Post on 09-Jan-2023
ID: 344380Sample Name: Encode andDecode the Massage.xlsbCookbook:defaultwindowsofficecookbook.jbsTime: 14:29:53Date: 26/01/2021Version: 31.0.0 Emerald
2444444444445555667777779999
121213141414141517181919474747474747474747484848
48484848
484949
Table of Contents
Table of ContentsAnalysis Report Encode and Decode the Massage.xlsb
OverviewGeneral InformationDetectionSignaturesClassificationAnalysis Advice
StartupMalware ConfigurationYara OverviewSigma OverviewSignature Overview
Compliance:Mitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
GeneralFile IconStatic OLE Info
GeneralOLE File "/opt/package/joesandbox/database/analysis/344380/sample/Encode and Decode the Massage.xlsb"IndicatorsSummaryDocument SummaryStreams with VBA
VBA File Name: Module1.bas, Stream Size: 2857General
VBA Code KeywordsVBA CodeVBA File Name: Module2.bas, Stream Size: 2905General
VBA Code KeywordsVBA CodeVBA File Name: Sheet1.cls, Stream Size: 985
Copyright null 2021 Page 2 of 62
49
49494949
4950
505050505050505050515151515151515152525252
5252525456565759595959595960606060
606061
61616161
61616262
62
General
VBA Code KeywordsVBA CodeVBA File Name: ThisWorkbook.cls, Stream Size: 993General
VBA Code KeywordsVBA Code
StreamsStream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 512GeneralStream Path: PROJECTwm, File Type: data, Stream Size: 110GeneralStream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3070GeneralStream Path: VBA/__SRP_0, File Type: data, Stream Size: 1379GeneralStream Path: VBA/__SRP_1, File Type: data, Stream Size: 91GeneralStream Path: VBA/__SRP_2, File Type: data, Stream Size: 494GeneralStream Path: VBA/__SRP_3, File Type: data, Stream Size: 158GeneralStream Path: VBA/__SRP_4, File Type: data, Stream Size: 158GeneralStream Path: VBA/__SRP_5, File Type: data, Stream Size: 494GeneralStream Path: VBA/dir, File Type: data, Stream Size: 594General
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792GeneralFile Activities
File CreatedFile DeletedFile Written
Registry ActivitiesKey CreatedKey Value Created
Analysis Process: iexplore.exe PID: 7104 Parent PID: 792GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright null 2021 Page 3 of 62
Analysis Report Encode and Decode the Massage.xlsb
Overview
General Information
Sample Name:
Encode and Decode the Massage.xlsb
Analysis ID: 344380
MD5: 09c8ccd98fc2466…
SHA1: 0898a74776750b…
SHA256: fa2b48d2caf465f…
Most interesting Screenshot:
Detection
Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%
Signatures
Document contains embedded VBA
Document contains embedded VBA
Document contains embedded VBA
Document contains embedded VBA
Document contains embedded VBA
Document contains embedded VBA
Document contains embedded VBA Document contains embedded VBA ……
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with o
IP address seen in connection with oIP address seen in connection with o……
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in co
JA3 SSL client fingerprint seen in coJA3 SSL client fingerprint seen in co……
Classification
Analysis Advice
No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
EXCEL.EXE (PID: 1492 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
iexplore.exe (PID: 7104 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 6168 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7104 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2021 Page 4 of 62
Signature Overview
• Compliance
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Compliance:
Uses new MSVCR Dlls
Uses secure TLS version for HTTPS connections
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects Impact
ValidAccounts
Scripting 1 PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
SystemInformationDiscovery 1
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 1
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Scripting 1 SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 2
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
Behavior Graph
Copyright null 2021 Page 5 of 62
Behavior Graph
ID: 344380
Sample: Encode and Decode the Massa...
Startdate: 26/01/2021
Architecture: WINDOWS
Score: 1
www.youtube.com
iexplore.exe
6 88
started
EXCEL.EXE
27 28
started
iexplore.exe
6 116
started
googlehosted.l.googleusercontent.com
172.217.22.225, 443, 49744, 49745
GOOGLEUS
United States
www.google.co.uk
172.217.22.227, 443, 49743, 49780
GOOGLEUS
United States
6 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
No bigger version No bigger version No bigger version
Screenshots
Copyright null 2021 Page 6 of 62
Source Detection Scanner Label Link
Encode and Decode the Massage.xlsb 0% Virustotal Browse
Encode and Decode the Massage.xlsb 0% ReversingLabs
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
www.google.co.uk 0% Virustotal Browse
Source Detection Scanner Label Link
https://cdn.entity. 0% URL Reputation safe
https://cdn.entity. 0% URL Reputation safe
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright null 2021 Page 7 of 62
https://cdn.entity. 0% URL Reputation safe
https://cdn.entity. 0% URL Reputation safe
https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe
https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe
https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe
https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe
polymer.github.io/AUTHORS.txt 2% Virustotal Browse
polymer.github.io/AUTHORS.txt 0% Avira URL Cloud safe
https://api.aadrm.com/ 0% URL Reputation safe
https://api.aadrm.com/ 0% URL Reputation safe
https://api.aadrm.com/ 0% URL Reputation safe
https://api.aadrm.com/ 0% URL Reputation safe
https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe
https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe
https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe
https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe
https://officeci.azurewebsites.net/api/ 0% Virustotal Browse
https://officeci.azurewebsites.net/api/ 0% Avira URL Cloud safe
https://www.youtube.co 0% URL Reputation safe
https://www.youtube.co 0% URL Reputation safe
https://www.youtube.co 0% URL Reputation safe
https://www.youtube.co 0% URL Reputation safe
https://store.office.cn/addinstemplate 0% URL Reputation safe
https://store.office.cn/addinstemplate 0% URL Reputation safe
https://store.office.cn/addinstemplate 0% URL Reputation safe
https://store.office.cn/addinstemplate 0% URL Reputation safe
https://wus2-000.pagecontentsync. 0% URL Reputation safe
https://wus2-000.pagecontentsync. 0% URL Reputation safe
https://wus2-000.pagecontentsync. 0% URL Reputation safe
https://wus2-000.pagecontentsync. 0% URL Reputation safe
polymer.github.io/PATENTS.txt 2% Virustotal Browse
polymer.github.io/PATENTS.txt 0% Avira URL Cloud safe
https://www.odwebp.svc.ms 0% URL Reputation safe
https://www.odwebp.svc.ms 0% URL Reputation safe
https://www.odwebp.svc.ms 0% URL Reputation safe
https://www.odwebp.svc.ms 0% URL Reputation safe
polymer.github.io/CONTRIBUTORS.txt 0% Avira URL Cloud safe
https://skyapi.live.net/Activity/ 0% URL Reputation safe
https://skyapi.live.net/Activity/ 0% URL Reputation safe
https://skyapi.live.net/Activity/ 0% URL Reputation safe
https://api.cortana.ai 0% URL Reputation safe
https://api.cortana.ai 0% URL Reputation safe
https://api.cortana.ai 0% URL Reputation safe
https://staging.cortana.ai 0% URL Reputation safe
https://staging.cortana.ai 0% URL Reputation safe
https://staging.cortana.ai 0% URL Reputation safe
hammerjs.github.io/ 0% Avira URL Cloud safe
https://cortana.ai/api 0% URL Reputation safe
https://cortana.ai/api 0% URL Reputation safe
https://cortana.ai/api 0% URL Reputation safe
www.wikipedia.com/ 0% URL Reputation safe
www.wikipedia.com/ 0% URL Reputation safe
www.wikipedia.com/ 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
www.broofa.com 0% URL Reputation safe
https://www.youtug.htm 0% Avira URL Cloud safe
https://wus2-000.contentsync. 0% URL Reputation safe
https://wus2-000.contentsync. 0% URL Reputation safe
https://wus2-000.contentsync. 0% URL Reputation safe
Source Detection Scanner Label Link
Copyright null 2021 Page 8 of 62
Name IP Active Malicious Antivirus Detection Reputation
i.ytimg.com 172.217.23.22 true false high
photos-ugc.l.googleusercontent.com 216.58.207.129 true false high
www.google.co.uk 172.217.22.227 true false 0%, Virustotal, Browse unknown
consent.youtube.com 216.58.207.142 true false high
googlehosted.l.googleusercontent.com 172.217.22.225 true false high
yt3.ggpht.com unknown unknown false high
s2.googleusercontent.com unknown unknown false high
www.youtube.com unknown unknown false high
Name Malicious Antivirus Detection Reputation
https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2Q false high
Name Source Malicious Antivirus Detection Reputation
https://www.youtube.com/img/desktop/yt_1200.png 8D7FVGMB.htm.18.dr false high
https://shell.suite.office.com:1443 A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://autodiscover-s.outlook.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://cdn.entity. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://rpsticket.partnerservices.getmicrosoftkey.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v1 A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
polymer.github.io/AUTHORS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false 2%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://api.aadrm.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
https://admin.youtube.com base[1].js.18.dr false high
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://api.microsoftstream.com/api/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://cr.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.youtube.com/s/desktop/b70e86a1/img/favicon_32.png
~DF07D7287D2D24C8F5.TMP.17.dr, 8D7FVGMB.htm.18.dr, imagestore.dat.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
www.reddit.com/ msapplication.xml4.17.dr false high
Domains and IPs
Contacted Domains
Contacted URLs
URLs from Memory and Binaries
Copyright null 2021 Page 9 of 62
https://res.getmicrosoftkey.com/api/redemptionevents A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://tasks.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://officeci.azurewebsites.net/api/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://www.youtube.co {43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.dat.17.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://store.office.cn/addinstemplate A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/generate_204?cpn= base[1].js.18.dr false high
https://wus2-000.pagecontentsync. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://m.youtube.com/ 8D7FVGMB.htm.18.dr false high
polymer.github.io/PATENTS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false 2%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-tampering.vflset/www-tampering.js
8D7FVGMB.htm.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.odwebp.svc.ms A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/groups A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://web.microsoftstream.com/video/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://schema.org desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
https://www.youtube.com/annel/UCABOBqS3y8Xn_o7bXvH-j2QR
~DF07D7287D2D24C8F5.TMP.17.dr false high
schema.org/ImageObject UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://graph.windows.net A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.youtube.com/ ~DF07D7287D2D24C8F5.TMP.17.dr, 8D7FVGMB.htm.18.dr
false high
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
weather.service.msn.com/data.aspx A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://clients.config.office.net/user/v1.0/ios A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://o365auditrealtimeingestion.manage.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://outlook.office365.com/api/v1.0/me/Activities A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
8D7FVGMB.htm.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://signaler-pa.youtube.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
https://clients.config.office.net/user/v1.0/android/policies A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
Name Source Malicious Antivirus Detection Reputation
Copyright null 2021 Page 10 of 62
https://entitlement.diagnostics.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonA59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
www.twitter.com/ msapplication.xml5.17.dr false high
https://outlook.office.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
youtube.com/streaming/metadata/segment/102015 base[1].js.18.dr false high
https://storage.live.com/clientlogs/uploadlocation A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.youtube.com/error_204?t=jserror&level=ERROR
8D7FVGMB.htm.18.dr false high
https://youtu.be/ base[1].js.18.dr false high
schema.org UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://consent.youtube.com/ ~DF07D7287D2D24C8F5.TMP.17.dr false high
https://graph.windows.net/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://devnull.onenote.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2Q
UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://messaging.office.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
polymer.github.io/CONTRIBUTORS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false Avira URL Cloud: safe unknown
https://oauth-redirect-test.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://skyapi.live.net/Activity/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/annel/UCABOBqS3y8Xn_o7bXvH-j2Q
~DF07D7287D2D24C8F5.TMP.17.dr false high
schema.org/Person UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
www.nytimes.com/ msapplication.xml3.17.dr false high
https://api.cortana.ai A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://youtube.com/api/drm/fps?ek=uninitialized base[1].js.18.dr false high
https://visio.uservoice.com/forums/368202-visio-on-devices
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://staging.cortana.ai A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
hammerjs.github.io/ desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false Avira URL Cloud: safe unknown
https://onedrive.live.com/embed? A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://augloop.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://api.diagnostics.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://store.office.de/addinstemplate A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://api.powerbi.com/v1.0/myorg/datasets A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://cortana.ai/api A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
www.wikipedia.com/ msapplication.xml6.17.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
Name Source Malicious Antivirus Detection Reputation
Copyright null 2021 Page 11 of 62
https://t.me/joinchat/AAAAAE2OnviiEk5o1o8i4w UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
www.live.com/ msapplication.xml2.17.dr false high
https://oauth-redirect.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
youtube.com/drm/2012/10/10 base[1].js.18.dr false high
https://accounts.youtube.com/accounts/CheckConnection?pmpo
ServiceLogin[1].htm.18.dr false high
https://oauth-redirect-sandbox.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false high
https://api.diagnosticssdf.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://login.microsoftonline.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
www.broofa.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://www.youtube.com/s/desktop/b70e86a1/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lit
8D7FVGMB.htm.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr
false high
https://www.youtug.htm {43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.dat.17.dr
false Avira URL Cloud: safe unknown
https://api.addins.omex.office.net/appinfo/query A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
https://wus2-000.contentsync. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkeyA59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr
false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Domain Country Flag ASN ASN Name Malicious
172.217.22.225 unknown United States 15169 GOOGLEUS false
172.217.23.22 unknown United States 15169 GOOGLEUS false
216.58.207.129 unknown United States 15169 GOOGLEUS false
Contacted IPs
Public
Copyright null 2021 Page 12 of 62
General Information
Joe Sandbox Version: 31.0.0 Emerald
Analysis ID: 344380
Start date: 26.01.2021
Start time: 14:29:53
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 8m 28s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: Encode and Decode the Massage.xlsb
Cookbook file name: defaultwindowsofficecookbook.jbs
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name: Potential for more IOCs and behavior
Number of analysed new started processes analysed: 35
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledGSI enabled (VBA)AMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean1.winXLSB@4/88@7/4
Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .xlsbFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMBrowse link: https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2QScroll downClose ViewerBrowsing link: https://www.youtube.com/
172.217.22.227 unknown United States 15169 GOOGLEUS false
IP Domain Country Flag ASN ASN Name Malicious
Copyright null 2021 Page 13 of 62
Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exeExcluded IPs from analysis (whitelisted): 104.43.139.144, 13.88.21.125, 52.109.32.63, 52.109.8.25, 52.109.12.24, 51.104.139.180, 23.210.248.85, 95.101.22.224, 95.101.22.216, 205.185.216.10, 205.185.216.42, 20.54.26.129, 104.108.39.131, 172.217.22.238, 172.217.20.238, 172.217.23.46, 172.217.23.78, 172.217.23.74, 216.58.207.131, 172.217.20.237, 152.199.19.161, 172.217.22.206, 216.58.207.142, 172.217.23.14, 52.155.217.156, 172.217.23.36, 172.217.23.67Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, consent.google.com, prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, nexus.officeapps.live.com, www.google.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, prod.configsvc1.live.com.akadns.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, ris.api.iris.microsoft.com, youtube-ui.l.google.com, play.google.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtDeviceIoControlFile calls found.
No simulations
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Copyright null 2021 Page 14 of 62
Match Associated Sample Name / URL SHA 256 Detection Link Context
172.217.22.225 examwriting.blogspot.com/2015/02/describe-person-your-best-friend.html
Get hash malicious Browse 1.bp.blogspot.com/-tW6bdJ2wjUE/U2FhguGfv0I/AAAAAAAAApY/eoNiqBbrlyI/s1600/essay.png
www.boererate.com Get hash malicious Browse 4.bp.blogspot.com/_QXfrrj8yn44/SiuczvogmnI/AAAAAAAABe8/d9uiCWfh0j8/w72-h72-p-k-no-nu/hare.jpg
172.217.23.22https://tenantimprovementsolution.com/Newfilesviewc7c782c3b7c54f958e7eb2efff3a49b28866b4fc22dd46cfbad9e6ac9d0cd18cca873584897b48c88d82ecf5cd62783dServices/le/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=27f4198fc76827efbda8ed5ebc8be4d6828d922f8859cae62c2703a9f1a8f6eafe21d60f
Get hash malicious Browse
7CFPFFfS4g Get hash malicious Browse
mail.gogler.com Get hash malicious Browse
https://www.dropbox.com/l/AACE5QBFEmiySxklWOWtG4FMgKbAL8zNRuE
Get hash malicious Browse
kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png
Get hash malicious Browse
sitesumo.com/Outlook/main.html Get hash malicious Browse
https://sites.google.com/view/adaptalifthysterforklift/ Get hash malicious Browse
216.58.207.129 examwriting.blogspot.com/2015/02/describe-person-your-best-friend.html
Get hash malicious Browse 4.bp.blogspot.com/-R8OKVUsis3s/UgZEksy0V1I/AAAAAAAAAT4/QtN9sBHMZis/s1600/icon-search.png
www.boererate.com Get hash malicious Browse 3.bp.blogspot.com/_QXfrrj8yn44/SiT4SJi094I/AAAAAAAABek/4ZMbzMWSaM4/w72-h72-p-k-no-nu/hardlywigheid.jpg
Match Associated Sample Name / URL SHA 256 Detection Link Context
photos-ugc.l.googleusercontent.com https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#test@test.com
Get hash malicious Browse 142.250.180.129
https://bit.ly/3aA3uVV Get hash malicious Browse 216.58.208.129
https://bit.ly/3mH4Noj Get hash malicious Browse 172.217.23.161
https://bit.ly/2L1Yyyv Get hash malicious Browse 172.217.168.1
aypf.z2systems.com Get hash malicious Browse 172.217.22.33
https://bit.ly/3mH4A4v Get hash malicious Browse 216.58.206.1
https://mailinternetsub.com/ua.activelexb24/pub/mail/click.php?tag=sender.eyJSRUNJUElFTlRfSUQiOiIxNzcxMDIxIn0%3D&url=https%3A%2F%2Fstart.activelex.com%2F%3Fbx_sender_conversion_id%3D1771021%26utm_source%3Dnewsletter%26utm_medium%3Dmail%26utm_campaign%3Dvstygnit&sign=71edf9f0eba2e5293cc9be1db1a5515d039444194dbe19421aa2e9932d89a802
Get hash malicious Browse 172.217.22.33
bit.ly/2KrM6Ih Get hash malicious Browse 172.217.22.33
p4fxv.info/D3c2Hp2HMI Get hash malicious Browse 172.217.22.65
C15P3CYhdA.doc Get hash malicious Browse 172.217.22.33
rzPgiw3qJz.doc Get hash malicious Browse 172.217.22.33
https://bit.ly/3h9HH8N Get hash malicious Browse 172.217.22.33
Domains
Copyright null 2021 Page 15 of 62
https://sharepointsfile.eu-gb.cf.appdomain.cloud/redirect/?param=YW50d2VycGVuLmNlbnRydW1AY20uYmU=
Get hash malicious Browse 172.217.22.33
https://bit.ly/34DFMnT Get hash malicious Browse 172.217.168.1
amicusdh.org Get hash malicious Browse 172.217.16.161
https://fdkl5.csb.app/ Get hash malicious Browse 172.217.22.33
vosb.blondfinish.link/index Get hash malicious Browse 216.58.208.33
mysp.ac/4kPIV Get hash malicious Browse 172.217.22.33
EHpIMi2I5F.doc Get hash malicious Browse 142.250.74.193
https://bit.ly/3gWlOK0 Get hash malicious Browse 172.217.22.33
i.ytimg.com https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#test@test.com
Get hash malicious Browse 216.58.209.54
https://hongkong-ec-ship-post-id9817263821.orangeboxasia.com/ecship/index.php
Get hash malicious Browse 172.217.168.54
https://bit.ly/2L1Yyyv Get hash malicious Browse 172.217.168.86
aypf.z2systems.com Get hash malicious Browse 142.250.74.214
https://mailinternetsub.com/ua.activelexb24/pub/mail/click.php?tag=sender.eyJSRUNJUElFTlRfSUQiOiIxNzcxMDIxIn0%3D&url=https%3A%2F%2Fstart.activelex.com%2F%3Fbx_sender_conversion_id%3D1771021%26utm_source%3Dnewsletter%26utm_medium%3Dmail%26utm_campaign%3Dvstygnit&sign=71edf9f0eba2e5293cc9be1db1a5515d039444194dbe19421aa2e9932d89a802
Get hash malicious Browse 142.250.74.214
p4fxv.info/D3c2Hp2HMI Get hash malicious Browse 142.250.74.214
C15P3CYhdA.doc Get hash malicious Browse 142.250.74.214
rzPgiw3qJz.doc Get hash malicious Browse 142.250.74.214
https://sharepointsfile.eu-gb.cf.appdomain.cloud/redirect/?param=YW50d2VycGVuLmNlbnRydW1AY20uYmU=
Get hash malicious Browse 142.250.74.214
amicusdh.org Get hash malicious Browse 142.250.74.214
https://fdkl5.csb.app/ Get hash malicious Browse 142.250.74.214
mysp.ac/4kPIV Get hash malicious Browse 142.250.74.214
EHpIMi2I5F.doc Get hash malicious Browse 142.250.74.214
s.id/RABObank Get hash malicious Browse 142.250.74.214
https://regalawards1-my.sharepoint.com/:b:/g/personal/jordyn_regalawards_com/EUZHp771z3ZIjDTrwc35jZ0Bjs3NzMsYxyWwqOJv02Z5XQ?e=4%3a8EU1Ek&at=9
Get hash malicious Browse 142.250.74.214
https://protect-us.mimecast.com/s/sQmcCn5YzpcGLR8q4SJaZjF?domain=mobilitywithlove.com/
Get hash malicious Browse 142.250.74.214
www.good-4you.net Get hash malicious Browse 142.250.74.214
https://sharia-point.us-south.cf.appdomain.cloud/redirect/?email=Kristine_Bridges@baylor.edu&data=04|01|Kristine_Bridges@baylor.edu|a64194d2378542e06dfc08d8a2802868|22d2fb35256a459bbcf4dc23d42dc0a4|0|0|637438018615913999|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0&sdata=smYCgJbR96G/HzImvOXjT6991bTFo5/ZZGjJwucJySM=&reserved=0
Get hash malicious Browse 142.250.74.214
https://www.premierpawn.com/rrt/xxtb/sharepoints/Root Get hash malicious Browse 142.250.74.214
track.dex.com/y.z?l=https%3a%2f%2fa-ll.xyz%2fcollections%2frenewable-energy%2fdelta-module?e=amFjay5sZWVAc2suY29t&j=337363310&e=358&p=3&t=h&7EA032A067EC4CA5A6EA9420CB888358=
Get hash malicious Browse 142.250.74.214
www.google.co.uk Acunetix Premium v13.0.201112128 Activation Tool.exe Get hash malicious Browse 172.217.22.227
Jasper-6.10.0.docx Get hash malicious Browse 172.217.168.3
e-card.htm .exe Get hash malicious Browse 172.217.23.35
e-card.jpg .exe Get hash malicious Browse 172.217.23.35
https://web.tresorit.com/l/JG7xl#7YqXRnhV6spRT3ekJskNawGet hash malicious Browse 142.250.180.99
search.hwatchtvnow.co Get hash malicious Browse 142.250.180.99
https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#test@test.com
Get hash malicious Browse 142.250.180.99
https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=
Get hash malicious Browse 216.58.206.35
https://cypressbayhockey.com/NO Get hash malicious Browse 216.58.206.35
https://pdfsharedmessage.xtensio.com/7wtcdlta Get hash malicious Browse 216.58.206.67
https://viewer.desygner.com/-M7QpDHAe3Y/ Get hash malicious Browse 216.58.215.227
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright null 2021 Page 16 of 62
free.atozmanuals.com Get hash malicious Browse 216.58.215.227
https://alijafari6.wixsite.com/owa-projection-aspx Get hash malicious Browse 216.58.215.227
https://j.mp/2MBbcFl Get hash malicious Browse 216.58.215.227
details.html Get hash malicious Browse 216.58.215.227
https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_Jg
Get hash malicious Browse 216.58.215.227
search.hwatchtvnow.co Get hash malicious Browse 216.58.215.227
https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_Jg
Get hash malicious Browse 216.58.215.227
https://nimb.ws/10IXxl Get hash malicious Browse 216.58.215.227
https://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Get hash malicious Browse 216.58.215.227
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
GOOGLEUS DAT.doc Get hash malicious Browse 35.200.206.198
Bestellung.doc Get hash malicious Browse 172.217.6.174
.01.2021a.js Get hash malicious Browse 35.228.108.144
QT21006189.exe Get hash malicious Browse 108.177.119.109
1-26.exe Get hash malicious Browse 34.102.136.180
Request.xlsx Get hash malicious Browse 34.102.136.180
INV_TMB_210567Y00.xlsx Get hash malicious Browse 34.102.136.180
RFQ.xlsx Get hash malicious Browse 34.102.136.180
New Year Inquiry List.xlsx Get hash malicious Browse 34.102.136.180
RF-E93-STD-068 SUPPLIES.xlsx Get hash malicious Browse 34.102.136.180
gPGTcEMoM1.exe Get hash malicious Browse 34.102.136.180
bgJPIZIYby.exe Get hash malicious Browse 34.102.136.180
vA0mtZ7JzJ.exe Get hash malicious Browse 34.102.136.180
E4Q30tDEB9.exe Get hash malicious Browse 34.102.136.180
N00048481397007.doc Get hash malicious Browse 172.217.6.174
INGNhYonmgtGZ9Updf.exe Get hash malicious Browse 34.98.99.30
Order.doc Get hash malicious Browse 172.217.6.174
FileZilla_3.52.2_win64_sponsored-setup.exe Get hash malicious Browse 216.58.207.142
N00048481397007.doc Get hash malicious Browse 172.217.6.174
DHL.6.apk Get hash malicious Browse 172.217.20.238
GOOGLEUS DAT.doc Get hash malicious Browse 35.200.206.198
Bestellung.doc Get hash malicious Browse 172.217.6.174
.01.2021a.js Get hash malicious Browse 35.228.108.144
QT21006189.exe Get hash malicious Browse 108.177.119.109
1-26.exe Get hash malicious Browse 34.102.136.180
Request.xlsx Get hash malicious Browse 34.102.136.180
INV_TMB_210567Y00.xlsx Get hash malicious Browse 34.102.136.180
RFQ.xlsx Get hash malicious Browse 34.102.136.180
New Year Inquiry List.xlsx Get hash malicious Browse 34.102.136.180
RF-E93-STD-068 SUPPLIES.xlsx Get hash malicious Browse 34.102.136.180
gPGTcEMoM1.exe Get hash malicious Browse 34.102.136.180
bgJPIZIYby.exe Get hash malicious Browse 34.102.136.180
vA0mtZ7JzJ.exe Get hash malicious Browse 34.102.136.180
E4Q30tDEB9.exe Get hash malicious Browse 34.102.136.180
N00048481397007.doc Get hash malicious Browse 172.217.6.174
INGNhYonmgtGZ9Updf.exe Get hash malicious Browse 34.98.99.30
Order.doc Get hash malicious Browse 172.217.6.174
FileZilla_3.52.2_win64_sponsored-setup.exe Get hash malicious Browse 216.58.207.142
N00048481397007.doc Get hash malicious Browse 172.217.6.174
DHL.6.apk Get hash malicious Browse 172.217.20.238
GOOGLEUS DAT.doc Get hash malicious Browse 35.200.206.198
Bestellung.doc Get hash malicious Browse 172.217.6.174
.01.2021a.js Get hash malicious Browse 35.228.108.144
QT21006189.exe Get hash malicious Browse 108.177.119.109
ASN
Copyright null 2021 Page 17 of 62
1-26.exe Get hash malicious Browse 34.102.136.180
Request.xlsx Get hash malicious Browse 34.102.136.180
INV_TMB_210567Y00.xlsx Get hash malicious Browse 34.102.136.180
RFQ.xlsx Get hash malicious Browse 34.102.136.180
New Year Inquiry List.xlsx Get hash malicious Browse 34.102.136.180
RF-E93-STD-068 SUPPLIES.xlsx Get hash malicious Browse 34.102.136.180
gPGTcEMoM1.exe Get hash malicious Browse 34.102.136.180
bgJPIZIYby.exe Get hash malicious Browse 34.102.136.180
vA0mtZ7JzJ.exe Get hash malicious Browse 34.102.136.180
E4Q30tDEB9.exe Get hash malicious Browse 34.102.136.180
N00048481397007.doc Get hash malicious Browse 172.217.6.174
INGNhYonmgtGZ9Updf.exe Get hash malicious Browse 34.98.99.30
Order.doc Get hash malicious Browse 172.217.6.174
FileZilla_3.52.2_win64_sponsored-setup.exe Get hash malicious Browse 216.58.207.142
N00048481397007.doc Get hash malicious Browse 172.217.6.174
DHL.6.apk Get hash malicious Browse 172.217.20.238
Match Associated Sample Name / URL SHA 256 Detection Link Context
Match Associated Sample Name / URL SHA 256 Detection Link Context
9e10692f1b7f78228b2d4e424db3a98c crypt_l_32.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.b70d9bf0d6567964.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Artemis5EFC4C46397A.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.75b2def6a7e110ad.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.32d178838c0fd41b.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Artemis8353855AD729.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
Monday, January 25, 2021 222135-ATT+723086453088056636775.htm
Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.b817172e5515b1af.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.40626f903857672d.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.ArtemisAA8578417627.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Artemis58690C2E2BCA.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.ArtemisTrojan.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.0551f32bbe68c20b.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Artemis961F6F63FB8F.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
JA3 Fingerprints
Copyright null 2021 Page 18 of 62
SecuriteInfo.com.Generic.mg.11330b175b08895e.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
PAYMENT INFO.xlsx Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.284f325559f6aab1.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.bde322c970c26175.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.37caa465917f6353.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
SecuriteInfo.com.Generic.mg.1bd97bbb2b7b26c4.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227
Match Associated Sample Name / URL SHA 256 Detection Link Context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MOSJYZB9\www.youtube[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 45457
Entropy (8bit): 5.3340730896077275
Encrypted: false
SSDEEP: 768:6hMVIzytOw0fOI3O3Y3psd92P3mMRhMVIzytOw0fOI3O3Y3psd92P3mM4:AytOw0fOoaYyd9jMnytOw0fOoaYyd9jd
MD5: 614BD6F0BC470CDFA0E0C457A426B3FD
SHA1: F0BEA7A7283CA79C6202407DC576080B0BB55FC6
SHA-256: ADF10B708B54D4CE342A1CB2DCCE5A896E0F99944F2300DBEA735AAEA1D5C6C6
SHA-512: E55A88117EFA77E5A5916236B909642E888A4C80FCFCF568F0C4AD659EB3032429682FE24F54595AC409E05108F7F9B684F82E9F45BC1E6860BD5F03AB77DEB3
Malicious: false
Reputation: low
Preview:<root></root><root></root><root><item name="__sak" value="1" ltime="206122240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="206282240" htime="30864435" /></root><root><item name="__sak" value="1" ltime="206362240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="206922240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="227922240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="232322240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="326352240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="363632240" htime="30864435" /></root><root></root><root></root><root></root><root><item name="__sak" value="1" ltime="575502240" htime="30864435" /></root><root></root><root><item name="yt-remote-device-id" value="{"data":"1461fda7-cbb0-4ff5-9074-ce9cad4887dd","expiration&quo
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43CC2B98-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 44632
Entropy (8bit): 1.965387615793321
Encrypted: false
SSDEEP: 192:r9ZyZ42b9WWtEmfe8CPM6aFb0XkYfN8T/rB8Hfh84Pr+5yW0OMQ+ih:rTuvbU2l/dOXocNcmG
MD5: 8BB8801935F0C8B7B6E2ED22515A6A97
SHA1: 1CAC3D7F84B76B86BFED2B4FDE5D296816E9DCE5
SHA-256: 4CC4EC045DE75A1E4459EC207E256A0272A0399A9CC1CDDFDDA5A373502B9AD0
SHA-512: 00E0E7D6F5F23C9661AD1B4E7B31DD65A845D5298B0B794D563A52474A68D6ACD326B9FA997B58C1D1AA8B50ABD6DCC65129793466FAF40CC6087AA6E52048AA
Malicious: false
Dropped Files
Created / dropped Files
Copyright null 2021 Page 19 of 62
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43CC2B98-6026-11EB-90E4-ECF4BB862DED}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 65484
Entropy (8bit): 2.359103933737006
Encrypted: false
SSDEEP: 384:rGk6CDhwUTlOrgagYaT3W+jrmANR+jrHG4N//IixMr:1wsVsY
MD5: BF24C6EBCFF7A782AE79C0F15A10CB4E
SHA1: 48795133313736FF8CA2BAC67235A33B056559A3
SHA-256: A317B021C215A083C03C1A195A8F4F24099936CE3F06EC37DF3226410DFBD40D
SHA-512: 2370E2D3F0A7CE704631A556B8C31BEB3FDC4C0E4FB2F08AD9C6A58742CD20088749641A58F30FF46D349F086DF9869D2EED8D72AC3845BEA649EBD760BD2F92
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56642256-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 19032
Entropy (8bit): 1.5865389081487147
Encrypted: false
SSDEEP: 48:IwtGcprhGwpaVG4pQfGrapbS5rGQpKeG7HpRSsTGIpX2rGApm:rzZ7QH6jBS5FAZTS4FGg
MD5: 58B76F46BA94A696F052E3126EA7D50E
SHA1: F26A44BFFAC75403ACBB4F769E4B1F1E1E0A9885
SHA-256: 5206D00B9729F413144E86ADE33AEE72F6FF7FDC77E00E824A8E8907642C251A
SHA-512: 85C5F558700BE4953B697B588E225E0A83E15C6B451E01F878CE21F2F687A33958E1F658BF2E94687C203841D13A3C0029A818F3DDD627CC5F20FA27DA17379C
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87DD3366-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 16984
Entropy (8bit): 1.5649332328235235
Encrypted: false
SSDEEP: 48:IwTGcpr0GwpaVG4pQ1GrapbSSrGQpKlG7HpREsTGIpG:rpZMQH6lBSSFAUTE4A
MD5: DC12DEB1EF30CC8FF3544A0B07B7A3D9
SHA1: B92CC2DEEBE31C21212AC3F467AD9DFFADE404C7
SHA-256: 417A6002F561A60D10FB42B42FC2B7623A4C83376952E3FAEFE69DF66ABF48A3
SHA-512: 85C489652039C9670738B55CDE452308B749718D747088DF4729DAA2F40AAED3B6DE562E1194CFB3F19729E5E09E47BEF55D560043AC60341236A1CBBC30BAC3
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Copyright null 2021 Page 20 of 62
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.124030748093492
Encrypted: false
SSDEEP: 12:TMHdNMNxOExMNMfnWimI002EtM3MHdNMNxOExMNMfnWimI00ObVbkEtMb:2d6NxO+MNMfSZHKd6NxO+MNMfSZ76b
MD5: 9371CB2392525F29EF97A5E159750677
SHA1: 056C14F96D2A4033DF04689E14BF7E7C83B98AD1
SHA-256: 9552D078E9B34AB2CD6DF95763798017461104F533BC56A1EEBDD9782521F058
SHA-512: 305D8BAB47C11B2D67DB61B145410984A38F899EBD7875D1F5CFD73EFB97A3687E2DCD2DBEEFC6322541C43E3E27CB681ECE9FD83DA0612A1C01AA1F0F6A16F5
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Entropy (8bit): 5.127605824316289
Encrypted: false
SSDEEP: 12:TMHdNMNxe2kJJLJlnWimI002EtM3MHdNMNxe2kJJhMOB+nWimI00Obkak6EtMb:2d6Nxr2SZHKd6NxrOB+SZ7Aa7b
MD5: 5AE58AE29B1C316566CA29F8353E151E
SHA1: 41DC156958C35020AE5143D14AD4F97322B072B3
SHA-256: 2A800EA13AB9CCA294C358B577A078D3A985DD3984819EDB6AC69E2EBFCDABEF
SHA-512: 8CD5E0B093229E866FC0DC2AA8EBF76E8473A6846D6308E85D4885234C6082D4DB960FE3715D1E2FC307B10CF0375538A0DBA53643EBF93D0CFBC59F2DE41FCD
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x2fad7f41,0x01d6f433</date><accdate>0x2fad7f41,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x2fad7f41,0x01d6f433</date><accdate>0x2fafe194,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 662
Entropy (8bit): 5.143766268466018
Encrypted: false
SSDEEP: 12:TMHdNMNxvLxMNMfnWimI002EtM3MHdNMNxvLxMNMfnWimI00ObmZEtMb:2d6NxvFMNMfSZHKd6NxvFMNMfSZ7mb
MD5: 78E145F52C3E811D3927F63B4332B7AB
SHA1: DFF82140EAD39FE6D5C9CEB8FB424C18424F94B2
SHA-256: D3F3CFFEF95D1B00FD84211977E0ACB722DE6590F6FBA878B5305842933E38D7
SHA-512: 7F7CE4E98192060332C50905B1633554F89D5895B09F0A6060B1836F5B64ECED31866AD4D076B0B0D4F2EB509BE58C43B9632070E0FE358E83C6A86F9024778D
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 647
Copyright null 2021 Page 21 of 62
Entropy (8bit): 5.126638557962821
Encrypted: false
SSDEEP: 12:TMHdNMNxipnWimI002EtM3MHdNMNxipnWimI00Obd5EtMb:2d6NxKSZHKd6NxKSZ7Jjb
MD5: BD44EEA7CB038BC5B25AB4C7F79E7645
SHA1: BC2E5DBA0CB134C3314F221F9BC5E386ABEA8D25
SHA-256: 5363007DEF94689601F04A6EBE2822B11BE99266E9EB3A5E86F6E34CDC50B5CE
SHA-512: 8B3143D0F31C58F95200FF1C9CB084B9CE54A73CE90196B113C456899AD45E8DDFB2D35B78E873BDF9E10D93C20CEEBAE7D8BC2E118FA3386E9561798A276BF5
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.138186420700976
Encrypted: false
SSDEEP: 12:TMHdNMNxhGwZ1PnWimI002EtM3MHdNMNxhGwZ1PnWimI00Ob8K075EtMb:2d6NxQySZHKd6NxQySZ7YKajb
MD5: C832B6CB10146690CEA3A283A513FCDC
SHA1: A831E2732923EBE62C192184236382144270B5B1
SHA-256: 38B7D8054AAF2176F4A0C257E7FFD7F78C5C78105B4B1B398550B21C2E2B9BE7
SHA-512: 475E92B3F6736ACB601BD746B9663FDC88542D448EE88925C048BF58F61A2369E86366EA7297A4C6D0CDDABD6675F5D697446738E8B2BF960D2B7A16C97598DF
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2fc2f47e,0x01d6f433</date><accdate>0x2fc2f47e,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2fc2f47e,0x01d6f433</date><accdate>0x2fc2f47e,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Entropy (8bit): 5.1077214539957785
Encrypted: false
SSDEEP: 12:TMHdNMNx0nhnWimI002EtM3MHdNMNx0nEMfnWimI00ObxEtMb:2d6Nx0hSZHKd6Nx0EMfSZ7nb
MD5: 695A5DCAD23CF47773BDB74CF67E4E31
SHA1: 5CB84B265249B124F05EC7F0216DAA3A98B8EA1B
SHA-256: B1056AD781AF619A43F12365B44609FF5118247FD81E0C38EC20DEBF337B8092
SHA-512: F5B694D097536498754D2E26AEB8EC91077165CDF80F22F13F3F2963D8CE6996B630DD09DBCBE7FEDD35AE56E9B73E421D622D4969D19A7EB554CFA3019D8C64
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 656
Entropy (8bit): 5.133555261252517
Encrypted: false
SSDEEP: 12:TMHdNMNxxhnWimI002EtM3MHdNMNxxhnWimI00Ob6Kq5EtMb:2d6NxrSZHKd6NxrSZ7ob
MD5: 547C6D45FA5697A3F8117EB33BF7731A
Copyright null 2021 Page 22 of 62
SHA1: 486AC6B808C01503563D42EA1D9F51B69F552DCD
SHA-256: D75D1316325E8797E3DFDDD9FD8D2C6758BA44A574AC2F828CA0FAB4D07B053E
SHA-512: C9E1294466D5EB8EB335D096E08C1FD0DBB8F2546B5BDC72D8FEC038CE2E91274EFC333ADEC405FB44BDB9D322C76E82B6F44AB96A14395A210BA8CB701238B1
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 659
Entropy (8bit): 5.161028778467852
Encrypted: false
SSDEEP: 12:TMHdNMNxcXbPnWimI002EtM3MHdNMNxcX0nWimI00ObVEtMb:2d6NxcbPSZHKd6Nxc0SZ7Db
MD5: BF1F13C4568DA638C3868A93F379A7BF
SHA1: 3170953C8E74772DC98ADD0DD919BB1E5D9AC782
SHA-256: 0FBD53423B1FAF31ECAB46353978FB3BD7FA0AE7BA6236E88916D598BE13934F
SHA-512: 5FC0598341C9AE87FAB31B31DD14F9331A73863548ED942DCAA3F829EC4E2121C2369EB2E1D35469B7CFBA295DA84309FEE91474223412AA666CE86867B5706C
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x2fb96b48,0x01d6f433</date><accdate>0x2fb96b48,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x2fb96b48,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 653
Entropy (8bit): 5.112159567782744
Encrypted: false
SSDEEP: 12:TMHdNMNxfnpnWimI002EtM3MHdNMNxfnpnWimI00Obe5EtMb:2d6NxxSZHKd6NxxSZ7ijb
MD5: C4F27EBBA9F5DBE54F7659A74BC162C1
SHA1: 0A294BADA254CC2F42DFA7488F9A82AF1A6DDEF4
SHA-256: 81A3BF379C54785A350A61C44C5043324E7E98C88CD58130DD9CB117B5CB4662
SHA-512: 545308AD24F886F281D63EB85F2ABDECCEE0221D95F1CB6FDE2451BB1734FF5F7C3B4AE9609AD1FF9C564F5796AC592661019DD1D16FADAACD6F04301C0A4559
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 508
Entropy (8bit): 6.453294476987648
Encrypted: false
SSDEEP: 12:2b9eV8JSkLbfYybv/7iYSk4grdKS6SWntVNaLfoIl:2b9eVlkLjYytl4Sh+tVNajnl
MD5: 1681ADEBC87EB9D7A217DEE744B4440E
SHA1: ACC739521FF30B7ECDD1F04E48B49BDFB94D8D8F
SHA-256: 0E150E77AEDBE787F5A9DA6BFC810DA33EAF4286CACD244A160858D74E341ABB
SHA-512: 7DC2EB7DB311C8E7D4E2D6E1141420E5D082C0299CF5717E1A3D73FF5909FC96463E310A9FDDBF3840B5F20C31A9660786004D97B49B1AF6D9A9E15DE42DFCAE
Copyright null 2021 Page 23 of 62
Malicious: false
Reputation: low
Preview:=.h.t.t.p.s.:././.w.w.w...y.o.u.t.u.b.e...c.o.m./.s./.d.e.s.k.t.o.p./.b.7.0.e.8.6.a.1./.i.m.g./.f.a.v.i.c.o.n._.3.2...p.n.g.\....PNG........IHDR... ... .....szz.....pHYs...........~.....IDATX...@...w....(......K..;.;....)a;..!+D....%L2!!..d...$...d.b ...o......n......H..+I.......VP.5....albl.I ..D]...Y.D.l...2y..........P=...=.-.e. Z..{..gkA..*....sS;..m.....N*.I....~.!Hu.h.:I?L..x....n.q..6.h.............d..qH(..../$.V2.{3J...r5[..6..9j..[n......IEND.B`. ... ...........w..`....w..`....
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A59765F0-B911-42E1-8B81-7F760A22AE4CProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category: dropped
Size (bytes): 132942
Entropy (8bit): 5.372919854994395
Encrypted: false
SSDEEP: 1536:DcQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:HrQ9DQW+zBX8P
MD5: 17426219A66CEEB1B61003F3190BBF45
SHA1: BDB8A2D2EC9C995E3DB1B68A05701896FDF8483D
SHA-256: 7E6AF767C54C71A1A949204A23957ACC469D4325290389D3C6207FF8A6178D31
SHA-512: 6175213206B0E777AF381BD409353ADAFB9B202AC94452CA106212B45F9FDE51C2698F787650C0E568C0074B446ABC2E5F0E4035B11AD876BAF214B80814D397
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-01-26T13:30:49">.. Build: 16.0.13723.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7B020C51.jpegProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 499x195, frames 3
Category: dropped
Size (bytes): 32313
Entropy (8bit): 7.726948373053818
Encrypted: false
SSDEEP: 768:ZElXmWcYhxuqM6FYoDO0vR/OJhwUg39RfLoE9N:Z+vxuqDFYoDO0vROJhw13rkAN
MD5: E7957D93D78C43E5790A0B3E455D677A
SHA1: DF7D900BAD3EB0CFF251B16C4B77B53C789F205C
SHA-256: 69495CA190C3660B1004F8EBAF27639B8C827C32F70F74AB54CD8D0D7D81FE76
SHA-512: 9E46A8DB2AFCAD90A8DDD1759BBFB91C54F64B042DA901927D2D54D30BD7A89229D295302094E86AA65CB6D7F6AE1DBA9E6AB412C3A8D71715BF1C5E52727526
Malicious: false
Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..p....~..%..~.h.$..{}.kqi.&.......H..vb^I#........_....>.........../....U....p..%.~P.......sL.o*.Z.......Axo.Na..F2..........?c....~............|^..........U|W.sG^..?.{..A2.?..........?...i7.._......r...y...U..S..u.Mx..~..=/..<7...k...V+.<.H...EL....rF.?<.J.7.^.t.G.n....x...:l....-Pi.!.|..f.......C...w.G.}..3|eJ.....[Vik..OO.>w.xW&.a.V....$.....Z...7d..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\82CEF990.png
Process: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: PNG image data, 488 x 164, 8-bit/color RGB, interlaced
Category: dropped
Size (bytes): 89100
Entropy (8bit): 7.993283480180213
Encrypted: true
SSDEEP: 1536:yBQOSyjf49EFG/I/Pr1KzDjx5jFWypMhKxMg9gBcHHzMlC+pmMq+9H9jRj9Ldige:yBfS6yEoI/PrwAypMhR2g4HzMh7RQdRf
MD5: 7D4F509DE06DC8DDD76A03799D503799
SHA1: 31F72950CECA3307AB6701E23003D46AB7FEBAFA
SHA-256: BBC731DB5B15007DFF1B3373CAA255316C38962EDE1CD6FC561AF1AC278CAC89
SHA-512: A721DFCD1CBCD956869516D4E15A662903C98FE1B9AC87D98EB787AA0E98ED3DE2C5450C823DECC612916F5E45DDEEA917B117A8C519C0020B77882C97248164
Malicious: false
Preview:.PNG........IHDR................n....sRGB.........gAMA......a.....pHYs..!...!..........IDATx^.w|...|..~.$....$..S.cP..8....@.0.c.6...a.4.pl.....t.+....zG3#.z....=k.#...:...w....^{.]....'....$...iz..I..Q..B......K.xA.&...">...R6..+z$...o.|/...O..U.K.e..K.W.8..|45.AK....mj.6.....E.. e.".{....z....t}-.........w...9H........j..#).T..t0.......%F..P.;G....ns.a..`.T......K..!.".........j{.;z.:zZp....._......../.9#..=m.j..j%..;[.t....:.|Se.,...p^....k.4..M].M......2.x.j.(......D..'.^G..f.k.g.K..............E.A....2.[.f..o..e.8N.....P.4.*i.....S.......T...c{....eY."?(..wk2!...6]_.p......q..'_....4..l..y.Q..}.&.(......^...9I.od`PZ._Z..z.xB'.(.9....L."2.o...m_..C.T4..~.....|.=^.1.S.......q.k.%.,geq B. ?8..D...K.... .Q....<.!.+_..S.<.Y..}w.. .Hz..K..." .3....|.&$^..=...o.U[uu8.G..-.....1.Hn+^.?N$.H.},.V\R....H..D.4L.#HU...B...8......S..).".......5k....%.....M......'tW. [.2#l....ybl...j [..(B......='.fsrp.xt...I.QLqE.I.<u..29...w...|.7...F.!JD...
Copyright null 2021 Page 24 of 62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B89DB6B2.pngProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: PNG image data, 100 x 101, 8-bit/color RGB, interlaced
Category: dropped
Size (bytes): 18914
Entropy (8bit): 7.988422910223633
Encrypted: false
SSDEEP: 384:VnAhr4cr/589SbCM20V8v4YAFp1WHhmrn8puhpuVPoyct8RTs:VnApP2R8Kv4FziE5XIpCmTs
MD5: 6DF099436911587D0F01178F30F4FD9A
SHA1: 3651189753E1B9C0434E49601C67060D464901C5
SHA-256: 52D726F671DAF7EBA53199A25E6BF56FC3F3AA4EE1A578803A5593173AF1451C
SHA-512: C545E77081EEC0D3052D903FCCB621CD76918BE7FAF04A1047C5524E483CB48D27B15E18CF7C8CC0C2FC7EA70BC9228EAC14179DFFF89ED91E9240792F45C64D
Malicious: false
Preview:.PNG........IHDR...d...e.....C..0....sRGB.........gAMA......a.....pHYs..........+....IwIDAThC.w|Te...u]w..E.w.*..(...HH.....{.u.L.d2...Kz'4.]Y; =....I.{n.# .....x.s.......<.|..X....=........s..i.............a...........Cm.m..{w......Lu.[~......C.....ln.T%..O~..y.\Y....k....>..'....q...{?&..).L.:]......PY..O....m..$...T....EF.......d|T.....G..r.....Qv...:........G..!...y.O.G....n...j......)].V..zz......C......% AP.'..8.o,..-.+.M\.7.Y/}c#...}*.....+`G...b.......g~s..w....7..u..F.....?.o....<......#..`0....M|z..E8.}.........o..}e.%`....~hd....m.o.-...dzo^1...i0..F.....'..c.[eT...b.....L._j~.G...(._.....K.J~aDU..>.~....&...F7..k.O.S..r1G&..$..|.q.:L.....0.L..1$..]A*..+K.\...X?7B.Ia.RR..7..-..3......3..~......|."|......<x.\t...T.,.*...(.+.}gk.R......q.?.2.....x.2.n..%N.I..T...~4.^~V..........QB...[.7a..A.._........b[0_a......a}....i.....z..__.9..s.._...IoX...l}...O:.?.<.I......k.V.-e.B...;..v..R...,.Pa3.C.dya..{g...Ig.'...w4.mm:.........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E2F330B.jpegProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 105x108, frames 3
Category: dropped
Size (bytes): 6774
Entropy (8bit): 7.877640755315386
Encrypted: false
SSDEEP: 96:oMEYUq/pD4rzft1oGBddpQVX5Fbql55ExRNxKk3jQaCaZqm3oBVOh8e8my8aDcMq:oMrRDkvBil65WafD6qsv7ic3H3
MD5: 8E72A357761CBA9A9ABFAD5CE7E8218A
SHA1: FF3A8EADC3A23E4539DB1BD89455D0103A389EED
SHA-256: B2A39097B9B799259B82CCB6E9F7C6F53BC33BA88896EE1D294A0EB847AA899C
SHA-512: 2A8D1D442F9AF70901C3B5526C4482D440580A8E3D079F5968C10A167DB030E73ACF3D5122FBDDA2054F87CEE44FE6AA7E6AB56B25B9B0991BCBA4BDDC04800C
Malicious: false
Preview:......JFIF.............C....................................................................C.......................................................................l.i.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....l..8c.?k_...9.t...._U.M...M..5.....4.<.%eb.o.T*8p\...........?...4)u..x..m..v...]..&k=b(c*rUYeF..uu..+...O.....E.Cs.o...As"O".,..[!9..5.6.~$...;../.:n...g._..i..o$.#{-... ....2[.5.^2...',Cm]5{....VG.'..G..1x.>K.BN2.7.[...R...Jp....^..W..:.....kq..$/,......#....-G..W.......N..E}...A...K..W.......14`3....p.6..z.-..?.?:....j..XY.F.\RrI..]\....2...%......4.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8D7FVGMB.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: modified
Size (bytes): 165854
Entropy (8bit): 5.290687651845734
Encrypted: false
SSDEEP: 1536:78cnWl7B4J81w0QzDaBsDaB2DaBwDaBhDaBdZc5vSX:my7HuAuiuEuduGKX
MD5: 4A8E3585C3E326B10BB120879E2E8AD6
SHA1: 0278EDF85A0313A8BD307AEFF660D46984A104B3
SHA-256: CABC08A9CFD50D16491E816279A60928581DC2A654ECFD587E9B6A01E95EC81B
SHA-512: 88F01BF8D24F72C9C7BF343DB81949DCD43BA0476E905654BC9A37B208BFA1366E29BFBECA8BBF743C13B658B8418587CE6CADD281BBF6B9BB89FEF92C042DAC
Malicious: false
Preview:<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="XsniR3Th31KIQ9T3fVbTZQ">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};.window.ytcfg.set('EMERGENCY_BASE_URL', '\/error_204?t\x3djserror\x26level\x3dERROR\x26client.name\x3d1\x26client.version\x3d2.20210120.08.00');</script><script nonce="XsniR3Th31KIQ9T3fVbTZQ">(function(){window.yterr=window.yterr||true;window.unhandledErrorMessages={};window.unhandledErrorCount=0;.window.onerror=function(msg,url,line,columnNumber,error){var err;if(error)err=error;else{err=new Error;err.stack="";err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(columnNumber))err["columnNumber"]=columnNumber}var message=String(err.messa
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: downloaded
Size (bytes): 2168
Entropy (8bit): 5.207912016937144
Copyright null 2021 Page 25 of 62
Encrypted: false
SSDEEP: 24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
MD5: F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious: false
IE Cache URL: res://ieframe.dll/ErrorPageTemplate.css
Preview:.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 21588, version 1.1
Category: downloaded
Size (bytes): 21588
Entropy (8bit): 7.973550860004932
Encrypted: false
SSDEEP: 384:9do1erd5msN48bPbceGykR88v9yGLRkcl46tW6amtMQSJCo:9+1erd5vCfRzluCSJV
MD5: 81F57861ED4AC74741F5671E1DFF2FD9
SHA1: AC3993E9EDC4C30C97FE670AA1E8A7088AA69E31
SHA-256: EEC142608E8B417E2ACB6E5301A750047A04E2C5A6563223CAAE499E19EA08EE
SHA-512: F23A7D58BE44E474CB65C368B048EB68AA1B6FEF4A12797A4A19C8D9E2F1BB7AB6FCEAE2AD17C59283616503107C332EA6245BF9F721BC49A676E8C92F46EC74
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff
Preview:wOFF......TT................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......O...`u...cmap...X..........W.cvt ...P...J...J..,ofpgm.......3....c...gasp................glyf......@W..n.S...hdmx..M4...n........head..M....6...6...`hhea..M...."...$....hmtx..N..........=-.loca..P...........maxp..Rh... ... .(..name..R......... .=$post..Sh....... .a.dprep..S.........9..Bx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20464, version 1.1
Category: downloaded
Size (bytes): 20464
Entropy (8bit): 7.969622511404751
Encrypted: false
SSDEEP: 384:edA/1eSg82dg1kGeF2BFDEE+/adkuouo34TjkWqTExYOYg/c1iuHotcO:ey/1eSnLkGeWFQECadcLIc/TEfYr1RO
MD5: 87284894879F5B1C229CB49C8FF6DECC
SHA1: FB1BD3BAF122D5D350EB387F0536C20DA71F09DF
SHA-256: BA98F991D002C6BFAAF7B874652FFDCDE9261A86925DB87DF3ED2861EA080ADF
SHA-512: 663BA95BBBC6F7E65D7B1293E4A044C9111438A03B16664FC38A2B2F2C1A4CE96991C847B36691388AB322525A83DB2724CB4D1B9BF0440727F0B5CA7073AB8C
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:wOFF......O........D........................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`t...cmap...\..........W.cvt ...T...\...\1..Kfpgm.......2......$.gasp................glyf......;...l..(.4hdmx..H....l....."..head..I<...6...6...rhhea..It.......$....hmtx..I....x.....gO.loca..L........._.C|maxp..M.... ... .(..name..N...........:.post..N........ .m.dprep..O........S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20356, version 1.1
Category: downloaded
Size (bytes): 20356
Entropy (8bit): 7.972919215442608
Encrypted: false
SSDEEP: 384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
MD5: ADCDE98F1D584DE52060AD7B16373DA3
SHA1: 0A9B76D81989A7A45336EBD7B48ED25803F344B9
Copyright null 2021 Page 26 of 62
SHA-256: 806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
SHA-512: 7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)*v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ServiceLogin[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: dropped
Size (bytes): 1583589
Entropy (8bit): 5.829212108853592
Encrypted: false
SSDEEP: 12288:afOsmovaXM3jjTqC3xYv9ByMoEyNEIFLyqJsqe2FURzjk+fvmgVv:afFvaYjTqNvny5F1JsqbFURdfj
MD5: 0EFC28C8BDAEDD748C33B61D16679F10
SHA1: 0515B4FC6401A9DF8605A7DDB097F6FADD98845A
SHA-256: B06DFC00233F556DE1828637C162B0C76569210C27E4A23F82F69D9F81CAA483
SHA-512: 27ECFAECA08B2D01B76BA46063FC7B8F2D6610743BF7520DC4B98D0A70A5B53883520B0F6A3C8F73CABC3730F7D86640F71497B89FB6C4B7F3FFD956650D72EB
Malicious: false
Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="KYXNfaJnKyTTWdRCEAnSQQ">window.WIZ_global_data = {"Mo6CHc":-2073743828914380063,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUW8BhkZP_w300RwL-wIKwO84bekqA:1611667907362\"]\n","Qzxixc":"S755264321:1611667907340012","thykhd":"AKH95es1_lZwz1t8Fom7zhB0XS-U34R5EtAbFUVYceLCgWsUy72PyIp43-IKsbLH0gxDBiDUhWoaktTcLxopLFNk24pYZS2w489xbGq5ypoKLEw7pEI\u003d","w2btAe":"%.@.null,null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&rip=1&nojavascript=1&service=youtube&hl=en"><style nonce="KYXNf
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\endscreen[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 26345
Entropy (8bit): 5.365553536100641
Encrypted: false
SSDEEP: 384:cPhwZewhZqmEKENmrNru4rEkGAHobrKY07DFEjw1ACeZj:cPhwZeEZq8ENcUJr6oj
MD5: E79109406CAFC0987FA3169FFD6B781F
SHA1: 7A7BB3A441676B72AB5C56E83BFB091F7CF685DE
SHA-256: C2E98E94AEF60F714AEBA64BC9D0944B6F43388DF2EA81C0C8BF2E432C8B1BFE
SHA-512: 8A6C0E92366FF79EE015BA6D2BFDCFB7B4BE047C34530345CD2D595DB4BC6A20E19679B409EA98BD95A0F9AD7B61125192F4B7E6A4D77ECF52481DACEBB9E31D
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/endscreen.js
Preview:(function(g){var window=this;var y3,GGa=function(a,b){a.va("onAutonavCoundownStarted",b)},z3=function(a,b,c){var d=b.Ma();.g.K(a.element,"ytp-suggestion-set",!!d.videoId);var e=b.getPlaylistId();c=b.ue(c?c:"mqdefault.jpg");var f=null,h=null;b instanceof g.qI&&(b.lengthText?(f=b.lengthText||null,h=b.xu||null):b.lengthSeconds&&(f=g.UM(b.lengthSeconds),h=g.UM(b.lengthSeconds,!0)));var l=!!e;e=l&&"RD"===(new g.rO(e.substr(0,2),e.substr(2))).type;var m=b instanceof g.qI?b.isLivePlayback:null,n=b instanceof g.qI?b.isUpcoming:null;d={title:b.title,author:b.author,author_and_views:d.shortViewCount?b.author+" \u2022 "+d.shortViewCount:.b.author,aria_label:b.oq||g.AK("Watch $TITLE",{TITLE:b.title}),duration:f,timestamp:h,url:b.El(),is_live:m,is_upcoming:n,is_list:l,is_mix:e,background:c?"background-image: url("+c+")":"",views_and_publish_time:d.shortViewCount?d.shortViewCount+" \u2022 "+d.publishedTimeText:d.publishedTimeText,autoplayAlternativeHeader:b.tq};b instanceof g.sO&&(d.playlist_length=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 10625
Entropy (8bit): 7.951528381686421
Encrypted: false
SSDEEP: 192:/+R5divvKkMiZhbZxLsOtTRxYriudxw09Gd60GR04NvAiysRZMs2unZ6Ui1:G/kfZhbcOtToFHD9GI0K04NvAiTRZyuq
MD5: DE7FD5EFE2E283432E429FBAC2913469
SHA1: DCB4FCAB6242A6A57E1EC73F56BC986D16F54791
SHA-256: 99E3BABD9AC5B7BBF05E3504B476CF769B0468891F35BDD39E7A62E051C998DE
SHA-512: 617C47712477FE70348188C9AE774132116816A7D81D2BBACB619D062D77813202073474B0FBD14D9536B72D13CE3DF4523D39C95587B425AD0F8BC1BCACFA3B
Copyright null 2021 Page 27 of 62
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/mctq1_i8ggY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDvAxIYNFAJn6sCG60M39p-t9rZkQ
Preview:......JFIF..........................................................................................................................................................."..........................................P...........................!1.."A...QUVa....#2q....R.$3BSb...Tru.....'46D....&...............................3......................!..1.."AQa.2q......$R..#3............?......C.....~{.....<..c....g.q1.......+..g.MT...........P8...R.1....4Z..w.K.jJ..v..O.%.....Y......>...?.~....l}...,.n&.....;.H.PL.-.....&..A,n,....;.."H......paqpj....A,~.m.+.e.[^.?.Z.........l....,.n&.,..9b..Pw..q..Ko._R.....<..O..".x..~.Y.....U\r.7>sr(F... .r{..O...........>.?..].n.f`S..K.*.hd..K.o.[.=........e.".....A..._.....A..._..[`....y1v..G..W.y1v..G..W....-./?^L]....~U...L]....~U..z...`....n}....~....n}....~...m..".....A..._.....A..._..[`....y1v..G..W.y1v..G..W....-./?^L]....~U...L]....~U..z...`....n}....~....n}....~...m..".....A..._.....A..._..[`....y1v..G..W.y1v..G..W
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[2].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 13827
Entropy (8bit): 7.9641693733324175
Encrypted: false
SSDEEP: 384:Ow5IESr2G4OqSqCkXE5G9bLrdZwkkLnYz4qAxdicwv//:Ow5XG2G4O4RX3dZwk6YzMarn
MD5: 588A10DD1BBF13FA082BC1651E285754
SHA1: 49BB697FEBFB7DCF5B3AAAA98150F78044FB7DB8
SHA-256: 86B89971CBDFABF59DE1329F9A1377AC27C3EE2D060BFF63C04723BF7AF7B6F5
SHA-512: 7566C9DD8BCC29F425D57C509CB9EED1A5B3538F01256F6303AC55F7EBAC5F97F6FBE7A9AD707DE131609E6FCCAA95305FD102E985A3CA657F9758DC2A601ABB
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/wLi4LNCDDw8/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAkhnRt5M_PuQ5HS_FARCaDLkX-rA
Preview:......JFIF..........................................................................................................................................................."..........................................X.........................!.1.."A..2QUa....#q......$3BRTbr....Ct..E.....45DScd....%....................................9........................!1Q..A..."2a...Rcq...#B...$3b............?.u..Q..*F..#.jk...}..`N...n.....tm\..:7C.7tf.sQgr7....a.F.|..T..%ffW......nV...kWS"..........m..O2M........F.%.*. .8Jn....s}..o..T.......d@..i..m..".u[Qcsrw6U...cK.,........dy.p......~k.Q.Q54u9.........C.y;,l.J..k....@.P<..PSiq....~.\.y.........A...;^....9...}F.$G..i.c..u....o{.|w'..Ve.O....C.54..US.<Z..y.B.U..)6E..K.1...=........#.]..O4......b..P..esel..........c.....l.X..I.I.#..#.x.n~4.^.l$'....\.V:?{...-..5...x..7...[m.....+. .*V.&p..&..-.T....n0H.0...F.E.....g.sL.5..2==T...I........"J..Of...w........].oV..I.-...X..q.u`..G..l/.oi.5o.,.E-Z.....OOS$.k..\&U..MDh....F..).
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[3].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 11954
Entropy (8bit): 7.953282520138151
Encrypted: false
SSDEEP: 192:cbg/0SuoOcPiK18xPnqm/wSRf8+CjUmEBdsVbded8aP3b4+0uE8b/ZnoStu83t1N:Gg8NZKCnX/wSu+lmmsieA4+X/9RnnUWz
MD5: 9446883C52868D3CBB48411916981143
SHA1: 80231D360FFF0A77F81E869D8AEE11246C1FF719
SHA-256: 51783859BD021B29228B5DFCB514EE65D1303B365BB612981170DA28F1C788F5
SHA-512: D25DBFF36638C8B022E220D9D81C82A6B080CA56D07D3117B6FE9B4F59C634E555C4C2FB47444EC2251DB18DC99C4313F2299A1ACD02F76078D9862EAF15FF8F
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/hRNQ8Yu5KDo/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCDLGzxXAnBXR2wIc_8G7AVUDQl5A
Preview:......JFIF...........................................................................................................................................................".........................................U.........................!1AQ..."a.#2BSq.......RU.......3T......$%Cbr..45.....Dcs..................................<.........................!..1AQRSa...".....2q...#B.3bs.%Cr............?..#.....6..X.e/.C.........(6E...Z.Y. 8R."............W..j_.\..l...e....@...l.j.~...NP..{.,.~c1.$......nc....D.......+..q.....o._.sZ..N.....$.(.F.%D...!_...o.i..T..$....4.J..0Dl....i.....C.....KK.-.....KK.-.x.pm.6z....0M:.$.b[f....l......UZw.d...u.cf.@0....7H1^&.AI......Y"y.........q[....m/...Q.....q.8..4#l.H..e....;..eV..-|....0....i.L.Fh.V..d.ex...NQ..}....!.._Yo=./.C......_......a..%..*...dd.%...8.uG...f91.0..Qn...AO(.....5..^.O..}......!.._YoG2...!.._Ymi.w..EUw.0...GBi....@.C...m..{...GK.a..X...A.....PIPc.."....7C.yd.....U...Z.Fn..L.19...........g.........7r...j
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[4].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 13440
Entropy (8bit): 7.963630014519039
Encrypted: false
SSDEEP: 384:OmiAFQ9TuZLYs2bg7Q/7jz77df5D1y4ok:OmiYQsWb75B5y4ok
MD5: 84C81AEEB249329A7578AFD45382FAC5
SHA1: 41B25D4C07020DB4A29CCC92DB8C37EBAD1579E1
SHA-256: ED32D014EC40FF09C1A6627BE076B1D94421446DED95BCB54452BCDC8906C665
SHA-512: 5E3D36C942D1AC12B1DC16D08FD4E229683AE5D272A9CDC0D142696DC5604930FEB85A6CE215E03853A4EF871DB9713CB2CC87C5A8DF019957AE0C316A063EF8
Malicious: false
Copyright null 2021 Page 28 of 62
IE Cache URL: https://i.ytimg.com/vi/0JHbb5-elMU/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCsDTU4a8JFZlstBVFGDkb8FrDdKQ
Preview:......JFIF...........................................................................................................................................................".........................................T.........................!.1.."AQ.2Ra....#BUq.....b....3STVc.......$%C....45Dt...E.................................:......................!..1.....AQSa...."2Rq..Cb.3T.....B............?.Ad.....Q.f......w..m.7.H.;.`.^.M.....0...k.......{.qiY...A.n...C......m..7g.I../......"B.O..G.cSr:..&..C..U.......t.VP..}d........,......66..2...&+.f.m-.~H[f.N..Qr....|..A,sh,..."..X.C.}.TcnJN...4..U(....8m.X.m.0...a...l.U$......k.......K..G..m..k..............E...HM.(@9.._....J..r.R.UI.).>.b....m...F.u............o'..fe.....=P..$....E..... .X..A...:..7..E..^.V.V!.Z..{.n..3!Ur.m...,........0..V:.#...ki`I..$.[p4..N.u.......US............?.I..|.5..X...\.&3.6......mkM...02...n..aca...$.T./W`A.C.r7..b.>g...A......):=&.e..\...A..s.j.F.H;.k.9.Gn@...V....G.....#.O.n
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[4].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\red_x[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 4692
Entropy (8bit): 7.929034471918412
Encrypted: false
SSDEEP: 96:Sn/2mON/mv8Z7QuHy9TZhjR0ZmegAmURrkxeDlOyMX:SnO8i7QhVTvUbDlq
MD5: 5F3C13A459A72438E42B2289C7AF2034
SHA1: F43551BE102CD1EB0B2E87DC24F980720194A56B
SHA-256: A7A63CA1370CD6FC3470FA81BB1DCB21BCE31B0048A36E5BCE8914EEB88DAAB1
SHA-512: 14E82E281DC91ED57EAB780279D167413185DB3FA7BE49FBDB4942888E7F4E30B1A0536B269258FB8C3975BCF2BC189B51AAC4F70BF44887BC17506DF6ECB507
Malicious: false
IE Cache URL: res://ieframe.dll/red_x.png
Preview:.PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.*G..d;c..8.`........3.....2"Qq.g@.0.aK.I.V.R{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.*(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$*..I..0. m).8'..P..h..k@...]..C..{.*L..qm9...W_.yX.....@.Kh..7/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\scheduler[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 6719
Entropy (8bit): 5.379581425059737
Encrypted: false
SSDEEP: 192:hn1ZQTlSynk6WNYMyPiwzTCjbPSq5uF9k6IxZj4Cxt:hn1anKNYfPiwzTNq5Gu6IxZj4Cxt
MD5: 83DCABB5C55C5B03472715884853C4A5
SHA1: 82FEA39746FAD09DF4677395C9FE1002439BE0E5
SHA-256: 639CFE3D3D3C2859AC8DC33348039782AF56AC9DAB10810F3DE5324758B19A18
SHA-512: E69C7171B853C28D325D7517BED648BC727C6DF9DDA36A60961E817EDD4BA3023FCD1F113743F1C7C9E74C59D96559BB1C1CCE7AB3966B6DEA5CB2FA7DA764E1
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/scheduler.vflset/scheduler.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var f,g="function"==typeof Object.create?Object.create:function(a){function b(){}.b.prototype=a;return new b},h;.if("function"==typeof Object.setPrototypeOf)h=Object.setPrototypeOf;else{var k;a:{var aa={a:!0},l={};try{l.__proto__=aa;k=l.a;break a}catch(a){}k=!1}h=k?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var m=h,n=this||self;.function p(a){a=a.split(".");for(var b=n,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}.function ba(a,b,c){return a.call.apply(a.bind,arguments)}.function ca(a,b,c){if(!a)throw Error();if(2<arguments.length){var e=Array.prototype.slice.call(arguments,2);return function(){var d=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(d,e);return a.apply(b,d)}}return function(){return a.apply(b,arguments)}}.function q(a,b,c){Function.prototype.bind&&-1!=Function.prototype.bind.toSt
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unnamed[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 88x88, frames 3
Category: downloaded
Size (bytes): 4987
Entropy (8bit): 7.907146257524027
Encrypted: false
SSDEEP: 96:PQDyNGLZe33fKidQe4wTI3kcQp6rn6Kga4Ads+3x/ycq8dxWowwq:P7N8I3zQW0GpinAa9s+dmwq
MD5: 038131718A53DABFC160540D0188BCBC
SHA1: 2EE5EF2F00822190A5383BCE34BB63B4F441D16B
SHA-256: 56F654E552DAC6E7E41ECCBA3ADE7B9DAF08CD18D40A0A717003FE7E892025D4
SHA-512: 131926693B3017457249F51B02B3693D6296D1725AF3B2CC10D3EF5A473397ED76E5970BAE7DAEF7EAFFC03AE435FC07430EB2FB852173CE54806BEA495E9C53
Malicious: false
IE Cache URL: https://yt3.ggpht.com/ytc/AAUvwnh264HhkEdEu2GWA2hAHC09BDrIZfP8GZJbJ_yv9A=s88-c-k-c0x00ffffff-no-rj
Copyright null 2021 Page 29 of 62
Preview:......JFIF.............*Exif..II*.......1...............Google..............................................................................................................................................X.X............................................;.........................!...1.."A#a.23BCQq..4S.bru....$R.................................@.........................!.1Aa.Qq..."2.....4Rbr.#$3BSs....5C..............?..<.,.6Wg...K.....2.....[(b.&.0E.eo.o4.G..."...R:.A.".n;...G..%.....ko...&."p....a.&.8Z'..".....<vp~`...../..K..T]..;,.uT..G.XvL.f...."..s.{z..ca.}...R..=@`...K.K.L...1..m;<..M.!..A....).CjPH.2..r..5...I'.31,..vv%..$.N..pD.D.D.D.E..e...-..pA..YHdu;...... `........o..&6...(.....v.]C0..."y..fy\`.8..C.I.N.yH..oceg).....-../.R..l/.rI$.1;..%.....I8"...'..2..!......$U...>.{.z.Q...]Z.......F...%.M".....$........qp~..H.0%H.N:z_.}.j1..X..4...X.?...&q.6K.I!.8|....Yv_..{.:_.}.k.1...k.Ow.(9O.G.L]y.ji.Y_/Vb-m...FK7...m..p2..I"H..c....s,.f.cq..m. ...n...G..(`A..Z..q..9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unnamed[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-i18n-constants[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 2169
Entropy (8bit): 5.646606361649808
Encrypted: false
SSDEEP: 48:CKTrcb1Q+11lWCAzEkEctc8V8673VObIMEIXzWVzutzmL:PTrcbTdAw1tWFVObQ0SSts
MD5: 53A3DAEB002C3A7E0A80A3014DFA561D
SHA1: 98AC212D59F8CAE79E9B73DF4AB7BD90900E8B51
SHA-256: 395D533790F9897987389B029A4693A16015A0F288ACF69A8721599176EE3445
SHA-512: 0D7B9B1D7F77AB60B995578742F6804595014D520BAD44078AC4161C8DD1FAFE402F72F373F5FBF09C9B764B556891CBA2D9B7263EE1FBEDCBA6602AD137EA5D
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var d=this||self;function f(m,e){var c=m.split("."),a=d;c[0]in a||"undefined"==typeof a.execScript||a.execScript("var "+c[0]);for(var b;c.length&&(b=c.shift());)c.length||void 0===e?a[b]&&a[b]!==Object.prototype[b]?a=a[b]:a=a[b]={}:a[b]=e}.;var g={YEAR_FULL:"y",YEAR_FULL_WITH_ERA:"y G",YEAR_MONTH_ABBR:"MMM y",YEAR_MONTH_FULL:"MMMM y",YEAR_MONTH_SHORT:"MM/y",MONTH_DAY_ABBR:"MMM d",MONTH_DAY_FULL:"MMMM dd",MONTH_DAY_SHORT:"M/d",MONTH_DAY_MEDIUM:"MMMM d",MONTH_DAY_YEAR_MEDIUM:"MMM d, y",WEEKDAY_MONTH_DAY_MEDIUM:"EEE, MMM d",WEEKDAY_MONTH_DAY_YEAR_MEDIUM:"EEE, MMM d, y",DAY_ABBR:"d",MONTH_DAY_TIME_ZONE_SHORT:"MMM d, h:mm a zzzz"},h=g;h=g;var k={ERAS:["BC","AD"],ERANAMES:["Before Christ","Anno Domini"],NARROWMONTHS:"JFMAMJJASOND".split(""),STANDALONENARROWMONTHS:"JFMAMJJASOND".split(""),MONTHS:"January February March April May June July August September October November December".split(" "),STAND
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-main-desktop-watch-page-skeleton[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 4910
Entropy (8bit): 4.986201809928998
Encrypted: false
SSDEEP: 96:mBmQZeDak2vL3bu+obsiJwKDUwbO/lp3uyFu7ytumruJbubbuNaHxdXK:xOkWeVgwCy
MD5: 6DA11F340709586A4E24CE055903B298
SHA1: 39EF070A47DCB29E6B13A5DC0001E5EAB4D779D9
SHA-256: 9EBF8E7D3BA23C83A37B2A03C6F84002F736B3A1E5E9D5F301078381B5C4DBC1
SHA-512: F5761A9280990749D22D1ADC7C53F19E3323598685306288601FE5B97589BB077C5AA270F273979E439B53C3997355CD26191DD3C55F315B97427D596B08183A
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-main-desktop-watch-page-skeleton.css
Preview:#watch-page-skeleton{position:relative;z-index:1;margin:0 auto;box-sizing:border-box}#watch-page-skeleton #info-container,#watch-page-skeleton #related{box-sizing:border-box}.watch-skeleton .text-shell{height:20px;border-radius:2px}.watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,89%)}.watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsl(0,0%,93.3%)}html[dark] .watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,16%)}html[dark] .watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsla(0,100%,100%,.08)}.watch-skeleton .flex-1{-ms-flex:1;-webkit-flex:1;flex:1;-webkit-flex-basis:.000000001px;flex-basis:.000000001px}.watch-skeleton #primary-info{height:64px;padding:20px 0 8px}.watch-skeleton #primary-info #title{width:400px;margin-bottom:12px}.watch-skeleton #primary-info #info{display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:row;flex-direction:row;-webkit-align-items:center;align-item
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-prepopulator[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 575
Entropy (8bit): 4.883021221274127
Encrypted: false
SSDEEP: 12:2QyBbg6fHCoYRBJ95QjYYem/n4fgqMB4JDlofRjF4:2QiMgAX84oqMVa
MD5: F8475480DA1F203059CE5EC8E6197809
SHA1: D8DD61639605071291D47DBEC807602229B3926D
SHA-256: 89BA50A406056A91176387B0FBAB001DB7E5119213A3666B18CEDD465A3A575B
SHA-512: D67454C9EDAE47609700CB98BBEC526DD6189F50FCAE175ED69CFC7012771D973FEF1EF2F96551CB42A812B2A14C8410E0C4E05DCD65FF7C4E09C6EAF23768CB
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-prepopulator.vflset/www-prepopulator.js
Copyright null 2021 Page 30 of 62
Preview:(function(){window.chp_spr&&window.chp_spr({responseContext:{maxAgeSeconds:300,webResponseContextExtensionData:{webResponseContextPreloadData:{preloadThumbnailUrls:[]},ytConfigData:{}}},contents:{twoColumnBrowseResultsRenderer:{tabs:[{tabRenderer:{selected:!0,content:{sectionListRenderer:{contents:[{itemSectionRenderer:{contents:[],trackingParams:""}}],continuations:[{nextContinuationData:{continuation:"",clickTrackingParams:""}}],trackingParams:""}},trackingParams:""}}]}},header:{feedTabbedHeaderRenderer:{title:{runs:[{text:""}]}}},.trackingParams:""});}).call(this);.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-prepopulator[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20348, version 1.1
Category: downloaded
Size (bytes): 20348
Entropy (8bit): 7.971548837012925
Encrypted: false
SSDEEP: 384:sSRPUR1eEsGitLcRtdt6S1PvpjwY9O1V6LTFY88fFFEagMR3SAFNE/A:saP+1eBX4Rtdt6EJjwY9O1V6Pm82lR39
MD5: B00849E00F4C2331CDDD8FFB44A6720B
SHA1: 5B7820FEC8F9810E291E1EB98764979830ED6621
SHA-256: 76B05400FFF9DA5B43862E3713099E3913916A629560265ED24B19D031227CBF
SHA-512: 64F2BB1D16525CB5435CC3AA253D83669C321D68695CDF14218EEE43B5347DD6BC67B23D6F5E359971B1FFA72857C2C9DCEC0370535F12EDC20AF42CF41CF661
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:wOFF......O|................................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t6..cmap...$..........W.cvt .......X...X/...fpgm...t...4......".gasp................glyf......;...lxRn..hdmx..Hl...l........head..H....6...6.Y.ihhea..I........$....hmtx..I0.........._Gloca..K.........k.N.maxp..M.... ... .(.\name..M........|..9.post..N........ .m.dprep..N........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20268, version 1.1
Category: downloaded
Size (bytes): 20268
Entropy (8bit): 7.970212610239314
Encrypted: false
SSDEEP: 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
MD5: 60FA3C0614B8FB2F394FA29944C21540
SHA1: 42C8AE79841C592A26633F10EE9A26C75BCF9273
SHA-256: C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
SHA-512: C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\base[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 1568534
Entropy (8bit): 5.585843000660426
Encrypted: false
SSDEEP: 12288:ccm8n63W2m+gobasLXiY90CmOwD6WUQ3UQ5MWmLykthA+tXbG:7m8n63W2m+xDLXiY90CSD6WRUZthVti
MD5: 2135F5F59AB69D470CC2CCD28C760F08
SHA1: 3CE200A2C16BBDD6602A42794FAD9DC899D3F8CE
SHA-256: 6AA31E3EB3E62A93813BE77EB8DD97EC8A35FA2AC0E03E1A1A2C1FEF5840996D
SHA-512: 66CBD6128F59DF04C3042C84A6AA10DAB0BDFEE302D6D3913B055F0736DAD4B5AEB59652DA6C3D8ED8D6D13D98B30FB1C97EB0E31815BDD2E3BC09098D5C6CDC
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/base.js
Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k,ba,da,Jaa,ha,ia,ka,pa,qa,ra,sa,ta,ua,Kaa,Qaa,va,wa,Raa,xa,ya,za,Aa,Ba,Ca,Da,Ia,Ga,La,Ma,Uaa,Vaa,Ua,Va,Wa,Waa,Xaa,Ya,Yaa,$a,ab,Zaa,$aa,cb,jb,aba,rb,sb,bba,yb,vb,cba,wb,dba,eba,fba,Gb,Ib,Jb,Nb,Pb,Qb,Zb,ac,dc,ec,hc,jc,kc,iba,lc,mc,nc,wc,xc,zc,Ec,Lc,Mc,Qc,Oc,mba,pba,qba,rba,Uc,Vc,Xc,Wc,Zc,bd,sba,tba,ad,uba,kd,ld,md,nd,qd,sd,td,wba,ud,vd,zd,Ad,Bd,Cd,Dd,Ed,Fd,Gd,Id,Od,Pd,Rd,Sd,Td,yba,Ud,Vd,Wd,Yd,Zd,$d,ge,je,me,qe,re,we,ye,Be,ze,De,Ge,Fe,Ee,Dba,oe,Se,Qe,Re,Ue,Te,ne,Ve,We,Fba,bf,df,af,ff,gf,hf,jf,kf,.lf,mf,nf,Gba,wf,qf,If,Hba,Mf,Of,Rf,Sf,Tf,Uf,Vf,Xf,Wf,Yf,Zf,Kba,Mba,Nba,Pba,fg,gg,hg,jg,lg,mg,Qba,ng,Rba,og,Sba,pg,rg,tg,zg,Ag,Dg,Tba,Gg,Fg,Hg,Uba,Qg,Vba,Rg,Tg,Ug,Vg,Wg,Xg,Wba,Yg,Zg,$g,ah,bh,ch,dh,Xba,eh,fh,gh,Yba,Zba,hh,jh,ih,lh,mh,ph,nh,aca,oh,qh,rh,th,sh,cca,bca,uh,eca,dca,fca,xh,gca,zh,Ah,Bh,yh,Ch,hca,Dh,ica,jca,Gh,lca,Kh,Lh,Mh,mca,Oh,Qh,Th,Wh,Yh,Vh,Uh,Zh,nca,
Copyright null 2021 Page 31 of 62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\channels4_banner[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 1060x176, frames 3
Category: dropped
Size (bytes): 31172
Entropy (8bit): 7.969886414335456
Encrypted: false
SSDEEP: 768:FTLgd2lBj57VGrLCKU3ZFZpGlzba4Fhr0DwoYuHAkv:FnM2HHGrLCK2rp+zLFug0
MD5: DE56852D78FBBF125AAE474F75FF9E1B
SHA1: B6463FEA76F964A22C194635CD26427E8919CA37
SHA-256: 9259C780EB86064DD0EED484F80C6F5A7C4F300B31951245186276D9DF29F7FB
SHA-512: C24442E535CF6ACD14D1A1FFF4019C995F441EAE6EE88C6B6FCDDBFC0CC30D2AE6A7F7134A74063A71B891EC8B41015A0B12CAB9A2C120E7DD36592097E05630
Malicious: false
Preview:......JFIF.............*Exif..II*.......1...............Google................................................................................................................................................$.."..........................................b.........................!..1.."AQq.2a....#RUt.......$%35BSTr...&6bsu.......4CV..cde....DF........................................>........................!..1Q.A."2aq...#Br...4b.$35CRs....c.............?..5G.Uk.../k-o.[..I3.%....R.ma..{...4I...Y.s..*.M....+.....8..K...s.pl.=....[<..c...^..E#........b.......p..(...`.......$.s.}(..r_.[...V.E#...s.x.UC........i..IG...U.a...>#C.^..2..X.5Q.~..:V. uX...?$..6.....[6.A.Aq.'1k.rOm.R\.5.....j. ...!.I.k...3)6.....R..xC.H......:.=,.i....+}V..E..F.vos..M...bkcq...#nx.*.L>..2F...~Q...1..@O3..f....x%m4m.,21.CE.V.k.O..m.....&5..=..+l.[5.;.[pDq.4..$..4x..i.5.v.L.2Z...e.1=..M.8..e.[...........T....e.V...Ub...k...\.:.s...g..>.?...j.d..Sv..|....{?...m.a...f..f".-...[PV.]Y..B.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: dropped
Size (bytes): 1436
Entropy (8bit): 5.171560696481471
Encrypted: false
SSDEEP: 24:5/iY3QYNNxu/iY3QYsNxh+/iY3QYXNxm/iY3QYN7Nxd/iOYNNxBl/iOYsNxDv/ih:UY3QWNrY3QLNbBY3QgNnY3QCNiOWNsO6
MD5: 16B7B19E68ECC7CCA020171D1124A256
SHA1: 7B4A88C6505A6B59080522BF901F3D5310AEDB5A
SHA-256: 65DAFC62A9660435BED1C31C45E360E2C76268099F6E42771E40CB17D104E2E5
SHA-512: F8EAF0368E68EADEA5D15180EE1E747D3F803BB1EDE82092145E7CAC829C7494CACA6CEE8078EA04EA577E828A8DB014DF1DB2553E6DBA9CF2C52AB51CEE821B
Malicious: false
Preview:@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: dropped
Size (bytes): 416
Entropy (8bit): 5.2802488817135345
Encrypted: false
SSDEEP: 12:jF/S6O6ZRoT6pixah/IXkqF/S6O6ZN76pixah/ItY:5/ZOYsNxahY/ZOYN7NxahB
MD5: EA95A44EDBA0612E2C4CD813A1F9A231
SHA1: 58D16504FEC9B0F526F9AF58BD1199585125F129
SHA-256: 00D4A2B23146F76099C9184477145D5172274F1D34817CD6601943CD2D5ED79E
SHA-512: 4EE6F10EF9D7C32511EB1323E068F9D86F81D0643810E0C13F012F5AA40EB6E8EF7D7DD5139A16088A11745F307C517C337EA2396713F4BA968700E054EEEFF3
Malicious: false
Preview:@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff) format('woff');.}.@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon_32[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 348
Entropy (8bit): 7.063764226799785
Encrypted: false
SSDEEP: 6:6v/lhPKYXik4gPDdKad76NWXlUzvPNNXtt0Eo0NaLTTwp:6v/7iYSk4grdKS6SWntVNaLf6
MD5: 3A880420311AD60097059FFC0FC53393
Copyright null 2021 Page 32 of 62
SHA1: 7644B902864C4BA3604F61E0880E05DA15AB464F
SHA-256: 571C382651D6337CD5FA49C512D02F0F99D523A896B87175FB59C710E1FCBC7A
SHA-512: C16652970D04B7B76F7E7EF5A8D091984A13406CF7F5475CC3CFA3ECAE3278C19BE5494BE39A8E549978B0675D1C70F69CC1413DE9240487943D91965AFF17D1
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/img/favicon_32.png
Preview:.PNG........IHDR... ... .....szz.....pHYs...........~.....IDATX...@...w....(......K..;.;....)a;..!+D....%L2!!..d...$...d.b ...o......n......H..+I.......VP.5....albl.I ..D]...Y.D.l...2y..........P=...=.-.e. Z..{..gkA..*....sS;..m.....N*.I....~.!Hu.h.:I?L..x....n.q..6.h.............d..qH(..../$.V2.{3J...r5[..6..9j..[n......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon_32[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\featured_channel[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 150 x 149, 8-bit/color RGBA, non-interlaced
Category: dropped
Size (bytes): 6536
Entropy (8bit): 7.955847676301548
Encrypted: false
SSDEEP: 192:5g+o8K9A2jUMWKGGG35f4C+3ObuuRa95Lc:6+o8gAn3KbG35Fbuusbo
MD5: 8CED91E6D88D3718F762A831997AA496
SHA1: 697A5395CC31A557C6BE7D3E60B8F36E222AC2B1
SHA-256: A6EA0BD070352E461AFF09BBBB08AE3E419614C0AF1C0F05CF91D9FA706077C8
SHA-512: A0F9AA6DBA7B54E52ADBEC602D9983FEFBEA953D3B1AC7A8AFFD967820EDBACEF26993DCF037E87DA3CDC489514750A77AB531793A88567B56D3E098B0D7F3C1
Malicious: false
Preview:.PNG........IHDR................L....sBIT....|.d... .IDATx..w|TU...N..d..I .`....(..w]...eUX.*...a].........b/.R..@BH#.:}.=....i.i!..}>...3.{....<E.3.c.l .pfgg[&N.h...6..F.V..i.Z-..(.@ .t.\......o...c......r.+..^..>........0.(............'--........Z............6....................~..j.y...~.z.v.........o.........?...r..@.8.x..3.,.3g.(....$...6l.....8...o.C{....#$..>....?..o.m.D....1..|q..gl.^.....c:.|.........0TTT..^zI...z...Sx.../.Z.d.PU..y.cP.E...O../.....N....3.....SX.~...;...{{..'.<s.L..[{{|{.eeeb..M..z{P.e<8m........>..7..n.......i_.Ec..l....>..K..#.<r.p^o.Z_...~...k.....7.....=x}..]}..;...{{..YTVV.+..b........?...............=......W.m......eeeb...#z{..6.y..G._.f........T....`.-,.../{...3X.h.....@.M{..[.l....../y.%%%..0`.p....7.r..GW644. U/.......8.C.{.-..W\qE.....U.7.../...&`Po."^.<m.4Oow.....^....69b.y3f.80M.Q.z.~`Bo.$Z.r.T}.7.|..8....)......i....N....{.4...r.vg.@t...z....c..;.j......&QU..^@ .`....V.X...z.E.5...Cl6[..;..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fetch-polyfill[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Pascal source, ASCII text, with very long lines
Category: downloaded
Size (bytes): 8543
Entropy (8bit): 5.238064281324506
Encrypted: false
SSDEEP: 192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V
MD5: 04E3CC8A9641B3F9F9C9370F4E9B5BDD
SHA1: 9602A891F583094BB04FD407B253ABCAFFB8C8D0
SHA-256: DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980
SHA-512: 58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/fetch-polyfill.vflset/fetch-polyfill.js
Preview:/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 12368
Entropy (8bit): 7.961633133128519
Encrypted: false
SSDEEP: 192:O/89HNiLnt/5aY7UtnvvNbv5wYZtkRsZgILmpY9TY7QaR3ImVMmjd3FuxG:O/JnjMnXNW0kRsL2YBEQbmVh3N
MD5: 05D70A8E343990FF14FE389B2D47482F
SHA1: 50D9B5956DE65A5FDE2EDA593416E477DDD9448E
SHA-256: 2DF1994A854D66B9401A458516B14513F2704F22150B0914CE1674EFE3EF3A5B
SHA-512: DD09588FA689C1676B54C135D3560075EC32EFFC43BE1D07F9ED2061A6FF32BCB653E3FEA81E3EDF510D6FD6D572AB65ECD8F7FCF89DCE571A1FCC0226A750A0
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/OsdsJrzyjHg/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDY8r8dZaf9V_IKnjf7M7USnW3Nkw
Copyright null 2021 Page 33 of 62
Preview:......JFIF...........................................................................................................................................................".........................................V.........................!.."1A....2QU....#3RSaq.......$BTbrs.......4C..%.DV...5c..................................8.........................!1R...AQ...q.."2Ba...Tr..Ss..............?.{......aEI.*..W...IO.z....$r..P.9...vx....5n_W[OPU.M0.w..:l.J[.......J.Z...&..4..J.E...2."..1.G*6.......+al9m.k...jj..qh.G....w.d.F...$m".Z...J.T.....-.J..DJR37.|....#Z/$..........O..a....l.]...._J...p\..V|.........(.....g...j....;2..|..,z...P..V....<.U...K.h..,.WZ........pF<....{..kYC2.-N.(J..........V..<..fV9...E.]...._J.V.K8..!.X.9..*#.&....iY.....#...Z.......(..J....{F"PB..(=!f..lF.&..7.q.Z..I...M^.[O.....2..9.'....cv.`.CG..6........@X..7..8...Y.Q<.{.8..H.a.. +j..Y........U~d..F.e..z.d6K..S.....w.v.B.Ly.f\.f..+)...:.....e5...~..g.;.&*Z\..w..GuH.S,.&.7P.Jy...V...%..iQE.dy.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[2].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 18364
Entropy (8bit): 7.964332229870699
Encrypted: false
SSDEEP: 384:2r8DkHzp3+5DakoVmGIpMGR0xy8HYERJhHylHGnkAUAHpe6S75:2Y8KMmzpMGmxyCYERJhHypG1rpo75
MD5: D55F56D04A80DF2C6339289161050D78
SHA1: DE3DD5C1B30D05D5B148CA90927F376449A58B05
SHA-256: 3626D27EC15041617B3F87A1D3CCB153763E2734B2FB8EBE9CAC264CCC515435
SHA-512: C0ECFE2CE307ACB8D275E45348DC0A19AFB21D47506D38B69B020B2FE3C63DA6A8505036F2F8BBFEFC9802662833ED77B48570B165EDCB384F7DE5A5B98D5112
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/jN2nkrUdJGU/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDgTfHgTQuXGTILsiJFyntB4065jg
Preview:......JFIF.....................................................................................................................................................................................................Y.........................!.1.."AQ..2a...#$Uq.....34BRst...Cbr...%6DTu......&5Sd.........................................G........................!1..AQ."aq...2Rr...#45B...3CSb.s......$%c.Tt.............?...I..QK....*i..&z.....z../X..I'v..rE......L.\.0#..,2.k;]....d...-......d....l.8/.....J..t6..&...d.|.>.&..7.u...>...nv.8...Z..0W..).e..M..A...7...n./.;.ym...p.......S.?.....ve...SzgV.....-.......l.kc../.|....E._7.B.........c?.a..ON.N....4....F....Sl.n{[.......m-...GX...%n....X\...v.Jn'.f(.M..S..B.g...ke.U.\..m..7..c.....z.K.,.-.G......}.G............=:4.......M...5..6.4^...lx..>[.A...K..>7..4.Y...4}..>!M.0..k..Z....._?.z|z...8...M.h.Z...7.^..z.x.1.wZ..#.(....S.4}..A..oF ....f...w`cp.ds.Y.....:m.G.G.|B..^.....[.._g..9...v.i..,t.....D.Sz.u..+..&...\.?
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[3].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 11912
Entropy (8bit): 7.959584535735454
Encrypted: false
SSDEEP: 192:Z+6SdtiR2XWpbS8uHP8mYBrOKNZw0cy8nLSJqaVGzFWPCFcAosK34j5Qv8:0fdtiRUAbNuQrOKNZ5cyk4qFF44ev8
MD5: 0A8B02B32C40AF173E8C2B0FFD314CF4
SHA1: 3C22E285768B1BBD49E549E81B981EFFF8A19323
SHA-256: DE3D1E44735FD1AAE6557E80A558F9CE6974240550A0F6C78367F81AB90E3805
SHA-512: 329D54401939E4E9483D884F17A66DA9AB33E1B3509AB7B15FDBA4F734145618718F9E4C07B6E7435215A374D0F71443FFA29C83806E1364BE5C7C182901C22C
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/OPypfBBUGXo/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLD9oMzT_0i3NQ8HdAtHwqZ1m4poRA
Preview:......JFIF...........................................................................................................................................................".........................................X.........................!1"A...2Qa..3BRq.#..$4CSr....%s.......&5Ubt......6DETc.......................................9..........................!1AQ.."Raq......$234r..BCDS..............?.K......5.b.S...V...2..;W..#......7.e .Xe.I#N.jO!oI.x0vG.UJGv.*..a..I.9.....{@..X2.3!..9x.B.GK....7...n..oT.T-L.O..J....,.#....LS.. M..M....V..0.".').Y:.....;)......).y..p.-.^G.l.U.I.e...mfB.r...6...-+.^.d.*w.8.G.m.......*..0..3(.Xe....<Z.4..=v........\.0(J.. .6...5..fj...,.F..6...!GQ..y...q~?......k.<@7..cR.+...8........7+.0R....E...T. D..^s.|b..(..[.FI.fj....5.e?.S6d(7.#../:..\. ....h..X.$n@.'...Dkc?......... o=..n"5*.....G..-]..M.@.T.`$..rdx.k...6n...S2..D...2......}....@...].... ..xh#M.\=]1.#.k.<P.9...w.#b...b._..Q.v.....S 10b..w..S......)..7(.F.o3...rB....+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\remote[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 96205
Entropy (8bit): 5.457422961519926
Encrypted: false
SSDEEP: 1536:LOa4P6D8UnIDwiJ/TRdKIjgTour9rUaR0ZRdbXgkBLOAwQgn6eR21jBZb0Ed9FKp:qSD8GQJbRdKIjuourfR0NXgkBLOAwQgV
MD5: 7B8B1DE5CBAF7264226E67669D7CEEDB
SHA1: 1E1DFD991CA95BAC24BB457E33C762D256B43F16
SHA-256: FA1B7BF869D1DDC7067F4BD6DBB211BF121D734DB92F6947FA5BE432683F1805
SHA-512: D172F559D9F0E8F519422B23BFDB65431B444786704A9F4FFB1FAFF760AD380B70CC427C80519CAEF10151CB9D47EB2858FAE4BF86C2AE4A334211B2404CAAFE
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/remote.js
Copyright null 2021 Page 34 of 62
Preview:(function(g){var window=this;var Y,uHa=function(a,b){return g.Ob(a,b)},E4=function(a,b,c){a.C.set(b,c)},F4=function(a){E4(a,"zx",Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^g.A()).toString(36));.return a},G4=function(a,b,c){Array.isArray(c)||(c=[String(c)]);.g.gn(a.C,b,c)},vHa=function(a,b){var c=[];.g.nj(b,function(d){try{var e=g.Wn.prototype.B.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.Vn(e)&&c.push(d)},a);.return c},wHa=function(a,b){var c=vHa(a,b);.g.Cb(c,function(d){g.Wn.prototype.remove.call(this,d)},a)},xHa=function(a){if(a.U){if(a.U.locationOverrideToken)return{locationOverrideToken:a.U.locationOverrideToken};.if(null!=a.U.latitudeE7&&null!=a.U.longitudeE7)return{latitudeE7:a.U.latitudeE7,longitudeE7:a.U.longitudeE7}}return null},yHa=function(a,b){g.gb(a,b)||a.push(b)},H4=function(a){var b=0,c;.for(c in a)b++;return b},zHa=function(a,b){var c=b instanceof g.Cc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\remote[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\webcomponents-lite-noPatch[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 123684
Entropy (8bit): 5.41776925007726
Encrypted: false
SSDEEP: 1536:CrlFKuJg/vylWhsuP+1MUOKhOB7Brv/qTg9SpIB6RExBFPaYUcrs2Lt4Q9AhkTHj:+38KALqlIWCB9mkTD
MD5: 85BD6CF714F78FF3AEBFBFC76E33D8B5
SHA1: 1428D9F7DEE4C4216A356D4AEED3A9D44BE5FAAA
SHA-256: 7E858B2A14374526AF64DB74632C3131D980BB0A89D3E1447E23A238822021A7
SHA-512: 37DEECFB6433F4AFB80A8B13CE664B8C49172263DE5D6978CA765F20D13D392888E81C3EFF1F5400D67A6DA3C3116C32BD9D5A33D37E5F3BD5E06EBE658B798E
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}function ca(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}}function y(a){if(!(a instanceof Array)){a=ca(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=da(this);/*.. Copyright (c) 2016 The Polymer Project Authors. All rights reserved.. This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt. The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt. The complete set of contributors may b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\www-player[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 344488
Entropy (8bit): 5.2421579568015915
Encrypted: false
SSDEEP: 1536:Kzu9IdYR9WDQI0irpHrp3/fn8MZv8M5q4ay95G0hXkTNROP5kRrDJciM/By2N+CZ:Kzu99F7ZBgFyV1u3
MD5: 934E57A0B55A6997EF408E22C2946AD3
SHA1: 90AC3BA5EBC1D8C19C37DB6CF21D0DCBB44CEFAB
SHA-256: 0D450A63AFAE6834E1DE8559245EFCEEFB49738F8BCD13889F929DCFB6AF4001
SHA-512: 097D6B60E0C6236C8D8270A7A27E8E0F4B38C027BFCCFC08E0F5A5A46321B9A1DA63A28FDBD4EF082C1681530E245870645F3A5D672F986F1F960C18C9009F94
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/www-player.css
Preview:.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 22204, version 1.1
Category: downloaded
Size (bytes): 22204
Entropy (8bit): 7.9742393611260916
Encrypted: false
SSDEEP: 384:X4RPU21exwpjqNUdgwvWwW9i5ZTkudHjv3vQWsdV8bT3XV6qvihHbF9qW8Y:XsPN1eae2SwvWr2TkuDvvQWc8bT3XARH
MD5: 4DF32891A5F2F98A363314F595482E08
SHA1: A8AB4E03143BCF7646C96A8CB33B3E596A9E55BD
SHA-256: 0BE0AE6EFD852B3695CB7A76286096F60E93B7D31C16E0B71CA35ECED7FDE8F6
SHA-512: 3C1775EE5F2D42B53C4196280D11E3405B9EEAEEFF1FDF8291E7D87D7748D28BBCB1ECD7A225AD266144EAB28ADE08A7EB4659824B2FA649884B86B1783EF2ED
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff
Copyright null 2021 Page 35 of 62
Preview:wOFF......V........l........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......N...`t6.<cmap...$..........W.cvt .......X...X/...fpgm...t...4......".gasp................glyf......B...s.._{*hdmx..O....m........head..P....6...6...mhhea..P8..."...$...nhmtx..P\.........FIloca..R..........b'maxp..T.... ... .(..name..T...........>.post..U........ .a.dprep..U........?.1 .x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\annotations_module[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 67207
Entropy (8bit): 5.561268868353723
Encrypted: false
SSDEEP: 1536:tOtrd7B+3c9recREGBrdDWs5qdBVuxOoFfdudzSkA:gtyE0GnZvOA
MD5: AEB83E6A6ED58CCE6C9A7E2D140CE056
SHA1: F86C9DD98E9EFA2CF1C2879A620E57BE477AB594
SHA-256: BB6CC0ED8D01EB6E1B9599D89F611A1FCF0635210B4D969AE4F5606A043F2490
SHA-512: FC6C60BD230E81F15FF6E859690F0CF0B190A7CF6ADF2D5AFB800C005A58D9B817A94B0AD55BFFE8664664E6BF77D2792B3482ACE36EB010D6FE9D17CC616E45
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/annotations_module.js
Preview:(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var P0,Q0=function(a){a.V("cardstatechange",a.Ng()&&a.Vi()?1:0)},GDa=function(a){var b=g.Eg(a);.a=g.Kg(a);return new g.ig(b.x,b.y,a.width,a.height)},HDa=function(a){return Math.pow(a,3)},IDa=function(a){return 3*a*a-2*a*a*a},T0=function(a){a=g.Qa(a);.delete R0[a];g.Sb(R0)&&S0&&S0.stop()},KDa=function(){S0||(S0=new g.D(function(){JDa()},20));.var a=S0;a.isActive()||a.start()},JDa=function(){var a=g.A();.g.Eb(R0,function(b){LDa(b,a)});.g.Sb(R0)||KDa()},U0=function(a,b,c,d){g.Bn.call(this);.if(!Array.isArray(a)||!Array.isArray(b))throw Error("Start and end parameters must be arrays");if(a.length!=b.length)throw Error("Start and end points must be the same length");this.u=a;this.K=b;this.duration=c;this.F=d;this.coords=[];this.progress=this.I=0;this.D=null},LDa=function(a,b){b<a.startTime&&(a.endTime=b+a.endTime-a.startTime,a.startTime=b);.a.progress=(b-a.startTime)/(a.endTime-a
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bullet[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 447
Entropy (8bit): 7.304718288205936
Encrypted: false
SSDEEP: 12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
MD5: 26F971D87CA00E23BD2D064524AEF838
SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious: false
IE Cache URL: res://ieframe.dll/bullet.png
Preview:.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: exported SGML document, ASCII text, with very long lines
Category: downloaded
Size (bytes): 6694753
Entropy (8bit): 5.499263569302448
Encrypted: false
SSDEEP: 49152:fNDnvbgEOO26a1RA+D0TrCcMMsfMnv1xzoYKPvgYhfwOQpUOvgn6Au448R70Q:WKc6wRT
MD5: C3B49E1E4D32B18560BAD7620631EDF9
SHA1: 766AFED2B044ED49A50A7364BB8499AE2787F4FF
SHA-256: 6E3FB730BAF1F25E2A2E439A69BE56CD321A296E069C2E0888C1CE06D21A4AB0
SHA-512: 616AE0E07F184E1DD182EF454DAB03806549FE0B0907B8B794256BB0B3885F2BFEE9D244B9B3677E2E47C955800F9E93852B3B879659962E87A4958324ABA19A
Malicious: false
IE Cache URL:https://www.youtube.com/s/desktop/b70e86a1/jsbin/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.js
Copyright null 2021 Page 36 of 62
Preview:if(ytcsi){ytcsi.tick("rses_dpj")}.(function(){./* HTML content inlined from HTML import */.const d=document.createElement("div");.d.setAttribute("inlined-html","");.d.innerHTML=" \n@license\nCopyright (c) 2016 The Polymer Project Authors. All rights reserved.\nThis code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt\nThe complete set of authors may be found at http://polymer.github.io/AUTHORS.txt\nThe complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt\nCode distributed by Google as part of the polymer project is also\nsubject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt\n--> \n@license\nCopyright (c) 2015 The Polymer Project Authors. All rights reserved.\nThis code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt\nThe complete set of authors may be found at http://polymer.github.io/AUTHORS.txt\nThe complete set of contributors
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: downloaded
Size (bytes): 4720
Entropy (8bit): 5.164796203267696
Encrypted: false
SSDEEP: 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5: D65EC06F21C379C87040B83CC1ABAC6B
SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious: false
IE Cache URL: res://ieframe.dll/errorPageStrings.js
Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\forbidframing[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: downloaded
Size (bytes): 2882
Entropy (8bit): 4.101264567053427
Encrypted: false
SSDEEP: 48:upYP3V4V1UXvCavVbQdZKUqVtLQI7I6FQ3:u1qlW8rJId3
MD5: 5CD4CA3D0F819A2F671983A0692C6DDD
SHA1: BBD2807010E5BA10F26DA2BFA0123944D9521C53
SHA-256: 916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B
SHA-512: 4420B522CBE8931BBA82B4B6F7E78737F3BB98FC61496826ACB69CFFF266D1AC911B84CB0AEEADD05BD893A5D85D52D51777ED3F62512C4786593689BF2DF7F0
Malicious: false
IE Cache URL: res://ieframe.dll/forbidframing.htm
Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="LTR">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>Framing Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onload="initUnframeContent();">.... <table width="450" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="red_x.png" id="infoIcon" alt="Info icon">.. </td>.. <td id="unableDisplayAlign" valign="middle" align=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 7819
Entropy (8bit): 7.920807697456636
Encrypted: false
SSDEEP: 192:a+CXGAAfu1s0SnPRBcJGpTz3qCxdVHSFANEO:aDWJeSZbpTjbrHfNEO
MD5: A6ACA7EEFFFCA74D6B3489933E76A814
SHA1: 3A279BF7E2373DA1AE774B44BC47EC50CDE79581
SHA-256: 8526529F1211EF7049498F9EBCAA37C328CD42C395C84791993A25554682FA28
SHA-512: 36D2BFBF6E4121DEFD2F0311B1DCA658D3D8C2D582C7426198BBB5DE93CE043DF85A8E611FC8AA09EA3D362432CD39391EEB6C923913D4FAFA5E414136CB838A
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/kpLnxV3a1bE/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLBRCC1Bu6maOjHtwiDzjwwojY4BFg
Copyright null 2021 Page 37 of 62
Preview:......JFIF..........................................................................................................................................................."..........................................R.........................!..1"#AQ....Ua.......$%23RTq..BSds......4b......r.5DVc..................................@........................!1A.Qq....2BRab........."S..r...#CDU..............?....)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.E...N....}c{.S.....\......J".........7..Z..R.rAR.....I8...5'..Lz.....B':..J#.e6.......;Ul.......Ws.W..=.........g..Oz3.....7..NkG....s...8..0.@.T.#N.J..2.`.m~.vQ,IVR...S.V...._.9.+......].Y^v....^-$1n.G.B.R..NX.D....+A.3.}'...UC...5.U0.9W....O.Y.....].Y...r..g.2...WT..H...z.=W.....BC.\8.eJ.q.BW.......G..S....W..l..y.[y...y.rIR. .@.S.W....-..$...c....D\.=.....b.?.......7..=...u.o{j...U..EC.zwc.]s...........7..L*Q.5......g.}.`f..&&..$.u?..c.....u.b7.G\.Sm.........e%.-....u....Z...to.....K...',9.B.@....D.55U..Au.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[2].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 13233
Entropy (8bit): 7.9662355518676415
Encrypted: false
SSDEEP: 384:Omw9qhU7WE7vqrKxVxSeV3MhO6OtOcZuvBpmecHv:Omw9qhvEqrKxV1V8M6OtRuvrg
MD5: 26857E980FB4CF3754D5834117C3412C
SHA1: 1A5BA0E5090E7442EF49F565C7611198E94B84A1
SHA-256: 7710CCC70CB82B6EC0A2988CE2DB577772093F64CB3A2222743BEDEABB092CAD
SHA-512: 16158F1D53D60778E8467FE56FCC0B2A006B5C15E8CBB44E0EC80B8BEE37EA416A7EE200E3F1E707BFF3E6D6DC24A576098D0297DC6916A83A2564BB0FD20C58
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/plv3mIBEJnY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAiqz-dpk8oPWjJ8Zl9UdLlBGK4EA
Preview:......JFIF...........................................................................................................................................................".........................................T........................!..1."AQ..#2a..S..$3BRTq......4c......CDbr.%&6t..u........................................6.........................!1A."Qaq..2......#Rb..45Br.............?.-.l.d...c.m"1..,.M.t+..v.I."uj6O..2|[42...`.$.<..iA.(c.*..oH..F.7..... X...A.V..n....U../..Nl.Pe..s\..i.&U.*w .....0.....o}...X.....:.... Bcs.j..........h~..= ..yy.B....-.oD...|j.?F:..q.U...M..YE.A.=..v.....8W..W..s..}.......u..'..+b-y..>..d..%..q{^...<H..k..`........9b..";...m ...d...n........Z.O.....p}.Ltz.Z.....?.1..a.J.....:m.....o.k%.fb...(2.)$.X..?..w.......jPJ.....e...w..q..a,H.Z..$." ..G..~...(>..u.}.@...........r....+..G........".}..I"..$..,x.@...z......@...S.-M.aN.e....A..9.I..I.I$W.(r....<.......za..C.....yp..G...w...,.D...`.%...u..Stt....G...q^.....6...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[3].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 10102
Entropy (8bit): 7.93938233288827
Encrypted: false
SSDEEP: 192:QiNabkkCxRmcn9mpXhsR20pQq+A8OFIOa/XBDYfJUTn0NOBHjO9PeNb7A:wQkCRJn9mpXe20p/FINXtN0uO9PCs
MD5: D21C68376043657471B0D167ECDA36ED
SHA1: 34231C1F0D58BFC90305F148FF8F185DF7C76963
SHA-256: 768B45D3C543636ABCFA0776A228E54FA98CA9A7700B183DE876FEBE71A48582
SHA-512: 71C1FD7CBE8924B9DE6C10B407F9C075F896473E1A76265F2C4735AA0453B245333FA9B9CA0168DB9E09FFD57B67E65857763DFA11D0794EAD11DE4C99873511
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/MEwigYNZwXw/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLB7PhHY6DeGABMaeEKvCIuzpD3Fcg
Preview:......JFIF..........................................................................................................................................................."..........................................R.........................!"1....#AQ..$234Ta....BRUq....CSr...%b....6stu.....5d..................................=........................!..1AQ"aq.......2Rb....#3r.BC.4c...............?..UE.P.QE.!.QE.E.E.B.E.P.QE.!.QE.E.Q.!.QE.E.QB.E.P.QE.B.E.P.QE.!.Q@.!.Q.P...<.p&...x]..u........2.....F.6.IH.....N....k.a.......B.q%I )7KK.*B.c.a.......r..R.KKo....T..e.....J.N]..z`...".X.6.*9.J..R.[.......9wk.V..j......b..(..s..Jnqy..$..;O..O.X..v.....W~.p.......>.-.P.H..........j.O..66S.R.......?..@8..v.....T....U..o.}d..5.V....\8V......u.<7...c......./.y=.*!#..$..|...~5W.<`)9U.[.......A......Z..RB..../.PV.F.N.w...]Vd...G.H' IF\.@H......-.6....o.......3.M.=+sYQ.....r3.2..I..=`&H.."I...$...I$..5g..........`.. ...(LA.FX.C......k.=.P....$.:h#w....\...Z. .... L..O..i.dW..1.3..P..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[4].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 6755
Entropy (8bit): 7.913915593435558
Encrypted: false
SSDEEP: 96:xE8zwSbIp1hfQXYCKYE4MfNWWFxWcAuCqwKI5tpcpiFqNMKA+dYY39NEx:bwQgXIMfNWWmCwrUi8N7NEx
MD5: 85714302A03325030E6C1EAE2EF3F42F
SHA1: 95211B0AE32E1FE4C83FFEB0F4D937084911F929
SHA-256: 08B105B6BF36639EBB2DC47E0ADB5C3CCF50D2299555F4877C5C5355D81FAB32
SHA-512: 2F00BE6E89C9E790B8447C42BDF0774066837FC2FA5EAC4A64A61BB4F139CD7FCBEDDD1FB732CC2C231E7EBB380AA580A199493F0763443F01D427771E69BFBA
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/xxQtfXOFpWY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCJrMqHy5RaDANJu0V3qR0nxTiTvQ
Copyright null 2021 Page 38 of 62
Preview:......JFIF..........................................................................................................................................................."..........................................F........................!..1.."AQ..#23Baq....S.$Rbrs......C...T.....................................0........................!1..AQ"2aq........#R.............?...%..\B<h..B~o.i...d..G..U."_.7....<L.C.`.......xq....!..........yb]...pA.....I,X|-.?.].NlC.....q....#.'....^..G,j..L..i(..;....f.4.Si..D....b........K.......WI.`......+..RX..@..g......S..:.-./g+h....8.w..q.!u....y....u..~o1..6w.kMI6....FY..C.q.V./..f....vB.&.F...+..:Y....U..k.k.h..4.$..........D#QU...r...-^yO..L.EK..JT._..X.gq.6w...u..p...?O."..85.C......5.X9`.Nt..5c ..spy..M.z._.Vt.&.X.0q....~i....o.7..3v..~k.T.N.EV.e...VR.. .Z.p.(. .3.I`....;.|..3....n.v"A<y.}e.i.q....>..k.."_.7....p.p..i``I.D@q..=..6.Xd.:....'...f{.....y......"..ld.|#99$...<.q7S.}.J...K.Rk.*_..Bi]..<Z..=.R.Z8.j..*&b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[4].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\miniplayer[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 6714
Entropy (8bit): 5.402438369378545
Encrypted: false
SSDEEP: 96:cFectDRP9H56viWMjgBlERJ+fSpsq8MD/8mQHJdCGJIBdUqpk2YOJ4IHSyfUA20b:cIcZhTifFEb7vD/m+Blqwsa8KQ+
MD5: 3BE0E615CE323144E5BCA80ECC548009
SHA1: 5135A5FB33FC9BFD75E999C53A6F54312E756C31
SHA-256: 6DBF64D424300EA7C34F3F15434F6F9DF3A5C9D402BD1B50539448422389DAEC
SHA-512: B940F4D6C588FBB11841407A885E1740C7D03787AA08F77D39C187837841796451B519A8334BD27A37C12C8238B794BC730236E163E87CDB5183957EFD232E99
Malicious: false
IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/miniplayer.js
Preview:(function(g){var window=this;var q4,r4=function(a,b){var c="ytp-miniplayer-button-bottom-right",d={G:"svg",T:{height:"18px",version:"1.1",viewBox:"0 0 22 18",width:"22px"},R:[{G:"g",T:{fill:"none","fill-rule":"evenodd",stroke:"none","stroke-width":"1"},R:[{G:"g",T:{transform:"translate(-1.000000, -3.000000)"},R:[{G:"polygon",T:{points:"0 0 24 0 24 24 0 24"}},{G:"path",T:{d:"M19,7 L5,7 L5,17 L19,17 L19,7 Z M23,19 L23,4.98 C23,3.88 22.1,3 21,3 L3,3 C1.9,3 1,3.88 1,4.98 L1,19 C1,20.1 1.9,21 3,21 L21,21 C22.1,21 23,20.1 23,19 Z M21,19.02 L3,19.02 L3,4.97 L21,4.97 L21,19.02 Z",.fill:"#fff","fill-rule":"nonzero"}}]}]}]},e="Open video page";a.S().Y("kevlar_miniplayer_expand_top")&&(c="ytp-miniplayer-button-top-left",d={G:"svg",T:{height:"24px",version:"1.1",viewBox:"0 0 24 24",width:"24px"},R:[{G:"g",T:{fill:"none","fill-rule":"evenodd",stroke:"none","stroke-width":"1"},R:[{G:"g",T:{transform:"translate(12.000000, 12.000000) scale(-1, 1) translate(-12.000000, -12.000000) "},R:[{G:"path",T:{d:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\spf[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 38609
Entropy (8bit): 5.397914097251635
Encrypted: false
SSDEEP: 768:0D4MZYlBJGMQrjqHJ7qOOMMr/jy0V7amw5aQ9kyrRl3:00plBJmVO7QGC7amw5a63
MD5: F33C4AB3AF37D09C71119C01D242FB0F
SHA1: EEC0838B1208FDD854D865077F29D8460795DCA3
SHA-256: 37F2F8D003CF58DF5F6D8529D6173C23FC5B014A1CDAE73C01371D4B541E8D9D
SHA-512: 86E67CD70961051004CCA77004B2E0FA2F3B3B2DFBA74B5E5D5B361F2510680EF8C34537F9B461458DF063A9EB1D952DC0ADA62175E11A6E846FB6CA97C20BB0
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/spf.vflset/spf.js
Preview:(function(){/*..SPF.(c) 2012-2017 Google Inc..https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof l&&l];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);.function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}function ea(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.da("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,e)}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-main-desktop-home-page-skeleton[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 7255
Entropy (8bit): 5.010902170791545
Encrypted: false
SSDEEP: 192:cw/ClyQVrEkLzCys47pCT6plL1CNe8YZpqiq9taDY:cgIfs47pCT6pN0IjpqiqvKY
MD5: 1ABF223D91AE77C3C171C908EAF9C0C2
SHA1: F71B3D2E08F06ED4E0003D8B918E4BC397E04700
SHA-256: 344D4D84846BCA032A4645A8DC22499AC7EF521E32AF70CDD0766CD3FE3380CB
SHA-512: 3B6034DC5FB424221E5A86D14C30A44D6CA2399B8A7C54BF4F42D6019C492C5675F9E002DA3AD352EF4489E910C6F3D89AFCC93B13C8F7AB820F8CC1CEFA0419
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-main-desktop-home-page-skeleton.css
Copyright null 2021 Page 39 of 62
Preview:#home-page-skeleton{position:relative;z-index:0;pointer-events:none;min-width:0;opacity:1;margin:56px 0 0;display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:row;flex-direction:row}#home-page-skeleton.layered{z-index:-1}#home-page-skeleton.animated{transition:opacity .5s}#home-page-skeleton.hidden:not(.layered){opacity:0}#guide-skeleton,#rich-grid-guide-skeleton{display:none;background-color:hsl(0,0%,100%);width:240px;-webkit-flex-shrink:0;flex-shrink:0}#home-container-skeleton{background-color:hsl(0,0%,98%);display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:column;flex-direction:column;-webkit-align-items:center;align-items:center;-ms-flex:1;-webkit-flex:1;flex:1}#home-page-skeleton #masthead-ad{margin:10px 0 26px;font-size:20px;font-weight:500;color:hsl(0,0%,89%);border:5px solid hsl(0,0%,89%);height:204px;padding:18px 24px;display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-main-desktop-home-page-skeleton[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-onepick[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 841
Entropy (8bit): 4.941632901046298
Encrypted: false
SSDEEP: 12:WWkW8Kd11CKd1vXcdxCRpQgbNDuDOwR+uDOcuDO5JuDOv3Kd1OLF6Kd1+inKd1Ix:WybE3QpQgbNKOkhOXOWOvOOpx+FUDx+K
MD5: B182F64EBC958940B940085EC72BFD32
SHA1: 5D11FD1D9609C99480A4CF231E35973ABAFEE58B
SHA-256: F013FB8BCC8B163655A877CA39AFA7F96D49356AC8B78642A94C2DEB86396FC9
SHA-512: 89B9E917F6920A4976F243E869E9A2C53F569EB1519CF3D84B50A7033F51AD505C7A11E99F70BF7536BB44D793BAD2AF77F93B38B84F8211CAFEF45C665EDE94
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-onepick.css
Preview:.picker-frame{width:100%;height:100%;border:0;overflow:hidden}.picker.modal-dialog-bg{position:absolute;top:0;left:0;background-color:#fff}.picker.modal-dialog{position:absolute;top:0;left:0;background-color:#fff;border:1px solid #acacac;width:auto;padding:0;z-index:1001;overflow:auto;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-transition:top .5s ease-in-out;-moz-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;transition:top .5s ease-in-out}.picker-min{position:absolute;z-index:1002}.picker.modal-dialog-content{font-size:0;padding:0}.picker.modal-dialog-title{height:0;margin:0}.picker.modal-dialog-title-text,.picker.modal-dialog-buttons{display:none}.picker.modal-dialog-bg,.picker.modal-dialog.picker-dialog{z-index:1999999999}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-tampering[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 9695
Entropy (8bit): 5.330288137447204
Encrypted: false
SSDEEP: 192:1jNGl3OZi/Rc0ok/15Xwe8pEqnt1ZlVlW0/MXGfJHgnj0T:nVKo65XlgR3DW0/5KjK
MD5: 2585C6AB0F42C20AB361D24431D8D396
SHA1: 1A13001424A2B3788A5E6A29E4B79014314BAF5F
SHA-256: BFC393CA61AD83E9DD5A082AC1377FA29A163603EB0E162EB6D0ECC8BD4B1B2D
SHA-512: 844B350F309948256F5CAD32ED2ED21654D933587CCF60EBA006FDE1173EEA473F5F75A84FE4A451ED76E6963D990B198CDF6F9ADE94099D8E38BB88AC79CC87
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-tampering.vflset/www-tampering.js
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.function n(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.function p(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:n(a)}}.function q(a){if(!(a instanceof Array)){a=p(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.var t="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function u(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var w=u(this);function x(a,b){if(b)a:{for(var c=w,e=a.split("."),h=0;h<e.length-1;h++){var k=e[h];if(!(k in c))break a;c=c[k]}e=e[e.length-1];h=c[e];k=b(h);k!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 22020, version 1.1
Category: downloaded
Size (bytes): 22020
Entropy (8bit): 7.969254342778129
Encrypted: false
SSDEEP: 384:OdR1e4g/v2pwEHXT4vHn5YHPGVubG85NtyZpe21oW4lDXLNXOEGV0u5YN4L5:Oz1e4TpT0/cPGVppl6RLNefY2L5
MD5: 288AD9C6E8B43CF02443A1F499BDF67E
SHA1: 96A90B4B2F04445CEE7091C257D9C7D905BF74B8
SHA-256: 6F2974A396DC0695D071E842551E7AF9C72F0EF8D2D076FE73A523B1A3C2D0E7
SHA-512: C853526CE2743996089E573DE9D99C9E1B730C41FF3F8F32E316A8ED654EE48CA04A67731D3FBC5F3FB94DB309F99F29F3FA9AC739B1D126BC909858E13C6157
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff
Copyright null 2021 Page 40 of 62
Preview:wOFF......V........8........................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......N...`t..dcmap...X..........W.cvt ...P...\...\1..Mfpgm.......2......$.gasp................glyf......A...r....|hdmx..N....l..... ..head..OD...6...6...vhhea..O|..."...$....hmtx..O....w.....6Kloca..R.........Zs<.maxp..S.... ... .(..name..T.........!.>gpost..T........ .a.dprep..U........X9..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOkCnqEu92Fr1Mu51xIIzQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 21952, version 1.1
Category: downloaded
Size (bytes): 21952
Entropy (8bit): 7.970421989516302
Encrypted: false
SSDEEP: 384:LANJRPUW1egrkV1qAeQjd3pHH7fS3SIHwip3fzp7IYMa8/h3ELZ2owoRE1F:LAN/Pl1egR7QjRp+3SIHwcLpMYC/h+9U
MD5: FE65B8335EE19DD944289F9ED3178C78
SHA1: E9E842D5ED5321DDD719599057E9F8643B2AD539
SHA-256: 80815EFE3BD9317C666DF0F2E6D701335E178954F64EB1E99103FEA81C2AA137
SHA-512: 6E7995EDEBAEF0218C921F5485CDA2B1FDCCFDC9ED5CF988AA005096BB64BC844CFA9F3CE081CFB5A8C896492BD5D70CA2B4D7B71EE9A9EE801A721F9F45B087
Malicious: false
IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff
Preview:wOFF......U........|........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......O...`t..Rcmap...$..........W.cvt .......R...R..-.fpgm...p...4....s...gasp................glyf......A...q^...Phdmx..N....m........head..O....6...6...ehhea..O8..."...$....hmtx..O\...v.....}?.loca..Q.........E.'.maxp..S.... ... .(..name..S...........:.post..T........ .a.dprep..T........D..].x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|D...ct.Kx..H@b.3..l..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\UCABOBqS3y8Xn_o7bXvH-j2Q[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 369839
Entropy (8bit): 5.6913712331553805
Encrypted: false
SSDEEP: 6144:Kh0c0+0c050T8/Ju9bdjNq/7Obj3y1Je8LzfJsao7rQ0gwBkKyE/EXPx0xTk2tx6:Kh0c0+0c050To3fp
MD5: 5CC536CC57654B2DBBB914236E9F99A1
SHA1: BD835D774C0336095CF80F5C86A92FD266750B1B
SHA-256: 841030A3797E66AA5F1ECBFAF4DBA8942AC6F62273F5873F029E7E6C35092AC5
SHA-512: 8674CCD27A090B6974061D17E310F0C06E1DC1B5522A37C2E978B099728A1F30EF9FBD8AAFE93B0E4524B36656D3541D32D1088C37BD41CAF35D7843F18779E6
Malicious: false
Preview:<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="kLiAx8e65e9KNMloRWSIMw">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};.window.ytcfg.set('EMERGENCY_BASE_URL', '\/error_204?t\x3djserror\x26level\x3dERROR\x26client.name\x3d1\x26client.version\x3d2.20210120.08.00');</script><script nonce="kLiAx8e65e9KNMloRWSIMw">(function(){window.yterr=window.yterr||true;window.unhandledErrorMessages={};window.unhandledErrorCount=0;.window.onerror=function(msg,url,line,columnNumber,error){var err;if(error)err=error;else{err=new Error;err.stack="";err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(columnNumber))err["columnNumber"]=columnNumber}var message=String(err.messa
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Category: downloaded
Size (bytes): 453
Entropy (8bit): 5.019973044227213
Encrypted: false
SSDEEP: 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
MD5: 20F0110ED5E4E0D5384A496E4880139B
SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious: false
IE Cache URL: res://ieframe.dll/background_gradient.jpg
Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
Copyright null 2021 Page 41 of 62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 611
Entropy (8bit): 5.1378418257885565
Encrypted: false
SSDEEP: 12:UJO6940FVzO6ZN6pdjfUAqFVzO6ZX6pdjfUGqFVzO6ZN76pdjfUSY:G9X5OYNCjC5OYXCj05OYN7CjC
MD5: 3F4EA3B572D02C20234FB1CFFF5A8583
SHA1: 223A65CCECA8B88406B34BAFA7FCDD034B764355
SHA-256: 4B8E9EDEC8E8315244133FDABC171AA6EE0D59CBA38D49DB4E52A89601BDFDE0
SHA-512: AF90524BE42C0C754452B23653B1A6B2B11523F28C345C62CE3F7E681837B26136C402DFDCCD2BD452E93AAE51B2BA2FA08B319DC0EE1BF4637C0518A2C7D517
Malicious: false
IE Cache URL: https://fonts.googleapis.com/css?family=YT%20Sans%3A300%2C500%2C700
Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dePmb0Jg1A.woff) format('woff');.}.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dbvnb0Jg1A.woff) format('woff');.}.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dfPhb0Jg1A.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: dropped
Size (bytes): 712
Entropy (8bit): 5.090654726378833
Encrypted: false
SSDEEP: 12:jF/iO6ZN6pixuOiJqF/iO6ZRoT6pixuGEqF/iO6ZX6pixuXJqF/iO6ZN76pixuyy:5/iOYNNxBl/iOYsNxDv/iOYXNxd/iOYK
MD5: 6B91979FC0DFD9A3FAACA571D4698C28
SHA1: 44D0D5AB5490E285E3473DC9E6F5AECC6AADA263
SHA-256: 22127AB03A7948380732A4FC4BCFA450C7C55D60DDB1F0BC80FBC53E39C52BFF
SHA-512: 3594CD0473197894230F65B1ECB3F882523D70E10711D9BD793F6AD785EBFE50A986D80F71D2AB812DDB2AEB36DDAE0B3CFB33A3D82038E2CA6FA63F03E24483
Malicious: false
Preview:@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[3].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: dropped
Size (bytes): 455
Entropy (8bit): 5.257707614409686
Encrypted: false
SSDEEP: 12:UJO6940FRt5O6ZRoT6ptBK0v/qFRt5O6ZX6ptBK058EBhY:G9XRvOYsD9RvOYXDgfBy
MD5: 85F89CCBF7339BF14BC2B5127AF15080
SHA1: 41A843AB4EF6AB4E0C01A74711FF021809B6A393
SHA-256: 5E8C06395D4967499B6C35A2C874AED046341FA5B1EEF7F908B4E9E34BE97869
SHA-512: 3F4E48AA97ABDBBA00D3B76978DF56C5EFFE1FF4693A94C19C491FA215DBEBAEDA4AF9302646C2080A37009CC4AF9756B97E3534722420667C89EC33E4AE47D2
Malicious: false
Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'YouTube Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/youtubesans/v7/Qw3aZQNGEDjaO2m6tqIqX5EUDXx-.woff) format('woff');.}.@font-face {. font-family: 'YouTube Sans';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/youtubesans/v7/Qw3FZQNGEDjaO2m6tqIqX5Ec_l9te10n.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 747
Entropy (8bit): 7.621626314254655
Encrypted: false
SSDEEP: 12:6v/7rAkLHGpoWvH2M4xWEKg5QvzH1JdR1vHG8T643kNQWAgk+XjMoq/uuA:moP24E+D1JdDet+k6WAVQjlNuA
MD5: 2F5265660503D860EC98C345A8FE4F3E
Copyright null 2021 Page 42 of 62
SHA1: B4BE77124B104645038C8DAC8DDD253B2990DEB8
SHA-256: 9FE7D6C8CC0976E8CDBCB30C0724BEE3C277C5F4B204FB233FD2FB7DA03C5C4D
SHA-512: 523B3CE8162D026A511A47F22AAA70A242BCC2D0E27E1803166767E8622B37912E46E4EC1DD992676FB5122F6B5A6ED9EA6D85D4BA4C35B558A9B398D7159F3E
Malicious: false
IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Fwww.pk-anexcelexpert.com%2F&feature=youtube_channel
Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8.}.MH.....s..;*.p3.<x(peR..Q.1.<D..."...a......!0$.t.`.P2(......mnS.............Ch.........y...#..x<..q..q\6.H....cE...B..t..$....-*.b.......~S.....p.....J...$J....9..7...d....J.-..ig...j..N.....r..2......fx0-K85d...........p..c4..EGfY..l6.2GJ.sUZ-:.u..H...wj......_X..(..\W ....%..u..V........*>O.b...2y.e...F...O.sq<2..Q..OVa...P"....,a..3.@Z...\.....D.+........5..:-J.J.$.....9.../...5.dtx.=2.eU=T...,..\.U..j..T.....^......m...7 _...F.]...T ).Hgw..T"/..j(.5.>.Wb0.Z...l.....P'0....'.7...@........<..XJ..$p........7FD.;.LDDsKf.....I.p.....'.........&f{.V....c.H.I...n.X...&.NQ2..;.M.z..p..o%I.w.q.....$.......wH.....LoQy?^.wT..y..=|:...qz...(...0..9@b......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[2].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 367
Entropy (8bit): 7.144221556425826
Encrypted: false
SSDEEP: 6:6v/lhPyslnaJRTrzJCcx9zCRfVu7y954RZ0aj4kzEn7kZl93csQ6Rqr3x3Q53UOI:6v/7KGcx9G1Qg2Z0cKal93hBqjy5kgQP
MD5: A9A7B2D07082E2D17A5A5236D78FA155
SHA1: 9AC042AC275886C415D6B9B8781BFFE7EABFF8EB
SHA-256: A230BF28D0B95B52F55A76F050F9554EE494578D743217E83D3136BEFB630A49
SHA-512: 2CF34A6B15F788DBC9E41F3F8437FFF7DCD26CEF9BD6E6D1C13D5E7E58A72F681D461BEF6AB9FE922DF5C603294012D4135211C46B266C39752A85D6C870FF3D
Malicious: false
IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Ffacebook.com%2F&feature=youtube_channel
Preview:.PNG........IHDR................a....sBIT....|.d....&IDAT8..1K.@....4..`.-..:.8.)t......p...8.... ..h........Vp.. ..!.MsN..iZ2..{w.........21dZv]Y..q...<.....;..%d.A.......T.lJ.s....Z.>.6.d@....(...........gu...a.......Ff..C_..T..j-..{5*.vz4;......vz..a.m.vz<.o.x.v.....'.WR..n0N....P....$Y....?+.g.s:...&.h@...bN.......e..M....9WmM0.l....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[3].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 720
Entropy (8bit): 7.6274021279468265
Encrypted: false
SSDEEP: 12:6v/714af96Z7GBoXwd2WM9dMhoYAHLiice0meTO/fpKa:Za0q8wMWMohoPGicTmeT8fpKa
MD5: A428340C4A93595491928B124779F280
SHA1: B01F53FE6A5AFF4A18578B51646676812296723D
SHA-256: 5A3351437286A560E954688850EDB349680452855C86933098F1342C2264CD57
SHA-512: ACED0E65B7F4B198B0BB7AC89DCE44B25B3A8F8E9877BAE4056C6BDB07846A2360E0DA8EE3A65A298895AA8EF50865D7EAB22CB88512D37BDE54190217F17A82
Malicious: false
IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Ft.me%2F&feature=youtube_channel
Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8.m..OSQ.......(R..b..#.*.b...2.....80.8....$.j4..1&.. ..j".H.m.........(.I.......r.w......../W....`..b{..Z.....Jk..<\.U.E&...$.a..&U0....].mI.OO.m...X.wA~u....J.....Z...... .2Q]_.T.DZ...P...q_...}&...).J..D.....+....@..f....~S.).....w.MD...*f{.D...R.........I..x.\.P..a@.0.<.QE..(k.0.p.3.......|+o....$.Z%.a..3..T"a.....H..|*.\.Ze........$}.*.7r}.......F3IN.|...&...%.....-.....FQ.1#Q\...}....".<^. J......k..r1.CQi...E'.0#.aT..B.3.......'K...-...J.@..!Qc.X..".....C.^.........x....M..b.3.g_.....k..l..*...HI....T!u4=...:..u.....F.M..@.N..<.iZ.....y.@#..#..2.7..T.*.nGY.i....L......[.N...b...p......>.h|;c".f....../.a..y......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[4].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced
Category: downloaded
Size (bytes): 439
Entropy (8bit): 7.385374214668911
Encrypted: false
SSDEEP: 12:6v/7uNp6RgBrnopv8ByViHC/VM5hw/NU2OU9rJpOXbXrZ7:nT6qNnoNgekMa2OQJpOfh
MD5: D8B13783F8075A028C2CAE0144A0F0CD
SHA1: A6E32F9298C1D093DE2193951E461DD298C360A5
SHA-256: 7E69BB2B870CF979DF8F7AEBF569E57D5A9AD8FBB6815D0887B97F54E410079D
SHA-512: B61740DB29A85A2DE3C9566C639F80A7E2ED54737F0ED86AC322271EE7CDF1DD3B12F8369624BDD44A0B9B2C23194967CFCACFECF7C1D9ED2898581C9EC6A699
Malicious: false
IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=http%3A%2F%2Fpaypal.me%2F&feature=youtube_channel
Copyright null 2021 Page 43 of 62
Preview:.PNG........IHDR...............h6....sBIT.....O....oIDAT(...K#Q....;.1.5.*>.."JV\,|....bc..X.......V...............G.D..hP7.I.X.Lc..4.~...p....4`....%z.k.....1..inzt......Y..t..ZD......a,..b.i.%.@..<:O..x...l.MP#.JdS....Cry.!W..{.....C./.0.v.m;...O.d........+.e...-E...n.@i....MBJ]WGgTUVq...:. y...m..t.a...(*..j_us.U.....Kr..9x...`..m..-.k..l...q.8.. .t....(.7.47 .I.....H.U...&.G....[)4..l_ ..Z......./N.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[4].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[5].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 342
Entropy (8bit): 6.817873608710533
Encrypted: false
SSDEEP: 6:6v/lhPfHuORNOocnsXEKCiS/0ydwCuQS0RY6urGH9VqUb9+l1C759m97K4ajUup:6v/7XpRNOocEEKtiLdfS0+Jrslbcm99d
MD5: B1A25708C873EF3FB5503540E1AD8CF6
SHA1: 515A2869DFAD0318781CE62BEAE3A89259F35CED
SHA-256: C9452927B473C1683E100946F31070803BFF3E9FFE4DC74C728406A3D707BFBE
SHA-512: D5F825694A3FB0915D471B9CDC4CFBDE003A54E73D1DBF014C12298DE4C70AB401FBCFFCE36CF9F18F278CEDEF099FB5E266784A152563621D77B7CD9B27697F
Malicious: false
IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Fwww.pinterest.com%2F&feature=youtube_channel
Preview:.PNG........IHDR.............(-.S....sBIT.....O....NPLTEGpL../.....#.4M..9.2J.f.. 6.*C..!...........-..#.....................q~.Vh&..%....tRNS.W.....U..I......IDAT..MO...0.c..m...P....h.v..... bp>.......e.....0...uU-...q..5W...8...OWT=./.,+.v.%.$P[T=wSF.A.F.\-..96j&..].a9..mK.,.t+..qV..F.Z..u.,.|.u..z..9....{......8..x....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3
Category: downloaded
Size (bytes): 11689
Entropy (8bit): 7.950072627959054
Encrypted: false
SSDEEP: 192:222c3CsyckG+YTg18b7oaIOdpLor06XAJ3P8Y0RhwTvN0jUeTusAjAeX42:22xLgU0aIOnLj6XAR8/LwTvmjUUAjAev
MD5: 1D47FDBCADAE32399CEDA8499BB7F210
SHA1: FF83FBF4E38347819607091DAE09041BEAEF0939
SHA-256: FDA420292290B9DC16581CCAFE478BEAF8D832C4AB91A65D06CAFACAEFA18FE7
SHA-512: 4FC8A31270FF1AA4D232C0867AE717C7D111E01F9C9500D1C85020DFD4FFFB232B3C4C9D1C652BC9281FB90A5E43F38975FF21BBDAC30FBA7786D5CA5F9502E3
Malicious: false
IE Cache URL: https://i.ytimg.com/vi/PaP1RE-QSzE/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAtvLEwAs5gkAT-YXKShST-rB12jQ
Preview:......JFIF...........................................................................................................................................................".........................................K.........................!..1."A...2Qa...BRUVq.#3b..$T....Cr.....Ss....45................................8.........................!1.AQ"2aq......#3BRr.......$b............?..V.u..A....!.[..+.8..$?.......c.......C.........C....r..:..8..$?.....8..$?.......c.......C...S.q?.H~...?..]..Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..O~k.....%Ae.p.L...H..U.......h....m@..>..,K..\...-...._.\?.L..x...Z.2...\0-.B.p..l.....1E..5W.!..-..Ko..I..lT.,P[....1.x,.S.w..........#I...5G...I.S!*..T.F....k.?...t.j.u....RZ.N..~.......I..CQ$.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: downloaded
Size (bytes): 12105
Entropy (8bit): 5.451485481468043
Encrypted: false
SSDEEP: 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5: 9234071287E637F85D721463C488704C
SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious: false
IE Cache URL: res://ieframe.dll/httpErrorPagesScripts.js
Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
Copyright null 2021 Page 44 of 62
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\network[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 13959
Entropy (8bit): 5.441952176596822
Encrypted: false
SSDEEP: 192:RlK/5pqi2AlkYw52/nDpDuN8VEwrON2nxUNKaUdA9j9kdS2joWzmR9N0V:tA1N/npuNxwrlnxULq
MD5: DBBE46B53418E967C530E07082251117
SHA1: 2CEA5575A23C9F7DABCF0F00679BD91AE5C5500C
SHA-256: B5F58726CD1A5266456B3F1CDC18DD77D28F0BECEDD305A2831E81AC4D1209FB
SHA-512: 91F6D885E94DA717EBFE479DE99266EC4315571CCFC6FD3ABE999FAEC7D2F65516B1BB6A963F9B7EAAD66FA1E6CBBAB6276E1B53DCC7FB838282024900E5C1C9
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/network.vflset/network.js
Preview:(function(){/*..SPF.(c) 2012-2017 Google Inc..https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE.*/.var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof n&&n];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var p=aa(this);.function r(a,b){if(b)a:{var c=p;a=a.split(".");for(var e=0;e<a.length-1;e++){var d=a[e];if(!(d in c))break a;c=c[d]}a=a[a.length-1];e=c[a];b=b(e);b!=e&&null!=b&&l(c,a,{configurable:!0,writable:!0,value:b})}}function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.r("Symbol",function(a){function b(d){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(d||"")+"_"+e++,d)}functi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\web-animations-next-lite.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 50631
Entropy (8bit): 5.370747844819887
Encrypted: false
SSDEEP: 1536:IfdRsRCiALPAavkt7QbI5D4nDltOC2B7F:IfdORtuvktkb44J8F
MD5: DFECF4C08ABAF9A76B7F2A7702A52678
SHA1: 0AD87E2F31F5A7979141C202915EDAC2CBA238ED
SHA-256: B0484BB78A832EEFE3549AFB313D52399E5B6DE182D904DA07D5B9DA820848AC
SHA-512: 3331E0E0659287C359F10AAAF19A3131B60AEE3C3756C3144DC0940D34A2DB446CC46096C043AF8604FB6F298A219F941046A22821EA24703A7FCA8D5571F65A
Malicious: false
IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js
Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.
C:\Users\user\AppData\Local\Temp\~DF07D7287D2D24C8F5.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 86741
Entropy (8bit): 1.3818107660690102
Encrypted: false
SSDEEP: 384:kBqoxKAuqR+tzxQTE03cI3W+jrCEW+jrWR+jrIWobid+4T8hLKD7sUqt:bsmsEskUq
MD5: 0C2E7ED28F79DDC1ABD1112656E04EE3
SHA1: 87D065D9F2189F552DDB8495429DA53F6C5BA65F
SHA-256: 4A67A6730E3F8802674904E965348B3313BCF7CF4DA3053CD33ACD3ADDEB6355
SHA-512: 901E033A710728D3A7B05CA0E9E9089587344DFCDA262692DE391E74645B09104E162E7AE68A767D7C90AF29CC5353D54B6BF920421750CF16BF9C74C6911F51
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF3294506AFA0E9B42.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 13141
Entropy (8bit): 0.5601838541798773
Copyright null 2021 Page 45 of 62
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9loBsF9loBM9lWBCk2kaTAqANAG:kBqoIp/kk2kaMTCG
MD5: B7588F3C8992FB9928206C6E91743CBE
SHA1: 880452B6826C780164FCC8BCAE1FF284CD0F5C39
SHA-256: B1E85CE025D847B81062D1DC6A0124CF25139591AFA6BE0769607B5C3F67D84A
SHA-512: 3F368E656905D90A3AFD156E95766F969BA7674D97EED04C2B319B10BC27C410F46CCC01EA344F96A20CD7AD3E22FD780BD364845645686D947414D6CAF2E9BE
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF3294506AFA0E9B42.TMP
C:\Users\user\AppData\Local\Temp\~DFE0C64B9AA64940F9.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 25441
Entropy (8bit): 0.3297822609654278
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAI:kBqoxxJhHWSVSEabI
MD5: 1B2A785FED3AE0548BBF36ED60975C71
SHA1: 7DE382077A493359A701ABBC97118E8BFAFA0DB1
SHA-256: 3D86FF0E4C93168EBC9F287A998F71B73A9607CD2361DC61849216633C5EF373
SHA-512: 924BD73FCFC7C861A63393FF497F75ED04C5679F273D2F880A5B3A07479677F938D7E016F462129D3519F57952BB582AA9E6EA22EF755808D8CC867560F3AC5C
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFFE72B4EF09728E2E.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 29745
Entropy (8bit): 0.2920107282763179
Encrypted: false
SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y
MD5: CE909A43525B3843C907DCBE55E9D7DD
SHA1: 8B6E53CCBAAB132FF8100ECB696282F011402047
SHA-256: 540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602
SHA-512: 027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446
Malicious: false
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsbProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
File Type: data
Category: dropped
Size (bytes): 165
Entropy (8bit): 1.6081032063576088
Encrypted: false
SSDEEP: 3:RFXI6dtt:RJ1
MD5: 7AB76C81182111AC93ACF915CA8331D5
SHA1: 68B94B5D4C83A6FB415C8026AF61F3F8745E2559
SHA-256: 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
SHA-512: A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
Malicious: false
Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright null 2021 Page 46 of 62
Static File Info
GeneralFile type: Microsoft Excel 2007+
Entropy (8bit): 7.942567676513475
TrID: Excel Microsoft Office Open XML Format document with Macro (57504/1) 37.58%Excel Microsoft Office Binary workbook document (47504/1) 31.05%Excel Microsoft Office Open XML Format document (40004/1) 26.14%ZIP compressed archive (8000/1) 5.23%
File name: Encode and Decode the Massage.xlsb
File size: 166381
MD5: 09c8ccd98fc2466975142a66db48c9cf
SHA1: 0898a74776750b1c4e2c36d80bd958ba575eb099
SHA256: fa2b48d2caf465f04c3a32b7596bcce27630f810f9d1c10132da53d227602391
SHA512: 95e7f3a5e1cdf121cf6333f98b872ce8feecf78beb4db62e70ff1eafa7cc874250860f819cbcc66de5382df2624ea13fea7aec407d564f4bf03727794279e07c
SSDEEP: 3072:H1vZcYUHvxuq5YuvRUM3rVGZyBfS6yEoI/PrwAypMhR2g4HzMh7RQdR+v4Nw:Hp6Y8vv5tRN7VGgZz98QR2g4TMhNKY3
File Content Preview: PK..........!.................[Content_Types].xml ...(.........................................................................................................................................................................................................
File Icon
Icon Hash: 74f0d0d2c6d6d0f4
GeneralDocument Type: OpenXML
Number of OLE Files: 1
IndicatorsHas Summary Info: False
Application Name: unknown
Encrypted Document: False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros: True
SummaryAuthor: Priyendra.Kumar
Last Saved By: Priyendra.Kumar
Create Time: 2017-10-19T03:05:45Z
Last Saved Time: 2017-10-21T09:43:29Z
Creating Application: Microsoft Excel
Security: 0
Document SummaryThumbnail Scaling Desired: false
Company:
Static OLE Info
OLE File "/opt/package/joesandbox/database/analysis/344380/sample/Encode and Decode theMassage.xlsb"
Copyright null 2021 Page 47 of 62
Contains Dirty Links: false
Shared Document: false
Changed Hyperlinks: false
Application Version: 15.0300
Document Summary
General
Stream Path: VBA/Module1
VBA File Name: Module1.bas
Stream Size: 2857
Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . S . . . O . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw: 01 16 01 00 06 f0 00 00 00 14 07 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 53 07 00 00 4f 0a 00 00 00 00 00 00 01 00 00 00 32 06 eb af 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
VBA Code
Keyword
String)
VB_Name
Decode
Encode
Function
String
Integer
Encode(a
Decode(a
Mid(a,
Attribute
Len(a)
Chr(Asc(s)
General
Stream Path: VBA/Module2
VBA File Name: Module2.bas
Stream Size: 2905
Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . K . . . { . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw: 01 16 01 00 06 f0 00 00 00 0c 07 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 4b 07 00 00 7b 0a 00 00 00 00 00 00 01 00 00 00 32 06 b8 ff 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Keyword
Decode_msg(a
String)
VB_Name
Encode_msg
Function
String
Integer
Encode_msg(a
Streams with VBA
VBA File Name: Module1.bas, Stream Size: 2857
VBA Code Keywords
VBA File Name: Module2.bas, Stream Size: 2905
VBA Code Keywords
Copyright null 2021 Page 48 of 62
VBA Code
Mid(a,
Attribute
Len(a)
Chr(Asc(s)
Decode_msg
Keyword
General
Stream Path: VBA/Sheet1
VBA File Name: Sheet1.cls
Stream Size: 985
Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . 2 . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw: 01 16 01 00 01 f0 00 00 00 cc 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d3 02 00 00 27 03 00 00 00 00 00 00 01 00 00 00 32 06 e6 e8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
VBA Code
Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived
General
Stream Path: VBA/ThisWorkbook
VBA File Name: ThisWorkbook.cls
Stream Size: 993
Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . 2 . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw: 01 16 01 00 01 f0 00 00 00 cc 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d3 02 00 00 27 03 00 00 00 00 00 00 01 00 00 00 32 06 ce be 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VBA File Name: Sheet1.cls, Stream Size: 985
VBA Code Keywords
VBA File Name: ThisWorkbook.cls, Stream Size: 993
VBA Code Keywords
Copyright null 2021 Page 49 of 62
VBA Code
VB_Base
VB_Customizable
VB_TemplateDerived
Keyword
General
Stream Path: PROJECT
File Type: ASCII text, with CRLF line terminators
Stream Size: 512
Entropy: 5.31312081928
Base64 Encoded: True
Data ASCII: I D = " { 6 B B 5 4 A F 6 - 5 9 2 E - 4 1 B E - B 9 0 4 - 6 2 B 4 D A 9 6 6 B B C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 1 0 3 0 A 0 A 0 E 0 A 0 E 0 A 0 E 0 A 0 E " . . D P B = " 3 C 3 E 3 7 7 2 4 9 A
Data Raw: 49 44 3d 22 7b 36 42 42 35 34 41 46 36 2d 35 39 32 45 2d 34 31 42 45 2d 42 39 30 34 2d 36 32 42 34 44 41 39 36 36 42 42 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4d 6f 64 75 6c
General
Stream Path: PROJECTwm
File Type: data
Stream Size: 110
Entropy: 3.27860397782
Base64 Encoded: False
Data ASCII: T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . . .
Data Raw: 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 4d 6f 64 75 6c 65 32 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 32 00 00 00 00 00
General
Stream Path: VBA/_VBA_PROJECT
File Type: data
Stream Size: 3070
Entropy: 4.35297311303
Base64 Encoded: False
Data ASCII: . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 .0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B. a . s . i . c .
Data Raw: cc 61 a3 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
General
Stream Path: VBA/__SRP_0
File Type: data
Stream Size: 1379
Entropy: 3.98499878803
Base64 Encoded: False
Streams
Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 512
Stream Path: PROJECTwm, File Type: data, Stream Size: 110
Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3070
Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 1379
Copyright null 2021 Page 50 of 62
Data ASCII: . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . .~ . . . ~ ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . F . s . j . . . X . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw: 93 4b 2a a3 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e
General
General
Stream Path: VBA/__SRP_1
File Type: data
Stream Size: 91
Entropy: 1.99447307955
Base64 Encoded: False
Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . a r . . . . . . .
Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 09 00 00 00 00 00 03 00 09 00 00 00 00 00 04 00 01 00 00 08 01 00 00 00 61 72 00 00 7f 00 00 00 00
General
Stream Path: VBA/__SRP_2
File Type: data
Stream Size: 494
Entropy: 3.72252509102
Base64 Encoded: False
Data ASCII: r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q. . . . . . . . . . . . . . . . . . . x . . . . . . . . . . v . . . . J . . c l . s . . ) ( < . . . k v . . l . . M \\ . . @ . , . . . . . . ., . ` 1 p . 6 . . < . , . . l p . . . . . . . . . . . < . . . . . . . < . ` 1 p . 5 < . . . l x . l p . * 1 x . . . . v . d l . . . .. . . . . . . . . . P . x . , . . . . . . . . . . . . . . . . . . . . . . . . . x .
Data Raw: 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 08 00 00 00 00 00 02 00 02 00 02 00 03 00 00 00 01 06 00 00 00 00 00 00 71 06 00 00 00 00 00 00 e1 06 00 00 00 00 00 00 b8 00 00 00 78 00 00 00 00 02 00 12 f4 01 04 76 ff 80 0c 00 4a e4 fe 63 6c ff 73 00 00 29 28 3c ff 01 00 6b 76 ff
General
Stream Path: VBA/__SRP_3
File Type: data
Stream Size: 158
Entropy: 2.20810075976
Base64 Encoded: False
Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . ` . . . . . . . . . .. . . . . . . . a . . . . . . . . . . . . 0 ( . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . 0 . . . . . .n . . . . . . .
Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 28 00 81 00 00 00 00 00 02 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 61 00 00 00 00 00 01 00 00 00 00 00 10 30 28 00 a9 00 00 00 00 00 02 00 01 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00
General
Stream Path: VBA/__SRP_4
File Type: data
Stream Size: 158
Entropy: 2.20810075976
Base64 Encoded: False
Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . ` . . . . . . . . . .. . . . . . . . a . . . . . . . . . . . . 0 ( . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . 0 . . . . . .n . . . . . . .
Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 05 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 28 00 81 00 00 00 00 00 05 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 61 00 00 00 00 00 01 00 00 00 00 00 10 30 28 00 a9 00 00 00 00 00 05 00 01 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00
Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 91
Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 494
Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 158
Stream Path: VBA/__SRP_4, File Type: data, Stream Size: 158
Copyright null 2021 Page 51 of 62
Network Port Distribution
Total Packets: 117
• 53 (DNS)
• 443 (HTTPS)
General
Stream Path: VBA/__SRP_5
File Type: data
Stream Size: 494
Entropy: 3.7844443316
Base64 Encoded: False
Data ASCII: r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q. . . . . . . . . . . . . . . . . . . x . . . . . . . . . . v . . . . J . . c l . s . . ) ( < . . . k v . . l . . M \\ . . @ . , . . . . . . ., . ` 1 p . 6 . . < . , . . l p . . . . . . . . . . . < . . . . . . . < . ` 1 p . 5 < . . . l x . l p . * 1 x . . . . v . d l . . . .. . . . . . . . . . P . x . , . . . . . . . . . . . . . . . . . . . . . . . . . x .
Data Raw: 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 04 00 08 00 00 00 00 00 05 00 02 00 02 00 03 00 00 00 01 06 00 00 00 00 00 00 71 06 00 00 00 00 00 00 e1 06 00 00 00 00 00 00 b8 00 00 00 78 00 00 00 00 02 00 12 f4 01 04 76 ff 80 0c 00 4a e4 fe 63 6c ff 73 00 00 29 28 3c ff 01 00 6b 76 ff
General
Stream Path: VBA/dir
File Type: data
Stream Size: 594
Entropy: 6.41829373269
Base64 Encoded: True
Data ASCII: . N . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r .. . . . . . . . . R . [ . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2D F 8 D 0 4 C . -
Data Raw: 01 4e b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 ce 52 bf 5b 1c 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Jan 26, 2021 14:31:46.881541014 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.881761074 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.923943996 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.924043894 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.924549103 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.924640894 CET 49739 443 192.168.2.3 172.217.23.22
Stream Path: VBA/__SRP_5, File Type: data, Stream Size: 494
Stream Path: VBA/dir, File Type: data, Stream Size: 594
TCP Packets
Copyright null 2021 Page 52 of 62
Jan 26, 2021 14:31:46.927722931 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.930056095 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.970319033 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.972345114 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.984492064 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.984517097 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.984550953 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.984563112 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.984594107 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.984644890 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.986599922 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.986627102 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.986644983 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:46.986666918 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:46.986705065 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.013245106 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.013370037 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.045506954 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.050199032 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.057296038 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.057307959 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.057318926 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.057332993 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.057375908 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.057399988 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.057425022 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.057446003 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.066473007 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.089231014 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.089313030 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.091388941 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.091996908 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.093956947 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.094038963 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.105776072 CET 49739 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.109781981 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.109868050 CET 49738 443 192.168.2.3 172.217.23.22
Jan 26, 2021 14:31:47.138912916 CET 443 49738 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.140136957 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:31:47.149867058 CET 443 49739 172.217.23.22 192.168.2.3
Jan 26, 2021 14:32:07.976258039 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:07.977279902 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.018970966 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.019082069 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.019694090 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.019768000 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.076133966 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.076317072 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.118755102 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.118802071 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132617950 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132682085 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132721901 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132734060 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.132760048 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132791042 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.132802010 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132844925 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.132849932 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132886887 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.132894039 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132910013 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.132929087 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.132940054 CET 49751 443 192.168.2.3 216.58.207.129
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2021 Page 53 of 62
Jan 26, 2021 14:32:08.133248091 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.196650028 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.198640108 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.239641905 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.239697933 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.239813089 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.239847898 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.241440058 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.241487026 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.241590977 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.253468990 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.253545046 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.253909111 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.254717112 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.254940033 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.296025991 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.296066046 CET 443 49751 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.296220064 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.296495914 CET 49751 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.297156096 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.297183990 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.297213078 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.297239065 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.297251940 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.297307968 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.300184965 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.300230026 CET 443 49752 216.58.207.129 192.168.2.3
Jan 26, 2021 14:32:08.300257921 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.300296068 CET 49752 443 192.168.2.3 216.58.207.129
Jan 26, 2021 14:32:08.302489996 CET 443 49751 216.58.207.129 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Jan 26, 2021 14:30:39.484234095 CET 65110 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:39.532227993 CET 53 65110 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:40.597071886 CET 58361 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:40.645020008 CET 53 58361 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:42.125075102 CET 63492 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:42.175821066 CET 53 63492 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:45.926326036 CET 60831 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:45.977264881 CET 53 60831 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:48.494499922 CET 60100 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:48.545234919 CET 53 60100 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:49.430907965 CET 53195 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:49.488815069 CET 53 53195 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:49.573499918 CET 50141 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:49.632549047 CET 53 50141 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:49.913549900 CET 53023 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:49.971419096 CET 53 53023 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:50.920181990 CET 53023 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:50.977792025 CET 53 53023 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:51.240510941 CET 49563 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:51.288634062 CET 53 49563 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:51.915024042 CET 53023 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:51.971468925 CET 53 53023 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:53.057286024 CET 51352 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:53.105492115 CET 53 51352 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:53.930627108 CET 53023 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:53.986733913 CET 53 53023 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:54.162420034 CET 59349 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:54.210294962 CET 53 59349 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:55.093364954 CET 57084 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:55.141525030 CET 53 57084 8.8.8.8 192.168.2.3
UDP Packets
Copyright null 2021 Page 54 of 62
Jan 26, 2021 14:30:56.041286945 CET 58823 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:56.089339018 CET 53 58823 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:57.198477983 CET 57568 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:57.246397018 CET 53 57568 8.8.8.8 192.168.2.3
Jan 26, 2021 14:30:57.947045088 CET 53023 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:30:58.003221035 CET 53 53023 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:09.565696001 CET 50540 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:09.616250038 CET 53 50540 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:11.441077948 CET 54366 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:11.511662006 CET 53 54366 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:19.976780891 CET 53034 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:20.034174919 CET 53 53034 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:26.716742039 CET 57762 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:26.764749050 CET 53 57762 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:29.577908039 CET 55435 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:29.626009941 CET 53 55435 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:44.936527014 CET 50713 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:44.998441935 CET 53 50713 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:46.196573019 CET 56132 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:46.255901098 CET 53 56132 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:46.566256046 CET 58987 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:46.598316908 CET 56579 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:46.614017010 CET 53 58987 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:46.662988901 CET 53 56579 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:46.814575911 CET 60633 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:46.878897905 CET 53 60633 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:46.973306894 CET 61292 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:47.001678944 CET 63619 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:47.029531002 CET 53 61292 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:47.058792114 CET 53 63619 8.8.8.8 192.168.2.3
Jan 26, 2021 14:31:56.233194113 CET 64938 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:31:56.293199062 CET 53 64938 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:07.765593052 CET 61946 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:07.834574938 CET 53 61946 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:14.966969013 CET 64910 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:15.023273945 CET 53 64910 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:15.762644053 CET 52123 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:15.813479900 CET 53 52123 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:15.981089115 CET 64910 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:16.037868977 CET 53 64910 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:16.766773939 CET 52123 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:16.826214075 CET 53 52123 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:16.984596014 CET 64910 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:17.032715082 CET 53 64910 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:17.768594980 CET 52123 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:17.819318056 CET 53 52123 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:18.988802910 CET 64910 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:19.047285080 CET 53 64910 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:19.772795916 CET 52123 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:19.824657917 CET 53 52123 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:22.017765999 CET 56130 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:22.085000992 CET 53 56130 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:22.993000031 CET 64910 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:23.041687012 CET 53 64910 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:23.906477928 CET 52123 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:23.957268953 CET 53 52123 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:28.154576063 CET 56338 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:28.202656031 CET 53 56338 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:30.591909885 CET 59420 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:30.639792919 CET 53 59420 8.8.8.8 192.168.2.3
Jan 26, 2021 14:32:53.257709980 CET 58784 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:32:53.314480066 CET 53 58784 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:28.779947042 CET 63978 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:28.836323023 CET 53 63978 8.8.8.8 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2021 Page 55 of 62
Jan 26, 2021 14:33:29.549254894 CET 62938 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:29.611645937 CET 53 62938 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:30.432437897 CET 55708 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:30.480443954 CET 53 55708 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:31.255276918 CET 56803 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:31.313632965 CET 53 56803 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:32.114250898 CET 57145 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:32.170357943 CET 53 57145 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:32.779699087 CET 55359 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:32.838764906 CET 53 55359 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:33.504837036 CET 58306 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:33.552918911 CET 53 58306 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:34.568327904 CET 64124 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:34.626879930 CET 53 64124 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:35.530077934 CET 49361 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:35.586673021 CET 53 49361 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:36.267347097 CET 63150 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:36.315896988 CET 53 63150 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:36.404707909 CET 53279 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:36.405458927 CET 56881 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:36.465280056 CET 53 53279 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:36.470338106 CET 53 56881 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:38.231004953 CET 53642 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:38.287024021 CET 53 53642 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:38.546447992 CET 55667 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:38.613450050 CET 53 55667 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:41.276727915 CET 54833 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:41.332961082 CET 53 54833 8.8.8.8 192.168.2.3
Jan 26, 2021 14:33:46.358330011 CET 62476 53 192.168.2.3 8.8.8.8
Jan 26, 2021 14:33:46.414863110 CET 53 62476 8.8.8.8 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jan 26, 2021 14:31:46.196573019 CET 192.168.2.3 8.8.8.8 0x47b1 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
Jan 26, 2021 14:31:46.814575911 CET 192.168.2.3 8.8.8.8 0x80c Standard query (0)
i.ytimg.com A (IP address) IN (0x0001)
Jan 26, 2021 14:32:07.765593052 CET 192.168.2.3 8.8.8.8 0xb1af Standard query (0)
yt3.ggpht.com A (IP address) IN (0x0001)
Jan 26, 2021 14:32:22.017765999 CET 192.168.2.3 8.8.8.8 0xed8c Standard query (0)
s2.googleusercontent.com
A (IP address) IN (0x0001)
Jan 26, 2021 14:32:53.257709980 CET 192.168.2.3 8.8.8.8 0x343 Standard query (0)
www.youtube.com
A (IP address) IN (0x0001)
Jan 26, 2021 14:33:36.405458927 CET 192.168.2.3 8.8.8.8 0xb793 Standard query (0)
www.google.co.uk
A (IP address) IN (0x0001)
Jan 26, 2021 14:33:38.546447992 CET 192.168.2.3 8.8.8.8 0xffcf Standard query (0)
consent.youtube.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Jan 26, 2021 14:31:46.255901098 CET
8.8.8.8 192.168.2.3 0x47b1 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
Jan 26, 2021 14:31:46.878897905 CET
8.8.8.8 192.168.2.3 0x80c No error (0) i.ytimg.com 172.217.23.22 A (IP address) IN (0x0001)
Jan 26, 2021 14:32:07.834574938 CET
8.8.8.8 192.168.2.3 0xb1af No error (0) yt3.ggpht.com photos-ugc.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Jan 26, 2021 14:32:07.834574938 CET
8.8.8.8 192.168.2.3 0xb1af No error (0) photos-ugc.l.googleusercontent.com
216.58.207.129 A (IP address) IN (0x0001)
Jan 26, 2021 14:32:22.085000992 CET
8.8.8.8 192.168.2.3 0xed8c No error (0) s2.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
DNS Queries
DNS Answers
Copyright null 2021 Page 56 of 62
Jan 26, 2021 14:32:22.085000992 CET
8.8.8.8 192.168.2.3 0xed8c No error (0) googlehosted.l.googleusercontent.com
172.217.22.225 A (IP address) IN (0x0001)
Jan 26, 2021 14:32:53.314480066 CET
8.8.8.8 192.168.2.3 0x343 No error (0) www.youtube.com
youtube-ui.l.google.com CNAME (Canonical name)
IN (0x0001)
Jan 26, 2021 14:33:36.470338106 CET
8.8.8.8 192.168.2.3 0xb793 No error (0) www.google.co.uk
172.217.22.227 A (IP address) IN (0x0001)
Jan 26, 2021 14:33:38.613450050 CET
8.8.8.8 192.168.2.3 0xffcf No error (0) consent.youtube.com
216.58.207.142 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Jan 26, 2021 14:31:46.984594107 CET
172.217.23.22 443 192.168.2.3 49739 CN=edgestatic.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 12:53:26 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 13:53:25 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:31:46.986644983 CET
172.217.23.22 443 192.168.2.3 49738 CN=edgestatic.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 12:53:26 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 13:53:25 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:08.132760048 CET
216.58.207.129 443 192.168.2.3 49752 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:08.132929087 CET
216.58.207.129 443 192.168.2.3 49751 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
HTTPS Packets
Copyright null 2021 Page 57 of 62
Jan 26, 2021 14:32:22.202195883 CET
172.217.22.225 443 192.168.2.3 49756 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:22.202351093 CET
172.217.22.225 443 192.168.2.3 49754 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:22.202497005 CET
172.217.22.225 443 192.168.2.3 49753 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:22.202658892 CET
172.217.22.225 443 192.168.2.3 49755 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:32:22.202805042 CET
172.217.22.225 443 192.168.2.3 49757 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2021 Page 58 of 62
Code Manipulations
Statistics
Behavior
• EXCEL.EXE
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
Jan 26, 2021 14:33:36.589231014 CET
172.217.22.227 443 192.168.2.3 49781 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:42 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:41 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jan 26, 2021 14:33:36.589303017 CET
172.217.22.227 443 192.168.2.3 49780 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jan 05 13:11:42 CET 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Mar 30 14:11:41 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792
General
Copyright null 2021 Page 59 of 62
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 14:30:47
Start date: 26/01/2021
Path: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
Imagebase: 0x1000000
File size: 27110184 bytes
MD5 hash: 5D6638F2C8F8571C593999C58866007E
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Temp\~DF74F98228394A0526.TMP read attributes | synchronize | generic read | generic write
device synchronous io non alert | non directory file
success or wait 1 689292AB unknown
File Path Completion CountSourceAddress Symbol
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\43EBE61E.tmp success or wait 1 117495B DeleteFileW
Old File Path New File Path Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsb unknown 55 07 70 72 61 74 65 73 68 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
.pratesh success or wait 1 11651E4 WriteFile
C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsb unknown 110 07 00 70 00 72 00 61 00 74 00 65 00 73 00 68 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
..p.r.a.t.e.s.h. . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
success or wait 1 1165241 WriteFile
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache success or wait 1 10720F4 RegCreateKeyExW
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0 success or wait 1 107211C RegCreateKeyExW
HKEY_CURRENT_USER\Software\Microsoft\VBA success or wait 1 68968A84 RegCreateKeyExA
File CreatedFile Created
File DeletedFile Deleted
File WrittenFile Written
Key CreatedKey Created
Copyright null 2021 Page 60 of 62
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 68968A84 RegCreateKeyExA
HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 68968A84 RegCreateKeyExA
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSForms dword 1 success or wait 1 107213B RegSetValueExW
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSComctlLib dword 1 success or wait 1 107213B RegSetValueExW
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 14:31:43
Start date: 26/01/2021
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff71b880000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Start time: 14:31:44
Start date: 26/01/2021
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Key Value CreatedKey Value Created
Analysis Process: iexplore.exe PID: 7104 Parent PID: 792Analysis Process: iexplore.exe PID: 7104 Parent PID: 792
General
Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104
General
Copyright null 2021 Page 61 of 62
Disassembly
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7104 CREDAT:17410 /prefetch:2
Imagebase: 0x12e0000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: high
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Copyright null 2021 Page 62 of 62