f.n.a...~.....}.....!...-.....~\....7....g.V..O.....b......3._.U`.......-.,.`.P..=.........u].{m.b].k.'........].`......._.LS|......23.'7g.....g...... ?ao...................u}.....|'..8.m..o.G....g......{..z.P.b}..o<.7:.>.wm.....g.I.HXu.K..![I+.3.x9..Cv....6..B...O.....@...`....D....#P..1.'.B1.}..C:..-....Pn.b.`......$..O.O......i.o..........R....y.._8.=.e....Si....K..0..x.|........t..H...6..=..~..d.;!..>i/@".c...3.......f.I&.s.=3}-......l...+x2p.......p.zb&5..j.=;.N.[.Oe.i.$65.o..|..........0.?/.GN'..._.\~

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_4_new_V1[1].png

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.9967245039940975

Encrypted: true

MD5: 386E16D44339C3ABEA775D8262BBE093

SHA1: EAA7CE8CA017554760B8F6AB53BE7AC87CCE83E8

SHA-256: 5815207FFF83ABB3F47949DBA5BEBDE5202DE8A9353E050E09FC947B7E2B140D

SHA-512: 5061F88EF5656EF82799FD4F03EBC6B3A7E3DE67BFA1F470A0770E515A714FF96C4614F5AA18F0F45A247238E10D6D391D0FEE0B17C6ADD125B8B9894E621BA8

Malicious: false

Preview: .PNG........IHDR.............k......"IDATx....Ad1....m....Z2...2N.A...-.?........)...........................wP.......?.....1.j.J..eU..\J...VG.1...c....Z.j..."F..m...1......x.'gg.>?.>...=..l9...Gd.....<z44...Wd.q{bf{....F.nB...J%.....dPE.9%*.R.@....)g.6k)...:.Z.>~.d.e.LE$9y.YE'w.Z.=..a...&.Xw..=w........"*.Z..f..}..B. .u..L.._.i..p8..f.U f.-.,..J.......{..DU..._.....B....-....B.!..B.!..B.!<}.}.\...J2..f..e.lt....T;..f"..J......f.$.....v...Tz3.m....x$*.4%U.......{[email protected].@$.3.3.;8.w....V...%h.g..^\\$... n.mr[....._...gU.g.x..j...?.:!*XK..........!.M...s..W/F/%.L..9:......~....o.V...g.!..og.^[email protected]&.d3..@EI.@t.,......N..y.TK.....{.$3.....#;.n....A..=.$...] ..."P....]*.99...6..AUDH*D..F..`*...A.4..........$......9.......;..OT........#M..<...o8.1..F.]<..u.....'>.Z.z..m. oz.....!........`..a...U\....X..yY....w.+....~B.$.7../.t..B..3"..B.!..B.!..B...?....w..eQ...*.8.. T...u.<=|..$........&.+...}....D.....D.4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_studio-New-5-V1[1].png

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe




Entropy (8bit): 7.9915480148682825

Encrypted: true

MD5: 30ED03FDB56DB6B61E5DFF175E91E9B0

SHA1: 627728114AB35ABE247E6ECC634A294BCBC123BA

SHA-256: E3A5F64AAD47736264C8C672E4C92553141256E8AFDCB141A1D4C9065F8DC9F4

SHA-512: 415795581A02282D6EDE386D36E4FB0F2C33CA40244508657F907AD347BC7E417C502C427FFDA8CEB9E3BC4D9E93E388D7A6990DB11B835E734C30DD307BC64B

Malicious: false

Preview: [email protected].....:.*B..{ZIDATx...1N.0.....-{.....i.PP.b#..{RjH.....'.+..y..V......8.<......._......ZH....nV......... ........*....o.......D.<.V_......P.....@'<.:@....@'<..t............ ........$...... .......|........e..........<..[`..c....F.xr.[....k............d........ .................@[email protected]][email protected]..... .......`...7 ....[..... .......v..@t..........?`.5......X.(...).................................\....p.-L..x...-..P8........ ......... ...PT........@...............`a...........&a3............ ([email protected]..{....}.P.E.....f.%..0.............O6:7.. .8.....;...-.0...j..\[email protected].`.,.........6..%d........`.,..................n..........`....F.....?....`...6.......#.......:@...t...........>....../..k...VJ...........7..BIr]I.).d..a..^fffff..wX.^fffx...ef<.3.]l...]..U..aN~=..v..vUC.?)..7.o}....}........g.r1.Bi..Q....L.v.P........xY.y!.0......(..A..A..A.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_ImagePanel_studio-New-5-V1[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_LinkNav_Panel_2_image4[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: SVG Scalable Vector Graphics image

Size (bytes): 1230

Entropy (8bit): 4.465658582341525

Encrypted: false

MD5: 9807E2D0143042B099454E83F29FD3C5

SHA1: 8FD51F53C496175F8C07733A8C17497E16B51F59

SHA-256: B042FD8196D7BEB8048862F6E0819AE253980A415E123F88AC6816363DB3545A

SHA-512: CEA0F87D718C623C0CA156BA311136932A6484F76A08698E87B9D89C13F5D05B45DB1E2B4E7ECB0D17C732F59B6C92C6A827B6058B51368D0ADFDC4F94AB2DD2

Malicious: false

Preview: <svg enable-background="new 0 0 27 21" viewBox="0 0 27 21" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><path d="m21.312 4.214c.716.312 1.363.711 1.94 1.196.579.484 1.071 1.034 1.478 1.646.407.614.72 1.276.94 1.989.22.714.33 1.455.33 2.224 0 1.066-.204 2.065-.61 2.999-.407.934-.965 1.749-1.672 2.446-.709.697-1.537 1.246-2.485 1.647s-1.963.601-3.045.601c-.846 0-1.671-.13-2.472-.391-.801-.26-1.54-.643-2.215-1.148l-3.126 3.077-9.375-9.231 10.938-10.769h9.375v3.714zm-10.937 14.111 9.375-9.231v-3.786c-.146-.032-.326-.054-.537-.066-.211-.013-.433-.024-.666-.037-.231-.011-.462-.03-.689-.054-.228-.024-.434-.066-.617-.126-.184-.061-.332-.143-.446-.247s-.171-.248-.171-.433c0-.209.077-.389.231-.541.155-.152.339-.228.55-.228.399 0 .792.004 1.178.012s.775.056 1.166.144v-1.694h-7.165l-9.376 9.231zm7.813-.902c.863 0 1.673-.162 2.429-.487.758-.324 1.418-.765 1.984-1.322s1.014-1.208 1.343-1.953c.33-.745.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_LinkNav_Panel_2_image7[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1055

Entropy (8bit): 4.584222259166922

Encrypted: false

MD5: 80CE8FC112B97920A2A8E16A9A1366BB

SHA1: 5B6941F056B06E68CAB5744F25A470F4DDC5652D

SHA-256: 7AE03D6DB88646424478804E4593A5FD2425453554319F24053A9A968EF285C4

SHA-512: 26163BC3C8D3B0402A92D28E1B5F757A5B88AB8DDA358CABE03C90FD79AEAC37D895A37F06C24AEC7072ABC586805BD118ACE856F05B6B507D231CCD2D84F342

Malicious: false

Preview: <svg enable-background="new 0 0 27 21" viewBox="0 0 27 21" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><path d="m21.5 2.625v18.375h-16v-18.375h5.334c0-.362.069-.702.208-1.02s.33-.596.573-.835.526-.427.849-.564c.323-.137.668-.206 1.036-.206s.713.069 1.037.205c.323.137.606.325.848.564.244.239.434.517.573.835s.208.658.208 1.02h5.334zm-1.333 1.313h-1.333v2.625h-10.667v-2.625h-1.334v15.75h13.333v-15.75zm-12 5.25h5.333v1.312h-5.333zm0 3.937h5.333v1.312h-5.333zm0 3.937h5.333v1.312h-5.333zm1.333-11.812h8v-1.312h-2.666v-1.313c0-.184-.035-.355-.104-.512-.07-.158-.165-.296-.287-.416-.121-.119-.262-.213-.422-.282-.16-.068-.333-.102-.521-.102s-.361.034-.521.102c-.16.069-.3.163-.422.282-.122.12-.217.258-.287.416-.07.157-.104.328-.104.512v1.312h-2.666zm8.198 2.164.937.922-2.469 2.43-1.801-1.774.937-.922.865.851zm0 3.937.937.922-2.469 2.43-1.801-1.774.937-.922.865.851zm0 3.938.937.922-2.469 2.43-1.801-1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_1.png[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, frames 3

Size (bytes): 1396

Entropy (8bit): 7.5454284767456725

Encrypted: false

MD5: 7E990EB99DAE838049B984B83988CEF5

SHA1: F6F82893ABDF49578891F36F9413124A841DE8C8

SHA-256: 29596253E4E17117B0882EE63C302B719DA3E9B5D69C8327B9B9F6269F0629C9

SHA-512: 8E62C52DE4A64AC249994CE967945C9D49F3B1DE234D8DCF6CB9E1DF056D26262D93DE16E3FF2788D62FD2507A3293AC35897DB7AF25A8F0503624F14AAEB92C

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3.....................................................................!17AQatu....."38BFUcqrs........................................................1.qr..!"25....AQRa..4............?...X.L@D.@D.@[email protected]#.Y#..2\.KG1.......#.N....j.Y.o$....\..Ql.uTbF....#.J...gXn.y..y.q.,)....d>n.v..B[.gm..}.U..<...8..!.8......).,.7...2t.l.z.x3hmy.Yc7r#QCf<=...1...."h.I......9\w.......=..W)..l..i..-..Q..~..]..?G..h.u..[Y.K.....f.PS.........{.C..Q....#Q..&7-.g.E..r..IZf..!..6.48...\*d.[V.g.......3........G...........2...]b5...x..J..|...l{..d.aLuW#E.<^.O.-..9....6.....l....EV..c...A.....%..M.t....D\..+.}*..2.6...JHh...h..h..?V0.>.[..k.J..K.G...S...Y-l.N.Hs;X....J..4....MHaJ"[OJR...TFG...M.g........`....R..YE+.~C.......L..0.A..A..Qy...To.......Z.<..I.I.\.....2......|...?N?j...~Rz.{.....5....0..E.y..%.d.i-.




Size (bytes): 1656

Entropy (8bit): 7.645428985716039

Encrypted: false

MD5: 01A16E9C9A12C3AF124C4D8E4791907B

SHA1: B73C43C28554C16F171B1020EE8248E855514FDA

SHA-256: 2A049DE2216B10275216327EACCCEA3242EFFA2A4C68524AD2BF7313A332BF1C

SHA-512: 0B7172D93BBC3808B517A4E8DCBC14143D229C96C57D83BAFD5113BC82F244B49798932DF3EBEF5A13753C2B7D609B1277B492F24007CD21621BDE0B3C8ABE01

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3...................................................................!"1Qa..AVq....#B...............................................!1..AQq...2RSa."3....B...............?......DJ"Q...D.%[email protected].!;[email protected]$}I.^f.S.y........O.mR.:\..xi>(...>.V....'Bz%...9...8`...4.....H?PEM35)G..Da.....BZ.6...o....%.z.../..J.x.:. ...N)O9...y..jSi.....${.F.t...0..f...w.]..%.i...v.......a.zo.Y......(.DZ;...3.6.s.."^B.K..+.)[.4H...J.G..{[...>[email protected].,...f..s.).7JJ....x......v.).s.{#.c......|I..I}...Ohj4.0.(h..t;.....K.........1.6.........cGf.6.m1b.b<.M.8...PlO.......m.RlO#-.KZ^....p..X...M..U.U.T..: 7.........5VZi.[...|F[F{.H.GbS.E..]e.ZX.J..$..A.....q.[....@e.,......F...e...Xm.....j.=N.3.....O.c.y~.,%.B.5.......9(...z..wPv.f..B.>DT....



Size (bytes): 1382

Entropy (8bit): 7.502628462867667

Encrypted: false

MD5: 970BFA81C5288D69F2BA48D847F4DA1D

SHA1: 2539846C918368091BA07A3C0EA0020E7FFFAEFC

SHA-256: 57F0502DC168EF20250AC3A4D2C6EFFA72DD2DCCDCA5541E11F22F3407FCAC5F

SHA-512: 3641098A83CDC38D908D1E5C2B80C937A66FE789CB57DB46BE30154F888F1A248A1057A21AB0F3F15F2D14A122D110BCA44BE842E028AD4C795539066756394A

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3...................................................................At..!12568as..."#$Qq.r....................................................!13Qq..."5Aa..2r.....RSb...............?....o%.(.DJ"Q...E.`._..l.......h.Hu....=...)m..v._...u!4....6..)".S..k.i..g.....~4d.u.(b...).v.$.)=.. %[email protected]... .`..^..5...S..Xz<..4..M..|...G1..piN8....H..w..=.o[..+"...x\.|.....K.f/.hFf7.2.h.l..;9...+%.ti.9w7....I^....<XH=...q.?...3v.b.n..M8f8+Y+.j..^"....(.*....o......YJ..!...v......#a]9.......^Z..%.v.....9.y..7.O...]..iZ.......|..B.0.....3.Z......B.N..N.^7....9.t...m.<'..8.v...!{....2w..W....~.%U.]..sz.......oi...O.Us.}c.....|#....t.E....P......>.{.w...=.k`nw6.../x......m.Z......-R...h?7[..H^.x.........~.%{|..6...Y.N...9d..]{....8..o+.%u,.G%....(._../:;j.X..D#|q.....{..JV.......{.+....].ms[.*v....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SurfaceHome_Lg_Pivot_Icon_inactive_1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1528

Entropy (8bit): 7.612429255190347

Encrypted: false

MD5: 1BB007C6E521ABA8F8F577D72884AA4F

SHA1: 55D1F06C5C8B914AD5CD9F13767030FF8AB33ED3

SHA-256: F2E763DECDC13F93A25BED7C16B6A2D3E563AC0FD11A0904EF1CEA00852C8630

SHA-512: 4C27335F2D54B161EBD9084A64F4B0D5C07335A56998D1FFF1BFD7A5702211F63B4683E8057DFB05B5D233970E9E7055D1DD0FC2C3AEA160C510DABAB0618C9B

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3.................................................................!..1467QU.........23ATr.."#5BCFSabcstu.........................................................1..234QR.......!A.."Bar.Cq...............?....qg..J.G.z.$}.Ag@.....^.m.G..g........md..t...R...).5.......J.s.^.rX.....ux...-5...#N{..K.......oF......=...%....J..7..Mk.m........ux.....6.i.y{[email protected]|...n..Z...{.....=.!h.n...~+C......6.~.]|.e.8/5hhh..y.......D....r(...J4..N.......c.t9.j.#S..IA...V....;n..%U.....6\..-....kV..>........Y&.....k..*.Wjf..;V.!.O..`.D.am....0...c...>..!.p.nL...(.......t.6.?...>..qZ......g....y...6.D...#.lA.,a..h..e:.Y.I7.]c..V.j+5n.eI.....V.~.3.m{....o8.h..V........n6.h>.....2...5Vs ....Z.u.>b}.gZS-./Q.z\Y+\...:.l....._..]j..&...p^j.Ef...4.t....W!g).k...N.B.[..<.Q.6......W.DJ^;........![. 5..$.



Size (bytes): 1683

Entropy (8bit): 7.665429827685936

Encrypted: false

MD5: 77E8A7067F65F9DF4A403895503200A4

SHA1: 0116DA6CBBAFEF32DA7CF965DE39D1F6BD0F0D21

SHA-256: E330A17EC9E406716BEF2B2970FC00981EDE06A56F9C2DBB093B33D6A0115602

SHA-512: 81B598926B84431A2CF2AC054580A89BD80C081C7C12FA5BFC35C6640974368E5A2A2DE4284EE2850FCA72179378A5113F5148E905316FD1E39799FB81C8855C

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3................................................................!...127AQUaq."36.........4....5BCFSTb......................................................!14AQR........23aq...C...............?..N...w..c.....`.Y.#.GN;kW|....N.VV}./.].sjMr...FZ...).5....3.D..>%....T..J..<...5.....>%....T\.].'......F........Qr.tx.h..Z|....._L{,_.E...y..Mi.o$n.}1.~..*WG..5....G..........k.....}..UOwHY.......C......O.......<..Z..+.n....li...*YV\.n.b../....O).'....Je.#a...%..#.Z*J.]....!.....$f.--M0..S..nc...-..4.(6.J.^..X..`...N`.<..Q.%...*.G....#-i....-o.e\/.{..x.....u2....V.R.tT.o.85.y...UL...L..9)Y.9..Zr.I..(V..'.U.....e..k.Sk+.n.......}B......Y.m.XL.rb.....Ch.)n(.y..........wL80.0_w%.)......h.......>...*..)...h-...Ci!:D.j..V...!..Z0gw.S).I.C..s.........WZ....2S..y.OA.e...)C<..s...z<.h...M/{..2.Pc4.H...




Size (bytes): 1310

Entropy (8bit): 7.505236406518429

Encrypted: false

MD5: BBE5E8F43991AC64D86CEEAF96BD29B8

SHA1: 0AFF4DF1BC939F62F77A55753B924B2EA6E177FC

SHA-256: DDCEF53CCB6CE9D0410D56E48A72BEC88DF16A338C1238F95F3E03F458333BE9

SHA-512: C62B0FA113D49D7FA48C620C5D5A5832903BAE9614491B33CA94E221CF74179C3ABF516115C384377621E4FCB7BF62023BCC6E004947FA83B8051F270865E643

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3...................................................................!56....124Ta......qrst...ABEQRS.....................................................3...12AQq.....!4R..a....BCb............?...{om./......[."66.Lf..I'|.i....@>.K''..C.+&.gj......{._+...w...>..M.^.]..+...w|..........{.eqv.......7yz.wb.r.........s../_..Y.A...;._..~S...o...o.......{....+...J.I.x{?.v..4.{...M..'4..m....^.p4.....B.R.....9....e2Yx<....&...U...H..7.?.W.....%2.\[...%6..X4B..VARR...z.......R.....*..j...y)yG.l...2..Zt.......Zos.Qd.....I..5.:@.+B..3..k=.@/..t:.EI.S.......;.z..1<....cz....>..6.\K....+PEH54.............h.]j....[.wVb)KP..l..6..........qYh...1X|f..?xf.r.{.._.+..u(..v..I....~%..~w...:by.3.U.l..S..J.T..b9.E-.cy\.........Z..#`n.i..f..w.f...;[email protected]\.C.DT..=jLh.....*..nM.o.....F..c.Prc.....(QK.aO..



Size (bytes): 1048

Entropy (8bit): 7.240463979004769

Encrypted: false

MD5: EA7340E6BD3F8A7D13BC5A49D018CF2B

SHA1: A7EA5D991BAD740C869E78B9399BFD9A6A2E6F36

SHA-256: ADF8D6FD76D5A6ADEEA87ED62C245C9FFAB7F406F5215098EBDD0B2DE84E5737

SHA-512: C57DEA29371CCE446B97989E3D4A8CD4882F3F66B5EF1541D3A2A64118A7D27C5CEDA935BA46781A80128B6A5B706095666EDB826FAECAEB9F4EDB9CBDCAFE59

Malicious: false

Preview: ......JFIF......................................................................................................................................................3.3..................................................................!1A..."24QS........3Ra.$BDq....................................................!.A.".1............?...992...mvH...... .;.9.xS..M..<).1.3..r} ...9.O..7Fs....7l=.~.d.8\..U.8.G. .z.].S.....:..1..\.F{.P].I..\B.*..,.m.......V..}.d....ter..6}./..!.2......y.....a.Z..V.....'2..I..F\.N=.V>_.....e.......:>Q.y.I+.8..aQ..\v.*nm.;..z../d.7u.>..Yj][email protected]...".....F)-#x.>..mNL..b.4...0.`....X.+9'[.#gW....F..R.......H.16..J.r.}.c.......yD.....h..>..Q..l.:.|].s.z.B...[.=.". ...2.......N.'9?.S.....3.I*......).B.l: '.Fl.nf.h../....z..s.....,[email protected]'..Xq....9@k#7X..a)w[.8....2g...G..........>..>>...Giy...m.R25LIU.:........Vc..I.S.)...!..>R..i.....J..Cooe..Z{X........D.4....Bj.m..rt.....q8J.H....0.. .....r.>#..X..l.6.B.5....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\authorize[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 3784

Entropy (8bit): 5.90072383320781

Encrypted: false

MD5: D9A72DC4282FB8AE2754DF4C59EC8555

SHA1: B0EE77B1AE0C4455F869A053F70769D7CA92BDF2

SHA-256: C3948C1A3764BFB3A503341361A1F0BABBAD67265BF403C0227D36AA79D0AE97

SHA-512: 153301E46B9B0DC809968CF0A601FD91D394A138ADAB272A31DC73BBDD8F727F2F36C8CC5F73EC07F27ADA02955AC3EBA883A133BC7158B222B244D95EF01F26

Malicious: false

Preview: <html><head><title>Working...</title></head><body><form method="POST" name="hiddenform" action="https://www.microsoft.com/en-us/silentauth"><input type="hidden" name="error" value="login_required" /><input type="hidden" name="error_description" value="AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com)...Trace ID: 135f46b1-9ee1-4025-970f-f1c29d8c4e00..Correlation ID: bcadc053-b589-4b9a-b7e9-cfe6e88bc638..Timestamp: 2019-06-05 12:26:02Z" /><input type="hidden" name="state" value="OpenIdConnect.AuthenticationProperties=AAEAADfZrTrWsanBzilc9pZkkDOvboo8_wV4GM5lfyDxy7-j26GjjCVrahW018CY7hekmZlRSSY6n719ZRqWF-UFEy2ogWUYY_o7gtgnR-7wRfXBrqyosZXuGNyKSp3Kvy2sVX5vxNotYnOZq4-eN6KpHzTmF9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\b3-c67af8[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 13591

Entropy (8bit): 5.235764362480649

Encrypted: false

MD5: 2D7DFA1D55029429503D62340C7AF2D8

SHA1: 09463A41F0EEF15924329788E368E0D9FD853462

SHA-256: 7F7A226087BD79D5CE3839860441C5A8C9F475A69F84A17B207801EFCFE75D16

SHA-512: 32618564D1882B4372D941653AE30BC1539D16D095763EFFECD7356EA0825A480F0266E92FA944AA21216DA83317CB4B7B40B4BE254D2B19712E3272A7FF2D05

Malicious: false


Preview: define("genericVideoDialog",["dialog","componentFactory"],function(n,t){"use strict";function w(n,t,i){var r=new RegExp("([?&])"+t+"=.*?(&|$)","i"),u;return u=n.indexOf("?")===n.length-1?"":n.indexOf("?")!==-1?"&":"?",n.match(r)?n.replace(r,"$1"+t+"="+i+"$2"):n+u+t+"="+i}function b(n){var r=n.querySelector(p),t,i;r.removeAttribute("tabIndex");t=n.querySelector(y);i=n.querySelector(e);t.addEventListener("focus",function(){i.focus()})}function k(n){for(var i=[],t=n.parentNode.firstChild,r=n;t;t=t.nextSibling)t.nodeType===1&&t!==n&&t.nodeName!=="SCRIPT"&&t.nodeName!=="NOSCRIPT"&&t.nodeName!=="STYLE"&&i.push(t);return i}function o(n,t){if((n.type==="click"||n.type==="keydown"&&(n.keyCode===13||n.keyCode===32))&&(i=k(t),i&&i.length))for(var r=0;r<i.length;r++)i[r].setAttribute("data-js-controlledby","dialog")}function d(){r=document.querySelectorAll(h);Array.prototype.forEach.call(r,function(n,t){(function(){var u="owVideoDialogContainer-"+t,r=n.querySelector(f),i;r.id=u;i=n.querySelector(c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\b3-c67af8[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cartcount[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with CRLF line terminators

Size (bytes): 2931

Entropy (8bit): 4.515088399504564

Encrypted: false

MD5: 82168382EB4B8237D0DB2114FF745370

SHA1: E6AE23E8A2C79916432FD149CA814931E2315423

SHA-256: 8113C72B19FDDE652DD8E125BC88F896F3249BEB9E695C75C4E667EE448F2B88

SHA-512: 0F729D6623E3EA28AB0BBFD45D70D0FA936C020C6C6E4F480F768C2462F4F60FD67BB03B4681BDFE5101DA1C1AC35ACC5A36D7DCBE920EF8E04798A3405F0814

Malicious: false

Preview: ....<!DOCTYPE html>....<html>..<head>.. <title>title</title>..</head>..<body>.. <script>.. function getCartItemCountFromCookie() {.. var name = 'cartItemCount=';.. var allCookies = document.cookie.split(';');.. for (var i = 0; i < allCookies.length; i++) {.. var c = allCookies[i];.. while (c.charAt(0) === ' ') {.. c = c.substring(1);.. }.. if (c.indexOf(name) === 0) {.. return c.substring(name.length, c.length);.. }.. }.. return 0;.. }.... var count = getCartItemCountFromCookie();.. parent.postMessage('DR_Cart_Count=' + count, 'https://www.microsoft.com');.. parent.postMessage('DR_Cart_Count=' + count, 'https://support.microsoft.com');.. parent.postMessage('DR_Cart_Count=' + count, 'https://account.microsoft.com');.. </script>..</body>..</html>........<!DOCTYPE html>....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ccats[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

Size (bytes): 69345

Entropy (8bit): 5.298700221240144

Encrypted: false

MD5: 33E9CF38A9C803565FD3BB826D3257A5

SHA1: A0A655DF5AA331F8104647E1A0D0759F765FC5F0

SHA-256: D2B50AD5DAFFB48FF781A94266E26E284C2B752FEAEE53FD7E287C7E040AB1C3

SHA-512: EF301E556FF956E941D42CE8336CF4B5868B470F7CEA6E6C4A2FB8EBA2811EFF29A9BA3DD83915F7979089EA4E50F581C843A85F5AA8A79E0A63AC97FCDD1472

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - CCATS</title><meta name="Title" content="Microsoft Exporting - CCATS" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.16" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="te

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\contact[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 69339

Entropy (8bit): 5.299504743531708

Encrypted: false

MD5: 3B99473808F9DF1CABA7614893213DD2

SHA1: 7859E3F129E34FC73668246BAC3091248334EB17

SHA-256: AFF290C3C5B57E15A0501D96F91670E852998B7E766820CF429B60D4B59C41BA

SHA-512: DF0577C9FF632BEC917384BF019F1CB31F666AEC927A578404C9F914DACF9E8BBD92FCB27AB919B5CE24E9D87A31597FA2DF9E45296ED08E7E0A0E26454DEDAF

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - Contact</title><meta name="Title" content="Microsoft Exporting - Contact" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.21" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\e3-082b89[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators


Entropy (8bit): 5.229160903502225

Encrypted: false


MD5: 690F308362F1791C5B9CB51970939A4E

SHA1: B7DCFD930BD3112B65AC18F42BA97CEC06C9EE9B

SHA-256: A9ABF95ED8994AC44392AA9B402BCD15577C34EC90967FE162718D83EAF58B5B

SHA-512: 545C6B7AFCA56736D1CBAA16D842CDE2A8F120867646C86647C8E3ECAA0782E9A4C775E0AC05DE45AE4B810E2D362FE502CD215EF6509DAC1F9C4F00A448BFBF

Malicious: false

Preview: var __extends;define("actionToggleTelemetryHelper",["require","exports","actionToggle","componentFactory","coreUIConstants"],function(n,t,i,r,u){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var f=function(){function n(n){var t=this;(this.element=n,this.onActionToggled=function(){setTimeout(function(){t.updateTelemetryDataAttribute()},0)},n)&&r.ComponentFactory.create([{component:i.ActionToggle,elements:[n],callback:function(n){n&&n.length===1&&(n[0].subscribe(t),t.actionToggle=n[0])}}])}return n.prototype.updateTelemetryDataAttribute=function(){var n=JSON.parse(this.element.getAttribute(u.CoreUIConstants.TelemetryDataAttributeKey)||"{}");n.cN&&(n.cN=this.actionToggle.isToggled()?this.element.getAttribute(u.CoreUIConstants.DataToggledLabelAttributeKey)||n.cN:this.element.getAttribute(u.CoreUIConstants.DataDefaultLabelAttributeKey)||n.cN,this.element.setAttribute(u.CoreUIConstants.TelemetryDataAttributeKey,JSON.stringify(n)))},n}();t.ActionToggleTelemetryHelper=f});requi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\e3-082b89[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\exporting[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 72722

Entropy (8bit): 5.318378325873037

Encrypted: false

MD5: 789DE023846F05E8FBB71FD75892A0FD

SHA1: 1D313C91B9EC41E8A79A654131B6ADABE3EB4201

SHA-256: C2A45ECCDA3E63D3B679EF8EC22295BC4A0DC1F2759C3C7B90413B4A0EA9B025

SHA-512: 902C1FB293625B69827FF29D9E5172A30CE2F52DC2D2EA1095FDF972B5F469149C748327C68C694202FE537355DE11AC62BE02D5BF4411433B17B00159AE6D4C

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Microsoft Exporting - Home</title><meta name="Title" content="Microsoft Exporting - Home" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.1" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="text/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\facebook[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced

Size (bytes): 265

Entropy (8bit): 6.681697500155679

Encrypted: false

MD5: 352637E02A377A29073AA9F65B1FBA22

SHA1: E5E2B07F777F47DCF158120B11D0B6BDEB0BC878

SHA-256: C77873C0C4A8499BA493832E950D41CBAEE43020D5C99D702A1E9DEBBAF0DB32

SHA-512: DFDF4B94AC252B67E6D255C708505845AD427CEC4155D4C2796B84AC49658D6D140CC3744A5BA7A2F4F7AE989EC89D1F13271AAAC44ADF15D8553F45BBF4470A

Malicious: false

Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bt.].@[email protected]:>PKYN.Y.9n5u,...m..a.dG..6..C...].O.=..V....D.>8.)0z1.)[email protected]...(..........0.^..J.8x.......W......-.G-..`[email protected]`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\faq[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 84733

Entropy (8bit): 5.360066612036354

Encrypted: false

MD5: D7D57337549C154E5BBE8F0CB9CC87AC

SHA1: 95DD7C071BC6624D1CF8EFD79CACFAC475E9B7A5

SHA-256: A5C5865AFAB6FEC35A49556A5B26EEC51891968DDAD3238FB7C537A633467C27

SHA-512: 2295DB96964027EFC240DADCC21890DAF27815B2EC60C1792F573CE91F6D84A95C24DE336E52C8694379B3E4ECDB5846C2E26E653250FC807E5F6F64AF09E880

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>FAQ</title><meta name="Title" content="FAQ" /><meta name="CorrelationVector" content="zZ2casvQukWbZ+c3.18" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e9-4413b1/4e-bb306d/a9-963a11/10-aee09b/51-465167/1d-9730ee/34-521645/51-6d3a1e?ver=2.0" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-uhf-eus.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="screen" /><link rel="stylesheet" type="text/css" href="https://c.s-microsoft.com/en-us/CM

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


File Type: MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors

Size (bytes): 17174

Entropy (8bit): 2.9129715116732746

Encrypted: false

MD5: 12E3DAC858061D088023B2BD48E2FA96

SHA1: E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5

SHA-256: 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

SHA-512: C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01

Malicious: false

Preview: ..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[2].ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\instagram[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 431

Entropy (8bit): 7.099817516184939

Encrypted: false

MD5: 95FD424420005BCBF324E0219845C132

SHA1: E5F797BC388729F32AFDD7F424487450984B2F25

SHA-256: 97E35ACCD166FFA4D0B84862E2F8C2C36B5B8433D7A20AF382DEE3F104087E77

SHA-512: 1196131B170E7B689BB19C96CB81F4C74830D41B629BEB3957094D4942195D11331B71299A7D80E24549A72308EC0ABBA781DC5349B3B7EA2C44BF8DB1A1AC08

Malicious: false

Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<...QIDATx.b4..d.%`b.1..`.-`....).s..b'...~./.....> .t .j.j$...^[email protected] [email protected].([email protected];Z..r."..3..H...G...k....'[email protected]...,|[email protected]........@)..Js20&b*[email protected]'.....hTNE.....W,..'X..M....!...F.(...`.GF.T...-.Q.(..........e.\....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\launch-EN7506e353034849faa4a18bc4c20e727c.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.215438438741596

Encrypted: false

MD5: B05B2EB1C0DD9E568F52F23F4FF2DD73

SHA1: AD894611A6149FCE4BBE88FA694885AF0DD4079A

SHA-256: 51C9B8C80C43AC2020D27A869C64138CDEEF7DA42D1B11DBBDC8257A5787EEA7

SHA-512: 5D6F88C68894FBA20C5802F9E423F25AA5C42DA88E55D13D91B48D6A82DB595E824F7EC4B24E1CE46A2565B5A726985D17468DBACF625ECDBDF41579E026C820

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.js`..window._satellite=window._satellite||{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2019-05-30T12:17:19Z",environment:"production",turbineBuildDate:"2019-04-16T19:21:56Z",turbineVersion:"25.4.1"},dataElements:{"JSLL RedTiger":{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return 0<$("#primaryArea[data-m]").length&&awa.isInitialized}}},MSCC_Consent:{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return!("undefined"!=typeof window.mscc&&"function"==typeof window.mscc.hasConsent&&!window.mscc.hasConsent())}}},"Surface - All Pages":{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return!(!location.pathname.match(/\/..\-..\/surface\/?/gi)||location.pathname.match(/\/..\-..\/surface\/business\/?/gi))}}},"Surface - EN-US Pages":{modulePath:"core/src/lib/dataElements/cu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\meBoot.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with CRLF, LF line terminators


Entropy (8bit): 5.511650731816798

Encrypted: false

MD5: E864B3D8073AED0ABAA46E8040C72A60

SHA1: AEF6F631C551E5F6C9A46B945529B30FE641EF8D

SHA-256: 3276074AC4617881105E6A86A63A3EF72DCE1A9531A8B4E4D0D48DF6FDB951E1

SHA-512: A3FB863F6CB77FCD6C29296B185A7C8C577EA307484EBF86E1CD879A98CABF0B086E4B98D044E9D9115E4E9CCD97E5B0005DD04A55514058F0D2540C0AED5A0D

Malicious: false

Preview: MeControlDefine("meBoot",["exports","@mecontrol/web-inline"],function(t,A){"use strict";var s=function(){},i={},u=[],p=[];function w(t,e){var n,r,o,i,a=p;for(i=arguments.length;2<i--;)u.push(arguments[i]);for(e&&null!=e.children&&(u.length||u.push(e.children),delete e.children);u.length;)if((r=u.pop())&&void 0!==r.pop)for(i=r.length;i--;)u.push(r[i]);else"boolean"==typeof r&&(r=null),(o="function"!=typeof t)&&(null==r?r="":"number"==typeof r?r=String(r):"string"!=typeof r&&(o=!1)),o&&n?a[a.length-1]+=r:a===p?a=[r]:a.push(r),n=o;var c=new s;return c.nodeName=t,c.children=a,c.attributes=null==e?void 0:e,c.key=null==e?void 0:e.key,c}function T(t,e){for(var n in e)t[n]=e[n];return t}function d(t,e){null!=t&&("function"==typeof t?t(e):t.current=e)}var e="function"==typeof Promise?Promise.resolve().then.bind(Promise.resolve()):setTimeout;var f=/acit|ex(?:s|g|n|p|$)|rph|ows|mnc|ntw|ine[ch]|zoo|^ord/i,n=[];function a(t){!t._dirty&&(t._dirty=!0)&&1==n.push(t)&&e(r)}function r(){for(var t;t=n.po


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\me[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines, with no line terminators

Size (bytes): 28317

Entropy (8bit): 5.418253807010367

Encrypted: false

MD5: 6D38808DEA4E26273DE027DE6F6C0A25

SHA1: 6404D7382E111FA2EDDDE2E698CADF65E3E1B62D

SHA-256: C299D3134139DEDDFFCF1AF81001BD004601C2B97F13A6F5671E6D69B3F0E0A3

SHA-512: 8AD1FC71AC0D974265D4572D512F1AA1529CF6190562CC7B0E837C4173126F9A87C87C62B6D78B0C0E740BC5D144080FF22B4AEA57EA68E0B6EA10C10E31FA9E

Malicious: false

Preview: <!DOCTYPE html> ServerInfo: BL2IDSLGN1C026 2019.05.14.21.17.17 Live1 Unknown LocVer:0 --> PreprocessInfo: azbldrun:CY1AZRBLD68VM1, 2019-05-25T09:36:31.8893825-07:00 - Version: 16,0,28215,2 --> RequestLCID: 1033, Market:EN-US, PrefCountry: US, LangLCID: 1033, LangISO: EN --><html dir="ltr" lang="EN-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><base href="https://login.live.com/pp1600/"/><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033&uaid=e28e1d0477584310bf4d48c8c32c060e"/>Microsoft account requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Windows Live ID</title><meta name="robots" content="none" /><meta name="PageID" content=""/><meta name="SiteID" content="38936"/><meta name="ReqLC" co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mwf-auto-init-main.var.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines


Entropy (8bit): 5.169381678188456

Encrypted: false

MD5: BFCD48223E39F7A846413DD5814365E9

SHA1: 13DDB26618D203607C9B12D0D0D80F03ECB71362

SHA-256: 5E484A06AE85C5A599A6511224405A773FB3AF3D9D6600AF8F5A1B4A2C39504F

SHA-512: FD66AA707E23432C48C5709CD75C2235850884F198B339EEA8238395A0B875ED7890AA2A04DFDF82E46C152CA7ECE88EA2B4C64C978C94BF84E274BF47A049B7

Malicious: false

Preview: /*! modernizr 3.3.1 (Custom Build) | MIT *. * https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses !*/.!function(e,t,n){function r(e,t){return typeof e===t}function a(){var e,t,n,a,o,c,l;for(var u in s)if(s.hasOwnProperty(u)){if(e=[],t=s[u],t.name&&(e.push(t.name.toLowerCase()),t.options&&t.options.aliases&&t.options.aliases.length))for(n=0;n<t.options.aliases.length;n++)e.push(t.options.aliases[n].toLowerCase());for(a=r(t.fn,"function")?t.fn():t.fn,o=0;o<e.length;o++)c=e[o],l=c.split("."),1===l.length?Modernizr[l[0]]=a:(!Modernizr[l[0]]||Modernizr[l[0]]instanceof Boolean||(Modernizr[l[0]]=new Boolean(Modernizr[l[0]])),Modernizr[l[0]][l[1]]=a),i.push((a?"":"no-")+l.join("-"))}}function o(e){var t=l.className,n=Modernizr._config.classPrefix||"";if(u&&(t=t.baseVal),Modernizr._config.enableJSClass){var r=new RegExp("(^|\\s)"+n+"no-js(\\s|$)");t=t.replace(r,"$1"+n+"js$2")}Modernizr._config.enableClasses&&(t+=" "+n+e.join(" "+n),u?l.className.baseVal=t:l.className=t)}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mwf-west-european-default.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.221740865051638

Encrypted: false

MD5: 5582719A793D8D70C369645A28698466

SHA1: F4B2D75F1E55D65CF87DFB3E2A856A7C2D917A45

SHA-256: 301A9A7613FB8A2F5D5A12D5B23949E2B52849402A87FFE4D33DFBD7774C61ED

SHA-512: AF00AC2F81D371BEC64E580005AB0BF57A0AA5F21E534BBC47A837069CB22B66A43A677F0B0188AB1946AF0AB6BDF4B4176329D40B35545E91D65C9E23F29FEB

Malicious: false

Preview: @charset "UTF-8";/*! @ms-mwf/mwf - v1.23.1+5118857 | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css *

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\override[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 1531

Entropy (8bit): 4.797455242405607

Encrypted: false

MD5: A570448F8E33150F5737B9A57B6D889A

SHA1: 860949A95B7598B394AA255FE06F530C3DA24E4E

SHA-256: 0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248

SHA-512: 217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC

Malicious: false


Preview: a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\override[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.16996133505699

Encrypted: false

MD5: A93C9C69321164A3911DB41440CC4608

SHA1: 653E2C3EF944D81C5320A04D581D3BF43F96586D

SHA-256: BF3C7E7D59318769F0C327D85D681CF017B87958612087CCB718B40FA1DD8DB6

SHA-512: 866467D4FC454EFEF7061D1199B84428FE8DA48804D8E81D0D49C11046ECE2C824849E4FCC192972272C990E83CF2F1DAEDE7E5B57D6E3D0F18ED2BD52BC5FC1

Malicious: false

Preview: define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions","pageBehaviors"],function(n,t,i,r,u,f){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var e=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;r<u.length;r++){if(i=u[r],!i.c&&!i.component)throw"factoryInput should has either component or c to tell the factory what component to create.Eg.ComponentFactory.create([{ c: Carousel] or ComponentFactory.create([component: Carousel]))";n.createComponent(i.component||i.c,i)}},n.createComponent=function(t,r){if(t){var o=r&&r.eventToBind?r.eventToBind:"",f=r&&r.selector?r.selector:t.selector,s=r&&r.context?r.context:null,u=[],e=function(n,f,e){var a,c,l,o,h;for(a=r.elements?r.elements:f?i.selectElementsT(f,s):[document.body],c=0,l=a;c<l.length;c++)o=l[c],o?(o.mwfInstances||(o.mwfInstances={}),o.mwfInstances[n]?u.push(o.mwfInstances[n]):(h=new t(o,e),(!h.isObserving||h.isObserving())&&(o.mwfInstances[n]=h,u.push(h)))):cons

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.149399979663423

Encrypted: false

MD5: 2761544029B0B80C2555F654395380D1

SHA1: FA4D906727B0961473B3D615F397BDFF5BCE23F6

SHA-256: 678F8FB58828BB4759E53AB062757E45C06975C17B3FEEE5E47D958C9F99EF26

SHA-512: B3575AFEFE17D684DAB8C32F39FA8BEDCBAA7565F791CD274D5924082C369AC9EE084ECDCFD04D35347A7012037F6D288AF6E10752DF9D2E9900B938E663EBAB

Malicious: false

Preview: define("componentFactory",["require","exports","htmlExtensions","utility","stringExtensions","pageBehaviors"],function(n,t,i,r,u,f){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var e=function(){function n(){}return n.create=function(t){for(var i,r=0,u=t;r<u.length;r++){if(i=u[r],!i.c&&!i.component)throw"factoryInput should has either component or c to tell the factory what component to create.Eg.ComponentFactory.create([{ c: Carousel] or ComponentFactory.create([component: Carousel]))";n.createComponent(i.component||i.c,i)}},n.createComponent=function(t,r){if(t){var o=r&&r.eventToBind?r.eventToBind:"",f=r&&r.selector?r.selector:t.selector,s=r&&r.context?r.context:null,u=[],e=function(n,f,e){var a,c,l,o,h;for(a=r.elements?r.elements:f?i.selectElementsT(f,s):[document.body],c=0,l=a;c<l.length;c++)o=l[c],o?(o.mwfInstances||(o.mwfInstances={}),o.mwfInstances[n]?u.push(o.mwfInstances[n]):(h=new t(o,e),(!h.isObserving||h.isObserving())&&(o.mwfInstances[n]=h,u.push(h)))):cons

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.017391063443508

Encrypted: false

MD5: 308B68F8C0B3EA4A1069429AD62BF92F

SHA1: AC248CEC0493844568C8E9399DE4D4BB70F4D0AB

SHA-256: 3E4F3824E818392C5FF6FE988E0E5754AB91DEF3D3E9526CF5C2099D0907BFAA

SHA-512: E0FE77DEA17DF0A7D480E711F2D2E599D20F9BE6AB1B66AC25E3D9FD7581E773F84552A608E6E5B3C24F18731ECFBD128DBF3B48DFC63BEF3C0178552F13154F

Malicious: false

Preview: .theme-light a.c-hyperlink.normal:active,.theme-light a.c-hyperlink.normal:hover,.theme-light a.c-hyperlink.normal{font-weight:normal !important}.surface-margin-top-120px{margin-top:50px}.high-contrast-mode .surface-hero-pivot-multi-img :not(.f-disabled).c-pivot>ul>a.f-active:focus{background:transparent}.surface-margin-bottom-120px{margin-bottom:80px}.overflow-x-hidden{overflow-x:hidden}.en-sg .c-price{visibility:hidden !important;display:none}html[lang="ar-qa"]{direction:rtl}html[lang="ar-qa"] a.m-skip-to-main,a.m-skip-to-main:hover{left:0}.zh-cn .surface-j-panes [data-accprodbuyid=""].surface-bg-cta-blue{display:none}.INTL-bussiness-product-placement li{width:50% !important;float:none !important;margin:0 auto}.surface-margin-bottom-34px{margin-bottom:34px}.surface-margin-top-40px{margin-top:30px}.responsive-surface-margin-bottom-120px{margin-bottom:100px}.surface-margin-top-112px{margin-top:115px}.surface-margin-top-64px{margin-top:64px}.surface-margin-top-20px{margin-top:20px}.resp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\surface[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.364835555814847

Encrypted: false


MD5: AE4842671B7AC68ED1CD74DCDE6FFAD5

SHA1: 3E88741DA5C83B7C5129ECB3997FC9F074FABFD9

SHA-256: 0012B7CCF51962D7DDABE31E35BFF781355F63569A01491F2873B39098824FD4

SHA-512: A854B5A00DF36377AEDAFEFF4440F0D2694799EC3B106D50A833409B76A6390A355FF35338D372E0D015C56D3AEB646F0E400357CA8E26FB8C72DA3A60779C9B

Malicious: false

Preview: .<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" class="grunticon skrollr skrollr-desktop" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head> <meta content="width=device-width, initial-scale=1.0" name="viewport" />--> <mscom:conditional propertyexists="true" instancename="isCookieConsentRequired" customexpression="True::False">--> <script type="text/javascript" src="//www.microsoft.com/library/svy/min/pre_broker.js" async="true"></script>...<script type="text/javascript" src="//www.microsoft.com/library/svy/min/broker.js" async="true"></script>--> </mscom:conditional>--><meta charset="utf-8" /><meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible" /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0" /><link rel="shortcut icon" href="//www.microsoft.com/favicon.ico?v2" /><link rel="canonical" href="https://www.microsoft.com/en-us/surface"></link><

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\surface[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\twitter[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 532

Entropy (8bit): 7.480175935964278

Encrypted: false

MD5: B30436EB503A7EA8E77925F435DF4671

SHA1: 3313C5FDE8EC85B94547168B867EFEC0188F5987

SHA-256: 0AC4630B76827B89EBEA070A1BEB6E5175D280EADC76B67FA886CF6068368CA3

SHA-512: CE6B7F9D8860E146CD41802FBD30AE99F205D145CCA4BBECBAB446851165BEE8316FEAABD83826FB31CA97652E911BE4815ED542F33B5BFEAABDCF71BCEFCDC8

Malicious: false

Preview: .PNG........IHDR... ... ............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V=O.P......u`.A.q...eU......YW..q.UYHD.M.A.]:Xc4..X<.1....&..Ci.;..s.T./?bQF"[email protected]^....q.j...4F.C.....ik........".....r>.V..^}.H.u....g2...\t7....p.5.C...?..8.......IW...j.x._Ay-S)....bi...B..c.Yk@[email protected]#...*9U.y.to%.m.u.2....Kp.;[email protected]%.~.....Cq.#W4J0.xP..R.+1..kdPm.kw...n.+B..d..J!.p....5..T..84..$..3..O5...m.SHmz..\.ULX._.q....r...f.....h8..g.4...0..|.o$..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wdg-global.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 5805

Entropy (8bit): 5.278923653755367

Encrypted: false

MD5: EF4613E3C20BFE5E3F07B49BD0B66C1E

SHA1: EDE2835F716750EDC0245E2AF061732427F5A8ED

SHA-256: 3DC7C03D651B5E29363C365C3B83B83A508865A194639070A20ABD863FBBC054

SHA-512: D8D6F060B4FCB2C781C8574BE01368BB8F25C314098BEF844859452DF88B77C9E7D088F190F111135F44C80F82F47F9AF4822240FEDEDD4F040F991CAE20EDC6

Malicious: false

Preview: (function(n,t,i){"use strict";./*!. * Some of the plugins here are extracted from WET. Details below.. * Web Experience Toolkit (WET) / Bo.te . outils de l'exp.rience Web (BOEW). * wet-boew.github.io/wet-boew/License-en.html / wet-boew.github.io/wet-boew/Licence-fr.html. * v4.0.25-development - 2017-05-04 . */.var r=t.wdg||{};r.doc=n(i);r.win=n(t);r.html=n("html");r.siteMuseCtaSelector=".mscom-link.c-call-to-action";r.modules=r.modules||{};r.jqEscape=function(n){return n.replace(/([;&,\.\+\*\~':"\\\!\^\/#$%@\[\]=>\|])/g,"\\$1")};r.modules.refactorSitemuseCtas=function(){n(r.siteMuseCtaSelector).contents().wrap("<span/>")};r.modules.setPrefooterDrawerInMobile=function(){n("#prefooterDrawer").click(function(){var t=n("#prefooterNav");n(this).attr("aria-expanded",!t.is(":visible"));n("#prefooterNav").slideToggle()})};r.modules.noCookieYTVideosWithConsent=function(){t.mscc&&(mscc.hasConsent()||n('iframe[src*="youtube.com"], [data-source*="youtube.com"], [data-youtube*="youtube.com"]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\www-widgetapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Size (bytes): 21508

Entropy (8bit): 5.390603690512765

Encrypted: false

MD5: 8E730C4C5E68A9093C61F5FCCF33301F

SHA1: F1289F4259CE4C63DBA5D5E6E643CCC43B83DD51

SHA-256: 7D18FEFDD7A913BEACBD1949D36A1A5BB37337AE973E0F55B1CE3B6545BE7B3D

SHA-512: 43F68825D79163DDD885F8F10C93A82567F8DE0AA70B543797229C00003F763773946224D0F40BB8C1AF179785BCCCE4BB3F3B557C6D8CF80DA696F7D68760D3

Malicious: false

Preview: (function(){var k,l=this||self;function m(a){return"string"==typeof a}.function n(a){a=a.split(".");for(var b=l,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}.function aa(){}.function q(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";.else if("function"==b&&"undefined"==typeof a.call)return"object";return b}.function t(a){var b=typeof a;return"object"==b&&null!=a||"function"==b}.var v="closure_uid_"+(1E9*Math.random()>>>0),ba=0;function ca(a,b,c){return a.call.apply(a.bind,arguments)}.function ea(a,b,c)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Office[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 60172

Entropy (8bit): 7.97093929116208

Encrypted: false

MD5: B5A82A9EC7CFDE4CE8129DE209683249

SHA1: 02F6682E957AD78364CA44FD762BA3FDD0F112E0

SHA-256: 1A50E420EF9C0A8D7F38AA0C7F148CFA18E4ADDC79AF1E5EF99AA3511ECDFD66

SHA-512: F6A001F8911975AAAEFFCFED295109AB97C38E3226672708FD3ADD75162A02BB5CE9A5C839EC6D5CB2BECE78978B70B480EF6885C3A0663C999B173CDA6643A1

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!.1A..Q".a2B..q.R#.....b3...rC.S$.%....csD..4..Tdt&......................1.!AQ.aq.."2......RBb..#3r.................?..].=....q@B.......(.P...P..+.".To%.....lXc+9....&$v3N..O...E.R.,.S.n.........11#$...%..?..S...I..TU..in<..x..N.)`.]...'..u..&.;tu...i..;_.......W.o....{{._..=..>.....r...}...^.N.\O..|.~_....9........./...Y..;...K5...>.k.......v..5....|}?..w...6..>..y.d...`\..I..Z.....\<:..G.{..~}..........&^l....9...9...M^^]x..mq.r...y..;^.W...a.w.z.xr.r..Ek.:j......5......|.......o....\..G........~.`..|y}X0.L4>..+.d#.S......i.k....>.q..^^..w..=...?....K.....p..W.l............'.0...^....iq..Z...].EW...`.f.~.[..Q....`..(.(.I\[email protected].$i.65...Hu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Office[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Outlook[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 53126

Entropy (8bit): 7.968954529542709

Encrypted: false

MD5: 034B175B6F489DA3D3FD640AA0DB1A8E

SHA1: 572AD24E813A0660B73474F2CA73FA1B8548FFE1

SHA-256: D1CE2260FEB6B0A608EB0F346637DE2B2D5DA0ECDE5A05D5479ACF3D0CE155D5

SHA-512: BF9CD7FC38F424DAAF8956DC10B9EF2629A14D8DD277A8D04421326FD38F3D644E1EFB1ADCD5A9C8705200CB67BA4F5569E955F5E716DF03A1420283C192DCA7

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d..............................................................................................................................................................................................................................................!1.AQ..aq."2...BR....br.#...3S$..Cs.4...c.d%..DT..E&'..t5........................!1AQ...a.q..".2B...#..R3.............?..:.gT>..._..N...x..._..;[email protected]..!c}DW......b+...{..T....<....;1.-,.......?a.......=1....dy..,........I..J...m..)..|...p..&.c..$...B....:..\.z.!z...x.7?......Q.5S.....7.....T.F.-^.~....C........7.....2.I4.>.^.}}.yc.~P....e.)..M..w.......W').dXUG..f.(.u5.!.i..U........P.....7O.Y....9...v..a.}...d.6s...jE..*.u.7$...X.)...Q.....4a27lb...I................9..a..9.Ev...c..O..O......y..Z..2...X.....z.~ns....Iz..w..t..;......-I.......YO,2f.v...F7IJ..!.~]..;~.<.c.X..[...d\_6....pp....}L...........q...Y.Jy.:.&.O4.....O..G,r...j=?jc.X...3.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel5_carouel_Photos[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 61487

Entropy (8bit): 7.939342204672186

Encrypted: false

MD5: 833BA615184F36724DF03B92C71D3D08

SHA1: 4197FA5E11AF725D1C7754E989F8BC0416512F2E

SHA-256: 49A57EAB4C903CA224AF89385C1AE639CC18A086C749CA0621F5AAE97BC684CE

SHA-512: AC774321027B820B87DB6A8A810DB4D5A9A1E22826D19242F833A14F3E8A46B015DEC914B1DE3A6DB7E99A928F63BAF8EA023949317E36D063AED6241A27508C

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d............................................................................................................................................................................................................................................!1..AQaq.."...2..BRbr.#3...C....Scs$.4D....%..TE..t.5&........................!1A..Qaq......"2....BRb....r.#3...S............?..R...`@[email protected]..`...8L..`.J.<J.........$K.....f.....'......V.=V...3........l..Vd..C".u_*&>$....O.8.q.L..3)..uEO8..x..|..Idf...(. ..q(uQJ.bz".h.}X.L....rt:O!( ..W8..,.1...t.4.ZNb3|h.v......Z...Q....N.h.N/Q.......+U.M.R...t...O):......^..&A.,[email protected].>.<.._C.8&..C.....Z`.......@...^\[email protected]`...6...`Q...h..D.. ...m....6..h..OD..`A...S..L..`...6..Z`...6.....S.1L..0.i.....$.([email protected]....=..L...H..S...q.'.8s......L44..G..l.\..2./.G.....#h.L..2..ufn,.....)dd..b..r..)..G8P....A#.b......%G....Q...>Y...KKW..zxAE

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_2in1_Background[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 14201

Entropy (8bit): 7.764786209076549

Encrypted: false

MD5: 2FB1DF5FDB1070A633C982405426A581

SHA1: B14F53BE0CBE321BCA98DF65470AC40732FEB783

SHA-256: 002955AD7EF9A372FF3BAC881B76C2B76092A9E47E3020C4C01B14F86AFEF32E

SHA-512: 3B12A2E85F61AC0C0FBAD6BFBCC1DF0E6F71778FE783579DCC5BB786FFF802B77241CF3D1E22EDDA0235F8DAF4CFF01F79F1B400EBA152E024B6038225D989A4

Malicious: false

Preview: ......JFIF..............................................................................................................................................................................................................% @...,...`..>.!*."X....`..` ...."X.X!.j.` ...K.......%B..`%[email protected], ....X.,....A.K. .....,".@'..b.......!*.%..H....P.d.!....K%.X.@.@.."....).. .".`..@.,.b.]. ....K"*!. @...{.. B$....."...,@@..".D......@.%.A.....D...BX.. ......TJ.X=.!!.....D\. . ... .....3d$...... ".$.D....!.X..B..D...BX$....K....d$!$..B.R.D...XB..%..$HDD#!...B ..B.!.!.H...."!".IrD"X.B...a.`...!"2D..B"! .....B."...!$.3rf.HDDA...K..2....a!..."DD..$f..Y.$"...!.!%..!"..f..C6$..2B........K.%.%.Dd.rD.D!..H".Z!!....!"$$d..Q,.B!.....DD.DD3d.H..."H."$."..3bu."D.I.6D..c&l.I.$DD..$.! ...22.2.H.HD......DD.DBD!'a$...$."."\..!.K.BH."".!!...$.....d$3d""Bf.$.$"A.v..d.$D......lD.C6D......B$.Y#2......f....Q%...BD!...DD.$.$f.""B.#6D....DId#.H.$..\..""!..D3bHD.I..I,I.A.,.....D...DBA.!.B2."#...j"..,I


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_2in1_Device[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19147

Entropy (8bit): 7.917957701734644

Encrypted: false

MD5: 49041E981A340E8A2279E8B2669742E8

SHA1: C0997B6F0A82F7A95B8DB7BD0A6D3C0678A87CF5

SHA-256: 6C8575713A3A16DC5B58FAA1B222011468FEE165DCF262C760D05576C348CD49

SHA-512: 76D1D553C5091F2FFC8FCEC8318C4C7FE1FA71717EABC4D179961B9F2D161969055AB2F7F4C7396AEF9D96108FF798877C5D564F4A88D0E7979FBCAB7A15329A

Malicious: false

Preview: ......JFIF........................................................................................................................................................^[email protected]..}..u..+,s..9.......4...s.....]m.....R.........h.G.w.}'#"wY)...l`........_.;.={:.m..d...&.......M|.....[.m.........C.dZb...G..^.....)NSm.....a.............}...svHm.K..+o....+..v..N.~....T..N.rr.....:37;x.#..l.......|....+d.'+.0...J.N.bP..,.{_...m....rs'&.K...6.q.......3...];.....m..6.(.....a......~u..Y9Jsrd.I.6.."..]..a.0^+......+e'c...?...r.Sc...]6mw1#.P.z>..7)9I.>...U~e..+l.v(....K....H.)I.I..?....p.]........8.}....,%`.9.....:..Q...F....q...].#.....?..zYo.\L.^j{..n..Z.m.M...9...rr...~z..fe.q.3...;Z....)f..../A.nCnm...."..mV.e..n...k.|..5n....P.f...........].L=..o...{..}.N......D..!...=..F.9.L......W....yX.]..~.../"M.)....=.c..v.L.?Nt...'...6..?..n.d..&6..[..j...t.........,.S..w.Elw.m64.k./...1...Ev...],....vF.o.y...4I...m~r..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_Budget_Hello[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 34891

Entropy (8bit): 7.968687375953092

Encrypted: false

MD5: 785A7D723B7959B98619803D7CBC9C0B

SHA1: 3574798E69B61F6B08311AD8720E5E2B6E270F38

SHA-256: 6A284754AC525C31305748C1D5965E5C1B5BB278CED048B2B98B2CDD563042FF

SHA-512: C20F4784AA6F39DF59535A0F7892CE561E961F34276FE40B06E741EABC24263CA7653288A4A5763D496D8D3DEA2F7C645075B7C805CB45B93B0154CB526083F0

Malicious: false

Preview: ......JFIF........................................................................................................................................................^....................................................-.<...S.O.....(....b.....C.$'.A.. Z.{[email protected]...(...IN.(....Rj..Iy....I..(..%..\.=.!..Y"MA.$..!.....^[email protected]..}0...-?9.W....F.4.2.4.L..Sc.Y.s.....x...f.L..'.<:..e.../.......#.m..S\...5.....W..${c.;.9aA|.D#3..F}....CbT......6.?.=c....j...e.\..._...W.R*.....zM..gf.A&......4..-o?....IT.kK..#1..5..7r..sG.il:g......5$.R.8..a..c.L..|..J.o..3r.....2.!..Q.a...Rcd..6.=......#.~..;.p....YWi.%.E62.:.Nt....\..>q>.c.wF..xM_.Uh.%>.....l..uG.|C.^..A5|..oGf_......p.kZ.6......C\..p..^....-K.{..B.W.....sE...M..K....O...e!..^....--.!...2g.1.&.h.....\d.......s.}8...^<..#Z.G.Q6............[V.y..y..l]+..?.....[.#.....1.c&...x.s<...+.5.{..o;.{/.k...@...%...\.1........NY..t.b....1.C.q...E.5........kcu.sr]#C.n[n?P..9zY.....Z....r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1399_Panel7_Mosaic4_backflip[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 25751

Entropy (8bit): 7.961999432224508

Encrypted: false

MD5: 1A7A41E6C4EA1FA44A0EC12610D60C59

SHA1: AF90D7020C1738B26304910E9CC0A5F4C639BCAC

SHA-256: 8B4FB9FFB47350D836D200D524CC64B8FC390E2CE5E27B0B518664A121A4779D

SHA-512: 1E890D0E13651B5D62F5DA71F1410A578CD33CF2AA44778434559FFAD96D17FB59F0AB538348350256B1295630FF2C553AC17BC8D22E74760DCBEF15A9E67A51

Malicious: false

Preview: ......Exif..II*.................Ducky.......<......Adobe.d...................................................................................................................................................^..........................................................................................!1.AQ".aq..2....BR#br..3....C$4...Sc..D.s&......................!1..AQ.aq.."...2R...B...#[email protected](.....P(...c.>[email protected].~...eT....gy..G..p.....n...j.*.6..........T.^.$...IN..Mz..}..+?'..G.<bm.6ju....\..+%.......q.....<.....I.G7y...K..i..../r...........aW".x[TR<l92...A....R`.T.'*.....6.,.k...A........'.!...........Y..M....n..^9..&...m<E.jA.."6]*...X.4..9U.T(..PM...L=....0.1...K.J.v...'.Ml....c6gn...,x....$.B FA.M.G..uy}...9........K.'f/.2.e.c.@...>...{."...\..%b...'......A^<.n....e....6.....i....8...."..U.....TXy.....`.......A4.......@..{..l....,.~i<+.R..^..nB.U....oYU...B.Pm6.....Y.x...i...6Pt."..{h.Z..y^.&.@.&.P(......(d.C(.i.(.jarX

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1920_Panel1_FullBleed_Win10_V2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 7.893186007733665

Encrypted: false

MD5: 4D39B8F7D1050032EA57E190F7B188E1

SHA1: F4AE4A1D0F3DA9B14BF5CCBD6F0D38D731387DCF

SHA-256: D83BB9374A60FF1490AA96A73575E53509F3C1856FA6EAB07E0FD41FBCC988DD

SHA-512: 94E2EE1DFBF887BFC13C7CE0D458F893F5C2FF59A533C680FD58F7D8C5F315B52984EBD4AD43901333ECA441BFC293A225BD9DC2943F70B8EEC0FCF08FC8462D

Malicious: false

Preview: ......JFIF.......................................................................................................................................................................................................................c..Y.xw{.d..+...%..(.i...+..Q)..E.Jd.r.n\s'w....+...{M.|....e..).....?.~.:[email protected].@F......<x...!.B..B..n..#..4......>.................)...W......K...".i*N.F..c|.NB.\...97....r9...1..;.e....m..N[r....+.M.....[.......c....-..p.!.[.mF........#..1.io..:>...P.............U.b.>.....Rn..wJ..I[.)"....)..eer.oY..o..os.{..r..#..v.kwy..]v............/..L.;......U.-.u...........y.7....F.#.Q..[..B.a....#n..1.:....~5G..............c..............4.K:.5R.....(.K..r7k.[.r.W..k...y}.A../<t...=.6.l..I....Z...p7c....x.fb..=..oi}....&k.]...<M...[kmz;.XD..h..c.q..[..[..B0..[.cKt.).".#...?O.~.@.......)o...1.W..0-..a.}.{]5...+Z.a*F.#:.YG..rw..E..|...s.......\..>...M....C}...".....t..../.i@-...}).?:y.l.k...|..6....,.W.>..>.R..6..F..n...[.n


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1920_Panel2_LinkNav_Learn_Win10[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 445

Entropy (8bit): 5.2124097142399695

Encrypted: false

MD5: 792C8C8348A6B6C9C4D0C5B3C4060960

SHA1: 8D9938AC1F2E8F0D0F7B1AC6D1864EB6570FACAF

SHA-256: 14FA7C030BDA8A06A548DB5427394C8B838B298189320EACC395E6D2A53D5FAA

SHA-512: B852CB7D335B6E96986315A565ECA925878E5EBB718EA1F9DD62E34630A6931F1D3F633D16715ED452DC7DE3E5834C5C65A38FE1F58C302AC1BC10240B7DCF57

Malicious: false

Preview: <svg enable-background="new 0 0 64 64" viewBox="0 0 64 64" xmlns="http://www.w3.org/2000/svg"><switch><foreignObject height="1" requiredExtensions="http://ns.adobe.com/AdobeIllustrator/10.0/" width="1"/><g><path d="m30.577 31.383h16.923v-14.883l-16.923 2.364z"/><path d="m29.373 31.383v-12.351l-12.873 1.8v10.551z"/><path d="m30.577 32.586v12.553l16.923 2.361v-14.914z"/><path d="m29.373 32.586h-12.873v10.589l12.873 1.796z"/></g></switch></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MWFMDL2[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 11480, version 0.0

Size (bytes): 11480

Entropy (8bit): 7.941998534530738

Encrypted: false

MD5: 5ED659CF5FC777935283BBC8AE7CC19A

SHA1: A0490A2C4ADDD69A146A3B86C56722F89904B2F6

SHA-256: 31B8037945123706CB78D80D4D762695DF8C0755E9F7412E9961953B375708AE

SHA-512: FCCBE358427808D44F5CDFCF1B0C5521C793716051A3777AAFDE84288FF531F3E68FBC2C2341BBFA7B495A31628EAB221A1F2BD3B0D2CC9DD7C1D3508FDE4A2F

Malicious: false

Preview: wOFF......,.......NH........................OS/2...X...H...`JZxhVDMX.............^.qcmap.............ph.cvt ...l... ...*....fpgm...........Y...gasp...|............glyf...... ...7.oV."head..'X...0...6.k..hhea..'........$....hmtx..'....v.....F.Eloca..(..........Y..maxp..).... ... ....name..) ..........b.post..,8....... .Q.wprep..,L........x...x.c`f..8.....u..1...4.f...$..........@ .............8.|...V...)00......x...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0|.>...O.g...E.2|....o.w...C.1..~..._.o..08........?..0$........x..AHTq.../..$mk...E#.L.<.X,..D..P..:T.$Y.x.*...!.u...!J..(.X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MeControl[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 16818

Entropy (8bit): 5.45589735864732

Encrypted: false

MD5: 41D0D2F3581D2DCE990DFF6A707C9FA7

SHA1: 695CD33AC9ED1EDD6AE072FC526B173F08BF19CA

SHA-256: 2412060D23A31CA6243B9DDE201A318D563E7067671D50F35A0EA6438BC781BD

SHA-512: CDBD6DBC5EE374899B95E58C369A334E4DCEBD9F0AC9238690337FABBD9D30B98FDC1986B0432411CAB2FCD8F1F83A8CBAB0AFB5D289D755E3817C157EE7E99B

Malicious: false

Preview: function _iY(a){return a?true:a==0||a==false||a==""}function _Du(a,b){return _iY(a)?a:b}function _Bd(a){return a instanceof Array}function _BD(a){return "function"._g2(typeof a,true)}function _E(a){return typeof a=="string"}function _BE(a){return _iY(a)&&_E(a)&&a!=""}function strOrDefault(a,b){return _BE(a)?a:b}function _A1(a){if(!_E(a))return "";if(a.lastIndexOf(".")<0)return "";return a.toLowerCase().substr(a.lastIndexOf(".")+1,a.length)}function _A0(a){return document.getElementById(a)}var $J={_dW:false,_b:function(c,a){var d=null;if("img"._g2(c)&&_iY(a)){var g=_A1(a.src);if("png"._g2(g,true)&&!$F._mK())c="span"}var b=d;if("input"._g2(c,true)&&_iY(a)&&(a.name||a.type)){if(!$ae._h._g2(a.type)){var f=document.createElement("div");f.innerHTML='<input type="'+(a.type?a.type:"")+'" name="'+(a.name?a.name:"")+'" />';b=f.firstChild}else try{var e="<"+c;if(a.type)e+=' type="'+a.type+'"';if(a.name)e+=' name="'+a.name+'"';e+=">";b=document.createElement(e)}catch(h){b=d}if(_iY(b)){a.type=d;a.n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Panel5_Quote_DigitalTrends_128x128[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 2444

Entropy (8bit): 7.530434813178274

Encrypted: false

MD5: DE69837FBC036DDFAF8D1A0885C68CB8

SHA1: 51142006DABB8A7E37EA3EC7441A7F9A8E4F98BC

SHA-256: 318E1D485FE3E176217443CA8A551E427BC7DD88A33A5D14EAED87FDEAB2BA93

SHA-512: FF45044861549B51691629CA7FAFCF953A014B453362635F216B1CB6B3B4E42988CBCB0F809A9657217895ADE7D208BDCC4640DBF91B0483D074D017D53CE4DC

Malicious: false

Preview: ......JFIF..............................................................................................................................................................................................................................>V.8..V'!...%..L.X.=..........1g.3..+.......................................................................@....$...3...~Z1..................................................................._.7.`..].c.1b.b.5..DYP:..K.................."............................`0TV.............../X....'qu...K.R..O.%.].P...Mj9..g....^...P.)K.Kj.U......G.}2_.>...o.%. .......h.J....O*.4...!x5~f.LV...9.).W..b.......5pJ..A.Q-uXC..(.7K.P+...f."e.O..q....(,.T.f.U..OK5E..zeW.;......2...)U..d....Mq>.....D.(Fc....x>..w.O....j+..}.....6.U..QU\.."3.uE...B.^...(...}......]/;.W/r!\\..=....-....7t...{[email protected]...^.$jqsP...9SV...&&{.J....d=.>....f..e.cd..s&.._Dvn..FL&4.I.+....d.... ..X..*G.;.$.......y..i.e.4vR...V{i.]....J.....0.f*M.=.n.MTv.A.m.'[email protected].


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC3b77403c2085488fb1858d5f0c936b33-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1470

Entropy (8bit): 5.4951745647840005

Encrypted: false

MD5: 43F2F8E303993A65F45A77FC9AB8D5C0

SHA1: C9D22B5B660711374F474AD260C5325DFB4BB038

SHA-256: 1D346D3BCB3840567CF1B0BD019F7A19711DAA5D6E6D438BA7C674A6D22F46A1

SHA-512: 2FE90184B5C73540AC316668B58C7F33E2D00BDA72E52F0B4F388E731D74B0B0E31F26F8EB17850A49E1C90A53CAAA08EF9796C09EEF597E3DE39ED7524421FA

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC3b77403c2085488fb1858d5f0c936b33-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC3b77403c2085488fb1858d5f0c936b33-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,n,i,o){if(n.loadJSLL=function(){var a,e,g={appId:\"surface\",version:\"4\",coreData:{env:t.getData(\"env\"),market:t.getData(\"langLoc\"),pageName:t.getData(\"gpn\"),pageType:t.getData(\"pageType\")}};(\"undefined\"!=typeof isUserSignedIn&&\"1\"===isUserSignedIn||o(\".msame_TxtTrunc.msame_Drop_active_name\").length)&&(g.isLoggedIn=!0),location.pathname.match(/\\/surface\\/business(|\\/.*)$/gi)&&(g.appId=\"surfaceforbusiness\"),g.prePageView=(a=t,e=i,function(){e.setMetaTag(\"awa-env\",a.getData(\"env\")),e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC49b4b5634b9e41ba953925198289cea1-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 4431

Entropy (8bit): 5.377615161167856

Encrypted: false

MD5: B9DE856CB849B3D1F5F67ED49AA50303

SHA1: 09FD81B6A2275C7765E338491265861A9795E8F1

SHA-256: 6EC13822D7AA9F249490799B0132403D6F26A3A9DCE0D49BFE2EB2D9CD9E5B9C

SHA-512: 44355CCAA7849EE4785DF00B97B423C7AD108678DD5955FAA785B01E6407DA11E4B56B3413CAB5FF9E6016D121148547A83606B79362C59ADF9DDA0DCAD29065

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC49b4b5634b9e41ba953925198289cea1-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC49b4b5634b9e41ba953925198289cea1-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(a,e,t){var i,s,r,c,n,d=location.pathname,o=\"MAIN\";d.match(/\\/surface\\/business\\/extended-service-warranty/i)?o=\"MAIN>DIV.cfb\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/overview/i)?o=\"MAIN>DIV.surfacecom\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/tech\\-specs/i)?o=\"MAIN>DIV.surfacecom\":d.match(/\\/surface\\/devices\\/surface\\-pro\\/for\\-business/i)?o=\"MAIN>DIV.pmp-devices\":d.match(/\\/surface\\/accessories\\/surface-dial/i)?o=\"MAIN>DIV#surface-accessories-dial\":d.match(/\\/surface\\/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC5f812135e64f48ad85ea100034bc60a2-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 6457

Entropy (8bit): 5.369944067975907

Encrypted: false

MD5: 1E9A525FE0C9CBABED65B7E71583A8B8

SHA1: 6AAC844E00207074931BC1F6B39358CADB40EC6B

SHA-256: A2D9B01D1E6AACE2FDA64B4CF7B2495E54742DD05F367C9DF45B472823DD2DDA

SHA-512: 6F44E9E3217825C599ACB6CFC761E1EF12949AB683955729F0AFCB7162B9EA22D27E66144E5E2B485593F31BF850391FE3A5BE5CD140774FAE03ECB0317C04F6

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL219dd0e92a374f9bbbfe40b6e97eea6a/RC5f812135e64f48ad85ea100034bc60a2-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL219dd0e92a374f9bbbfe40b6e97eea6a/RC5f812135e64f48ad85ea100034bc60a2-source.min.js', "null!==window.wdgtagging&&null!==window.wdgtagging.jsll&&function(t,e,w,f){window.location.pathname;var m=window.location.href;w.wdgVideoTagging=!1,w.videoTaggingInit=function(){var g=awa.ct.captureContentPageAction;w.wdgAttachedEvent={},w.wdgVideoName={},awa.ct.captureContentPageAction=function(o){if(239<o.behavior&&o.behavior<253&&240!=o.behavior&&250!=o.behavior&&251!=o.behavior);else if(253==o.behavior)g(o);else if(240==o.behavior){var i=o.contentTags.vidid,d=o.contentTags.vidnm,c=!1,r=f(\".c-video-player > .f-core-player\").find(\"video\");r.length&&r.each(function(t){

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC8e5087d112014ec3a21ceac680f229a1-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 5374

Entropy (8bit): 5.287027412761807

Encrypted: false

MD5: 9486087605D5510E36ED1BBE874AAACC

SHA1: B75000C16A3944A8303C6A0B2399F9B67237AE46

SHA-256: 5C5BA9AAE1A0664F1423C410FE35AF67C7CDDA634B7E9886C5EA61C8745E1C33

SHA-512: 25D0E8323E288872F601FC9DEF4F0B43D364D4014F124A2E02885D1D9399A6A598E2E458FF68D8BF5423A33520094BD157C64203F286CC1C62364F60FA4C805B

Malicious: false


Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC8e5087d112014ec3a21ceac680f229a1-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC8e5087d112014ec3a21ceac680f229a1-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(c,g){c.lineage={main_sel:\"MAIN\",zone_id:\"a3\",sec_custom_sel:\"\",grp_custom_sel:\"\",pnl_custom_sel:\"\",subpnl_custom_sel:\"\",exclude_sec_sel:\"\"},g.getLineageName=function(e,a){return e.attr(\"data-lineage-name\")||e.attr(\"data-productid\")||e.attr(\"data-vg\")||e.attr(\"id\")||a},g.setLineageSection=function(e,a,t){var i=\"r\"+t+a;e.attr(\"data-bi-id\",i),e.attr(\"data-bi-name\")||e.attr(\"data-bi-name\",e.attr(\"data-productid\")||e.attr(\"data-vg\")||e.attr(\"id\"));var n=\"DIV[data-grid*=col-12],DI

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC8e5087d112014ec3a21ceac680f229a1-source.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19076

Entropy (8bit): 5.178796777685234

Encrypted: false

MD5: C9A08127AD78238F60EA6625D151407C

SHA1: 47F9462BA21F84984854E342835181F6CDA164F1

SHA-256: 0048749A49313BBFE77EA8F7317F0AFB73ECE04CE42002FF7F19476BC1416E6E

SHA-512: 37E828921C2E28EE43293560D2B5F6E374DDA4C9BC8E0B10C23BF5FA7BCDDE84E9919170F51549197E84ACE8E5B61BD0B6E69F09A39E28386FB4EE2EA1A72987

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC9bd0a1317c6346bfb0410bd8e4533dcb-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min.js', "null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&function(t,n,s){window.location.hostname;var e,r,o,h=window.location.pathname;n.tagMSStoreBehavior=function(){return\"PARTNERREFERRAL\"},n.isMicrosoftStore=function(t){return t.attr(\"href\").match(/microsoftstore/i)||t.attr(\"href\").match(/microsoft\\.com/i)&&(t.attr(\"href\").match(/\\/store/i)||t.attr(\"href\").match(/\\/p\\//i))},n.tagChooseContentType=function(t){return 0<t.find(\"img\").length||0<t.find(\"picture\").length?\"image\":i(t,\"class\",\"glyph-play\")&&(t.find(\"span\").length<=0||i(t.find(\"span\"),\"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RCd1804cfaa2594ff19eeb29b448811a27-source.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 13117

Entropy (8bit): 5.298514236732393

Encrypted: false

MD5: 13A3125285CC1753E100AAFAE531512F

SHA1: 55F52751DB4F71D9726CDEC678ED2BA97FC4DE0F

SHA-256: 645895FE445925FE2799AF11F6681E67CEF6BB117271267C8AF5823152361FF2

SHA-512: 6D724C5FC1B38A456F3243ED481B6FF62F32D9AB0EACD5235B055B7168935F39FF3320497A13630C4462D995B02F1916217AD517B666B2DD9093D0E1CDEF4E6A

Malicious: false

Preview: // For license information, see `http://assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RCd1804cfaa2594ff19eeb29b448811a27-source.js`.._satellite.__registerScript('//assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4bb85135a8c64d4489512722d524cc5a/RCd1804cfaa2594ff19eeb29b448811a27-source.min.js', "window.location.pathname.match(/\\/help\\-me\\-choose\\/?/gi)&&null!=window.wdgtagging&&null!=window.wdgtagging.jsll&&(window.wdgtagging.data=window.wdgtagging.data||{},function(s,r,t,c){function a(t,a){c(t).attr({\"data-bi-scn\":\"hmc\",\"data-bi-fbid\":\"hmc\",\"data-bi-scnstp\":\"hmc-result\",\"data-bi-stpnum\":o.qseq.length+1,\"data-bi-field1\":\"fc:\"+a,\"data-bi-vtbm\":window.wdgtagging.data.sdata.vtbm+\";fc:\"+a,\"data-bi-sat\":\"fc:\"+a,\"data-bi-field2\":window.wdgtagging.data.sdata.vtbm+\";fc:\"+a})}function a(t,a){c(t).attr({\"data-bi-scn\":\"hmc\",\"data-bi-fbid

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2FHD0[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG-XR

Size (bytes): 3985

Entropy (8bit): 7.7473486299018255

Encrypted: false

MD5: E64CF23A05C1A621C782B982F24D42F0

SHA1: A8A99D86D917FF48869D870762547D93D0F80429

SHA-256: 1ECDF5B753A0C167FFF5708AB7D5DE0FAB638C209522F07C6F379C6E4BB1447B

SHA-512: 57E458950A4F09758D47D10111F3B065F27BE91D940CF7A322FCE0C40A109B5BEF71D25B3AB8FBA03325D24897876ED79779B6CE8933F67F95DBD508E7C23184

Malicious: false

Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B............................WMPHOTO..E.q....0...,8:B.. .......s............ ..........0.}....0....$@ .J.......D").B.1...`...V%...@,"3.... ...gy.5O.X...V....L.>P......P.!...$<KD1@.....!hea...a..A....!. ..u."U_.'.1.."....5....T.d...A..YhD.!.b....j.AJ,..*..#..G....D...E..8.1e%*.................................C....*Q4l[....#[email protected].. ..!..O.E.g..?.8F....+..o%C..0.FA.L.......}JI.C...................+I>...P$U,...B,[email protected]/.Aa'.8k.4...r?....e_.jmV-...rX..,`;.'*.,.cF..{.y..y...](6....0...................,,6..,[email protected]"Y.Ou..l@.?...p....FL..h...w..h.wl..5..]p...].."..i..1.....Rt.h....E..=.....'.."..#.d5....+......8........$.A....].L.}O.._..,..!.C...3.u%/..Sy..^..X..k..25....M^).n..A...."`(..G>....A_.<.......s..CA...=.....6.9.@.....~..#...._...f.....mpA9~......&.SW.U..-D.'Co^C..J?......B....Z........U...).U....V<..^.e.......j>d...=...'...># >.$....$.u..$..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2OVYl[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG-XR

Size (bytes): 5090

Entropy (8bit): 7.73036200353017


Encrypted: false

MD5: 469177BE5AC476D508D64632AF660900

SHA1: F90A67788C10587D033168B4B5C63FD2017B5CD0

SHA-256: F6308F3E69814AF2FD945FF079CBE2A3682290EC92732B8C4D3A4529C299BC82

SHA-512: 050DC0CAF2E348808FFF0E0B5A31283F5B7A23EE511286794B1C213E39E28FE9669508AC57C831233DCD3CFEC7AB3AD46C6DD86A9CFFD0BB4EFBD479F70FCAAA

Malicious: false

Preview: II.. ...$..o.N.K..=wv.....................................................................$..B........$..B....................\.......WMPHOTO..E.q....0..$$.BBL.DD....................0..@...".D......u....[m......oq%%.U..+7..r'W....eJRx..$a)_J..P.VW.....3.$....8....#.....`A^..X...q.k.....2..-.`.q...bp.g.d.:..ZZ.&..,}c.Ib.........g.`%......0..E...Pwu..p... .0..*P.0.V..IJ..`[email protected]........."'......................................qh...P....D...r....V..J.k.[lQ..4XE.....j}...... ...BL.I...H..)..&...... )....[........P....X....."r..E.......n0#.".....E.....E..Q...6.fb..U;.O.....|s.? [email protected]./.P....................}Q6.f..I..U.....g.}........4D*'B.=..k....3...obF.r.....-...,k..UT.U{.:./..Y.+..0._s....D4.@i0..........<..l..a......?..Y.X..4.I r..sh..V......!.....MWU......H[.....g.A...K..sb.Sj.I...9.M.j.7.8................H.!.D.$YOM1...B...y.e..$D.Na..X....Tr+........=...y........S.I.>...q{...-....V":.L........I!......a...W....-i..j

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RE2OVYl[1].wdp

Name IP Active Malicious Antivirus Detection Reputation

microsoftwindows.112.2o7.net 66.117.29.228 true false high

track4.pricespider.com 13.93.106.254 true false high

cs1227.wpc.alphacdn.net 192.229.221.185 true false high

blob.dm5prdstr12a.store.core.windows.net 52.239.151.138 true false high

logincdn.msauth.net unknown unknown false high

assets.adobedtm.com unknown unknown false high

assets.onestore.ms unknown unknown false high

ajax.aspnetcdn.com unknown unknown false high

mem.gfx.ms unknown unknown false high

statics-uhf-eus.akamaized.net unknown unknown false high

cdn.pricespider.com unknown unknown false high

track.pricespider.com unknown unknown false high

prod-video-cms-rt-microsoft-com.akamaized.net unknown unknown false high

products.office.com unknown unknown false high

windevicesminnofferprice.blob.core.windows.net unknown unknown false high

login.microsoftonline.com unknown unknown false high

amp.azure.net unknown unknown false high

img-prod-cms-rt-microsoft-com.akamaized.net unknown unknown false high

www.youtube.com unknown unknown false high

s.ytimg.com unknown unknown false high

Name Source Malicious Antivirus Detection Reputation

https://outlook.live.com/owa/ home[1].htm.10.dr false high

eus-streaming-video-rt-microsoft-com.akamaized.net/1c528897-c95c-442f-9949-770400a3e58d/4433f

RE2QTP2[1].htm1.10.dr false high

https://support.office.com/en-us/office-training-center?ms.officeurl=training

home[1].htm.10.dr false high

https://products.office.com/en-us/home home[1].htm.10.dr false high

https://products.office.com/en-us/sharepoint/collaboration


https://products.office.com/en-us/business/enterprise-productivity-tools


https://www.businessinsider.com/microsoft-surface-laptop-2-first-impressions-2018-10

surface[1].htm.10.dr false high

https://assets.onestore.ms RE2QTP2[1].htm0.10.dr false high

jqueryui.com jquery-ui.min[1].js.10.dr false high

https://products.office.com/en-us/business/office home[1].htm.10.dr false high

https://www.treasury.gov/resource-center/sanctions/Programs/pages/iran.aspx

faq[1].htm.10.dr false high

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2PeLK?ver=9a00&q=


https://products.office.com/en-us/word home[1].htm.10.dr false high

Domains and IPs

Contacted Domains

URLs from Memory and Binaries


eus-streaming-video-rt-microsoft-com.akamaized.net/0c8f5df4-474e-4573-9cb3-ffb987fd314d/4433f


https://products.office.com/en-us/microsoft-teams/group-chat-software


https://www.digitaltrends.com/headphone-reviews/microsoft-surface-headphones-review/


https://www.youtube.com www-widgetapi[1].js.10.dr false high

schema.org/ItemList surface[1].htm.10.dr false high

https://github.com/scottjehl/picturefill/blob/master/Authors.txt;mwf-auto-init-main.var.min[1].js.10.dr false high

https://products.office.com/en-us/business/small-business-solutions


eus-streaming-video-rt-microsoft-com.akamaized.net/3f0211f0-b3fe-4379-a1f1-12cb76beb982/4433f


https://www.treasury.gov/resource-center/sanctions/Programs/pages/cuba.aspx


prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE2QTP2-tscriptenus?ve


https://support.office.com/en-us/ home[1].htm.10.dr false high

https://products.office.com/en-us/business/enterprise-firstline-workers


assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PR4e32a38d34ab4d988165e03dcae0a0fd/BL4

RC31570345bb96413b898d9ee318090731-source.min[1].js.10.dr, RC49b4b5634b9e41ba953925198289cea1-source.min[1].js.10.dr, RC9bd0a1317c6346bfb0410bd8e4533dcb-source.min[1].js.10.dr, RC3b77403c2085488fb1858d5f0c936b33-source.min[1].js.10.dr, RCd1804cfaa2594ff19eeb29b448811a27-source.min[1].js.10.dr

false high

schema.org/VideoObject surface[1].htm.10.dr false high

prod-video-cms-rt-microsoft-com.akamaized.net/cms/api/am/videofiledata/RE2QTP2-enus?ver=04be


https://schema.org/Product surface[1].htm.10.dr false high

https://products.office.com/en-us/site-search home[1].htm.10.dr false high

https://microsoftwindows.112.2o7.net RE2QTP2[1].htm0.10.dr false high

github.com/requirejs/requirejs/LICENSE RE2QTP2[1].htm0.10.dr false high

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31


https://www.skype.com/en/ home[1].htm.10.dr false high

assets.adobedtm.com/launch-ENbb9d0de7cc374dc99259df2c4b823cef.js

launch-ENbb9d0de7cc374dc99259df2c4b823cef.min[1].js.10.dr

false high

https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimary


https://products.office.com/en-us/homeg/contact.aspx3D%2522devicesoftware%2522%2520Type%253D%2522htt

~DF9FC10B73CFDB0C7A.TMP.9.dr false high

travel.state.gov/travel/travel_1744.html faq[1].htm.10.dr false high

https://www.office.com/?auth=2 home[1].htm.10.dr false high

https://products.office.com/en-us/compare-all-microsoft-office-products


https://www.onenote.com/ home[1].htm.10.dr false high

github.com/requirejs/domReady RE2QTP2[1].htm0.10.dr false high

https://www.office.com/?auth=1 home[1].htm.10.dr false high

www.bis.doc.gov/policiesandregulations/index.htm#ear faq[1].htm.10.dr false high

https://www.xbox.com/en-us/games/xbox-one?xr=shellnav


https://products.office.com/officeproducts/onerf/signin?EEL=True


https://cdn.pricespider.com/1/ ps-widget[1].js.10.dr false high

www.youtube.com/ msapplication.xml7.9.dr false high

https://www.microsoft. {7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.dat.9.dr

false high

https://products.office.com/en-us/homeg/contact.aspxon.ico?v2


https://dell.com/microsoftdpa surface[1].htm.10.dr false high

github.com/aFarkas/lazysizes RE2QTP2[1].htm0.10.dr false high

https://schema.org/Organization home[1].htm.10.dr false high



schema.org/Organization surface[1].htm.10.dr, home[1].htm.10.dr false high

img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2QZ2T?ver=cb78


https://s.ytimg.com/yts/jsbin/www-widgetapi-vflWEkxrd/www-widgetapi.js

iframe_api[1].js.10.dr false high

https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016


www.bis.doc.gov/policiesandregulations/ear/740.pdf faq[1].htm.10.dr false high

https://swiftkey.com/images/misc/stores/app/en.png RE2QTP2[1].htm0.10.dr, home[1].htm.10.dr

false high

https://github.com/jquery/jquery-ui script[1].js1.10.dr false high

https://products.office.com/en-us/onenote/digital-note-taking-app


https://products.office.com/en-us/student/office-in-education


https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook


www.amazon.com/ msapplication.xml.9.dr false high

https://products.office.com/en-us/academic/compare-office-365-education-plans


www.bis.doc.gov/index.php/forms-documents/doc_download/1063-746.


www.twitter.com/ msapplication.xml5.9.dr false high

www.bis.doc.gov/index.php/policy-guidance/country-guidance/sanctioned-destinations/cuba


www.ecfr.gov/cgi-bin/text-idx?c=ecfr&sid=c5cc9a1c749a6f225283bdfa124431d0&rgn=div9&am

exporting-information[1].htm.10.dr false high

https://products.office.com/en-us/excel home[1].htm.10.dr false high

https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses

mwf-auto-init-main.var.min[1].js.10.dr false high

assets.adobedtm.com/COdb619ef0f3bc48f09d9a4c3a5e66564d/PRcdeba57016574fb6a5f7b7d85f26b1ee/BL2

RC54dd4417603a4f0aaf96451509bb7d4c-source.min[1].js.10.dr, RC5f812135e64f48ad85ea100034bc60a2-source.min[1].js.10.dr

false high

usetermassembly/dealbuilder_live/DealBuilderNET/dealbuilder.aspx

eula.rtf false Avira URL Cloud: safe low

https://templates.office.com/en-us/ home[1].htm.10.dr false high

github.com/requirejs/almond/LICENSE 18-d72213[1].js.10.dr false high

https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2


img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu

RE2QTP2[1].htm0.10.dr, home[1].htm.10.dr

false high

https://www.xbox.com/en-us/xbox-one-s?xr=shellnav home[1].htm.10.dr false high

www.apache.org/licenses/LICENSE-2.0 social[1].js.10.dr false high

assets.adobedtm.com/launch-EN7506e353034849faa4a18bc4c20e727c.js

launch-EN7506e353034849faa4a18bc4c20e727c.min[1].js.10.dr

false high

www.nytimes.com/ msapplication.xml3.9.dr false high

img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb

ec-ac126e[1].css.10.dr, ec-ac126e[1].css0.10.dr

false high

www.youtube.com iframe_api[1].js.10.dr false high

https://login.microsoftonline.com/common/oauth2/authorize?client_id=28b567f6-162c-4f54-99a0-6887f387


https://img-prod-cms-rt-microsoft-com.akamaized.net RE2QTP2[1].htm0.10.dr false high

https://scottjehl.github.io/picturefill/ mwf-auto-init-main.var.min[1].js.10.dr false high

https://products.office.com/en-us/microsoft-office-for-home-and-school-faq


https://products.office.com/en-us/homeg/contact.aspxotocol


https://products.offic {7FFF1C52-87D8-11E9-AADA-C25F135D3C65}.dat.9.dr

false high

https://mem.gfx.ms RE2QTP2[1].htm0.10.dr false high

https://products.office.com/en-us/onedrive-for-business/online-cloud-storage


https://products.office.com/en-us/powerpoint home[1].htm.10.dr false high

https://products.office.com/en-us/products home[1].htm.10.dr false high

https://onedrive.live.com/about/en-us/ home[1].htm.10.dr false high



Static File Info

GeneralFile type: Rich Text Format data, version 1, unknown character

set

Entropy (8bit): 5.1143113053725555

TrID: Rich Text Format (5005/1) 38.47%Rich Text Format (4004/1) 30.78%Java Script (2000/0) 15.37%Java Script embedded in Visual Basic Script (2000/0) 15.37%

File name: eula.rtf

File size: 132464

MD5: 7f56ce915dc6be782681464cc62a6588

SHA1: f1156381ee1c1a2737e45bea8640715b50e1ae40

SHA256: 5e499529aaa0f92ff57d67f6464f46cf5a04187807aa200419383431d2eed1f3

SHA512: ccf173242e5f0ba06c27ed9b24549d84ff2524d20b7f8b12cd3647e14bb2cb1f6c737a4106fa96380054ed0234a0245bfa68ce2fe7f95fa3b330c025c9f4e9c9

https://char.gd/blog/2018/microsoft-has-the-best-device-lineup-in-the-industry


www.wikipedia.com/ msapplication.xml6.9.dr false high

https://www.xbox.com/ home[1].htm.10.dr false high

https://www.xbox.com/en-us/xbox-one-x home[1].htm.10.dr false high

www.live.com/ msapplication.xml2.9.dr false high

https://mem.gfx.ms/meversion?partner=OfficeProducts&market=en-us&uhf=1

home[1].htm.10.dr false Avira URL Cloud: safe low


No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

192.229.221.185 United States 15133 unknown false



Contacted IPs

Public


SSDEEP: 768:Y0RYSkYuwBNl8cG/l9Em42UcuVZ0cw/yblG05ABjR7sJcQqLB31aiyaz3iw+f1RC:Xgunmc/U6m+UQV1yKOcX2rT

File Content Preview: {\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff37\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman{\*\falt Times New Roman};}{\f2\fmodern\fcharset0\

General

File Icon

Icon Hash: 74f4c4c6c1cac4d8

Network Port Distribution

Total Packets: 83

• 53 (DNS)

• 443 (HTTPS)

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

Jun 5, 2019 14:26:02.276792049 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.278306007 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.294260025 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.295365095 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.295888901 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.305494070 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.306267023 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.310319901 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.322768927 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.323929071 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.323954105 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.323967934 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.323982000 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.327696085 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.327878952 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.329221010 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.329252958 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.329266071 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.329276085 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.329286098 CEST 443 49734 192.229.221.185 192.168.2.5

Static RTF Info

TCP Packets


Jun 5, 2019 14:26:02.333861113 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.397047997 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.397789955 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.398206949 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.401416063 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.402370930 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.414616108 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.414635897 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.415386915 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.416687965 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.418584108 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.418622017 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.418634892 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.418715000 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.418732882 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.418744087 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.419107914 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.419125080 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.419394016 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.419615030 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.419671059 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.419857979 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.420212984 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.420670033 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:26:02.477875948 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:26:02.478629112 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:02.486568928 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:02.486721992 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:27:02.667172909 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:02.667217016 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:02.667268038 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:02.667588949 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:27:02.668333054 CEST 49734 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:27:02.685709000 CEST 443 49734 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:03.597865105 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:03.600095034 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:27:47.093641996 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:27:47.111104012 CEST 443 49733 192.229.221.185 192.168.2.5

Jun 5, 2019 14:27:47.111430883 CEST 49733 443 192.168.2.5 192.229.221.185

Jun 5, 2019 14:28:32.526714087 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.528181076 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.555948973 CEST 443 49776 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.557395935 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.574433088 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.574481010 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.576874971 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.577235937 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.607768059 CEST 443 49776 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.607798100 CEST 443 49776 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.607812881 CEST 443 49776 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.608330011 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.608721018 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.608788967 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.608812094 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.611619949 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.622251034 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.622507095 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.622688055 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.651681900 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.651705980 CEST 443 49777 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.652142048 CEST 443 49776 13.93.106.254 192.168.2.5

Jun 5, 2019 14:28:32.652676105 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.652708054 CEST 49776 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:32.655225039 CEST 443 49777 13.93.106.254 192.168.2.5



Jun 5, 2019 14:28:32.658785105 CEST 49777 443 192.168.2.5 13.93.106.254

Jun 5, 2019 14:28:35.372739077 CEST 49778 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.374346018 CEST 49779 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.511209965 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.512687922 CEST 443 49779 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.513447046 CEST 49778 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.513470888 CEST 49779 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.514283895 CEST 49778 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.514942884 CEST 49779 443 192.168.2.5 52.239.151.138

Jun 5, 2019 14:28:35.654922962 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.654963017 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.655025959 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.655050039 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.655096054 CEST 443 49778 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.655205011 CEST 443 49779 52.239.151.138 192.168.2.5

Jun 5, 2019 14:28:35.655286074 CEST 443 49779 52.239.151.138 192.168.2.5



Jun 5, 2019 14:25:22.315944910 CEST 60811 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:22.325299978 CEST 57659 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:22.329585075 CEST 53 60811 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:22.338880062 CEST 53 57659 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:26.959849119 CEST 54527 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:26.973769903 CEST 53 54527 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:56.148576021 CEST 60440 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:56.171256065 CEST 53 60440 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:57.909528971 CEST 62740 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:57.943630934 CEST 53 62740 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:58.837642908 CEST 62238 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:58.849351883 CEST 65013 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:58.869465113 CEST 53 62238 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:58.873291969 CEST 53 65013 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:58.897957087 CEST 55972 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:58.911068916 CEST 53 55972 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:58.915807962 CEST 51695 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:58.969393015 CEST 53 51695 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:59.182861090 CEST 60558 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:59.205216885 CEST 53 60558 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:59.229331017 CEST 63487 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:59.242465973 CEST 53 63487 8.8.8.8 192.168.2.5

Jun 5, 2019 14:25:59.281867981 CEST 54294 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:25:59.294856071 CEST 53 54294 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:01.676172018 CEST 65179 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:01.689987898 CEST 53 65179 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:01.905715942 CEST 65315 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:01.919101954 CEST 53 65315 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:02.215591908 CEST 49772 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:02.269435883 CEST 53 49772 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:02.674501896 CEST 50135 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:02.687771082 CEST 53 50135 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:26.175188065 CEST 65205 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:26.189356089 CEST 53 65205 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:26.785887957 CEST 64570 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:26.799540997 CEST 53 64570 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:27.187135935 CEST 65205 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:27.200246096 CEST 53 65205 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:27.777631998 CEST 64570 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:27.791240931 CEST 53 64570 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:28.195262909 CEST 65205 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:28.209358931 CEST 53 65205 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:28.800097942 CEST 64570 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:28.813775063 CEST 53 64570 8.8.8.8 192.168.2.5

UDP Packets


Jun 5, 2019 14:26:30.208116055 CEST 65205 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:30.222760916 CEST 53 65205 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:30.806885004 CEST 64570 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:30.820970058 CEST 53 64570 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:34.206168890 CEST 65205 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:34.220102072 CEST 53 65205 8.8.8.8 192.168.2.5

Jun 5, 2019 14:26:34.814114094 CEST 64570 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:26:34.827790022 CEST 53 64570 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.072695971 CEST 62955 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.086137056 CEST 59147 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.096823931 CEST 53 62955 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.132402897 CEST 53 59147 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.146804094 CEST 61222 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.147000074 CEST 56934 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.147104025 CEST 55625 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.161098003 CEST 53 61222 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.165226936 CEST 53 56934 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.184528112 CEST 53 55625 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:11.511998892 CEST 49291 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:11.543744087 CEST 53 49291 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:13.868304968 CEST 57549 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:13.881768942 CEST 53 57549 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:13.911732912 CEST 64482 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:13.925729990 CEST 53 64482 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:16.025841951 CEST 57051 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:16.039473057 CEST 53 57051 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:16.088438988 CEST 62536 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:16.102191925 CEST 53 62536 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:18.144428968 CEST 57436 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:18.157929897 CEST 53 57436 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:18.169118881 CEST 50829 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:18.182987928 CEST 53 50829 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:20.638501883 CEST 57993 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:20.652225018 CEST 53 57993 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:20.661675930 CEST 59053 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:20.674963951 CEST 53 59053 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:22.722062111 CEST 59917 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:22.735738039 CEST 53 59917 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:22.760207891 CEST 64305 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:22.773422956 CEST 53 64305 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:24.583769083 CEST 58919 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:24.598115921 CEST 53 58919 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:24.612843990 CEST 50457 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:24.627226114 CEST 53 50457 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:26.528475046 CEST 63404 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:26.542135000 CEST 53 63404 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:26.565162897 CEST 49752 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:26.579171896 CEST 53 49752 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:27.804688931 CEST 55942 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:27.829783916 CEST 53 55942 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:30.781867981 CEST 65302 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:30.788474083 CEST 57656 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:30.797900915 CEST 63529 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:30.805268049 CEST 53 65302 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:30.809273958 CEST 62462 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:30.822134018 CEST 53 63529 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:30.823849916 CEST 53 57656 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:30.825800896 CEST 59431 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:30.841311932 CEST 53 62462 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:30.856844902 CEST 53 59431 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:32.467261076 CEST 50555 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:32.522583961 CEST 53 50555 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:35.298409939 CEST 65127 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:35.337764978 CEST 53 65127 8.8.8.8 192.168.2.5



Jun 5, 2019 14:28:51.736128092 CEST 59235 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:51.742690086 CEST 53621 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:51.749243021 CEST 53655 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:51.750875950 CEST 52082 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:51.751636982 CEST 64715 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:51.765409946 CEST 53 64715 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:51.769062996 CEST 53 59235 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:51.777756929 CEST 53 53621 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:51.782568932 CEST 53 52082 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:51.801254034 CEST 53 53655 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:57.416198015 CEST 59140 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:57.448092937 CEST 53 59140 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:57.961127043 CEST 62617 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:57.975744009 CEST 53 62617 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:59.281052113 CEST 56714 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:59.309396982 CEST 53 56714 8.8.8.8 192.168.2.5

Jun 5, 2019 14:28:59.438280106 CEST 49425 53 192.168.2.5 8.8.8.8

Jun 5, 2019 14:28:59.478583097 CEST 53 49425 8.8.8.8 192.168.2.5


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Jun 5, 2019 14:25:58.837642908 CEST 192.168.2.5 8.8.8.8 0x8cf8 Standard query (0)

statics-uhf-eus.akamaized.net

A (IP address) IN (0x0001)

Jun 5, 2019 14:25:58.897957087 CEST 192.168.2.5 8.8.8.8 0xbed3 Standard query (0)

ajax.aspnetcdn.com


Jun 5, 2019 14:25:58.915807962 CEST 192.168.2.5 8.8.8.8 0x3177 Standard query (0)

mem.gfx.ms A (IP address) IN (0x0001)

Jun 5, 2019 14:25:59.182861090 CEST 192.168.2.5 8.8.8.8 0x1cc5 Standard query (0)

img-prod-cms-rt-microsoft-com.akamaized.net


Jun 5, 2019 14:26:02.215591908 CEST 192.168.2.5 8.8.8.8 0x58d Standard query (0)

logincdn.msauth.net


Jun 5, 2019 14:26:02.674501896 CEST 192.168.2.5 8.8.8.8 0x5c2a Standard query (0)

login.microsoftonline.com


Jun 5, 2019 14:28:11.072695971 CEST 192.168.2.5 8.8.8.8 0xe2bb Standard query (0)

assets.onestore.ms


Jun 5, 2019 14:28:11.086137056 CEST 192.168.2.5 8.8.8.8 0xb5f0 Standard query (0)



Jun 5, 2019 14:28:11.146804094 CEST 192.168.2.5 8.8.8.8 0xde9b Standard query (0)

microsoftwindows.112.2o7.net


Jun 5, 2019 14:28:11.147104025 CEST 192.168.2.5 8.8.8.8 0x5a93 Standard query (0)


Jun 5, 2019 14:28:27.804688931 CEST 192.168.2.5 8.8.8.8 0x2c71 Standard query (0)

products.office.com


Jun 5, 2019 14:28:30.781867981 CEST 192.168.2.5 8.8.8.8 0x1d81 Standard query (0)

assets.onestore.ms


Jun 5, 2019 14:28:30.797900915 CEST 192.168.2.5 8.8.8.8 0xd32d Standard query (0)

assets.adobedtm.com


Jun 5, 2019 14:28:30.809273958 CEST 192.168.2.5 8.8.8.8 0x8cc9 Standard query (0)

cdn.pricespider.com


Jun 5, 2019 14:28:32.467261076 CEST 192.168.2.5 8.8.8.8 0x7b19 Standard query (0)

track.pricespider.com


Jun 5, 2019 14:28:35.298409939 CEST 192.168.2.5 8.8.8.8 0xaf63 Standard query (0)

windevicesminnofferprice.blob.core.windows.net


Jun 5, 2019 14:28:51.736128092 CEST 192.168.2.5 8.8.8.8 0xaa37 Standard query (0)

assets.onestore.ms


Jun 5, 2019 14:28:51.742690086 CEST 192.168.2.5 8.8.8.8 0xfdc7 Standard query (0)


Jun 5, 2019 14:28:51.750875950 CEST 192.168.2.5 8.8.8.8 0xb06f Standard query (0)




microsoftwindows.112.2o7.net


Jun 5, 2019 14:28:57.416198015 CEST 192.168.2.5 8.8.8.8 0xb28d Standard query (0)

prod-video-cms-rt-microsoft-com.akamaized.net


DNS Queries



amp.azure.net A (IP address) IN (0x0001)

Jun 5, 2019 14:28:59.281052113 CEST 192.168.2.5 8.8.8.8 0xd5c0 Standard query (0)

www.youtube.com


Jun 5, 2019 14:28:59.438280106 CEST 192.168.2.5 8.8.8.8 0x62a5 Standard query (0)

s.ytimg.com A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Jun 5, 2019 14:25:58.869465113 CEST

8.8.8.8 192.168.2.5 0x8cf8 No error (0) statics-uhf-eus.akamaized.net

a1512.dscg2.akamai.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:25:58.911068916 CEST

8.8.8.8 192.168.2.5 0xbed3 No error (0) ajax.aspnetcdn.com

mscomajax.vo.msecnd.net

CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:25:58.969393015 CEST

8.8.8.8 192.168.2.5 0x3177 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net


IN (0x0001)

Jun 5, 2019 14:25:59.205216885 CEST

8.8.8.8 192.168.2.5 0x1cc5 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net


IN (0x0001)

Jun 5, 2019 14:26:01.689987898 CEST

8.8.8.8 192.168.2.5 0x112d No error (0) login.msa.msidentity.com

login.msa.akadns6.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:26:02.269435883 CEST

8.8.8.8 192.168.2.5 0x58d No error (0) logincdn.msauth.net

lgincdn.trafficmanager.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:26:02.269435883 CEST

8.8.8.8 192.168.2.5 0x58d No error (0) cs1227.wpc.alphacdn.net

192.229.221.185 A (IP address) IN (0x0001)

Jun 5, 2019 14:26:02.687771082 CEST

8.8.8.8 192.168.2.5 0x5c2a No error (0) login.microsoftonline.com

prda.aadg.msidentity.com CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:26:02.687771082 CEST

8.8.8.8 192.168.2.5 0x5c2a No error (0) prda.aadg.msidentity.com

www.prdtm.aadg.akadns.net


IN (0x0001)

Jun 5, 2019 14:28:11.096823931 CEST

8.8.8.8 192.168.2.5 0xe2bb No error (0) assets.onestore.ms

assets.onestore.ms.akadns.net


IN (0x0001)

Jun 5, 2019 14:28:11.132402897 CEST

8.8.8.8 192.168.2.5 0xb5f0 No error (0) img-prod-cms-rt-microsoft-com.akamaized.net


IN (0x0001)

Jun 5, 2019 14:28:11.161098003 CEST

8.8.8.8 192.168.2.5 0xde9b No error (0) microsoftwindows.112.2o7.net

66.117.29.228 A (IP address) IN (0x0001)

Jun 5, 2019 14:28:11.184528112 CEST

8.8.8.8 192.168.2.5 0x5a93 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net


IN (0x0001)

Jun 5, 2019 14:28:27.829783916 CEST

8.8.8.8 192.168.2.5 0x2c71 No error (0) products.office.com

poc.cms.ms.akadns.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:28:30.805268049 CEST

8.8.8.8 192.168.2.5 0x1d81 No error (0) assets.onestore.ms



IN (0x0001)

Jun 5, 2019 14:28:30.822134018 CEST

8.8.8.8 192.168.2.5 0xd32d No error (0) assets.adobedtm.com

cn-assets.adobedtm.com.edgekey.net


IN (0x0001)

Jun 5, 2019 14:28:30.841311932 CEST

8.8.8.8 192.168.2.5 0x8cc9 No error (0) cdn.pricespider.com

cdn2.pricespider.com.edgekey.net


IN (0x0001)

Jun 5, 2019 14:28:32.522583961 CEST

8.8.8.8 192.168.2.5 0x7b19 No error (0) track.pricespider.com

pstrack1.trafficmanager.net


IN (0x0001)

Jun 5, 2019 14:28:32.522583961 CEST

8.8.8.8 192.168.2.5 0x7b19 No error (0) track4.pricespider.com

13.93.106.254 A (IP address) IN (0x0001)

Jun 5, 2019 14:28:35.337764978 CEST

8.8.8.8 192.168.2.5 0xaf63 No error (0) windevicesminnofferprice.blob.core.windows.net

blob.dm5prdstr12a.store.core.windows.net


IN (0x0001)

DNS Answers


Code Manipulations

Statistics

Behavior

Jun 5, 2019 14:28:35.337764978 CEST

8.8.8.8 192.168.2.5 0xaf63 No error (0) blob.dm5prdstr12a.store.core.windows.net

52.239.151.138 A (IP address) IN (0x0001)

Jun 5, 2019 14:28:51.765409946 CEST

8.8.8.8 192.168.2.5 0x5698 No error (0) microsoftwindows.112.2o7.net

66.117.29.228 A (IP address) IN (0x0001)

Jun 5, 2019 14:28:51.769062996 CEST

8.8.8.8 192.168.2.5 0xaa37 No error (0) assets.onestore.ms



IN (0x0001)

Jun 5, 2019 14:28:51.777756929 CEST

8.8.8.8 192.168.2.5 0xfdc7 No error (0) mem.gfx.ms cdn.account.microsoft.com.akadns.net


IN (0x0001)

Jun 5, 2019 14:28:51.782568932 CEST

8.8.8.8 192.168.2.5 0xb06f No error (0) img-prod-cms-rt-microsoft-com.akamaized.net


IN (0x0001)

Jun 5, 2019 14:28:57.448092937 CEST

8.8.8.8 192.168.2.5 0xb28d No error (0) prod-video-cms-rt-microsoft-com.akamaized.net

a1985.g2.akamai.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:28:57.975744009 CEST

8.8.8.8 192.168.2.5 0x3696 No error (0) amp.azure.net 160c1.wpc.azureedge.net CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:28:59.309396982 CEST

8.8.8.8 192.168.2.5 0xd5c0 No error (0) www.youtube.com

youtube-ui.l.google.com CNAME (Canonical name)

IN (0x0001)

Jun 5, 2019 14:28:59.478583097 CEST

8.8.8.8 192.168.2.5 0x62a5 No error (0) s.ytimg.com ytstatic.l.google.com CNAME (Canonical name)

IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Jun 5, 2019 14:26:02.323982000 CEST

192.229.221.185 443 192.168.2.5 49733 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

Jun 5, 2019 14:26:02.329276085 CEST

192.229.221.185 443 192.168.2.5 49734 CN=prod-identitycdnsan.msauth.net CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Mon Dec 17 23:12:34 CET 2018 Fri May 20 14:53:03 CEST 2016

Thu Dec 17 23:12:34 CET 2020 Mon May 20 14:53:03 CEST 2024

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Microsoft IT TLS CA 5, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Fri May 20 14:53:03 CEST 2016

Mon May 20 14:53:03 CEST 2024

HTTPS Packets


• WINWORD.EXE

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

File ActivitiesFile Activities


Start date: 05/06/2019

Path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE' /Automation -Embedding

Imagebase: 0xa40000

File size: 1966368 bytes

MD5 hash: EFDE23ECDF60D334C31AF2A041439360

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\VBE read data or list directory | synchronize

normal directory file | synchronous io non alert | open for backup ident | open reparse point

success or wait 1 643F70E2 unknown

File Path Completion CountSourceAddress Symbol

C:\Users\user\Desktop\~$eula.rtf success or wait 1 64334024 unknown

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

Analysis Process: WINWORD.EXE PID: 3184 Parent PID: 692Analysis Process: WINWORD.EXE PID: 3184 Parent PID: 692

General

File CreatedFile Created

File DeletedFile Deleted

File ReadFile Read


Registry ActivitiesRegistry Activities

File Path Offset Length Completion CountSourceAddress Symbol


unknown 117 success or wait 2 64334024 unknown


unknown 117 success or wait 2 64334024 unknown

Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 64334F25 RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 64334F25 RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery success or wait 1 64334024 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3861A success or wait 1 64334024 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0 success or wait 1 64334024 unknown

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose

MS Mincho binary 02 02 06 09 04 02 05 08 03 04 success or wait 1 64334024 unknown


Cambria Math binary 02 04 05 03 05 04 06 03 02 04 success or wait 1 64334024 unknown


Tahoma binary 02 0B 06 04 03 05 04 04 02 04 success or wait 1 64334024 unknown


Trebuchet MS binary 02 0B 06 03 02 02 02 02 02 04 success or wait 1 64334024 unknown


@MS Mincho binary 02 02 06 09 04 02 05 08 03 04 success or wait 1 64334024 unknown


Segoe UI binary 02 0B 05 02 04 02 04 02 02 03 success or wait 1 64334024 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\3861A

3861A binary 04 00 00 00 70 0C 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 04 00 00 00 69 00 6D 00 67 00 73 00 00 00 00 00 01 00 00 00 00 00 00 00 80 17 C2 44 E5 1B D5 01 1A 86 03 00 1A 86 03 00 00 00 00 00 1F 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

success or wait 1 64334024 unknown

Key CreatedKey Created

Key Value CreatedKey Value Created


00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0

File Path unicode C:\Users\user\AppData\Local\Temp\imgs.htm



Datetime unicode 2019-06-05T14:25 success or wait 1 64334024 unknown


Position unicode 0 0 success or wait 1 64334024 unknown


Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\30283

30283 binary 04 00 00 00 70 0C 00 00 1F 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 5C 00 65 00 75 00 6C 00 61 00 2E 00 72 00 74 00 66 00 04 00 00 00 65 00 75 00 6C 00 61 00 00 00 00 00 01 00 00 00 00 00 00 00 C7 D8

04 00 00 00 70 0C 00 00 1F 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 47 00 75 00 63 00 63 00 69 00 5C 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 5C 00 65 00 75 00 6C 00 61 00 2E 00 72 00 74 00 66 00 04 00 00 00 65 00 75 00 6C 00 61 00 00 00 00 00


Key Value ModifiedKey Value Modified


01 00 00 00 00 00 00 00 C7 D8 51 2A E5 1B D5 01 83 02 03 00 83 02 03 00 00 00 00 00 1F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 02 03 00 83 02 03 00 00 00 00 00 1F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00



00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00






Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff6acbe0000


MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596



Reputation: high





Analysis Process: iexplore.exe PID: 3772 Parent PID: 692Analysis Process: iexplore.exe PID: 3772 Parent PID: 692

General


Disassembly







Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3772 CREDAT:17410 /prefetch:2

Imagebase: 0xcb0000


MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A



Reputation: high







Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772Analysis Process: iexplore.exe PID: 1224 Parent PID: 3772

General


automated malware analysis report for eula.rtf - generated

Documents