Automated Malware Analysis Report for Encode and Decode the ...

ID: 344380Sample Name: Encode andDecode the Massage.xlsbCookbook:defaultwindowsofficecookbook.jbsTime: 14:29:53Date: 26/01/2021Version: 31.0.0 Emerald

2444444444445555667777779999

121213141414141517181919474747474747474747484848

48484848

484949

Table of Contents

Table of ContentsAnalysis Report Encode and Decode the Massage.xlsb

OverviewGeneral InformationDetectionSignaturesClassificationAnalysis Advice

StartupMalware ConfigurationYara OverviewSigma OverviewSignature Overview

Compliance:Mitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic OLE Info

GeneralOLE File "/opt/package/joesandbox/database/analysis/344380/sample/Encode and Decode the Massage.xlsb"IndicatorsSummaryDocument SummaryStreams with VBA

VBA File Name: Module1.bas, Stream Size: 2857General

VBA Code KeywordsVBA CodeVBA File Name: Module2.bas, Stream Size: 2905General

VBA Code KeywordsVBA CodeVBA File Name: Sheet1.cls, Stream Size: 985

Copyright null 2021 of 62

49

49494949

4950

505050505050505050515151515151515152525252

5252525456565759595959595960606060

606061

61616161

61616262

62

General

VBA Code KeywordsVBA CodeVBA File Name: ThisWorkbook.cls, Stream Size: 993General

VBA Code KeywordsVBA Code

StreamsStream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 512GeneralStream Path: PROJECTwm, File Type: data, Stream Size: 110GeneralStream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3070GeneralStream Path: VBA/__SRP_0, File Type: data, Stream Size: 1379GeneralStream Path: VBA/__SRP_1, File Type: data, Stream Size: 91GeneralStream Path: VBA/__SRP_2, File Type: data, Stream Size: 494GeneralStream Path: VBA/__SRP_3, File Type: data, Stream Size: 158GeneralStream Path: VBA/__SRP_4, File Type: data, Stream Size: 158GeneralStream Path: VBA/__SRP_5, File Type: data, Stream Size: 494GeneralStream Path: VBA/dir, File Type: data, Stream Size: 594General

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792GeneralFile Activities

File CreatedFile DeletedFile Written

Registry ActivitiesKey CreatedKey Value Created

Analysis Process: iexplore.exe PID: 7104 Parent PID: 792GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104GeneralFile ActivitiesRegistry Activities

Disassembly


Analysis Report Encode and Decode the Massage.xlsb

Overview

General Information

Sample Name:

Encode and Decode the Massage.xlsb

Analysis ID: 344380

MD5: 09c8ccd98fc2466…

SHA1: 0898a74776750b…

SHA256: fa2b48d2caf465f…

Most interesting Screenshot:

Detection

Score: 1

Range: 0 - 100

Whitelisted: false

Confidence: 60%

Signatures

Document contains embedded VBA






Document contains embedded VBA Document contains embedded VBA ……

IP address seen in connection with o






IP address seen in connection with oIP address seen in connection with o……

JA3 SSL client fingerprint seen in co






JA3 SSL client fingerprint seen in coJA3 SSL client fingerprint seen in co……

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Malware Configuration

Yara Overview

Sigma Overview

No Sigma rule has matched

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w10x64

EXCEL.EXE (PID: 1492 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)

iexplore.exe (PID: 7104 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6168 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7104 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

No configs have been found

No yara matches

Startup


Signature Overview

• Compliance

• Networking

• System Summary

• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..

Compliance:

Uses new MSVCR Dlls

Uses secure TLS version for HTTPS connections

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

CommandandControl

NetworkEffects

RemoteServiceEffects Impact

ValidAccounts

Scripting 1 PathInterception

ProcessInjection 1

Masquerading 1 OSCredentialDumping

File andDirectoryDiscovery 1

RemoteServices

Data fromLocalSystem

ExfiltrationOver OtherNetworkMedium

EncryptedChannel 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

ModifySystemPartition

DefaultAccounts

ScheduledTask/Job

Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

ProcessInjection 1

LSASSMemory

SystemInformationDiscovery 1

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

Non-ApplicationLayerProtocol 1

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

DeviceLockout

DomainAccounts

At (Linux) Logon Script(Windows)

LogonScript(Windows)

Scripting 1 SecurityAccountManager

QueryRegistry

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

ApplicationLayerProtocol 2

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

DeleteDeviceData

Behavior Graph


Behavior Graph

ID: 344380

Sample: Encode and Decode the Massa...

Startdate: 26/01/2021

Architecture: WINDOWS

Score: 1

www.youtube.com

iexplore.exe

6 88

started

EXCEL.EXE

27 28

started

iexplore.exe

6 116

started

googlehosted.l.googleusercontent.com

172.217.22.225, 443, 49744, 49745

GOOGLEUS

United States

www.google.co.uk

172.217.22.227, 443, 49743, 49780

GOOGLEUS

United States

6 other IPs or domains

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version No bigger version No bigger version

Screenshots


Source Detection Scanner Label Link

Encode and Decode the Massage.xlsb 0% Virustotal Browse

Encode and Decode the Massage.xlsb 0% ReversingLabs

No Antivirus matches

No Antivirus matches


www.google.co.uk 0% Virustotal Browse


https://cdn.entity. 0% URL Reputation safe


Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs


https://www.virustotal.com/gui/file/fa2b48d2caf465f04c3a32b7596bcce27630f810f9d1c10132da53d227602391/detection/f-fa2b48d2caf465f04c3a32b7596bcce27630f810f9d1c10132da53d227602391-1557910110

https://www.virustotal.com/gui/url/4d48058d5bffaefa5134d9a540ffdcb1956ebadb780081500b29e800ee0a7a6d/detection/u-4d48058d5bffaefa5134d9a540ffdcb1956ebadb780081500b29e800ee0a7a6d-1611607111



https://rpsticket.partnerservices.getmicrosoftkey.com 0% URL Reputation safe




polymer.github.io/AUTHORS.txt 2% Virustotal Browse

polymer.github.io/AUTHORS.txt 0% Avira URL Cloud safe

https://api.aadrm.com/ 0% URL Reputation safe




https://res.getmicrosoftkey.com/api/redemptionevents 0% URL Reputation safe




https://officeci.azurewebsites.net/api/ 0% Virustotal Browse

https://officeci.azurewebsites.net/api/ 0% Avira URL Cloud safe

https://www.youtube.co 0% URL Reputation safe




https://store.office.cn/addinstemplate 0% URL Reputation safe




https://wus2-000.pagecontentsync. 0% URL Reputation safe




polymer.github.io/PATENTS.txt 2% Virustotal Browse

polymer.github.io/PATENTS.txt 0% Avira URL Cloud safe

https://www.odwebp.svc.ms 0% URL Reputation safe




polymer.github.io/CONTRIBUTORS.txt 0% Avira URL Cloud safe

https://skyapi.live.net/Activity/ 0% URL Reputation safe



https://api.cortana.ai 0% URL Reputation safe



https://staging.cortana.ai 0% URL Reputation safe



hammerjs.github.io/ 0% Avira URL Cloud safe

https://cortana.ai/api 0% URL Reputation safe



www.wikipedia.com/ 0% URL Reputation safe



www.broofa.com 0% URL Reputation safe



https://www.youtug.htm 0% Avira URL Cloud safe

https://wus2-000.contentsync. 0% URL Reputation safe





https://www.virustotal.com/gui/url/ae673dd05c44fe7db3275552ff8691135086cc31616f533e893d4a8c39434d06/detection/u-ae673dd05c44fe7db3275552ff8691135086cc31616f533e893d4a8c39434d06-1611500152

https://www.virustotal.com/gui/url/1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc/detection/u-1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc-1611586045

https://www.virustotal.com/gui/url/e6949471e29a74d3172b67d72c683f1d4202843dbf4242ee886615108d3443e9/detection/u-e6949471e29a74d3172b67d72c683f1d4202843dbf4242ee886615108d3443e9-1611499632

Name IP Active Malicious Antivirus Detection Reputation

i.ytimg.com 172.217.23.22 true false high

photos-ugc.l.googleusercontent.com 216.58.207.129 true false high

www.google.co.uk 172.217.22.227 true false 0%, Virustotal, Browse unknown

consent.youtube.com 216.58.207.142 true false high

googlehosted.l.googleusercontent.com 172.217.22.225 true false high

yt3.ggpht.com unknown unknown false high

s2.googleusercontent.com unknown unknown false high

www.youtube.com unknown unknown false high

Name Malicious Antivirus Detection Reputation

https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2Q false high

Name Source Malicious Antivirus Detection Reputation

https://www.youtube.com/img/desktop/yt_1200.png 8D7FVGMB.htm.18.dr false high

https://shell.suite.office.com:1443 A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://autodiscover-s.outlook.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://cdn.entity. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://rpsticket.partnerservices.getmicrosoftkey.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://lookup.onenote.com/lookup/geolocation/v1 A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

polymer.github.io/AUTHORS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false 2%, Virustotal, BrowseAvira URL Cloud: safe

unknown

https://api.aadrm.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://www.youtube.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

https://admin.youtube.com base[1].js.18.dr false high

https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://api.microsoftstream.com/api/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://cr.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.youtube.com/s/desktop/b70e86a1/img/favicon_32.png

~DF07D7287D2D24C8F5.TMP.17.dr, 8D7FVGMB.htm.18.dr, imagestore.dat.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

www.reddit.com/ msapplication.xml4.17.dr false high

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries


https://www.virustotal.com/gui/url/4d48058d5bffaefa5134d9a540ffdcb1956ebadb780081500b29e800ee0a7a6d/detection/u-4d48058d5bffaefa5134d9a540ffdcb1956ebadb780081500b29e800ee0a7a6d-1611607111

https://www.virustotal.com/gui/url/ae673dd05c44fe7db3275552ff8691135086cc31616f533e893d4a8c39434d06/detection/u-ae673dd05c44fe7db3275552ff8691135086cc31616f533e893d4a8c39434d06-1611500152

https://res.getmicrosoftkey.com/api/redemptionevents A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://tasks.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://officeci.azurewebsites.net/api/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://www.youtube.co {43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.dat.17.dr


unknown

https://store.office.cn/addinstemplate A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://www.youtube.com/generate_204?cpn= base[1].js.18.dr false high

https://wus2-000.pagecontentsync. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://m.youtube.com/ 8D7FVGMB.htm.18.dr false high

polymer.github.io/PATENTS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr


unknown

https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-tampering.vflset/www-tampering.js

8D7FVGMB.htm.18.dr, UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.odwebp.svc.ms A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://api.powerbi.com/v1.0/myorg/groups A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://web.microsoftstream.com/video/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://schema.org desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

https://www.youtube.com/annel/UCABOBqS3y8Xn_o7bXvH-j2QR

~DF07D7287D2D24C8F5.TMP.17.dr false high

schema.org/ImageObject UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

https://graph.windows.net A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.youtube.com/ ~DF07D7287D2D24C8F5.TMP.17.dr, 8D7FVGMB.htm.18.dr

false high

https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

weather.service.msn.com/data.aspx A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://clients.config.office.net/user/v1.0/ios A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://o365auditrealtimeingestion.manage.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://outlook.office365.com/api/v1.0/me/Activities A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.


false high

https://signaler-pa.youtube.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

https://clients.config.office.net/user/v1.0/android/policies A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high



https://www.virustotal.com/gui/url/1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc/detection/u-1fd63af70561d504e1c4d2320234c5e465bc7e41e684b620b56ec0cb469b30cc-1611586045

https://www.virustotal.com/gui/url/e6949471e29a74d3172b67d72c683f1d4202843dbf4242ee886615108d3443e9/detection/u-e6949471e29a74d3172b67d72c683f1d4202843dbf4242ee886615108d3443e9-1611499632

https://entitlement.diagnostics.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonA59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

www.twitter.com/ msapplication.xml5.17.dr false high

https://outlook.office.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

youtube.com/streaming/metadata/segment/102015 base[1].js.18.dr false high

https://storage.live.com/clientlogs/uploadlocation A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.youtube.com/error_204?t=jserror&level=ERROR

8D7FVGMB.htm.18.dr false high

https://youtu.be/ base[1].js.18.dr false high

schema.org UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

https://consent.youtube.com/ ~DF07D7287D2D24C8F5.TMP.17.dr false high

https://graph.windows.net/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://devnull.onenote.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2Q

UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

https://messaging.office.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

polymer.github.io/CONTRIBUTORS.txt desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false Avira URL Cloud: safe unknown

https://oauth-redirect-test.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://skyapi.live.net/Activity/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown

https://www.youtube.com/annel/UCABOBqS3y8Xn_o7bXvH-j2Q

~DF07D7287D2D24C8F5.TMP.17.dr false high

schema.org/Person UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

www.nytimes.com/ msapplication.xml3.17.dr false high

https://api.cortana.ai A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://youtube.com/api/drm/fps?ek=uninitialized base[1].js.18.dr false high

https://visio.uservoice.com/forums/368202-visio-on-devices

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://staging.cortana.ai A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

hammerjs.github.io/ desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr


https://onedrive.live.com/embed? A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://augloop.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://api.diagnostics.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://store.office.de/addinstemplate A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://api.powerbi.com/v1.0/myorg/datasets A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://cortana.ai/api A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

www.wikipedia.com/ msapplication.xml6.17.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe

unknown



https://t.me/joinchat/AAAAAE2OnviiEk5o1o8i4w UCABOBqS3y8Xn_o7bXvH-j2Q[1].htm.18.dr

false high

www.live.com/ msapplication.xml2.17.dr false high

https://oauth-redirect.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

youtube.com/drm/2012/10/10 base[1].js.18.dr false high

https://accounts.youtube.com/accounts/CheckConnection?pmpo

ServiceLogin[1].htm.18.dr false high

https://oauth-redirect-sandbox.googleusercontent.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr

false high

https://api.diagnosticssdf.office.com A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://login.microsoftonline.com/ A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize

A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

www.broofa.com desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js.18.dr


unknown

https://www.youtube.com/s/desktop/b70e86a1/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lit


false high

https://www.youtug.htm {43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.dat.17.dr


https://api.addins.omex.office.net/appinfo/query A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high

https://wus2-000.contentsync. A59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr


unknown

https://clients.config.office.net/user/v1.0/tenantassociationkeyA59765F0-B911-42E1-8B81-7F760A22AE4C.0.dr

false high


No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Domain Country Flag ASN ASN Name Malicious

172.217.22.225 unknown United States 15169 GOOGLEUS false



Contacted IPs

Public


General Information

Joe Sandbox Version: 31.0.0 Emerald

Analysis ID: 344380

Start date: 26.01.2021

Start time: 14:29:53

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 8m 28s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: Encode and Decode the Massage.xlsb

Cookbook file name: defaultwindowsofficecookbook.jbs

Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

Run name: Potential for more IOCs and behavior

Number of analysed new started processes analysed: 35

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledGSI enabled (VBA)AMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: CLEAN

Classification: clean1.winXLSB@4/88@7/4

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .xlsbFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMBrowse link: https://www.youtube.com/channel/UCABOBqS3y8Xn_o7bXvH-j2QScroll downClose ViewerBrowsing link: https://www.youtube.com/


IP Domain Country Flag ASN ASN Name Malicious


Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exeExcluded IPs from analysis (whitelisted): 104.43.139.144, 13.88.21.125, 52.109.32.63, 52.109.8.25, 52.109.12.24, 51.104.139.180, 23.210.248.85, 95.101.22.224, 95.101.22.216, 205.185.216.10, 205.185.216.42, 20.54.26.129, 104.108.39.131, 172.217.22.238, 172.217.20.238, 172.217.23.46, 172.217.23.78, 172.217.23.74, 216.58.207.131, 172.217.20.237, 152.199.19.161, 172.217.22.206, 216.58.207.142, 172.217.23.14, 52.155.217.156, 172.217.23.36, 172.217.23.67Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, consent.google.com, prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, nexus.officeapps.live.com, www.google.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, prod.configsvc1.live.com.akadns.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, ris.api.iris.microsoft.com, youtube-ui.l.google.com, play.google.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtDeviceIoControlFile calls found.

No simulations

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs


Match Associated Sample Name / URL SHA 256 Detection Link Context

172.217.22.225 examwriting.blogspot.com/2015/02/describe-person-your-best-friend.html

Get hash malicious Browse 1.bp.blogspot.com/-tW6bdJ2wjUE/U2FhguGfv0I/AAAAAAAAApY/eoNiqBbrlyI/s1600/essay.png

www.boererate.com Get hash malicious Browse 4.bp.blogspot.com/_QXfrrj8yn44/SiuczvogmnI/AAAAAAAABe8/d9uiCWfh0j8/w72-h72-p-k-no-nu/hare.jpg

172.217.23.22https://tenantimprovementsolution.com/Newfilesviewc7c782c3b7c54f958e7eb2efff3a49b28866b4fc22dd46cfbad9e6ac9d0cd18cca873584897b48c88d82ecf5cd62783dServices/le/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=27f4198fc76827efbda8ed5ebc8be4d6828d922f8859cae62c2703a9f1a8f6eafe21d60f

Get hash malicious Browse

7CFPFFfS4g Get hash malicious Browse

mail.gogler.com Get hash malicious Browse

https://www.dropbox.com/l/AACE5QBFEmiySxklWOWtG4FMgKbAL8zNRuE


kantei-center.com/wp/wp-content/uploads/2020/02/safety/444444.png


sitesumo.com/Outlook/main.html Get hash malicious Browse

https://sites.google.com/view/adaptalifthysterforklift/ Get hash malicious Browse

216.58.207.129 examwriting.blogspot.com/2015/02/describe-person-your-best-friend.html

Get hash malicious Browse 4.bp.blogspot.com/-R8OKVUsis3s/UgZEksy0V1I/AAAAAAAAAT4/QtN9sBHMZis/s1600/icon-search.png

www.boererate.com Get hash malicious Browse 3.bp.blogspot.com/_QXfrrj8yn44/SiT4SJi094I/AAAAAAAABek/4ZMbzMWSaM4/w72-h72-p-k-no-nu/hardlywigheid.jpg


photos-ugc.l.googleusercontent.com https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#[email protected]

Get hash malicious Browse 142.250.180.129

https://bit.ly/3aA3uVV Get hash malicious Browse 216.58.208.129

https://bit.ly/3mH4Noj Get hash malicious Browse 172.217.23.161

https://bit.ly/2L1Yyyv Get hash malicious Browse 172.217.168.1

aypf.z2systems.com Get hash malicious Browse 172.217.22.33

https://bit.ly/3mH4A4v Get hash malicious Browse 216.58.206.1

https://mailinternetsub.com/ua.activelexb24/pub/mail/click.php?tag=sender.eyJSRUNJUElFTlRfSUQiOiIxNzcxMDIxIn0%3D&url=https%3A%2F%2Fstart.activelex.com%2F%3Fbx_sender_conversion_id%3D1771021%26utm_source%3Dnewsletter%26utm_medium%3Dmail%26utm_campaign%3Dvstygnit&sign=71edf9f0eba2e5293cc9be1db1a5515d039444194dbe19421aa2e9932d89a802


bit.ly/2KrM6Ih Get hash malicious Browse 172.217.22.33

p4fxv.info/D3c2Hp2HMI Get hash malicious Browse 172.217.22.65

C15P3CYhdA.doc Get hash malicious Browse 172.217.22.33

rzPgiw3qJz.doc Get hash malicious Browse 172.217.22.33

https://bit.ly/3h9HH8N Get hash malicious Browse 172.217.22.33

Domains


https://view.joesandbox.com/analysis/143585/html/none?idtype=webid#static

https://view.joesandbox.com/analysis/143585/html/none?idtype=webid













































https://sharepointsfile.eu-gb.cf.appdomain.cloud/redirect/?param=YW50d2VycGVuLmNlbnRydW1AY20uYmU=


https://bit.ly/34DFMnT Get hash malicious Browse 172.217.168.1

amicusdh.org Get hash malicious Browse 172.217.16.161

https://fdkl5.csb.app/ Get hash malicious Browse 172.217.22.33

vosb.blondfinish.link/index Get hash malicious Browse 216.58.208.33

mysp.ac/4kPIV Get hash malicious Browse 172.217.22.33

EHpIMi2I5F.doc Get hash malicious Browse 142.250.74.193

https://bit.ly/3gWlOK0 Get hash malicious Browse 172.217.22.33

i.ytimg.com https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#[email protected]


https://hongkong-ec-ship-post-id9817263821.orangeboxasia.com/ecship/index.php


https://bit.ly/2L1Yyyv Get hash malicious Browse 172.217.168.86

aypf.z2systems.com Get hash malicious Browse 142.250.74.214

https://mailinternetsub.com/ua.activelexb24/pub/mail/click.php?tag=sender.eyJSRUNJUElFTlRfSUQiOiIxNzcxMDIxIn0%3D&url=https%3A%2F%2Fstart.activelex.com%2F%3Fbx_sender_conversion_id%3D1771021%26utm_source%3Dnewsletter%26utm_medium%3Dmail%26utm_campaign%3Dvstygnit&sign=71edf9f0eba2e5293cc9be1db1a5515d039444194dbe19421aa2e9932d89a802


p4fxv.info/D3c2Hp2HMI Get hash malicious Browse 142.250.74.214

C15P3CYhdA.doc Get hash malicious Browse 142.250.74.214

rzPgiw3qJz.doc Get hash malicious Browse 142.250.74.214

https://sharepointsfile.eu-gb.cf.appdomain.cloud/redirect/?param=YW50d2VycGVuLmNlbnRydW1AY20uYmU=


amicusdh.org Get hash malicious Browse 142.250.74.214

https://fdkl5.csb.app/ Get hash malicious Browse 142.250.74.214

mysp.ac/4kPIV Get hash malicious Browse 142.250.74.214

EHpIMi2I5F.doc Get hash malicious Browse 142.250.74.214

s.id/RABObank Get hash malicious Browse 142.250.74.214

https://regalawards1-my.sharepoint.com/:b:/g/personal/jordyn_regalawards_com/EUZHp771z3ZIjDTrwc35jZ0Bjs3NzMsYxyWwqOJv02Z5XQ?e=4%3a8EU1Ek&at=9


https://protect-us.mimecast.com/s/sQmcCn5YzpcGLR8q4SJaZjF?domain=mobilitywithlove.com/


www.good-4you.net Get hash malicious Browse 142.250.74.214

https://sharia-point.us-south.cf.appdomain.cloud/redirect/[email protected]&data=04|01|[email protected]|a64194d2378542e06dfc08d8a2802868|22d2fb35256a459bbcf4dc23d42dc0a4|0|0|637438018615913999|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0&sdata=smYCgJbR96G/HzImvOXjT6991bTFo5/ZZGjJwucJySM=&reserved=0


https://www.premierpawn.com/rrt/xxtb/sharepoints/Root Get hash malicious Browse 142.250.74.214

track.dex.com/y.z?l=https%3a%2f%2fa-ll.xyz%2fcollections%2frenewable-energy%2fdelta-module?e=amFjay5sZWVAc2suY29t&j=337363310&e=358&p=3&t=h&7EA032A067EC4CA5A6EA9420CB888358=


www.google.co.uk Acunetix Premium v13.0.201112128 Activation Tool.exe Get hash malicious Browse 172.217.22.227

Jasper-6.10.0.docx Get hash malicious Browse 172.217.168.3

e-card.htm .exe Get hash malicious Browse 172.217.23.35

e-card.jpg .exe Get hash malicious Browse 172.217.23.35

https://web.tresorit.com/l/JG7xl#7YqXRnhV6spRT3ekJskNawGet hash malicious Browse 142.250.180.99

search.hwatchtvnow.co Get hash malicious Browse 142.250.180.99

https://wfuwdbjwquoiynfb-dot-tundasma.el.r.appspot.com/#[email protected]


https://www.ensonoelevate2021.com/event/8e8c2672-3b18-40b1-8efc-026ab72e6424/summary?environment=P2&5S%2CM3%2C8e8c2672-3b18-40b1-8efc-026ab72e6424=


https://cypressbayhockey.com/NO Get hash malicious Browse 216.58.206.35

https://pdfsharedmessage.xtensio.com/7wtcdlta Get hash malicious Browse 216.58.206.67

https://viewer.desygner.com/-M7QpDHAe3Y/ Get hash malicious Browse 216.58.215.227

















































































free.atozmanuals.com Get hash malicious Browse 216.58.215.227

https://alijafari6.wixsite.com/owa-projection-aspx Get hash malicious Browse 216.58.215.227

https://j.mp/2MBbcFl Get hash malicious Browse 216.58.215.227

details.html Get hash malicious Browse 216.58.215.227

https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_Jg


search.hwatchtvnow.co Get hash malicious Browse 216.58.215.227

https://web.tresorit.com/l/d2q5C#T3PZC5SR6Y1Akp1-8AT_Jg


https://nimb.ws/10IXxl Get hash malicious Browse 216.58.215.227

https://www.canva.com/design/DAESYWKuLHs/avvDNRvDuj_tk82H9Q45ZQ/view?utm_content=DAESYWKuLHs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton




GOOGLEUS DAT.doc Get hash malicious Browse 35.200.206.198

Bestellung.doc Get hash malicious Browse 172.217.6.174

.01.2021a.js Get hash malicious Browse 35.228.108.144

QT21006189.exe Get hash malicious Browse 108.177.119.109

1-26.exe Get hash malicious Browse 34.102.136.180

Request.xlsx Get hash malicious Browse 34.102.136.180

INV_TMB_210567Y00.xlsx Get hash malicious Browse 34.102.136.180

RFQ.xlsx Get hash malicious Browse 34.102.136.180

New Year Inquiry List.xlsx Get hash malicious Browse 34.102.136.180

RF-E93-STD-068 SUPPLIES.xlsx Get hash malicious Browse 34.102.136.180

gPGTcEMoM1.exe Get hash malicious Browse 34.102.136.180

bgJPIZIYby.exe Get hash malicious Browse 34.102.136.180

vA0mtZ7JzJ.exe Get hash malicious Browse 34.102.136.180

E4Q30tDEB9.exe Get hash malicious Browse 34.102.136.180

N00048481397007.doc Get hash malicious Browse 172.217.6.174

INGNhYonmgtGZ9Updf.exe Get hash malicious Browse 34.98.99.30

Order.doc Get hash malicious Browse 172.217.6.174

FileZilla_3.52.2_win64_sponsored-setup.exe Get hash malicious Browse 216.58.207.142


DHL.6.apk Get hash malicious Browse 172.217.20.238

























ASN






























































































































9e10692f1b7f78228b2d4e424db3a98c crypt_l_32.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.b70d9bf0d6567964.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Artemis5EFC4C46397A.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.75b2def6a7e110ad.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.32d178838c0fd41b.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Artemis8353855AD729.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

Monday, January 25, 2021 222135-ATT+723086453088056636775.htm

Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.b817172e5515b1af.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.40626f903857672d.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.ArtemisAA8578417627.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Artemis58690C2E2BCA.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.ArtemisTrojan.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.0551f32bbe68c20b.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Artemis961F6F63FB8F.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

JA3 Fingerprints






























































SecuriteInfo.com.Generic.mg.11330b175b08895e.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

PAYMENT INFO.xlsx Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.284f325559f6aab1.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.bde322c970c26175.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.37caa465917f6353.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227

SecuriteInfo.com.Generic.mg.1bd97bbb2b7b26c4.dll Get hash malicious Browse 216.58.207.129172.217.22.225172.217.23.22172.217.22.227


No context

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MOSJYZB9\www.youtube[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Category: dropped

Size (bytes): 45457

Entropy (8bit): 5.3340730896077275

Encrypted: false

SSDEEP: 768:6hMVIzytOw0fOI3O3Y3psd92P3mMRhMVIzytOw0fOI3O3Y3psd92P3mM4:AytOw0fOoaYyd9jMnytOw0fOoaYyd9jd

MD5: 614BD6F0BC470CDFA0E0C457A426B3FD

SHA1: F0BEA7A7283CA79C6202407DC576080B0BB55FC6

SHA-256: ADF10B708B54D4CE342A1CB2DCCE5A896E0F99944F2300DBEA735AAEA1D5C6C6

SHA-512: E55A88117EFA77E5A5916236B909642E888A4C80FCFCF568F0C4AD659EB3032429682FE24F54595AC409E05108F7F9B684F82E9F45BC1E6860BD5F03AB77DEB3

Malicious: false

Reputation: low

Preview:<root></root><root></root><root><item name="__sak" value="1" ltime="206122240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="206282240" htime="30864435" /></root><root><item name="__sak" value="1" ltime="206362240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="206922240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="227922240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="232322240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="326352240" htime="30864435" /></root><root></root><root><item name="__sak" value="1" ltime="363632240" htime="30864435" /></root><root></root><root></root><root></root><root><item name="__sak" value="1" ltime="575502240" htime="30864435" /></root><root></root><root><item name="yt-remote-device-id" value="{"data":"1461fda7-cbb0-4ff5-9074-ce9cad4887dd","expiration&quo

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43CC2B98-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Category: dropped

Size (bytes): 44632

Entropy (8bit): 1.965387615793321

Encrypted: false

SSDEEP: 192:r9ZyZ42b9WWtEmfe8CPM6aFb0XkYfN8T/rB8Hfh84Pr+5yW0OMQ+ih:rTuvbU2l/dOXocNcmG

MD5: 8BB8801935F0C8B7B6E2ED22515A6A97

SHA1: 1CAC3D7F84B76B86BFED2B4FDE5D296816E9DCE5

SHA-256: 4CC4EC045DE75A1E4459EC207E256A0272A0399A9CC1CDDFDDA5A373502B9AD0

SHA-512: 00E0E7D6F5F23C9661AD1B4E7B31DD65A845D5298B0B794D563A52474A68D6ACD326B9FA997B58C1D1AA8B50ABD6DCC65129793466FAF40CC6087AA6E52048AA

Malicious: false

Dropped Files

Created / dropped Files














Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43CC2B98-6026-11EB-90E4-ECF4BB862DED}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43CC2B9A-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Category: dropped

Size (bytes): 65484

Entropy (8bit): 2.359103933737006

Encrypted: false

SSDEEP: 384:rGk6CDhwUTlOrgagYaT3W+jrmANR+jrHG4N//IixMr:1wsVsY

MD5: BF24C6EBCFF7A782AE79C0F15A10CB4E

SHA1: 48795133313736FF8CA2BAC67235A33B056559A3

SHA-256: A317B021C215A083C03C1A195A8F4F24099936CE3F06EC37DF3226410DFBD40D

SHA-512: 2370E2D3F0A7CE704631A556B8C31BEB3FDC4C0E4FB2F08AD9C6A58742CD20088749641A58F30FF46D349F086DF9869D2EED8D72AC3845BEA649EBD760BD2F92

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56642256-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Category: dropped

Size (bytes): 19032

Entropy (8bit): 1.5865389081487147

Encrypted: false

SSDEEP: 48:IwtGcprhGwpaVG4pQfGrapbS5rGQpKeG7HpRSsTGIpX2rGApm:rzZ7QH6jBS5FAZTS4FGg

MD5: 58B76F46BA94A696F052E3126EA7D50E

SHA1: F26A44BFFAC75403ACBB4F769E4B1F1E1E0A9885

SHA-256: 5206D00B9729F413144E86ADE33AEE72F6FF7FDC77E00E824A8E8907642C251A

SHA-512: 85C5F558700BE4953B697B588E225E0A83E15C6B451E01F878CE21F2F687A33958E1F658BF2E94687C203841D13A3C0029A818F3DDD627CC5F20FA27DA17379C

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87DD3366-6026-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Category: dropped

Size (bytes): 16984

Entropy (8bit): 1.5649332328235235

Encrypted: false

SSDEEP: 48:IwTGcpr0GwpaVG4pQ1GrapbSSrGQpKlG7HpREsTGIpG:rpZMQH6lBSSFAUTE4A

MD5: DC12DEB1EF30CC8FF3544A0B07B7A3D9

SHA1: B92CC2DEEBE31C21212AC3F467AD9DFFADE404C7

SHA-256: 417A6002F561A60D10FB42B42FC2B7623A4C83376952E3FAEFE69DF66ABF48A3

SHA-512: 85C489652039C9670738B55CDE452308B749718D747088DF4729DAA2F40AAED3B6DE562E1194CFB3F19729E5E09E47BEF55D560043AC60341236A1CBBC30BAC3

Malicious: false

Reputation: low



C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Category: dropped

Size (bytes): 656

Entropy (8bit): 5.124030748093492

Encrypted: false

SSDEEP: 12:TMHdNMNxOExMNMfnWimI002EtM3MHdNMNxOExMNMfnWimI00ObVbkEtMb:2d6NxO+MNMfSZHKd6NxO+MNMfSZ76b

MD5: 9371CB2392525F29EF97A5E159750677

SHA1: 056C14F96D2A4033DF04689E14BF7E7C83B98AD1

SHA-256: 9552D078E9B34AB2CD6DF95763798017461104F533BC56A1EEBDD9782521F058

SHA-512: 305D8BAB47C11B2D67DB61B145410984A38F899EBD7875D1F5CFD73EFB97A3687E2DCD2DBEEFC6322541C43E3E27CB681ECE9FD83DA0612A1C01AA1F0F6A16F5

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 653

Entropy (8bit): 5.127605824316289

Encrypted: false

SSDEEP: 12:TMHdNMNxe2kJJLJlnWimI002EtM3MHdNMNxe2kJJhMOB+nWimI00Obkak6EtMb:2d6Nxr2SZHKd6NxrOB+SZ7Aa7b

MD5: 5AE58AE29B1C316566CA29F8353E151E

SHA1: 41DC156958C35020AE5143D14AD4F97322B072B3

SHA-256: 2A800EA13AB9CCA294C358B577A078D3A985DD3984819EDB6AC69E2EBFCDABEF

SHA-512: 8CD5E0B093229E866FC0DC2AA8EBF76E8473A6846D6308E85D4885234C6082D4DB960FE3715D1E2FC307B10CF0375538A0DBA53643EBF93D0CFBC59F2DE41FCD

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x2fad7f41,0x01d6f433</date><accdate>0x2fad7f41,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x2fad7f41,0x01d6f433</date><accdate>0x2fafe194,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 662

Entropy (8bit): 5.143766268466018

Encrypted: false

SSDEEP: 12:TMHdNMNxvLxMNMfnWimI002EtM3MHdNMNxvLxMNMfnWimI00ObmZEtMb:2d6NxvFMNMfSZHKd6NxvFMNMfSZ7mb

MD5: 78E145F52C3E811D3927F63B4332B7AB

SHA1: DFF82140EAD39FE6D5C9CEB8FB424C18424F94B2

SHA-256: D3F3CFFEF95D1B00FD84211977E0ACB722DE6590F6FBA878B5305842933E38D7

SHA-512: 7F7CE4E98192060332C50905B1633554F89D5895B09F0A6060B1836F5B64ECED31866AD4D076B0B0D4F2EB509BE58C43B9632070E0FE358E83C6A86F9024778D

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x2fc09215,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 647


Entropy (8bit): 5.126638557962821

Encrypted: false

SSDEEP: 12:TMHdNMNxipnWimI002EtM3MHdNMNxipnWimI00Obd5EtMb:2d6NxKSZHKd6NxKSZ7Jjb

MD5: BD44EEA7CB038BC5B25AB4C7F79E7645

SHA1: BC2E5DBA0CB134C3314F221F9BC5E386ABEA8D25

SHA-256: 5363007DEF94689601F04A6EBE2822B11BE99266E9EB3A5E86F6E34CDC50B5CE

SHA-512: 8B3143D0F31C58F95200FF1C9CB084B9CE54A73CE90196B113C456899AD45E8DDFB2D35B78E873BDF9E10D93C20CEEBAE7D8BC2E118FA3386E9561798A276BF5

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml



Category: dropped

Size (bytes): 656

Entropy (8bit): 5.138186420700976

Encrypted: false

SSDEEP: 12:TMHdNMNxhGwZ1PnWimI002EtM3MHdNMNxhGwZ1PnWimI00Ob8K075EtMb:2d6NxQySZHKd6NxQySZ7YKajb

MD5: C832B6CB10146690CEA3A283A513FCDC

SHA1: A831E2732923EBE62C192184236382144270B5B1

SHA-256: 38B7D8054AAF2176F4A0C257E7FFD7F78C5C78105B4B1B398550B21C2E2B9BE7

SHA-512: 475E92B3F6736ACB601BD746B9663FDC88542D448EE88925C048BF58F61A2369E86366EA7297A4C6D0CDDABD6675F5D697446738E8B2BF960D2B7A16C97598DF

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2fc2f47e,0x01d6f433</date><accdate>0x2fc2f47e,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2fc2f47e,0x01d6f433</date><accdate>0x2fc2f47e,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 653

Entropy (8bit): 5.1077214539957785

Encrypted: false

SSDEEP: 12:TMHdNMNx0nhnWimI002EtM3MHdNMNx0nEMfnWimI00ObxEtMb:2d6Nx0hSZHKd6Nx0EMfSZ7nb

MD5: 695A5DCAD23CF47773BDB74CF67E4E31

SHA1: 5CB84B265249B124F05EC7F0216DAA3A98B8EA1B

SHA-256: B1056AD781AF619A43F12365B44609FF5118247FD81E0C38EC20DEBF337B8092

SHA-512: F5B694D097536498754D2E26AEB8EC91077165CDF80F22F13F3F2963D8CE6996B630DD09DBCBE7FEDD35AE56E9B73E421D622D4969D19A7EB554CFA3019D8C64

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fc09215,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Category: dropped

Size (bytes): 656

Entropy (8bit): 5.133555261252517

Encrypted: false

SSDEEP: 12:TMHdNMNxxhnWimI002EtM3MHdNMNxxhnWimI00Ob6Kq5EtMb:2d6NxrSZHKd6NxrSZ7ob

MD5: 547C6D45FA5697A3F8117EB33BF7731A


SHA1: 486AC6B808C01503563D42EA1D9F51B69F552DCD

SHA-256: D75D1316325E8797E3DFDDD9FD8D2C6758BA44A574AC2F828CA0FAB4D07B053E

SHA-512: C9E1294466D5EB8EB335D096E08C1FD0DBB8F2546B5BDC72D8FEC038CE2E91274EFC333ADEC405FB44BDB9D322C76E82B6F44AB96A14395A210BA8CB701238B1

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x2fbe2fda,0x01d6f433</date><accdate>0x2fbe2fda,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml



Category: dropped

Size (bytes): 659

Entropy (8bit): 5.161028778467852

Encrypted: false

SSDEEP: 12:TMHdNMNxcXbPnWimI002EtM3MHdNMNxcX0nWimI00ObVEtMb:2d6NxcbPSZHKd6Nxc0SZ7Db

MD5: BF1F13C4568DA638C3868A93F379A7BF

SHA1: 3170953C8E74772DC98ADD0DD919BB1E5D9AC782

SHA-256: 0FBD53423B1FAF31ECAB46353978FB3BD7FA0AE7BA6236E88916D598BE13934F

SHA-512: 5FC0598341C9AE87FAB31B31DD14F9331A73863548ED942DCAA3F829EC4E2121C2369EB2E1D35469B7CFBA295DA84309FEE91474223412AA666CE86867B5706C

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x2fb96b48,0x01d6f433</date><accdate>0x2fb96b48,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x2fb96b48,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..



Category: dropped

Size (bytes): 653

Entropy (8bit): 5.112159567782744

Encrypted: false

SSDEEP: 12:TMHdNMNxfnpnWimI002EtM3MHdNMNxfnpnWimI00Obe5EtMb:2d6NxxSZHKd6NxxSZ7ijb

MD5: C4F27EBBA9F5DBE54F7659A74BC162C1

SHA1: 0A294BADA254CC2F42DFA7488F9A82AF1A6DDEF4

SHA-256: 81A3BF379C54785A350A61C44C5043324E7E98C88CD58130DD9CB117B5CB4662

SHA-512: 545308AD24F886F281D63EB85F2ABDECCEE0221D95F1CB6FDE2451BB1734FF5F7C3B4AE9609AD1FF9C564F5796AC592661019DD1D16FADAACD6F04301C0A4559

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x2fbbcd83,0x01d6f433</date><accdate>0x2fbbcd83,0x01d6f433</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 508

Entropy (8bit): 6.453294476987648

Encrypted: false

SSDEEP: 12:2b9eV8JSkLbfYybv/7iYSk4grdKS6SWntVNaLfoIl:2b9eVlkLjYytl4Sh+tVNajnl

MD5: 1681ADEBC87EB9D7A217DEE744B4440E

SHA1: ACC739521FF30B7ECDD1F04E48B49BDFB94D8D8F

SHA-256: 0E150E77AEDBE787F5A9DA6BFC810DA33EAF4286CACD244A160858D74E341ABB

SHA-512: 7DC2EB7DB311C8E7D4E2D6E1141420E5D082C0299CF5717E1A3D73FF5909FC96463E310A9FDDBF3840B5F20C31A9660786004D97B49B1AF6D9A9E15DE42DFCAE


Malicious: false

Reputation: low

Preview:=.h.t.t.p.s.:././.w.w.w...y.o.u.t.u.b.e...c.o.m./.s./.d.e.s.k.t.o.p./.b.7.0.e.8.6.a.1./.i.m.g./.f.a.v.i.c.o.n._.3.2...p.n.g.\....PNG........IHDR... ... [email protected]....(......K..;.;....)a;..!+D....%L2!!..d...$...d.b ...o......n......H..+I.......VP.5....albl.I ..D]...Y.D.l...2y..........P=...=.-.e. Z..{..gkA..*....sS;..m.....N*.I....~.!Hu.h.:I?L..x....n.q..6.h.............d..qH(..../$.V2.{3J...r5[..6..9j..[n......IEND.B`. ... ...........w..`....w..`....

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A59765F0-B911-42E1-8B81-7F760A22AE4CProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators

Category: dropped

Size (bytes): 132942

Entropy (8bit): 5.372919854994395

Encrypted: false

SSDEEP: 1536:DcQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:HrQ9DQW+zBX8P

MD5: 17426219A66CEEB1B61003F3190BBF45

SHA1: BDB8A2D2EC9C995E3DB1B68A05701896FDF8483D

SHA-256: 7E6AF767C54C71A1A949204A23957ACC469D4325290389D3C6207FF8A6178D31

SHA-512: 6175213206B0E777AF381BD409353ADAFB9B202AC94452CA106212B45F9FDE51C2698F787650C0E568C0074B446ABC2E5F0E4035B11AD876BAF214B80814D397

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-01-26T13:30:49">.. Build: 16.0.13723.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7B020C51.jpegProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 499x195, frames 3

Category: dropped

Size (bytes): 32313

Entropy (8bit): 7.726948373053818

Encrypted: false

SSDEEP: 768:ZElXmWcYhxuqM6FYoDO0vR/OJhwUg39RfLoE9N:Z+vxuqDFYoDO0vROJhw13rkAN

MD5: E7957D93D78C43E5790A0B3E455D677A

SHA1: DF7D900BAD3EB0CFF251B16C4B77B53C789F205C

SHA-256: 69495CA190C3660B1004F8EBAF27639B8C827C32F70F74AB54CD8D0D7D81FE76

SHA-512: 9E46A8DB2AFCAD90A8DDD1759BBFB91C54F64B042DA901927D2D54D30BD7A89229D295302094E86AA65CB6D7F6AE1DBA9E6AB412C3A8D71715BF1C5E52727526

Malicious: false

Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..p....~..%..~.h.$..{}.kqi.&.......H..vb^I#........_....>.........../....U....p..%.~P.......sL.o*.Z.......Axo.Na..F2..........?c....~............|^..........U|W.sG^..?.{..A2.?..........?...i7.._......r...y...U..S..u.Mx..~..=/..<7...k...V+.<.H...EL....rF.?<.J.7.^.t.G.n....x...:l....-Pi.!.|..f.......C...w.G.}..3|eJ.....[Vik..OO.>w.xW&.a.V....$.....Z...7d..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\82CEF990.png

Process: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: PNG image data, 488 x 164, 8-bit/color RGB, interlaced

Category: dropped

Size (bytes): 89100

Entropy (8bit): 7.993283480180213

Encrypted: true

SSDEEP: 1536:yBQOSyjf49EFG/I/Pr1KzDjx5jFWypMhKxMg9gBcHHzMlC+pmMq+9H9jRj9Ldige:yBfS6yEoI/PrwAypMhR2g4HzMh7RQdRf

MD5: 7D4F509DE06DC8DDD76A03799D503799

SHA1: 31F72950CECA3307AB6701E23003D46AB7FEBAFA

SHA-256: BBC731DB5B15007DFF1B3373CAA255316C38962EDE1CD6FC561AF1AC278CAC89

SHA-512: A721DFCD1CBCD956869516D4E15A662903C98FE1B9AC87D98EB787AA0E98ED3DE2C5450C823DECC612916F5E45DDEEA917B117A8C519C0020B77882C97248164

Malicious: false

Preview:.PNG........IHDR................n....sRGB.........gAMA......a.....pHYs..!...!..........IDATx^.w|...|[email protected].+....zG3#.z....=k.#...:...w....^{.]....'....$...iz..I..Q..B......K.xA.&...">...R6..+z$...o.|/...O..U.K.e..K.W.8..|45.AK....mj.6.....E.. e.".{....z....t}-.........w...9H........j..#).T..t0.......%F..P.;G....ns.a..`.T......K..!.".........j{.;z.:zZp....._......../.9#..=m.j..j%..;[.t....:.|Se.,...p^....k.4..M].M......2.x.j.(......D..'.^G..f.k.g.K..............E.A....2.[.f..o..e.8N.....P.4.*i.....S.......T...c{....eY."?(..wk2!...6]_.p......q..'_....4..l..y.Q..}.&.(......^...9I.od`PZ._Z..z.xB'.(.9....L."2.o...m_..C.T4..~.....|.=^.1.S.......q.k.%.,geq B. ?8..D...K.... .Q....<.!.+_..S.<.Y..}w.. .Hz..K..." .3....|.&$^..=...o.U[uu8.G..-.....1.Hn+^.?N$.H.},.V\R....H..D.4L.#HU...B...8......S..).".......5k....%.....M......'tW. [.2#l....ybl...j [..(B......='.fsrp.xt...I.QLqE.I.<u..29...w...|.7...F.!JD...


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B89DB6B2.pngProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: PNG image data, 100 x 101, 8-bit/color RGB, interlaced

Category: dropped

Size (bytes): 18914

Entropy (8bit): 7.988422910223633

Encrypted: false

SSDEEP: 384:VnAhr4cr/589SbCM20V8v4YAFp1WHhmrn8puhpuVPoyct8RTs:VnApP2R8Kv4FziE5XIpCmTs

MD5: 6DF099436911587D0F01178F30F4FD9A

SHA1: 3651189753E1B9C0434E49601C67060D464901C5

SHA-256: 52D726F671DAF7EBA53199A25E6BF56FC3F3AA4EE1A578803A5593173AF1451C

SHA-512: C545E77081EEC0D3052D903FCCB621CD76918BE7FAF04A1047C5524E483CB48D27B15E18CF7C8CC0C2FC7EA70BC9228EAC14179DFFF89ED91E9240792F45C64D

Malicious: false

Preview:.PNG........IHDR...d...e.....C..0....sRGB.........gAMA......a.....pHYs..........+....IwIDAThC.w|Te...u]w..E.w.*..(...HH.....{.u.L.d2...Kz'4.]Y; =....I.{n.# .....x.s.......<.|..X....=........s..i.............a...........Cm.m..{w......Lu.[~......C.....ln.T%..O~..y.\Y....k....>..'....q...{?&..).L.:]......PY..O....m..$...T....EF.......d|T.....G..r.....Qv...:........G..!...y.O.G....n...j......)].V..zz......C......% AP.'..8.o,..-.+.M\.7.Y/}c#...}*.....+`G...b.......g~s..w....7..u..F.....?.o....<......#..`0....M|z..E8.}.........o..}e.%`....~hd....m.o.-...dzo^1...i0..F.....'..c.[eT...b.....L._j~.G...(._.....K.J~aDU..>.~....&...F7..k.O.S..r1G&..$..|.q.:L.....0.L..1$..]A*..+K.\...X?7B.Ia.RR..7..-..3......3..~......|."|......<x.\t...T.,.*...(.+.}gk.R......q.?.2.....x.2.n..%N.I..T...~4.^~V..........QB...[.7a..A.._........b[0_a......a}....i.....z..__.9..s.._...IoX...l}...O:.?.<.I......k.V.-e.B...;..v..R...,.Pa3.C.dya..{g...Ig.'...w4.mm:.........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E2F330B.jpegProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 105x108, frames 3

Category: dropped

Size (bytes): 6774

Entropy (8bit): 7.877640755315386

Encrypted: false

SSDEEP: 96:oMEYUq/pD4rzft1oGBddpQVX5Fbql55ExRNxKk3jQaCaZqm3oBVOh8e8my8aDcMq:oMrRDkvBil65WafD6qsv7ic3H3

MD5: 8E72A357761CBA9A9ABFAD5CE7E8218A

SHA1: FF3A8EADC3A23E4539DB1BD89455D0103A389EED

SHA-256: B2A39097B9B799259B82CCB6E9F7C6F53BC33BA88896EE1D294A0EB847AA899C

SHA-512: 2A8D1D442F9AF70901C3B5526C4482D440580A8E3D079F5968C10A167DB030E73ACF3D5122FBDDA2054F87CEE44FE6AA7E6AB56B25B9B0991BCBA4BDDC04800C

Malicious: false

Preview:......JFIF.............C....................................................................C.......................................................................l.i.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....l..8c.?k_...9.t...._U.M...M..5.....4.<.%eb.o.T*8p\...........?...4)u..x..m..v...]..&k=b(c*rUYeF..uu..+...O.....E.Cs.o...As"O".,..[!9..5.6.~$...;../.:n...g._..i..o$.#{-... ....2[.5.^2...',Cm]5{....VG.'..G..1x.>K.BN2.7.[...R...Jp....^..W..:.....kq..$/,......#....-G..W.......N..E}...A...K..W.......14`3....p.6..z.-..?.?:....j..XY.F.\RrI..]\....2...%......4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8D7FVGMB.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: modified


Entropy (8bit): 5.290687651845734

Encrypted: false

SSDEEP: 1536:78cnWl7B4J81w0QzDaBsDaB2DaBwDaBhDaBdZc5vSX:my7HuAuiuEuduGKX

MD5: 4A8E3585C3E326B10BB120879E2E8AD6

SHA1: 0278EDF85A0313A8BD307AEFF660D46984A104B3

SHA-256: CABC08A9CFD50D16491E816279A60928581DC2A654ECFD587E9B6A01E95EC81B

SHA-512: 88F01BF8D24F72C9C7BF343DB81949DCD43BA0476E905654BC9A37B208BFA1366E29BFBECA8BBF743C13B658B8418587CE6CADD281BBF6B9BB89FEF92C042DAC

Malicious: false

Preview:<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="XsniR3Th31KIQ9T3fVbTZQ">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};.window.ytcfg.set('EMERGENCY_BASE_URL', '\/error_204?t\x3djserror\x26level\x3dERROR\x26client.name\x3d1\x26client.version\x3d2.20210120.08.00');</script><script nonce="XsniR3Th31KIQ9T3fVbTZQ">(function(){window.yterr=window.yterr||true;window.unhandledErrorMessages={};window.unhandledErrorCount=0;.window.onerror=function(msg,url,line,columnNumber,error){var err;if(error)err=error;else{err=new Error;err.stack="";err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(columnNumber))err["columnNumber"]=columnNumber}var message=String(err.messa

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators

Category: downloaded

Size (bytes): 2168

Entropy (8bit): 5.207912016937144


Encrypted: false

SSDEEP: 24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6

MD5: F4FE1CB77E758E1BA56B8A8EC20417C5

SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0

SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F

SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436

Malicious: false

IE Cache URL: res://ieframe.dll/ErrorPageTemplate.css

Preview:.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 21588, version 1.1


Size (bytes): 21588

Entropy (8bit): 7.973550860004932

Encrypted: false

SSDEEP: 384:9do1erd5msN48bPbceGykR88v9yGLRkcl46tW6amtMQSJCo:9+1erd5vCfRzluCSJV

MD5: 81F57861ED4AC74741F5671E1DFF2FD9

SHA1: AC3993E9EDC4C30C97FE670AA1E8A7088AA69E31

SHA-256: EEC142608E8B417E2ACB6E5301A750047A04E2C5A6563223CAAE499E19EA08EE

SHA-512: F23A7D58BE44E474CB65C368B048EB68AA1B6FEF4A12797A4A19C8D9E2F1BB7AB6FCEAE2AD17C59283616503107C332EA6245BF9F721BC49A676E8C92F46EC74

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff

Preview:wOFF......TT................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......O...`u...cmap...X..........W.cvt ...P...J...J..,ofpgm.......3....c...gasp................glyf......@W..n.S...hdmx..M4...n........head..M....6...6...`hhea..M...."...$....hmtx..N..........=-.loca..P...........maxp..Rh... ... .(..name..R......... .=$post..Sh....... [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 20464

Entropy (8bit): 7.969622511404751

Encrypted: false

SSDEEP: 384:edA/1eSg82dg1kGeF2BFDEE+/adkuouo34TjkWqTExYOYg/c1iuHotcO:ey/1eSnLkGeWFQECadcLIc/TEfYr1RO

MD5: 87284894879F5B1C229CB49C8FF6DECC

SHA1: FB1BD3BAF122D5D350EB387F0536C20DA71F09DF

SHA-256: BA98F991D002C6BFAAF7B874652FFDCDE9261A86925DB87DF3ED2861EA080ADF

SHA-512: 663BA95BBBC6F7E65D7B1293E4A044C9111438A03B16664FC38A2B2F2C1A4CE96991C847B36691388AB322525A83DB2724CB4D1B9BF0440727F0B5CA7073AB8C

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff

Preview:wOFF......O........D........................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`t...cmap...\..........W.cvt ...T...\...\1..Kfpgm.......2......$.gasp................glyf......;...l..(.4hdmx..H....l....."..head..I<...6...6...rhhea..It.......$....hmtx..I....x.....gO.loca..L........._.C|maxp..M.... ... .(..name..N...........:.post..N........ .m.dprep..O........S...)[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 20356

Entropy (8bit): 7.972919215442608

Encrypted: false

SSDEEP: 384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/

MD5: ADCDE98F1D584DE52060AD7B16373DA3

SHA1: 0A9B76D81989A7A45336EBD7B48ED25803F344B9


SHA-256: 806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1

SHA-512: 7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff

Preview:wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)*[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ServiceLogin[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Category: dropped


Entropy (8bit): 5.829212108853592

Encrypted: false

SSDEEP: 12288:afOsmovaXM3jjTqC3xYv9ByMoEyNEIFLyqJsqe2FURzjk+fvmgVv:afFvaYjTqNvny5F1JsqbFURdfj

MD5: 0EFC28C8BDAEDD748C33B61D16679F10

SHA1: 0515B4FC6401A9DF8605A7DDB097F6FADD98845A

SHA-256: B06DFC00233F556DE1828637C162B0C76569210C27E4A23F82F69D9F81CAA483

SHA-512: 27ECFAECA08B2D01B76BA46063FC7B8F2D6610743BF7520DC4B98D0A70A5B53883520B0F6A3C8F73CABC3730F7D86640F71497B89FB6C4B7F3FFD956650D72EB

Malicious: false

Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://accounts.google.com/"><script data-id="_gd" nonce="KYXNfaJnKyTTWdRCEAnSQQ">window.WIZ_global_data = {"Mo6CHc":-2073743828914380063,"OewCAd":"%.@.\"xsrf\",null,[\"\"]\n,\"AFoagUW8BhkZP_w300RwL-wIKwO84bekqA:1611667907362\"]\n","Qzxixc":"S755264321:1611667907340012","thykhd":"AKH95es1_lZwz1t8Fom7zhB0XS-U34R5EtAbFUVYceLCgWsUy72PyIp43-IKsbLH0gxDBiDUhWoaktTcLxopLFNk24pYZS2w489xbGq5ypoKLEw7pEI\u003d","w2btAe":"%[email protected],null,\"\",false,null,null,true,false]\n"};</script><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><link rel="shortcut icon" href="//www.google.com/favicon.ico"/><noscript><meta http-equiv="refresh" content="0; url=https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&rip=1&nojavascript=1&service=youtube&hl=en"><style nonce="KYXNf

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\endscreen[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines


Size (bytes): 26345

Entropy (8bit): 5.365553536100641

Encrypted: false

SSDEEP: 384:cPhwZewhZqmEKENmrNru4rEkGAHobrKY07DFEjw1ACeZj:cPhwZeEZq8ENcUJr6oj

MD5: E79109406CAFC0987FA3169FFD6B781F

SHA1: 7A7BB3A441676B72AB5C56E83BFB091F7CF685DE

SHA-256: C2E98E94AEF60F714AEBA64BC9D0944B6F43388DF2EA81C0C8BF2E432C8B1BFE

SHA-512: 8A6C0E92366FF79EE015BA6D2BFDCFB7B4BE047C34530345CD2D595DB4BC6A20E19679B409EA98BD95A0F9AD7B61125192F4B7E6A4D77ECF52481DACEBB9E31D

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/endscreen.js

Preview:(function(g){var window=this;var y3,GGa=function(a,b){a.va("onAutonavCoundownStarted",b)},z3=function(a,b,c){var d=b.Ma();.g.K(a.element,"ytp-suggestion-set",!!d.videoId);var e=b.getPlaylistId();c=b.ue(c?c:"mqdefault.jpg");var f=null,h=null;b instanceof g.qI&&(b.lengthText?(f=b.lengthText||null,h=b.xu||null):b.lengthSeconds&&(f=g.UM(b.lengthSeconds),h=g.UM(b.lengthSeconds,!0)));var l=!!e;e=l&&"RD"===(new g.rO(e.substr(0,2),e.substr(2))).type;var m=b instanceof g.qI?b.isLivePlayback:null,n=b instanceof g.qI?b.isUpcoming:null;d={title:b.title,author:b.author,author_and_views:d.shortViewCount?b.author+" \u2022 "+d.shortViewCount:.b.author,aria_label:b.oq||g.AK("Watch $TITLE",{TITLE:b.title}),duration:f,timestamp:h,url:b.El(),is_live:m,is_upcoming:n,is_list:l,is_mix:e,background:c?"background-image: url("+c+")":"",views_and_publish_time:d.shortViewCount?d.shortViewCount+" \u2022 "+d.publishedTimeText:d.publishedTimeText,autoplayAlternativeHeader:b.tq};b instanceof g.sO&&(d.playlist_length=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 246x138, frames 3


Size (bytes): 10625

Entropy (8bit): 7.951528381686421

Encrypted: false

SSDEEP: 192:/+R5divvKkMiZhbZxLsOtTRxYriudxw09Gd60GR04NvAiysRZMs2unZ6Ui1:G/kfZhbcOtToFHD9GI0K04NvAiTRZyuq

MD5: DE7FD5EFE2E283432E429FBAC2913469

SHA1: DCB4FCAB6242A6A57E1EC73F56BC986D16F54791

SHA-256: 99E3BABD9AC5B7BBF05E3504B476CF769B0468891F35BDD39E7A62E051C998DE

SHA-512: 617C47712477FE70348188C9AE774132116816A7D81D2BBACB619D062D77813202073474B0FBD14D9536B72D13CE3DF4523D39C95587B425AD0F8BC1BCACFA3B


Malicious: false

IE Cache URL: https://i.ytimg.com/vi/mctq1_i8ggY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDvAxIYNFAJn6sCG60M39p-t9rZkQ

Preview:......JFIF..........................................................................................................................................................."..........................................P...........................!1.."A...QUVa....#2q....R.$3BSb...Tru.....'46D....&...............................3......................!..1.."AQa.2q......$R..#3............?......C.....~{.....<..c....g.q1.......+..g.MT...........P8...R.1....4Z..w.K.jJ..v..O.%.....Y......>...?.~....l}...,.n&.....;.H.PL.-.....&..A,n,....;.."H......paqpj....A,~.m.+.e.[^.?.Z.........l....,.n&.,..9b..Pw..q..Ko._R.....<..O..".x..~.Y.....U\r.7>sr(F... .r{..O...........>.?..].n.f`S..K.*.hd..K.o.[.=........e.".....A..._.....A..._..[`....y1v..G..W.y1v..G..W....-./?^L]....~U...L]....~U..z...`....n}....~....n}....~...m..".....A..._.....A..._..[`....y1v..G..W.y1v..G..W....-./?^L]....~U...L]....~U..z...`....n}....~....n}....~...m..".....A..._.....A..._..[`....y1v..G..W.y1v..G..W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[1].jpg




Size (bytes): 13827

Entropy (8bit): 7.9641693733324175

Encrypted: false

SSDEEP: 384:Ow5IESr2G4OqSqCkXE5G9bLrdZwkkLnYz4qAxdicwv//:Ow5XG2G4O4RX3dZwk6YzMarn

MD5: 588A10DD1BBF13FA082BC1651E285754

SHA1: 49BB697FEBFB7DCF5B3AAAA98150F78044FB7DB8

SHA-256: 86B89971CBDFABF59DE1329F9A1377AC27C3EE2D060BFF63C04723BF7AF7B6F5

SHA-512: 7566C9DD8BCC29F425D57C509CB9EED1A5B3538F01256F6303AC55F7EBAC5F97F6FBE7A9AD707DE131609E6FCCAA95305FD102E985A3CA657F9758DC2A601ABB

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/wLi4LNCDDw8/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAkhnRt5M_PuQ5HS_FARCaDLkX-rA

Preview:......JFIF..........................................................................................................................................................."..........................................X.........................!.1.."A..2QUa....#q......$3BRTbr....Ct..E.....45DScd....%....................................9........................!1Q..A..."2a...Rcq...#B...$3b............?.u..Q..*F..#.jk...}..`N...n.....tm\..:7C.7tf.sQgr7....a.F.|..T..%ffW......nV...kWS"..........m..O2M........F.%.*. .8Jn....s}[email protected]..".u[Qcsrw6U...cK.,........dy.p......~k.Q.Q54u9.........C.y;,[email protected]<..PSiq....~.\.y.........A...;^....9...}F.$G..i.c..u....o{.|w'..Ve.O....C.54..US.<Z..y.B.U..)6E..K.1...=........#.]..O4......b..P..esel..........c.....l.X..I.I.#..#.x.n~4.^.l$'....\.V:?{...-..5...x..7...[m.....+. .*V.&p..&..-.T....n0H.0...F.E.....g.sL.5..2==T...I........"J..Of...w........].oV..I.-...X..q.u`..G..l/.oi.5o.,.E-Z.....OOS$.k..\&U..MDh....F..).




Size (bytes): 11954

Entropy (8bit): 7.953282520138151

Encrypted: false

SSDEEP: 192:cbg/0SuoOcPiK18xPnqm/wSRf8+CjUmEBdsVbded8aP3b4+0uE8b/ZnoStu83t1N:Gg8NZKCnX/wSu+lmmsieA4+X/9RnnUWz

MD5: 9446883C52868D3CBB48411916981143

SHA1: 80231D360FFF0A77F81E869D8AEE11246C1FF719

SHA-256: 51783859BD021B29228B5DFCB514EE65D1303B365BB612981170DA28F1C788F5

SHA-512: D25DBFF36638C8B022E220D9D81C82A6B080CA56D07D3117B6FE9B4F59C634E555C4C2FB47444EC2251DB18DC99C4313F2299A1ACD02F76078D9862EAF15FF8F

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/hRNQ8Yu5KDo/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCDLGzxXAnBXR2wIc_8G7AVUDQl5A

Preview:......JFIF...........................................................................................................................................................".........................................U.........................!1AQ..."a.#2BSq.......RU.......3T......$%Cbr..45.....Dcs..................................<.........................!..1AQRSa...".....2q...#B.3bs.%Cr............?..#.....6..X.e/.C.........(6E...Z.Y. 8R."............W..j_.\[email protected].~...NP..{.,.~c1.$......nc....D.......+..q.....o._.sZ..N.....$.(.F.%D...!_...o.i..T..$....4.J..0Dl....i.....C.....KK.-.....KK.-.x.pm.6z....0M:.$.b[[email protected]^&.AI......Y"y.........q[....m/...Q.....q.8..4#l.H..e....;..eV..-|....0....i.L.Fh.V..d.ex...NQ..}....!.._Yo=./.C......_......a..%..*...dd.%...8.uG...f91.0..Qn...AO(.....5..^.O..}[email protected]..{...GK.a..X...A.....PIPc.."....7C.yd.....U...Z.Fn..L.19...........g.........7r...j




Size (bytes): 13440

Entropy (8bit): 7.963630014519039

Encrypted: false

SSDEEP: 384:OmiAFQ9TuZLYs2bg7Q/7jz77df5D1y4ok:OmiYQsWb75B5y4ok

MD5: 84C81AEEB249329A7578AFD45382FAC5

SHA1: 41B25D4C07020DB4A29CCC92DB8C37EBAD1579E1

SHA-256: ED32D014EC40FF09C1A6627BE076B1D94421446DED95BCB54452BCDC8906C665

SHA-512: 5E3D36C942D1AC12B1DC16D08FD4E229683AE5D272A9CDC0D142696DC5604930FEB85A6CE215E03853A4EF871DB9713CB2CC87C5A8DF019957AE0C316A063EF8

Malicious: false


IE Cache URL: https://i.ytimg.com/vi/0JHbb5-elMU/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCsDTU4a8JFZlstBVFGDkb8FrDdKQ

Preview:......JFIF...........................................................................................................................................................".........................................T.........................!.1.."AQ.2Ra....#BUq.....b....3STVc.......$%C....45Dt...E.................................:......................!..1.....AQSa...."2Rq..Cb.3T.....B............?.Ad.....Q.f......w..m.7.H.;.`.^.M.....0...k.......{.qiY...A.n...C......m..7g.I../......"B.O..G.cSr:..&..C..U.......t.VP..}d........,......66..2...&+.f.m-.~H[f.N..Qr....|..A,sh,..."..X.C.}.TcnJN...4..U(....8m.X.m.0...a...l.U$......k.......K..G..m..k..............E...HM.(@9.._....J..r.R.UI.).>.b....m...F.u............o'..fe.....=P..$....E..... .X..A...:..7..E..^.V.V!.Z..{.n..3!Ur.m...,........0..V:.#...ki`I..$.[p4..N.u.......US............?.I..|.5..X...\.&3.6......mkM...02...n..aca...$.T./W`A.C.r7..b.>g...A......):=&.e..\...A..s.j.F.H;[email protected].....#.O.n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hqdefault[4].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\red_x[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced


Size (bytes): 4692

Entropy (8bit): 7.929034471918412

Encrypted: false

SSDEEP: 96:Sn/2mON/mv8Z7QuHy9TZhjR0ZmegAmURrkxeDlOyMX:SnO8i7QhVTvUbDlq

MD5: 5F3C13A459A72438E42B2289C7AF2034

SHA1: F43551BE102CD1EB0B2E87DC24F980720194A56B

SHA-256: A7A63CA1370CD6FC3470FA81BB1DCB21BCE31B0048A36E5BCE8914EEB88DAAB1

SHA-512: 14E82E281DC91ED57EAB780279D167413185DB3FA7BE49FBDB4942888E7F4E30B1A0536B269258FB8C3975BCF2BC189B51AAC4F70BF44887BC17506DF6ECB507

Malicious: false

IE Cache URL: res://ieframe.dll/red_x.png

Preview:.PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.*G..d;c..8.`........3.....2"[email protected]{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.*(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$*..I..0. m).8'..P..h..k@...]..C..{.*[email protected]/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\scheduler[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 6719

Entropy (8bit): 5.379581425059737

Encrypted: false

SSDEEP: 192:hn1ZQTlSynk6WNYMyPiwzTCjbPSq5uF9k6IxZj4Cxt:hn1anKNYfPiwzTNq5Gu6IxZj4Cxt

MD5: 83DCABB5C55C5B03472715884853C4A5

SHA1: 82FEA39746FAD09DF4677395C9FE1002439BE0E5

SHA-256: 639CFE3D3D3C2859AC8DC33348039782AF56AC9DAB10810F3DE5324758B19A18

SHA-512: E69C7171B853C28D325D7517BED648BC727C6DF9DDA36A60961E817EDD4BA3023FCD1F113743F1C7C9E74C59D96559BB1C1CCE7AB3966B6DEA5CB2FA7DA764E1

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/scheduler.vflset/scheduler.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var f,g="function"==typeof Object.create?Object.create:function(a){function b(){}.b.prototype=a;return new b},h;.if("function"==typeof Object.setPrototypeOf)h=Object.setPrototypeOf;else{var k;a:{var aa={a:!0},l={};try{l.__proto__=aa;k=l.a;break a}catch(a){}k=!1}h=k?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var m=h,n=this||self;.function p(a){a=a.split(".");for(var b=n,c=0;c<a.length;c++)if(b=b[a[c]],null==b)return null;return b}.function ba(a,b,c){return a.call.apply(a.bind,arguments)}.function ca(a,b,c){if(!a)throw Error();if(2<arguments.length){var e=Array.prototype.slice.call(arguments,2);return function(){var d=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(d,e);return a.apply(b,d)}}return function(){return a.apply(b,arguments)}}.function q(a,b,c){Function.prototype.bind&&-1!=Function.prototype.bind.toSt

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unnamed[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 88x88, frames 3


Size (bytes): 4987

Entropy (8bit): 7.907146257524027

Encrypted: false

SSDEEP: 96:PQDyNGLZe33fKidQe4wTI3kcQp6rn6Kga4Ads+3x/ycq8dxWowwq:P7N8I3zQW0GpinAa9s+dmwq

MD5: 038131718A53DABFC160540D0188BCBC

SHA1: 2EE5EF2F00822190A5383BCE34BB63B4F441D16B

SHA-256: 56F654E552DAC6E7E41ECCBA3ADE7B9DAF08CD18D40A0A717003FE7E892025D4

SHA-512: 131926693B3017457249F51B02B3693D6296D1725AF3B2CC10D3EF5A473397ED76E5970BAE7DAEF7EAFFC03AE435FC07430EB2FB852173CE54806BEA495E9C53

Malicious: false

IE Cache URL: https://yt3.ggpht.com/ytc/AAUvwnh264HhkEdEu2GWA2hAHC09BDrIZfP8GZJbJ_yv9A=s88-c-k-c0x00ffffff-no-rj


Preview:......JFIF.............*Exif..II*.......1...............Google..............................................................................................................................................X.X............................................;.........................!...1.."A#a.23BCQq..4S.bru....$R.................................@.........................!.1Aa.Qq..."2.....4Rbr.#$3BSs....5C..............?..<.,.6Wg...K.....2.....[(b.&.0E.eo.o4.G..."...R:.A.".n;...G..%.....ko...&."p....a.&.8Z'..".....<vp~`...../..K..T]..;,.uT..G.XvL.f...."..s.{z..ca.}...R..=@`...K.K.L...1..m;<..M.!..A....).CjPH.2..r..5...I'.31,..vv%..$.N..pD.D.D.D.E..e...-..pA..YHdu;...... `........o..&6...(.....v.]C0..."y..fy\`.8..C.I.N.yH..oceg).....-../.R..l/.rI$.1;..%.....I8"...'..2..!......$U...>.{.z.Q...]Z.......F...%.M".....$........qp~..H.0%H.N:z_.}.j1..X..4...X.?...&q.6K.I!.8|....Yv_..{.:_.}.k.1...k.Ow.(9O.G.L]y.ji.Y_/Vb-m...FK7...m..p2..I"H..c....s,.f.cq..m. ...n...G..(`A..Z..q..9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\unnamed[1].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-i18n-constants[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 2169

Entropy (8bit): 5.646606361649808

Encrypted: false

SSDEEP: 48:CKTrcb1Q+11lWCAzEkEctc8V8673VObIMEIXzWVzutzmL:PTrcbTdAw1tWFVObQ0SSts

MD5: 53A3DAEB002C3A7E0A80A3014DFA561D

SHA1: 98AC212D59F8CAE79E9B73DF4AB7BD90900E8B51

SHA-256: 395D533790F9897987389B029A4693A16015A0F288ACF69A8721599176EE3445

SHA-512: 0D7B9B1D7F77AB60B995578742F6804595014D520BAD44078AC4161C8DD1FAFE402F72F373F5FBF09C9B764B556891CBA2D9B7263EE1FBEDCBA6602AD137EA5D

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var d=this||self;function f(m,e){var c=m.split("."),a=d;c[0]in a||"undefined"==typeof a.execScript||a.execScript("var "+c[0]);for(var b;c.length&&(b=c.shift());)c.length||void 0===e?a[b]&&a[b]!==Object.prototype[b]?a=a[b]:a=a[b]={}:a[b]=e}.;var g={YEAR_FULL:"y",YEAR_FULL_WITH_ERA:"y G",YEAR_MONTH_ABBR:"MMM y",YEAR_MONTH_FULL:"MMMM y",YEAR_MONTH_SHORT:"MM/y",MONTH_DAY_ABBR:"MMM d",MONTH_DAY_FULL:"MMMM dd",MONTH_DAY_SHORT:"M/d",MONTH_DAY_MEDIUM:"MMMM d",MONTH_DAY_YEAR_MEDIUM:"MMM d, y",WEEKDAY_MONTH_DAY_MEDIUM:"EEE, MMM d",WEEKDAY_MONTH_DAY_YEAR_MEDIUM:"EEE, MMM d, y",DAY_ABBR:"d",MONTH_DAY_TIME_ZONE_SHORT:"MMM d, h:mm a zzzz"},h=g;h=g;var k={ERAS:["BC","AD"],ERANAMES:["Before Christ","Anno Domini"],NARROWMONTHS:"JFMAMJJASOND".split(""),STANDALONENARROWMONTHS:"JFMAMJJASOND".split(""),MONTHS:"January February March April May June July August September October November December".split(" "),STAND

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-main-desktop-watch-page-skeleton[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 4910

Entropy (8bit): 4.986201809928998

Encrypted: false

SSDEEP: 96:mBmQZeDak2vL3bu+obsiJwKDUwbO/lp3uyFu7ytumruJbubbuNaHxdXK:xOkWeVgwCy

MD5: 6DA11F340709586A4E24CE055903B298

SHA1: 39EF070A47DCB29E6B13A5DC0001E5EAB4D779D9

SHA-256: 9EBF8E7D3BA23C83A37B2A03C6F84002F736B3A1E5E9D5F301078381B5C4DBC1

SHA-512: F5761A9280990749D22D1ADC7C53F19E3323598685306288601FE5B97589BB077C5AA270F273979E439B53C3997355CD26191DD3C55F315B97427D596B08183A

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-main-desktop-watch-page-skeleton.css

Preview:#watch-page-skeleton{position:relative;z-index:1;margin:0 auto;box-sizing:border-box}#watch-page-skeleton #info-container,#watch-page-skeleton #related{box-sizing:border-box}.watch-skeleton .text-shell{height:20px;border-radius:2px}.watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,89%)}.watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsl(0,0%,93.3%)}html[dark] .watch-skeleton .skeleton-bg-color{background-color:hsl(0,0%,16%)}html[dark] .watch-skeleton .skeleton-light-border-bottom{border-bottom:1px solid hsla(0,100%,100%,.08)}.watch-skeleton .flex-1{-ms-flex:1;-webkit-flex:1;flex:1;-webkit-flex-basis:.000000001px;flex-basis:.000000001px}.watch-skeleton #primary-info{height:64px;padding:20px 0 8px}.watch-skeleton #primary-info #title{width:400px;margin-bottom:12px}.watch-skeleton #primary-info #info{display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:row;flex-direction:row;-webkit-align-items:center;align-item

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-prepopulator[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 575

Entropy (8bit): 4.883021221274127

Encrypted: false

SSDEEP: 12:2QyBbg6fHCoYRBJ95QjYYem/n4fgqMB4JDlofRjF4:2QiMgAX84oqMVa

MD5: F8475480DA1F203059CE5EC8E6197809

SHA1: D8DD61639605071291D47DBEC807602229B3926D

SHA-256: 89BA50A406056A91176387B0FBAB001DB7E5119213A3666B18CEDD465A3A575B

SHA-512: D67454C9EDAE47609700CB98BBEC526DD6189F50FCAE175ED69CFC7012771D973FEF1EF2F96551CB42A812B2A14C8410E0C4E05DCD65FF7C4E09C6EAF23768CB

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-prepopulator.vflset/www-prepopulator.js


Preview:(function(){window.chp_spr&&window.chp_spr({responseContext:{maxAgeSeconds:300,webResponseContextExtensionData:{webResponseContextPreloadData:{preloadThumbnailUrls:[]},ytConfigData:{}}},contents:{twoColumnBrowseResultsRenderer:{tabs:[{tabRenderer:{selected:!0,content:{sectionListRenderer:{contents:[{itemSectionRenderer:{contents:[],trackingParams:""}}],continuations:[{nextContinuationData:{continuation:"",clickTrackingParams:""}}],trackingParams:""}},trackingParams:""}}]}},header:{feedTabbedHeaderRenderer:{title:{runs:[{text:""}]}}},.trackingParams:""});}).call(this);.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\www-prepopulator[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 20348

Entropy (8bit): 7.971548837012925

Encrypted: false

SSDEEP: 384:sSRPUR1eEsGitLcRtdt6S1PvpjwY9O1V6LTFY88fFFEagMR3SAFNE/A:saP+1eBX4Rtdt6EJjwY9O1V6Pm82lR39

MD5: B00849E00F4C2331CDDD8FFB44A6720B

SHA1: 5B7820FEC8F9810E291E1EB98764979830ED6621

SHA-256: 76B05400FFF9DA5B43862E3713099E3913916A629560265ED24B19D031227CBF

SHA-512: 64F2BB1D16525CB5435CC3AA253D83669C321D68695CDF14218EEE43B5347DD6BC67B23D6F5E359971B1FFA72857C2C9DCEC0370535F12EDC20AF42CF41CF661

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff

Preview:wOFF......O|................................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t6..cmap...$..........W.cvt .......X...X/...fpgm...t...4......".gasp................glyf......;...lxRn..hdmx..Hl...l........head..H....6...6.Y.ihhea..I........$....hmtx..I0.........._Gloca..K.........k.N.maxp..M.... ... .(.\name..M........|..9.post..N........ .m.dprep..N........:z/[email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|[email protected]..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>[email protected]../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 20268

Entropy (8bit): 7.970212610239314

Encrypted: false

SSDEEP: 384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh

MD5: 60FA3C0614B8FB2F394FA29944C21540

SHA1: 42C8AE79841C592A26633F10EE9A26C75BCF9273

SHA-256: C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684

SHA-512: C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff

Preview:wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|[email protected]..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>[email protected]../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\base[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe




Entropy (8bit): 5.585843000660426

Encrypted: false

SSDEEP: 12288:ccm8n63W2m+gobasLXiY90CmOwD6WUQ3UQ5MWmLykthA+tXbG:7m8n63W2m+xDLXiY90CSD6WRUZthVti

MD5: 2135F5F59AB69D470CC2CCD28C760F08

SHA1: 3CE200A2C16BBDD6602A42794FAD9DC899D3F8CE

SHA-256: 6AA31E3EB3E62A93813BE77EB8DD97EC8A35FA2AC0E03E1A1A2C1FEF5840996D

SHA-512: 66CBD6128F59DF04C3042C84A6AA10DAB0BDFEE302D6D3913B055F0736DAD4B5AEB59652DA6C3D8ED8D6D13D98B30FB1C97EB0E31815BDD2E3BC09098D5C6CDC

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/base.js

Preview:var _yt_player={};(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var k,ba,da,Jaa,ha,ia,ka,pa,qa,ra,sa,ta,ua,Kaa,Qaa,va,wa,Raa,xa,ya,za,Aa,Ba,Ca,Da,Ia,Ga,La,Ma,Uaa,Vaa,Ua,Va,Wa,Waa,Xaa,Ya,Yaa,$a,ab,Zaa,$aa,cb,jb,aba,rb,sb,bba,yb,vb,cba,wb,dba,eba,fba,Gb,Ib,Jb,Nb,Pb,Qb,Zb,ac,dc,ec,hc,jc,kc,iba,lc,mc,nc,wc,xc,zc,Ec,Lc,Mc,Qc,Oc,mba,pba,qba,rba,Uc,Vc,Xc,Wc,Zc,bd,sba,tba,ad,uba,kd,ld,md,nd,qd,sd,td,wba,ud,vd,zd,Ad,Bd,Cd,Dd,Ed,Fd,Gd,Id,Od,Pd,Rd,Sd,Td,yba,Ud,Vd,Wd,Yd,Zd,$d,ge,je,me,qe,re,we,ye,Be,ze,De,Ge,Fe,Ee,Dba,oe,Se,Qe,Re,Ue,Te,ne,Ve,We,Fba,bf,df,af,ff,gf,hf,jf,kf,.lf,mf,nf,Gba,wf,qf,If,Hba,Mf,Of,Rf,Sf,Tf,Uf,Vf,Xf,Wf,Yf,Zf,Kba,Mba,Nba,Pba,fg,gg,hg,jg,lg,mg,Qba,ng,Rba,og,Sba,pg,rg,tg,zg,Ag,Dg,Tba,Gg,Fg,Hg,Uba,Qg,Vba,Rg,Tg,Ug,Vg,Wg,Xg,Wba,Yg,Zg,$g,ah,bh,ch,dh,Xba,eh,fh,gh,Yba,Zba,hh,jh,ih,lh,mh,ph,nh,aca,oh,qh,rh,th,sh,cca,bca,uh,eca,dca,fca,xh,gca,zh,Ah,Bh,yh,Ch,hca,Dh,ica,jca,Gh,lca,Kh,Lh,Mh,mca,Oh,Qh,Th,Wh,Yh,Vh,Uh,Zh,nca,


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\channels4_banner[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 1060x176, frames 3

Category: dropped

Size (bytes): 31172

Entropy (8bit): 7.969886414335456

Encrypted: false

SSDEEP: 768:FTLgd2lBj57VGrLCKU3ZFZpGlzba4Fhr0DwoYuHAkv:FnM2HHGrLCK2rp+zLFug0

MD5: DE56852D78FBBF125AAE474F75FF9E1B

SHA1: B6463FEA76F964A22C194635CD26427E8919CA37

SHA-256: 9259C780EB86064DD0EED484F80C6F5A7C4F300B31951245186276D9DF29F7FB

SHA-512: C24442E535CF6ACD14D1A1FFF4019C995F441EAE6EE88C6B6FCDDBFC0CC30D2AE6A7F7134A74063A71B891EC8B41015A0B12CAB9A2C120E7DD36592097E05630

Malicious: false

Preview:......JFIF.............*Exif..II*.......1...............Google................................................................................................................................................$.."..........................................b.........................!..1.."AQq.2a....#RUt.......$%35BSTr...&6bsu.......4CV..cde....DF........................................>........................!..1Q.A."2aq...#Br...4b.$35CRs....c.............?..5G.Uk.../k-o.[..I3.%....R.ma..{...4I...Y.s..*.M....+.....8..K...s.pl.=....[<..c...^..E#........b.......p..(...`.......$.s.}(..r_.[...V.E#...s.x.UC........i..IG...U.a...>#C.^..2..X.5Q.~..:V. uX...?$..6.....[6.A.Aq.'1k.rOm.R\.5.....j. ...!.I.k...3)6.....R..xC.H......:.=,.i....+}V..E..F.vos..M...bkcq...#nx.*.L>[email protected]%m4m.,21.CE.V.k.O..m.....&5..=..+l.[5.;.[pDq.4..$..4x..i.5.v.L.2Z...e.1=..M.8..e.[...........T....e.V...Ub...k...\.:.s...g..>.?...j.d..Sv..|....{?...m.a...f..f".-...[PV.]Y..B.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text

Category: dropped

Size (bytes): 1436

Entropy (8bit): 5.171560696481471

Encrypted: false

SSDEEP: 24:5/iY3QYNNxu/iY3QYsNxh+/iY3QYXNxm/iY3QYN7Nxd/iOYNNxBl/iOYsNxDv/ih:UY3QWNrY3QLNbBY3QgNnY3QCNiOWNsO6

MD5: 16B7B19E68ECC7CCA020171D1124A256

SHA1: 7B4A88C6505A6B59080522BF901F3D5310AEDB5A

SHA-256: 65DAFC62A9660435BED1C31C45E360E2C76268099F6E42771E40CB17D104E2E5

SHA-512: F8EAF0368E68EADEA5D15180EE1E747D3F803BB1EDE82092145E7CAC829C7494CACA6CEE8078EA04EA577E828A8DB014DF1DB2553E6DBA9CF2C52AB51CEE821B

Malicious: false

Preview:@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Category: dropped

Size (bytes): 416

Entropy (8bit): 5.2802488817135345

Encrypted: false

SSDEEP: 12:jF/S6O6ZRoT6pixah/IXkqF/S6O6ZN76pixah/ItY:5/ZOYsNxahY/ZOYN7NxahB

MD5: EA95A44EDBA0612E2C4CD813A1F9A231

SHA1: 58D16504FEC9B0F526F9AF58BD1199585125F129

SHA-256: 00D4A2B23146F76099C9184477145D5172274F1D34817CD6601943CD2D5ED79E

SHA-512: 4EE6F10EF9D7C32511EB1323E068F9D86F81D0643810E0C13F012F5AA40EB6E8EF7D7DD5139A16088A11745F307C517C337EA2396713F4BA968700E054EEEFF3

Malicious: false

Preview:@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-.woff) format('woff');.}.@font-face {. font-family: 'Roboto Mono';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_Of2_ROW-.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon_32[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 348

Entropy (8bit): 7.063764226799785

Encrypted: false

SSDEEP: 6:6v/lhPKYXik4gPDdKad76NWXlUzvPNNXtt0Eo0NaLTTwp:6v/7iYSk4grdKS6SWntVNaLf6

MD5: 3A880420311AD60097059FFC0FC53393


SHA1: 7644B902864C4BA3604F61E0880E05DA15AB464F

SHA-256: 571C382651D6337CD5FA49C512D02F0F99D523A896B87175FB59C710E1FCBC7A

SHA-512: C16652970D04B7B76F7E7EF5A8D091984A13406CF7F5475CC3CFA3ECAE3278C19BE5494BE39A8E549978B0675D1C70F69CC1413DE9240487943D91965AFF17D1

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/img/favicon_32.png

Preview:.PNG........IHDR... ... [email protected]....(......K..;.;....)a;..!+D....%L2!!..d...$...d.b ...o......n......H..+I.......VP.5....albl.I ..D]...Y.D.l...2y..........P=...=.-.e. Z..{..gkA..*....sS;..m.....N*.I....~.!Hu.h.:I?L..x....n.q..6.h.............d..qH(..../$.V2.{3J...r5[..6..9j..[n......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon_32[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\featured_channel[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Category: dropped

Size (bytes): 6536

Entropy (8bit): 7.955847676301548

Encrypted: false

SSDEEP: 192:5g+o8K9A2jUMWKGGG35f4C+3ObuuRa95Lc:6+o8gAn3KbG35Fbuusbo

MD5: 8CED91E6D88D3718F762A831997AA496

SHA1: 697A5395CC31A557C6BE7D3E60B8F36E222AC2B1

SHA-256: A6EA0BD070352E461AFF09BBBB08AE3E419614C0AF1C0F05CF91D9FA706077C8

SHA-512: A0F9AA6DBA7B54E52ADBEC602D9983FEFBEA953D3B1AC7A8AFFD967820EDBACEF26993DCF037E87DA3CDC489514750A77AB531793A88567B56D3E098B0D7F3C1

Malicious: false

Preview:.PNG........IHDR................L....sBIT....|.d... .IDATx..w|TU...N..d..I .`....(..w]...eUX.*...a].........b/.R..@BH#.:}.=....i.i!..}>...3.{....<E.3.c.l .pfgg[&N.h...6..F.V..i.Z-..(.@ .t.\......o...c......r.+..^..>........0.(............'--........Z............6....................~..j.y...~.z.v.........o.........?...r..@.8.x..3.,.3g.(....$...6l.....8...o.C{....#$..>....?..o.m.D....1..|q..gl.^.....c:.|.........0TTT..^zI...z...Sx.../.Z.d.PU..y.cP.E...O../.....N....3.....SX.~...;...{{..'.<s.L..[{{|{.eeeb..M..z{P.e<8m........>..7..n.......i_.Ec..l....>..K..#.<r.p^o.Z_...~...k.....7.....=x}..]}..;...{{..YTVV.+..b........?...............=......W.m......eeeb...#z{..6.y..G._.f........T....`.-,.../{[email protected]{..[.l....../y.%%%..0`.p....7.r..GW644. U/.......8.C.{.-..W\qE.....U.7.../...&`Po."^.<m.4Oow.....^....69b.y3f.80M.Q.z.~`Bo.$Z.r.T}.7.|..8....)......i....N....{[email protected]..;.j......&QU..^@ .`....V.X...z.E.5...Cl6[..;..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fetch-polyfill[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Pascal source, ASCII text, with very long lines


Size (bytes): 8543

Entropy (8bit): 5.238064281324506

Encrypted: false

SSDEEP: 192:oQHdiEslZc0rsNYNU5mSJHqI03aej6tZoaMLQO/x5/P80+HcW:ocHslLsP5muHqI0Jj6tZcUO/x5+V

MD5: 04E3CC8A9641B3F9F9C9370F4E9B5BDD

SHA1: 9602A891F583094BB04FD407B253ABCAFFB8C8D0

SHA-256: DE6C4FFA2BD9FD283610E28D0DB2EC48607AAB39D213A51AEF248673A0A7E980

SHA-512: 58942BCC0F39D620A475B65C1AEB4F18872F68F22C89DEC076906A0DB8BC2B7CCA9357710A7824A0FA7404FF73F41013AECA34609CAACD2187414F7BD0D490D6

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/fetch-polyfill.vflset/fetch-polyfill.js

Preview:/*.. Copyright (c) 2014-2016 GitHub, Inc... Permission is hereby granted, free of charge, to any person obtaining. a copy of this software and associated documentation files (the. "Software"), to deal in the Software without restriction, including. without limitation the rights to use, copy, modify, merge, publish,. distribute, sublicense, and/or sell copies of the Software, and to. permit persons to whom the Software is furnished to do so, subject to. the following conditions:.. The above copyright notice and this permission notice shall be. included in all copies or substantial portions of the Software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,. EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND. NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE. LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION. OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 12368

Entropy (8bit): 7.961633133128519

Encrypted: false

SSDEEP: 192:O/89HNiLnt/5aY7UtnvvNbv5wYZtkRsZgILmpY9TY7QaR3ImVMmjd3FuxG:O/JnjMnXNW0kRsL2YBEQbmVh3N

MD5: 05D70A8E343990FF14FE389B2D47482F

SHA1: 50D9B5956DE65A5FDE2EDA593416E477DDD9448E

SHA-256: 2DF1994A854D66B9401A458516B14513F2704F22150B0914CE1674EFE3EF3A5B

SHA-512: DD09588FA689C1676B54C135D3560075EC32EFFC43BE1D07F9ED2061A6FF32BCB653E3FEA81E3EDF510D6FD6D572AB65ECD8F7FCF89DCE571A1FCC0226A750A0

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/OsdsJrzyjHg/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDY8r8dZaf9V_IKnjf7M7USnW3Nkw


Preview:......JFIF...........................................................................................................................................................".........................................V.........................!.."1A....2QU....#3RSaq.......$BTbrs.......4C..%.DV...5c..................................8.........................!1R...AQ...q.."2Ba...Tr..Ss..............?.{......aEI.*..W...IO.z....$r..P.9...vx....5n_W[OPU.M0.w..:l.J[.......J.Z...&..4..J.E...2."..1.G*6.......+al9m.k...jj..qh.G....w.d.F...$m".Z...J.T.....-.J..DJR37.|....#Z/$..........O..a....l.]...._J...p\..V|.........(.....g...j....;2..|..,z...P..V....<.U...K.h..,.WZ........pF<....{..kYC2.-N.(J..........V..<..fV9...E.]...._J.V.K8..!.X.9..*#.&....iY.....#...Z.......(..J....{F"PB..(=!f..lF.&..7.q.Z..I...M^.[O.....2..9.'....cv.`[email protected]<.{.8..H.a.. +j..Y........U~d..F.e..z.d6K..S.....w.v.B.Ly.f\.f..+)...:.....e5...~..g.;.&*Z\..w..GuH.S,.&.7P.Jy...V...%..iQE.dy.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hqdefault[1].jpg




Size (bytes): 18364

Entropy (8bit): 7.964332229870699

Encrypted: false

SSDEEP: 384:2r8DkHzp3+5DakoVmGIpMGR0xy8HYERJhHylHGnkAUAHpe6S75:2Y8KMmzpMGmxyCYERJhHypG1rpo75

MD5: D55F56D04A80DF2C6339289161050D78

SHA1: DE3DD5C1B30D05D5B148CA90927F376449A58B05

SHA-256: 3626D27EC15041617B3F87A1D3CCB153763E2734B2FB8EBE9CAC264CCC515435

SHA-512: C0ECFE2CE307ACB8D275E45348DC0A19AFB21D47506D38B69B020B2FE3C63DA6A8505036F2F8BBFEFC9802662833ED77B48570B165EDCB384F7DE5A5B98D5112

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/jN2nkrUdJGU/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDgTfHgTQuXGTILsiJFyntB4065jg

Preview:......JFIF.....................................................................................................................................................................................................Y.........................!.1.."AQ..2a...#$Uq.....34BRst...Cbr...%6DTu......&5Sd.........................................G........................!1..AQ."aq...2Rr...#45B...3CSb.s......$%c.Tt.............?...I..QK....*i..&z.....z../X..I'v..rE......L.\.0#..,2.k;]....d...-......d....l.8/.....J..t6..&...d.|.>.&..7.u...>...nv.8...Z..0W..).e..M..A...7...n./.;.ym...p.......S.?.....ve...SzgV.....-.......l.kc../.|....E._7.B.........c?.a..ON.N....4....F....Sl.n{[.......m-...GX...%n....X\...v.Jn'.f(.M..S..B.g...ke.U.\..m..7..c.....z.K.,.-.G......}.G............=:4.......M...5..6.4^...lx..>[.A...K..>7..4.Y...4}..>!M.0..k..Z....._?.z|z...8...M.h.Z...7.^..z.x.1.wZ..#.(....S.4}..A..oF ....f...w`cp.ds.Y.....:m.G.G.|B..^.....[.._g..9...v.i..,t.....D.Sz.u..+..&...\.?




Size (bytes): 11912

Entropy (8bit): 7.959584535735454

Encrypted: false

SSDEEP: 192:Z+6SdtiR2XWpbS8uHP8mYBrOKNZw0cy8nLSJqaVGzFWPCFcAosK34j5Qv8:0fdtiRUAbNuQrOKNZ5cyk4qFF44ev8

MD5: 0A8B02B32C40AF173E8C2B0FFD314CF4

SHA1: 3C22E285768B1BBD49E549E81B981EFFF8A19323

SHA-256: DE3D1E44735FD1AAE6557E80A558F9CE6974240550A0F6C78367F81AB90E3805

SHA-512: 329D54401939E4E9483D884F17A66DA9AB33E1B3509AB7B15FDBA4F734145618718F9E4C07B6E7435215A374D0F71443FFA29C83806E1364BE5C7C182901C22C

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/OPypfBBUGXo/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLD9oMzT_0i3NQ8HdAtHwqZ1m4poRA

Preview:......JFIF...........................................................................................................................................................".........................................X.........................!1"A...2Qa..3BRq.#..$4CSr....%s.......&5Ubt......6DETc.......................................9..........................!1AQ.."Raq......$234r..BCDS..............?.K......5.b.S...V...2..;W..#......7.e .Xe.I#N.jO!oI.x0vG.UJGv.*..a..I.9.....{@..X2.3!..9x.B.GK....7...n..oT.T-L.O..J....,.#....LS.. M..M....V..0.".').Y:.....;)......).y..p.-.^G.l.U.I.e...mfB.r...6...-+.^.d.*w.8.G.m.......*..0..3(.Xe....<Z.4..=v........\.0(J.. .6...5..fj...,.F..6...!GQ..y...q~?......k.<@7..cR.+...8........7+.0R....E...T. D..^s.|b..(..[.FI.fj....5.e?.S6d(7.#../:..\. ....h..X.$n@.'...Dkc?......... o=..n"5*.....G..-][email protected].`$..rdx.k...6n...S2..D...2......}....@...].... ..xh#M.\=]1.#.k.<P.9...w.#b...b._..Q.v.....S 10b..w..S......)..7(.F.o3...rB....+.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\remote[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 96205

Entropy (8bit): 5.457422961519926

Encrypted: false

SSDEEP: 1536:LOa4P6D8UnIDwiJ/TRdKIjgTour9rUaR0ZRdbXgkBLOAwQgn6eR21jBZb0Ed9FKp:qSD8GQJbRdKIjuourfR0NXgkBLOAwQgV

MD5: 7B8B1DE5CBAF7264226E67669D7CEEDB

SHA1: 1E1DFD991CA95BAC24BB457E33C762D256B43F16

SHA-256: FA1B7BF869D1DDC7067F4BD6DBB211BF121D734DB92F6947FA5BE432683F1805

SHA-512: D172F559D9F0E8F519422B23BFDB65431B444786704A9F4FFB1FAFF760AD380B70CC427C80519CAEF10151CB9D47EB2858FAE4BF86C2AE4A334211B2404CAAFE

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/remote.js


Preview:(function(g){var window=this;var Y,uHa=function(a,b){return g.Ob(a,b)},E4=function(a,b,c){a.C.set(b,c)},F4=function(a){E4(a,"zx",Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^g.A()).toString(36));.return a},G4=function(a,b,c){Array.isArray(c)||(c=[String(c)]);.g.gn(a.C,b,c)},vHa=function(a,b){var c=[];.g.nj(b,function(d){try{var e=g.Wn.prototype.B.call(this,d,!0)}catch(f){if("Storage: Invalid value was encountered"==f)return;throw f;}void 0===e?c.push(d):g.Vn(e)&&c.push(d)},a);.return c},wHa=function(a,b){var c=vHa(a,b);.g.Cb(c,function(d){g.Wn.prototype.remove.call(this,d)},a)},xHa=function(a){if(a.U){if(a.U.locationOverrideToken)return{locationOverrideToken:a.U.locationOverrideToken};.if(null!=a.U.latitudeE7&&null!=a.U.longitudeE7)return{latitudeE7:a.U.latitudeE7,longitudeE7:a.U.longitudeE7}}return null},yHa=function(a,b){g.gb(a,b)||a.push(b)},H4=function(a){var b=0,c;.for(c in a)b++;return b},zHa=function(a,b){var c=b instanceof g.Cc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\remote[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\webcomponents-lite-noPatch[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe




Entropy (8bit): 5.41776925007726

Encrypted: false

SSDEEP: 1536:CrlFKuJg/vylWhsuP+1MUOKhOB7Brv/qTg9SpIB6RExBFPaYUcrs2Lt4Q9AhkTHj:+38KALqlIWCB9mkTD

MD5: 85BD6CF714F78FF3AEBFBFC76E33D8B5

SHA1: 1428D9F7DEE4C4216A356D4AEED3A9D44BE5FAAA

SHA-256: 7E858B2A14374526AF64DB74632C3131D980BB0A89D3E1447E23A238822021A7

SHA-512: 37DEECFB6433F4AFB80A8B13CE664B8C49172263DE5D6978CA765F20D13D392888E81C3EFF1F5400D67A6DA3C3116C32BD9D5A33D37E5F3BD5E06EBE658B798E

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/webcomponents-lite-noPatch.vflset/webcomponents-lite-noPatch.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}function ca(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}}function y(a){if(!(a instanceof Array)){a=ca(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=da(this);/*.. Copyright (c) 2016 The Polymer Project Authors. All rights reserved.. This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt. The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt. The complete set of contributors may b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\www-player[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe




Entropy (8bit): 5.2421579568015915

Encrypted: false

SSDEEP: 1536:Kzu9IdYR9WDQI0irpHrp3/fn8MZv8M5q4ay95G0hXkTNROP5kRrDJciM/By2N+CZ:Kzu99F7ZBgFyV1u3

MD5: 934E57A0B55A6997EF408E22C2946AD3

SHA1: 90AC3BA5EBC1D8C19C37DB6CF21D0DCBB44CEFAB

SHA-256: 0D450A63AFAE6834E1DE8559245EFCEEFB49738F8BCD13889F929DCFB6AF4001

SHA-512: 097D6B60E0C6236C8D8270A7A27E8E0F4B38C027BFCCFC08E0F5A5A46321B9A1DA63A28FDBD4EF082C1681530E245870645F3A5D672F986F1F960C18C9009F94

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/www-player.css

Preview:.html5-video-player{position:relative;width:100%;height:100%;overflow:hidden;z-index:0;outline:0;font-family:"YouTube Noto",Roboto,Arial,Helvetica,sans-serif;color:#eee;text-align:left;direction:ltr;font-size:11px;line-height:1.3;-webkit-font-smoothing:antialiased;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:manipulation;-ms-high-contrast-adjust:none}.html5-video-player:not(.ytp-transparent),.html5-video-player.unstarted-mode,.html5-video-player.ad-showing,.html5-video-player.ended-mode,.html5-video-player.ytp-fullscreen{background-color:#000}.ytp-big-mode{font-size:17px}.ytp-autohide{cursor:none}.html5-video-player a{color:inherit;text-decoration:none;-moz-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);-webkit-transition:color .1s cubic-bezier(0.0,0.0,0.2,1);transition:color .1s cubic-bezier(0.0,0.0,0.2,1);outline:0}.html5-video-player a:hover{color:#fff;-moz-transition:color .1s cubic-bezier(0.4,0.0,1,1);-webkit-transition:color .1s cubic-bezier(0.4,0.0,1,1);transition:co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 22204

Entropy (8bit): 7.9742393611260916

Encrypted: false

SSDEEP: 384:X4RPU21exwpjqNUdgwvWwW9i5ZTkudHjv3vQWsdV8bT3XV6qvihHbF9qW8Y:XsPN1eae2SwvWr2TkuDvvQWc8bT3XARH

MD5: 4DF32891A5F2F98A363314F595482E08

SHA1: A8AB4E03143BCF7646C96A8CB33B3E596A9E55BD

SHA-256: 0BE0AE6EFD852B3695CB7A76286096F60E93B7D31C16E0B71CA35ECED7FDE8F6

SHA-512: 3C1775EE5F2D42B53C4196280D11E3405B9EEAEEFF1FDF8291E7D87D7748D28BBCB1ECD7A225AD266144EAB28ADE08A7EB4659824B2FA649884B86B1783EF2ED

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff


Preview:wOFF......V........l........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......N...`t6.<cmap...$..........W.cvt .......X...X/...fpgm...t...4......".gasp................glyf......B...s.._{*hdmx..O....m........head..P....6...6...mhhea..P8..."...$...nhmtx..P\.........FIloca..R..........b'maxp..T.... ... .(..name..T...........>.post..U........ .a.dprep..U........?.1 [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|[email protected]..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>[email protected]../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\annotations_module[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 67207

Entropy (8bit): 5.561268868353723

Encrypted: false

SSDEEP: 1536:tOtrd7B+3c9recREGBrdDWs5qdBVuxOoFfdudzSkA:gtyE0GnZvOA

MD5: AEB83E6A6ED58CCE6C9A7E2D140CE056

SHA1: F86C9DD98E9EFA2CF1C2879A620E57BE477AB594

SHA-256: BB6CC0ED8D01EB6E1B9599D89F611A1FCF0635210B4D969AE4F5606A043F2490

SHA-512: FC6C60BD230E81F15FF6E859690F0CF0B190A7CF6ADF2D5AFB800C005A58D9B817A94B0AD55BFFE8664664E6BF77D2792B3482ACE36EB010D6FE9D17CC616E45

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/annotations_module.js

Preview:(function(g){var window=this;/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var P0,Q0=function(a){a.V("cardstatechange",a.Ng()&&a.Vi()?1:0)},GDa=function(a){var b=g.Eg(a);.a=g.Kg(a);return new g.ig(b.x,b.y,a.width,a.height)},HDa=function(a){return Math.pow(a,3)},IDa=function(a){return 3*a*a-2*a*a*a},T0=function(a){a=g.Qa(a);.delete R0[a];g.Sb(R0)&&S0&&S0.stop()},KDa=function(){S0||(S0=new g.D(function(){JDa()},20));.var a=S0;a.isActive()||a.start()},JDa=function(){var a=g.A();.g.Eb(R0,function(b){LDa(b,a)});.g.Sb(R0)||KDa()},U0=function(a,b,c,d){g.Bn.call(this);.if(!Array.isArray(a)||!Array.isArray(b))throw Error("Start and end parameters must be arrays");if(a.length!=b.length)throw Error("Start and end points must be the same length");this.u=a;this.K=b;this.duration=c;this.F=d;this.coords=[];this.progress=this.I=0;this.D=null},LDa=function(a,b){b<a.startTime&&(a.endTime=b+a.endTime-a.startTime,a.startTime=b);.a.progress=(b-a.startTime)/(a.endTime-a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bullet[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced


Size (bytes): 447

Entropy (8bit): 7.304718288205936

Encrypted: false

SSDEEP: 12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R

MD5: 26F971D87CA00E23BD2D064524AEF838

SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9

SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D

SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15

Malicious: false

IE Cache URL: res://ieframe.dll/bullet.png

Preview:.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<[email protected]..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: exported SGML document, ASCII text, with very long lines



Entropy (8bit): 5.499263569302448

Encrypted: false

SSDEEP: 49152:fNDnvbgEOO26a1RA+D0TrCcMMsfMnv1xzoYKPvgYhfwOQpUOvgn6Au448R70Q:WKc6wRT

MD5: C3B49E1E4D32B18560BAD7620631EDF9

SHA1: 766AFED2B044ED49A50A7364BB8499AE2787F4FF

SHA-256: 6E3FB730BAF1F25E2A2E439A69BE56CD321A296E069C2E0888C1CE06D21A4AB0

SHA-512: 616AE0E07F184E1DD182EF454DAB03806549FE0B0907B8B794256BB0B3885F2BFEE9D244B9B3677E2E47C955800F9E93852B3B879659962E87A4958324ABA19A

Malicious: false

IE Cache URL:https://www.youtube.com/s/desktop/b70e86a1/jsbin/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.vflset/desktop_polymer_inlined_html_polymer_flags_legacy_browsers.js


Preview:if(ytcsi){ytcsi.tick("rses_dpj")}.(function(){./* HTML content inlined from HTML import */.const d=document.createElement("div");.d.setAttribute("inlined-html","");.d.innerHTML=" \n@license\nCopyright (c) 2016 The Polymer Project Authors. All rights reserved.\nThis code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt\nThe complete set of authors may be found at http://polymer.github.io/AUTHORS.txt\nThe complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt\nCode distributed by Google as part of the polymer project is also\nsubject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt\n--> \n@license\nCopyright (c) 2015 The Polymer Project Authors. All rights reserved.\nThis code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt\nThe complete set of authors may be found at http://polymer.github.io/AUTHORS.txt\nThe complete set of contributors

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\desktop_polymer_inlined_html_polymer_flags_legacy_browsers[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 4720

Entropy (8bit): 5.164796203267696

Encrypted: false

SSDEEP: 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk

MD5: D65EC06F21C379C87040B83CC1ABAC6B

SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B

SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F

SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E

Malicious: false

IE Cache URL: res://ieframe.dll/errorPageStrings.js

Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\forbidframing[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators


Size (bytes): 2882

Entropy (8bit): 4.101264567053427

Encrypted: false

SSDEEP: 48:upYP3V4V1UXvCavVbQdZKUqVtLQI7I6FQ3:u1qlW8rJId3

MD5: 5CD4CA3D0F819A2F671983A0692C6DDD

SHA1: BBD2807010E5BA10F26DA2BFA0123944D9521C53

SHA-256: 916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B

SHA-512: 4420B522CBE8931BBA82B4B6F7E78737F3BB98FC61496826ACB69CFFF266D1AC911B84CB0AEEADD05BD893A5D85D52D51777ED3F62512C4786593689BF2DF7F0

Malicious: false

IE Cache URL: res://ieframe.dll/forbidframing.htm

Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="LTR">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>Framing Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onload="initUnframeContent();">.... <table width="450" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="red_x.png" id="infoIcon" alt="Info icon">.. </td>.. <td id="unableDisplayAlign" valign="middle" align=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 7819

Entropy (8bit): 7.920807697456636

Encrypted: false

SSDEEP: 192:a+CXGAAfu1s0SnPRBcJGpTz3qCxdVHSFANEO:aDWJeSZbpTjbrHfNEO

MD5: A6ACA7EEFFFCA74D6B3489933E76A814

SHA1: 3A279BF7E2373DA1AE774B44BC47EC50CDE79581

SHA-256: 8526529F1211EF7049498F9EBCAA37C328CD42C395C84791993A25554682FA28

SHA-512: 36D2BFBF6E4121DEFD2F0311B1DCA658D3D8C2D582C7426198BBB5DE93CE043DF85A8E611FC8AA09EA3D362432CD39391EEB6C923913D4FAFA5E414136CB838A

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/kpLnxV3a1bE/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLBRCC1Bu6maOjHtwiDzjwwojY4BFg


Preview:......JFIF..........................................................................................................................................................."..........................................R.........................!..1"#AQ....Ua.......$%23RTq..BSds......4b......r.5DVc..................................@........................!1A.Qq....2BRab........."S..r...#CDU..............?....)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.D.)DJR.E...N....}c{.S.....\......J".........7..Z..R.rAR.....I8...5'..Lz.....B':..J#.e6.......;[email protected].#N.J..2.`.m~.vQ,IVR...S.V...._.9.+......].Y^v....^-$1n.G.B.R..NX.D....+A.3.}'...UC...5.U0.9W....O.Y.....].Y...r..g.2...WT..H...z.=W.....BC.\8.eJ.q.BW.......G..S....W..l..y.[y...y.rIR. [email protected]..$...c....D\.=.....b.?.......7..=...u.o{j...U..EC.zwc.]s...........7..L*Q.5......g.}.`f..&&..$.u?..c.....u.b7.G\.Sm.........e%.-....u....Z...to.....K...',[email protected].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[1].jpg




Size (bytes): 13233

Entropy (8bit): 7.9662355518676415

Encrypted: false

SSDEEP: 384:Omw9qhU7WE7vqrKxVxSeV3MhO6OtOcZuvBpmecHv:Omw9qhvEqrKxV1V8M6OtRuvrg

MD5: 26857E980FB4CF3754D5834117C3412C

SHA1: 1A5BA0E5090E7442EF49F565C7611198E94B84A1

SHA-256: 7710CCC70CB82B6EC0A2988CE2DB577772093F64CB3A2222743BEDEABB092CAD

SHA-512: 16158F1D53D60778E8467FE56FCC0B2A006B5C15E8CBB44E0EC80B8BEE37EA416A7EE200E3F1E707BFF3E6D6DC24A576098D0297DC6916A83A2564BB0FD20C58

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/plv3mIBEJnY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAiqz-dpk8oPWjJ8Zl9UdLlBGK4EA

Preview:......JFIF...........................................................................................................................................................".........................................T........................!..1."AQ..#2a..S..$3BRTq......4c......CDbr.%&6t..u........................................6.........................!1A."Qaq..2......#Rb..45Br.............?.-.l.d...c.m"1..,.M.t+..v.I."uj6O..2|[42...`.$.<..iA.(c.*..oH..F.7..... X...A.V..n....U../..Nl.Pe..s\..i.&U.*w .....0.....o}...X.....:.... Bcs.j..........h~..= ..yy.B....-.oD...|j.?F:..q.U...M..YE.A.=..v.....8W..W..s..}.......u..'..+b-y..>..d..%..q{^...<H..k..`........9b..";...m ...d...n........Z.O.....p}.Ltz.Z.....?.1..a.J.....:m.....o.k%.fb...(2.)$.X..?..w.......jPJ.....e...w..q..a,H.Z..$." ..G..~...(>..u.}[email protected]....+..G........".}..I"..$..,[email protected][email protected]$W.(r....<.......za..C.....yp..G...w...,.D...`.%...u..Stt....G...q^.....6...




Size (bytes): 10102

Entropy (8bit): 7.93938233288827

Encrypted: false

SSDEEP: 192:QiNabkkCxRmcn9mpXhsR20pQq+A8OFIOa/XBDYfJUTn0NOBHjO9PeNb7A:wQkCRJn9mpXe20p/FINXtN0uO9PCs

MD5: D21C68376043657471B0D167ECDA36ED

SHA1: 34231C1F0D58BFC90305F148FF8F185DF7C76963

SHA-256: 768B45D3C543636ABCFA0776A228E54FA98CA9A7700B183DE876FEBE71A48582

SHA-512: 71C1FD7CBE8924B9DE6C10B407F9C075F896473E1A76265F2C4735AA0453B245333FA9B9CA0168DB9E09FFD57B67E65857763DFA11D0794EAD11DE4C99873511

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/MEwigYNZwXw/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLB7PhHY6DeGABMaeEKvCIuzpD3Fcg

Preview:......JFIF..........................................................................................................................................................."..........................................R.........................!"1....#AQ..$234Ta....BRUq....CSr...%b....6stu.....5d..................................=........................!..1AQ"aq.......2Rb....#3r.BC.4c...............?..UE.P.QE.!.QE.E.E.B.E.P.QE.!.QE.E.Q.!.QE.E.QB.E.P.QE.B.E.P.QE.!.Q@.!.Q.P...<.p&...x]..u........2.....F.6.IH.....N....k.a.......B.q%I )7KK.*B.c.a.......r..R.KKo....T..e.....J.N]..z`...".X.6.*9.J..R.[.......9wk.V..j......b..(..s..Jnqy..$..;O..O.X..v.....W~.p.......>[email protected].}d..5.V....\8V......u.<7...c......./.y=.*!#..$..|...~5W.<`)9U.[.......A......Z..RB..../.PV.F.N.w...]Vd...G.H' IF\[email protected].=+sYQ.....r3.2..I..=`&H.."I...$...I$..5g..........`.. ...(LA.FX.C......k.=.P....$.:h#w....\...Z. .... L..O..i.dW..1.3..P..




Size (bytes): 6755

Entropy (8bit): 7.913915593435558

Encrypted: false

SSDEEP: 96:xE8zwSbIp1hfQXYCKYE4MfNWWFxWcAuCqwKI5tpcpiFqNMKA+dYY39NEx:bwQgXIMfNWWmCwrUi8N7NEx

MD5: 85714302A03325030E6C1EAE2EF3F42F

SHA1: 95211B0AE32E1FE4C83FFEB0F4D937084911F929

SHA-256: 08B105B6BF36639EBB2DC47E0ADB5C3CCF50D2299555F4877C5C5355D81FAB32

SHA-512: 2F00BE6E89C9E790B8447C42BDF0774066837FC2FA5EAC4A64A61BB4F139CD7FCBEDDD1FB732CC2C231E7EBB380AA580A199493F0763443F01D427771E69BFBA

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/xxQtfXOFpWY/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLCJrMqHy5RaDANJu0V3qR0nxTiTvQ


Preview:......JFIF..........................................................................................................................................................."..........................................F........................!..1.."AQ..#23Baq....S.$Rbrs......C...T.....................................0........................!1..AQ"2aq........#R.............?...%..\B<h..B~o.i...d..G..U."_.7....<L.C.`.......xq....!..........yb]...pA.....I,X|-.?.].NlC.....q....#.'....^..G,j..L..i(..;....f.4.Si..D....b........K.......WI.`[email protected]..:.-./g+h....8.w..q.!u....y....u..~o1..6w.kMI6....FY..C.q.V./..f....vB.&.F...+..:Y....U..k.k.h..4.$..........D#QU...r...-^yO..L.EK..JT._..X.gq.6w...u..p...?O."..85.C......5.X9`.Nt..5c ..spy..M.z._.Vt.&.X.0q....~i....o.7..3v..~k.T.N.EV.e...VR.. .Z.p.(. .3.I`....;.|..3....n.v"A<y.}e.i.q....>..k.."_.7....p.p..i``I.D@q..=..6.Xd.:....'...f{.....y......"..ld.|#99$...<.q7S.}.J...K.Rk.*_..Bi]..<Z..=.R.Z8.j..*&b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqdefault[4].jpg

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\miniplayer[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 6714

Entropy (8bit): 5.402438369378545

Encrypted: false

SSDEEP: 96:cFectDRP9H56viWMjgBlERJ+fSpsq8MD/8mQHJdCGJIBdUqpk2YOJ4IHSyfUA20b:cIcZhTifFEb7vD/m+Blqwsa8KQ+

MD5: 3BE0E615CE323144E5BCA80ECC548009

SHA1: 5135A5FB33FC9BFD75E999C53A6F54312E756C31

SHA-256: 6DBF64D424300EA7C34F3F15434F6F9DF3A5C9D402BD1B50539448422389DAEC

SHA-512: B940F4D6C588FBB11841407A885E1740C7D03787AA08F77D39C187837841796451B519A8334BD27A37C12C8238B794BC730236E163E87CDB5183957EFD232E99

Malicious: false

IE Cache URL: https://www.youtube.com/s/player/27cea338/player_ias.vflset/en_US/miniplayer.js

Preview:(function(g){var window=this;var q4,r4=function(a,b){var c="ytp-miniplayer-button-bottom-right",d={G:"svg",T:{height:"18px",version:"1.1",viewBox:"0 0 22 18",width:"22px"},R:[{G:"g",T:{fill:"none","fill-rule":"evenodd",stroke:"none","stroke-width":"1"},R:[{G:"g",T:{transform:"translate(-1.000000, -3.000000)"},R:[{G:"polygon",T:{points:"0 0 24 0 24 24 0 24"}},{G:"path",T:{d:"M19,7 L5,7 L5,17 L19,17 L19,7 Z M23,19 L23,4.98 C23,3.88 22.1,3 21,3 L3,3 C1.9,3 1,3.88 1,4.98 L1,19 C1,20.1 1.9,21 3,21 L21,21 C22.1,21 23,20.1 23,19 Z M21,19.02 L3,19.02 L3,4.97 L21,4.97 L21,19.02 Z",.fill:"#fff","fill-rule":"nonzero"}}]}]}]},e="Open video page";a.S().Y("kevlar_miniplayer_expand_top")&&(c="ytp-miniplayer-button-top-left",d={G:"svg",T:{height:"24px",version:"1.1",viewBox:"0 0 24 24",width:"24px"},R:[{G:"g",T:{fill:"none","fill-rule":"evenodd",stroke:"none","stroke-width":"1"},R:[{G:"g",T:{transform:"translate(12.000000, 12.000000) scale(-1, 1) translate(-12.000000, -12.000000) "},R:[{G:"path",T:{d:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\spf[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 38609

Entropy (8bit): 5.397914097251635

Encrypted: false

SSDEEP: 768:0D4MZYlBJGMQrjqHJ7qOOMMr/jy0V7amw5aQ9kyrRl3:00plBJmVO7QGC7amw5a63

MD5: F33C4AB3AF37D09C71119C01D242FB0F

SHA1: EEC0838B1208FDD854D865077F29D8460795DCA3

SHA-256: 37F2F8D003CF58DF5F6D8529D6173C23FC5B014A1CDAE73C01371D4B541E8D9D

SHA-512: 86E67CD70961051004CCA77004B2E0FA2F3B3B2DFBA74B5E5D5B361F2510680EF8C34537F9B461458DF063A9EB1D952DC0ADA62175E11A6E846FB6CA97C20BB0

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/spf.vflset/spf.js

Preview:(function(){/*..SPF.(c) 2012-2017 Google Inc..https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof l&&l];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this);.function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}}function ea(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.da("Symbol",function(a){function b(e){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(e||"")+"_"+d++,e)}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-main-desktop-home-page-skeleton[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 7255

Entropy (8bit): 5.010902170791545

Encrypted: false

SSDEEP: 192:cw/ClyQVrEkLzCys47pCT6plL1CNe8YZpqiq9taDY:cgIfs47pCT6pN0IjpqiqvKY

MD5: 1ABF223D91AE77C3C171C908EAF9C0C2

SHA1: F71B3D2E08F06ED4E0003D8B918E4BC397E04700

SHA-256: 344D4D84846BCA032A4645A8DC22499AC7EF521E32AF70CDD0766CD3FE3380CB

SHA-512: 3B6034DC5FB424221E5A86D14C30A44D6CA2399B8A7C54BF4F42D6019C492C5675F9E002DA3AD352EF4489E910C6F3D89AFCC93B13C8F7AB820F8CC1CEFA0419

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-main-desktop-home-page-skeleton.css


Preview:#home-page-skeleton{position:relative;z-index:0;pointer-events:none;min-width:0;opacity:1;margin:56px 0 0;display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:row;flex-direction:row}#home-page-skeleton.layered{z-index:-1}#home-page-skeleton.animated{transition:opacity .5s}#home-page-skeleton.hidden:not(.layered){opacity:0}#guide-skeleton,#rich-grid-guide-skeleton{display:none;background-color:hsl(0,0%,100%);width:240px;-webkit-flex-shrink:0;flex-shrink:0}#home-container-skeleton{background-color:hsl(0,0%,98%);display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-flex-direction:column;flex-direction:column;-webkit-align-items:center;align-items:center;-ms-flex:1;-webkit-flex:1;flex:1}#home-page-skeleton #masthead-ad{margin:10px 0 26px;font-size:20px;font-weight:500;color:hsl(0,0%,89%);border:5px solid hsl(0,0%,89%);height:204px;padding:18px 24px;display:-moz-flexbox;display:-ms-flexbox;display:-webkit-flex;display

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-main-desktop-home-page-skeleton[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-onepick[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 841

Entropy (8bit): 4.941632901046298

Encrypted: false

SSDEEP: 12:WWkW8Kd11CKd1vXcdxCRpQgbNDuDOwR+uDOcuDO5JuDOv3Kd1OLF6Kd1+inKd1Ix:WybE3QpQgbNKOkhOXOWOvOOpx+FUDx+K

MD5: B182F64EBC958940B940085EC72BFD32

SHA1: 5D11FD1D9609C99480A4CF231E35973ABAFEE58B

SHA-256: F013FB8BCC8B163655A877CA39AFA7F96D49356AC8B78642A94C2DEB86396FC9

SHA-512: 89B9E917F6920A4976F243E869E9A2C53F569EB1519CF3D84B50A7033F51AD505C7A11E99F70BF7536BB44D793BAD2AF77F93B38B84F8211CAFEF45C665EDE94

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/cssbin/www-onepick.css

Preview:.picker-frame{width:100%;height:100%;border:0;overflow:hidden}.picker.modal-dialog-bg{position:absolute;top:0;left:0;background-color:#fff}.picker.modal-dialog{position:absolute;top:0;left:0;background-color:#fff;border:1px solid #acacac;width:auto;padding:0;z-index:1001;overflow:auto;-moz-box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-box-shadow:rgba(0,0,0,.2) 0 4px 16px;box-shadow:rgba(0,0,0,.2) 0 4px 16px;-webkit-transition:top .5s ease-in-out;-moz-transition:top .5s ease-in-out;-o-transition:top .5s ease-in-out;transition:top .5s ease-in-out}.picker-min{position:absolute;z-index:1002}.picker.modal-dialog-content{font-size:0;padding:0}.picker.modal-dialog-title{height:0;margin:0}.picker.modal-dialog-title-text,.picker.modal-dialog-buttons{display:none}.picker.modal-dialog-bg,.picker.modal-dialog.picker-dialog{z-index:1999999999}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\www-tampering[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 9695

Entropy (8bit): 5.330288137447204

Encrypted: false

SSDEEP: 192:1jNGl3OZi/Rc0ok/15Xwe8pEqnt1ZlVlW0/MXGfJHgnj0T:nVKo65XlgR3DW0/5KjK

MD5: 2585C6AB0F42C20AB361D24431D8D396

SHA1: 1A13001424A2B3788A5E6A29E4B79014314BAF5F

SHA-256: BFC393CA61AD83E9DD5A082AC1377FA29A163603EB0E162EB6D0ECC8BD4B1B2D

SHA-512: 844B350F309948256F5CAD32ED2ED21654D933587CCF60EBA006FDE1173EEA473F5F75A84FE4A451ED76E6963D990B198CDF6F9ADE94099D8E38BB88AC79CC87

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/www-tampering.vflset/www-tampering.js

Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.function n(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.function p(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:n(a)}}.function q(a){if(!(a instanceof Array)){a=p(a);for(var b,c=[];!(b=a.next()).done;)c.push(b.value);a=c}return a}.var t="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function u(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}.var w=u(this);function x(a,b){if(b)a:{for(var c=w,e=a.split("."),h=0;h<e.length-1;h++){var k=e[h];if(!(k in c))break a;c=c[k]}e=e[e.length-1];h=c[e];k=b(h);k!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 22020

Entropy (8bit): 7.969254342778129

Encrypted: false

SSDEEP: 384:OdR1e4g/v2pwEHXT4vHn5YHPGVubG85NtyZpe21oW4lDXLNXOEGV0u5YN4L5:Oz1e4TpT0/cPGVppl6RLNefY2L5

MD5: 288AD9C6E8B43CF02443A1F499BDF67E

SHA1: 96A90B4B2F04445CEE7091C257D9C7D905BF74B8

SHA-256: 6F2974A396DC0695D071E842551E7AF9C72F0EF8D2D076FE73A523B1A3C2D0E7

SHA-512: C853526CE2743996089E573DE9D99C9E1B730C41FF3F8F32E316A8ED654EE48CA04A67731D3FBC5F3FB94DB309F99F29F3FA9AC739B1D126BC909858E13C6157

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff


Preview:wOFF......V........8........................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......N...`t..dcmap...X..........W.cvt ...P...\...\1..Mfpgm.......2......$.gasp................glyf......A...r....|hdmx..N....l..... ..head..OD...6...6...vhhea..O|..."...$....hmtx..O....w.....6Kloca..R.........Zs<.maxp..S.... ... .(..name..T.........!.>gpost..T........ [email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O|.U:...|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOkCnqEu92Fr1Mu51xIIzQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 21952

Entropy (8bit): 7.970421989516302

Encrypted: false

SSDEEP: 384:LANJRPUW1egrkV1qAeQjd3pHH7fS3SIHwip3fzp7IYMa8/h3ELZ2owoRE1F:LAN/Pl1egR7QjRp+3SIHwcLpMYC/h+9U

MD5: FE65B8335EE19DD944289F9ED3178C78

SHA1: E9E842D5ED5321DDD719599057E9F8643B2AD539

SHA-256: 80815EFE3BD9317C666DF0F2E6D701335E178954F64EB1E99103FEA81C2AA137

SHA-512: 6E7995EDEBAEF0218C921F5485CDA2B1FDCCFDC9ED5CF988AA005096BB64BC844CFA9F3CE081CFB5A8C896492BD5D70CA2B4D7B71EE9A9EE801A721F9F45B087

Malicious: false

IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xIIzQ.woff

Preview:wOFF......U........|........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......O...`t..Rcmap...$..........W.cvt .......R...R..-.fpgm...p...4....s...gasp................glyf......A...q^...Phdmx..N....m........head..O....6...6...ehhea..O8..."...$....hmtx..O\...v.....}?.loca..Q.........E.'.maxp..S.... ... .(..name..S...........:.post..T........ .a.dprep..T........D..][email protected])..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x|[email protected]..#u.....L.*.....^.*.4.....rP..{.*......Q...JT.:Xu>..T./>[email protected]../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.|.....n........PHaE...J*...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\UCABOBqS3y8Xn_o7bXvH-j2Q[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines

Category: dropped


Entropy (8bit): 5.6913712331553805

Encrypted: false

SSDEEP: 6144:Kh0c0+0c050T8/Ju9bdjNq/7Obj3y1Je8LzfJsao7rQ0gwBkKyE/EXPx0xTk2tx6:Kh0c0+0c050To3fp

MD5: 5CC536CC57654B2DBBB914236E9F99A1

SHA1: BD835D774C0336095CF80F5C86A92FD266750B1B

SHA-256: 841030A3797E66AA5F1ECBFAF4DBA8942AC6F62273F5873F029E7E6C35092AC5

SHA-512: 8674CCD27A090B6974061D17E310F0C06E1DC1B5522A37C2E978B099728A1F30EF9FBD8AAFE93B0E4524B36656D3541D32D1088C37BD41CAF35D7843F18779E6

Malicious: false

Preview:<!DOCTYPE html><html style="font-size: 10px;font-family: Roboto, Arial, sans-serif;" lang="en"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"/><script nonce="kLiAx8e65e9KNMloRWSIMw">var ytcfg={d:function(){return window.yt&&yt.config_||ytcfg.data_||(ytcfg.data_={})},get:function(k,o){return k in ytcfg.d()?ytcfg.d()[k]:o},set:function(){var a=arguments;if(a.length>1)ytcfg.d()[a[0]]=a[1];else for(var k in a[0])ytcfg.d()[k]=a[0][k]}};.window.ytcfg.set('EMERGENCY_BASE_URL', '\/error_204?t\x3djserror\x26level\x3dERROR\x26client.name\x3d1\x26client.version\x3d2.20210120.08.00');</script><script nonce="kLiAx8e65e9KNMloRWSIMw">(function(){window.yterr=window.yterr||true;window.unhandledErrorMessages={};window.unhandledErrorCount=0;.window.onerror=function(msg,url,line,columnNumber,error){var err;if(error)err=error;else{err=new Error;err.stack="";err.message=msg;err.fileName=url;err.lineNumber=line;if(!isNaN(columnNumber))err["columnNumber"]=columnNumber}var message=String(err.messa

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 453

Entropy (8bit): 5.019973044227213

Encrypted: false

SSDEEP: 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi

MD5: 20F0110ED5E4E0D5384A496E4880139B

SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255

SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B

SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A

Malicious: false

IE Cache URL: res://ieframe.dll/background_gradient.jpg

Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... [email protected].%...m..D.25...T...F.........p......A..........BP..qD.([email protected]?..


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 611

Entropy (8bit): 5.1378418257885565

Encrypted: false

SSDEEP: 12:UJO6940FVzO6ZN6pdjfUAqFVzO6ZX6pdjfUGqFVzO6ZN76pdjfUSY:G9X5OYNCjC5OYXCj05OYN7CjC

MD5: 3F4EA3B572D02C20234FB1CFFF5A8583

SHA1: 223A65CCECA8B88406B34BAFA7FCDD034B764355

SHA-256: 4B8E9EDEC8E8315244133FDABC171AA6EE0D59CBA38D49DB4E52A89601BDFDE0

SHA-512: AF90524BE42C0C754452B23653B1A6B2B11523F28C345C62CE3F7E681837B26136C402DFDCCD2BD452E93AAE51B2BA2FA08B319DC0EE1BF4637C0518A2C7D517

Malicious: false

IE Cache URL: https://fonts.googleapis.com/css?family=YT%20Sans%3A300%2C500%2C700

Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dePmb0Jg1A.woff) format('woff');.}.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dbvnb0Jg1A.woff) format('woff');.}.@font-face {. font-family: 'YT Sans';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/ytsans/v10/46kqlb3ta3zqoJU2dfPhb0Jg1A.woff) format('woff');.}.



Category: dropped

Size (bytes): 712

Entropy (8bit): 5.090654726378833

Encrypted: false

SSDEEP: 12:jF/iO6ZN6pixuOiJqF/iO6ZRoT6pixuGEqF/iO6ZX6pixuXJqF/iO6ZN76pixuyy:5/iOYNNxBl/iOYsNxDv/iOYXNxd/iOYK

MD5: 6B91979FC0DFD9A3FAACA571D4698C28

SHA1: 44D0D5AB5490E285E3473DC9E6F5AECC6AADA263

SHA-256: 22127AB03A7948380732A4FC4BCFA450C7C55D60DDB1F0BC80FBC53E39C52BFF

SHA-512: 3594CD0473197894230F65B1ECB3F882523D70E10711D9BD793F6AD785EBFE50A986D80F71D2AB812DDB2AEB36DDAE0B3CFB33A3D82038E2CA6FA63F03E24483

Malicious: false

Preview:@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.



Category: dropped

Size (bytes): 455

Entropy (8bit): 5.257707614409686

Encrypted: false

SSDEEP: 12:UJO6940FRt5O6ZRoT6ptBK0v/qFRt5O6ZX6ptBK058EBhY:G9XRvOYsD9RvOYXDgfBy

MD5: 85F89CCBF7339BF14BC2B5127AF15080

SHA1: 41A843AB4EF6AB4E0C01A74711FF021809B6A393

SHA-256: 5E8C06395D4967499B6C35A2C874AED046341FA5B1EEF7F908B4E9E34BE97869

SHA-512: 3F4E48AA97ABDBBA00D3B76978DF56C5EFFE1FF4693A94C19C491FA215DBEBAEDA4AF9302646C2080A37009CC4AF9756B97E3534722420667C89EC33E4AE47D2

Malicious: false

Preview:/*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'YouTube Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/youtubesans/v7/Qw3aZQNGEDjaO2m6tqIqX5EUDXx-.woff) format('woff');.}.@font-face {. font-family: 'YouTube Sans';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/youtubesans/v7/Qw3FZQNGEDjaO2m6tqIqX5Ec_l9te10n.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 747

Entropy (8bit): 7.621626314254655

Encrypted: false

SSDEEP: 12:6v/7rAkLHGpoWvH2M4xWEKg5QvzH1JdR1vHG8T643kNQWAgk+XjMoq/uuA:moP24E+D1JdDet+k6WAVQjlNuA

MD5: 2F5265660503D860EC98C345A8FE4F3E


SHA1: B4BE77124B104645038C8DAC8DDD253B2990DEB8

SHA-256: 9FE7D6C8CC0976E8CDBCB30C0724BEE3C277C5F4B204FB233FD2FB7DA03C5C4D

SHA-512: 523B3CE8162D026A511A47F22AAA70A242BCC2D0E27E1803166767E8622B37912E46E4EC1DD992676FB5122F6B5A6ED9EA6D85D4BA4C35B558A9B398D7159F3E

Malicious: false

IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Fwww.pk-anexcelexpert.com%2F&feature=youtube_channel

Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8.}.MH.....s..;*.p3.<x(peR..Q.1.<D..."...a......!0$.t.`.P2(......mnS.............Ch.........y...#..x<..q..q\6.H....cE...B..t..$....-*.b.......~S.....p.....J...$J....9..7...d....J.-..ig...j..N.....r..2......fx0-K85d...........p..c4..EGfY..l6.2GJ.sUZ-:.u..H...wj......_X..(..\W ....%..u..V........*>O.b...2y.e...F...O.sq<2..Q..OVa...P"....,a..3.@Z...\.....D.+........5..:-J.J.$.....9.../...5.dtx.=2.eU=T...,..\.U..j..T.....^......m...7 _...F.]...T ).Hgw..T"/..j(.5.>.Wb0.Z...l.....P'0....'.7...@........<..XJ..$p........7FD.;.LDDsKf.....I.p.....'.........&f{.V....c.H.I...n.X...&.NQ2..;.M.z..p..o%I.w.q.....$.......wH.....LoQy?^.wT..y..=|:...qz...([email protected]`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[1].png




Size (bytes): 367

Entropy (8bit): 7.144221556425826

Encrypted: false

SSDEEP: 6:6v/lhPyslnaJRTrzJCcx9zCRfVu7y954RZ0aj4kzEn7kZl93csQ6Rqr3x3Q53UOI:6v/7KGcx9G1Qg2Z0cKal93hBqjy5kgQP

MD5: A9A7B2D07082E2D17A5A5236D78FA155

SHA1: 9AC042AC275886C415D6B9B8781BFFE7EABFF8EB

SHA-256: A230BF28D0B95B52F55A76F050F9554EE494578D743217E83D3136BEFB630A49

SHA-512: 2CF34A6B15F788DBC9E41F3F8437FFF7DCD26CEF9BD6E6D1C13D5E7E58A72F681D461BEF6AB9FE922DF5C603294012D4135211C46B266C39752A85D6C870FF3D

Malicious: false

IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Ffacebook.com%2F&feature=youtube_channel

Preview:.PNG........IHDR................a....sBIT....|.d....&[email protected]..`.-..:.8.)t......p...8.... ..h........Vp.. ..!.MsN..iZ2..{w.........21dZv]Y..q...<.....;..%d.A.......T.lJ.s....Z.>.6.d@....(...........gu...a.......Ff..C_..T..j-..{5*.vz4;......vz..a.m.vz<.o.x.v.....'.WR..n0N....P....$Y....?+.g.s:...&[email protected]`.




Size (bytes): 720

Entropy (8bit): 7.6274021279468265

Encrypted: false

SSDEEP: 12:6v/714af96Z7GBoXwd2WM9dMhoYAHLiice0meTO/fpKa:Za0q8wMWMohoPGicTmeT8fpKa

MD5: A428340C4A93595491928B124779F280

SHA1: B01F53FE6A5AFF4A18578B51646676812296723D

SHA-256: 5A3351437286A560E954688850EDB349680452855C86933098F1342C2264CD57

SHA-512: ACED0E65B7F4B198B0BB7AC89DCE44B25B3A8F8E9877BAE4056C6BDB07846A2360E0DA8EE3A65A298895AA8EF50865D7EAB22CB88512D37BDE54190217F17A82

Malicious: false

IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Ft.me%2F&feature=youtube_channel

Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8.m..OSQ.......(R..b..#.*.b...2.....80.8....$.j4..1&.. ..j".H.m.........(.I.......r.w......../W....`..b{..Z.....Jk..<\.U.E&...$.a..&U0....].mI.OO.m...X.wA~u....J.....Z...... .2Q]_.T.DZ...P...q_...}&...)[email protected]....~S.).....w.MD...*f{.D...R.........I..x.\[email protected].<.QE..(k.0.p.3.......|+o....$.Z%.a..3..T"a.....H..|*.\.Ze........$}.*.7r}.......F3IN.|...&...%.....-.....FQ.1#Q\...}....".<^. J......k..r1.CQi...E'.0#.aT..B.3.......'K...-...J.@..!Qc.X..".....C.^.........x....M..b.3.g_.....k..l..*...HI....T!u4=...:[email protected]..<.iZ.....y.@#..#..2.7..T.*.nGY.i....L......[.N...b...p......>.h|;c".f....../.a..y......IEND.B`.


File Type: PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced


Size (bytes): 439

Entropy (8bit): 7.385374214668911

Encrypted: false

SSDEEP: 12:6v/7uNp6RgBrnopv8ByViHC/VM5hw/NU2OU9rJpOXbXrZ7:nT6qNnoNgekMa2OQJpOfh

MD5: D8B13783F8075A028C2CAE0144A0F0CD

SHA1: A6E32F9298C1D093DE2193951E461DD298C360A5

SHA-256: 7E69BB2B870CF979DF8F7AEBF569E57D5A9AD8FBB6815D0887B97F54E410079D

SHA-512: B61740DB29A85A2DE3C9566C639F80A7E2ED54737F0ED86AC322271EE7CDF1DD3B12F8369624BDD44A0B9B2C23194967CFCACFECF7C1D9ED2898581C9EC6A699

Malicious: false

IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=http%3A%2F%2Fpaypal.me%2F&feature=youtube_channel


Preview:.PNG........IHDR...............h6....sBIT.....O....oIDAT(...K#Q....;.1.5.*>.."JV\,|....bc..X.......V...............G.D..hP7.I.X.Lc..4.~...p....4`....%z.k.....1..inzt......Y..t..ZD......a,..b.i.%.@..<:O..x...l.MP#.JdS....Cry.!W..{.....C./.0.v.m;[email protected]]WGgTUVq...:. y...m..t.a...(*..j_us.U.....Kr..9x...`..m..-.k..l...q.8.. .t....(.7.47 .I.....H.U...&.G....[)4..l_ ..Z......./N.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicons[4].png


File Type: PNG image data, 16 x 16, 8-bit colormap, non-interlaced


Size (bytes): 342

Entropy (8bit): 6.817873608710533

Encrypted: false

SSDEEP: 6:6v/lhPfHuORNOocnsXEKCiS/0ydwCuQS0RY6urGH9VqUb9+l1C759m97K4ajUup:6v/7XpRNOocEEKtiLdfS0+Jrslbcm99d

MD5: B1A25708C873EF3FB5503540E1AD8CF6

SHA1: 515A2869DFAD0318781CE62BEAE3A89259F35CED

SHA-256: C9452927B473C1683E100946F31070803BFF3E9FFE4DC74C728406A3D707BFBE

SHA-512: D5F825694A3FB0915D471B9CDC4CFBDE003A54E73D1DBF014C12298DE4C70AB401FBCFFCE36CF9F18F278CEDEF099FB5E266784A152563621D77B7CD9B27697F

Malicious: false

IE Cache URL: https://s2.googleusercontent.com/s2/favicons?domain_url=https%3A%2F%2Fwww.pinterest.com%2F&feature=youtube_channel

Preview:.PNG........IHDR.............(-.S....sBIT.....O....NPLTEGpL../.....#.4M..9.2J.f.. 6.*C..!...........-..#.....................q~.Vh&..%....tRNS.W.....U..I......IDAT..MO...0.c..m...P....h.v..... bp>.......e.....0...uU-...q..5W...8...OWT=./.,+.v.%.$P[T=wSF.A.F.\-..96j&..].a9..mK.,.t+..qV..F.Z..u.,.|.u..z..9....{......8..x....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\hqdefault[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 11689

Entropy (8bit): 7.950072627959054

Encrypted: false

SSDEEP: 192:222c3CsyckG+YTg18b7oaIOdpLor06XAJ3P8Y0RhwTvN0jUeTusAjAeX42:22xLgU0aIOnLj6XAR8/LwTvmjUUAjAev

MD5: 1D47FDBCADAE32399CEDA8499BB7F210

SHA1: FF83FBF4E38347819607091DAE09041BEAEF0939

SHA-256: FDA420292290B9DC16581CCAFE478BEAF8D832C4AB91A65D06CAFACAEFA18FE7

SHA-512: 4FC8A31270FF1AA4D232C0867AE717C7D111E01F9C9500D1C85020DFD4FFFB232B3C4C9D1C652BC9281FB90A5E43F38975FF21BBDAC30FBA7786D5CA5F9502E3

Malicious: false

IE Cache URL: https://i.ytimg.com/vi/PaP1RE-QSzE/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLAtvLEwAs5gkAT-YXKShST-rB12jQ

Preview:......JFIF...........................................................................................................................................................".........................................K.........................!..1."A...2Qa...BRUVq.#3b..$T....Cr.....Ss....45................................8.........................!1.AQ"2aq......#3BRr.......$b............?..V.u..A....!.[..+.8..$?.......c.......C.........C....r..:..8..$?.....8..$?.......c.......C...S.q?.H~...?..]..Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..q?.H~...?..]`.Q}...$..o..=...$..o.."...u..q?.H~...?..O~k.....%Ae.p.L...H..U.......h....m@..>..,K..\...-...._.\?.L..x...Z.2...\0-.B.p..l.....1E..5W.!..-..Ko..I..lT.,P[....1.x,.S.w..........#I...5G...I.S!*..T.F....k.?...t.j.u....RZ.N..~.......I..CQ$.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 12105

Entropy (8bit): 5.451485481468043

Encrypted: false

SSDEEP: 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f

MD5: 9234071287E637F85D721463C488704C

SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152

SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649

SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384

Malicious: false

IE Cache URL: res://ieframe.dll/httpErrorPagesScripts.js

Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\network[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 13959

Entropy (8bit): 5.441952176596822

Encrypted: false

SSDEEP: 192:RlK/5pqi2AlkYw52/nDpDuN8VEwrON2nxUNKaUdA9j9kdS2joWzmR9N0V:tA1N/npuNxwrlnxULq

MD5: DBBE46B53418E967C530E07082251117

SHA1: 2CEA5575A23C9F7DABCF0F00679BD91AE5C5500C

SHA-256: B5F58726CD1A5266456B3F1CDC18DD77D28F0BECEDD305A2831E81AC4D1209FB

SHA-512: 91F6D885E94DA717EBFE479DE99266EC4315571CCFC6FD3ABE999FAEC7D2F65516B1BB6A963F9B7EAAD66FA1E6CBBAB6276E1B53DCC7FB838282024900E5C1C9

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/network.vflset/network.js

Preview:(function(){/*..SPF.(c) 2012-2017 Google Inc..https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE.*/.var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof n&&n];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var p=aa(this);.function r(a,b){if(b)a:{var c=p;a=a.split(".");for(var e=0;e<a.length-1;e++){var d=a[e];if(!(d in c))break a;c=c[d]}a=a[a.length-1];e=c[a];b=b(e);b!=e&&null!=b&&l(c,a,{configurable:!0,writable:!0,value:b})}}function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}.r("Symbol",function(a){function b(d){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c("jscomp_symbol_"+(d||"")+"_"+e++,d)}functi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\web-animations-next-lite.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Size (bytes): 50631

Entropy (8bit): 5.370747844819887

Encrypted: false

SSDEEP: 1536:IfdRsRCiALPAavkt7QbI5D4nDltOC2B7F:IfdORtuvktkb44J8F

MD5: DFECF4C08ABAF9A76B7F2A7702A52678

SHA1: 0AD87E2F31F5A7979141C202915EDAC2CBA238ED

SHA-256: B0484BB78A832EEFE3549AFB313D52399E5B6DE182D904DA07D5B9DA820848AC

SHA-512: 3331E0E0659287C359F10AAAF19A3131B60AEE3C3756C3144DC0940D34A2DB446CC46096C043AF8604FB6F298A219F941046A22821EA24703A7FCA8D5571F65A

Malicious: false

IE Cache URL: https://www.youtube.com/s/desktop/b70e86a1/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js

Preview:/*.. Copyright 2014 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. See the License for the specific language governing permissions and. limitations under the License... Copyright 2016 Google Inc. All rights reserved... Licensed under the Apache License, Version 2.0 (the "License");. you may not use this file except in compliance with the License.. You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. Unless required by applicable law or agreed to in writing, software. distributed under the License is distributed on an "AS IS" BASIS,.

C:\Users\user\AppData\Local\Temp\~DF07D7287D2D24C8F5.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 86741

Entropy (8bit): 1.3818107660690102

Encrypted: false

SSDEEP: 384:kBqoxKAuqR+tzxQTE03cI3W+jrCEW+jrWR+jrIWobid+4T8hLKD7sUqt:bsmsEskUq

MD5: 0C2E7ED28F79DDC1ABD1112656E04EE3

SHA1: 87D065D9F2189F552DDB8495429DA53F6C5BA65F

SHA-256: 4A67A6730E3F8802674904E965348B3313BCF7CF4DA3053CD33ACD3ADDEB6355

SHA-512: 901E033A710728D3A7B05CA0E9E9089587344DFCDA262692DE391E74645B09104E162E7AE68A767D7C90AF29CC5353D54B6BF920421750CF16BF9C74C6911F51

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF3294506AFA0E9B42.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 13141

Entropy (8bit): 0.5601838541798773


Encrypted: false

SSDEEP: 24:c9lLh9lLh9lIn9lIn9loBsF9loBM9lWBCk2kaTAqANAG:kBqoIp/kk2kaMTCG

MD5: B7588F3C8992FB9928206C6E91743CBE

SHA1: 880452B6826C780164FCC8BCAE1FF284CD0F5C39

SHA-256: B1E85CE025D847B81062D1DC6A0124CF25139591AFA6BE0769607B5C3F67D84A

SHA-512: 3F368E656905D90A3AFD156E95766F969BA7674D97EED04C2B319B10BC27C410F46CCC01EA344F96A20CD7AD3E22FD780BD364845645686D947414D6CAF2E9BE

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF3294506AFA0E9B42.TMP

C:\Users\user\AppData\Local\Temp\~DFE0C64B9AA64940F9.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 25441

Entropy (8bit): 0.3297822609654278

Encrypted: false

SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAI:kBqoxxJhHWSVSEabI

MD5: 1B2A785FED3AE0548BBF36ED60975C71

SHA1: 7DE382077A493359A701ABBC97118E8BFAFA0DB1

SHA-256: 3D86FF0E4C93168EBC9F287A998F71B73A9607CD2361DC61849216633C5EF373

SHA-512: 924BD73FCFC7C861A63393FF497F75ED04C5679F273D2F880A5B3A07479677F938D7E016F462129D3519F57952BB582AA9E6EA22EF755808D8CC867560F3AC5C

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFFE72B4EF09728E2E.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Category: dropped

Size (bytes): 29745

Entropy (8bit): 0.2920107282763179

Encrypted: false

SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y

MD5: CE909A43525B3843C907DCBE55E9D7DD

SHA1: 8B6E53CCBAAB132FF8100ECB696282F011402047

SHA-256: 540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602

SHA-512: 027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446

Malicious: false

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsbProcess: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File Type: data

Category: dropped

Size (bytes): 165

Entropy (8bit): 1.6081032063576088

Encrypted: false

SSDEEP: 3:RFXI6dtt:RJ1

MD5: 7AB76C81182111AC93ACF915CA8331D5

SHA1: 68B94B5D4C83A6FB415C8026AF61F3F8745E2559

SHA-256: 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF

SHA-512: A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7

Malicious: false

Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


Static File Info

GeneralFile type: Microsoft Excel 2007+

Entropy (8bit): 7.942567676513475

TrID: Excel Microsoft Office Open XML Format document with Macro (57504/1) 37.58%Excel Microsoft Office Binary workbook document (47504/1) 31.05%Excel Microsoft Office Open XML Format document (40004/1) 26.14%ZIP compressed archive (8000/1) 5.23%

File name: Encode and Decode the Massage.xlsb

File size: 166381

MD5: 09c8ccd98fc2466975142a66db48c9cf

SHA1: 0898a74776750b1c4e2c36d80bd958ba575eb099

SHA256: fa2b48d2caf465f04c3a32b7596bcce27630f810f9d1c10132da53d227602391

SHA512: 95e7f3a5e1cdf121cf6333f98b872ce8feecf78beb4db62e70ff1eafa7cc874250860f819cbcc66de5382df2624ea13fea7aec407d564f4bf03727794279e07c

SSDEEP: 3072:H1vZcYUHvxuq5YuvRUM3rVGZyBfS6yEoI/PrwAypMhR2g4HzMh7RQdR+v4Nw:Hp6Y8vv5tRN7VGgZz98QR2g4TMhNKY3

File Content Preview: PK..........!.................[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon

Icon Hash: 74f0d0d2c6d6d0f4

GeneralDocument Type: OpenXML

Number of OLE Files: 1

IndicatorsHas Summary Info: False

Application Name: unknown

Encrypted Document: False

Contains Word Document Stream:

Contains Workbook/Book Stream:

Contains PowerPoint Document Stream:

Contains Visio Document Stream:

Contains ObjectPool Stream:

Flash Objects Count:

Contains VBA Macros: True

SummaryAuthor: Priyendra.Kumar

Last Saved By: Priyendra.Kumar

Create Time: 2017-10-19T03:05:45Z

Last Saved Time: 2017-10-21T09:43:29Z

Creating Application: Microsoft Excel

Security: 0

Document SummaryThumbnail Scaling Desired: false

Company:

Static OLE Info

OLE File "/opt/package/joesandbox/database/analysis/344380/sample/Encode and Decode theMassage.xlsb"


Contains Dirty Links: false

Shared Document: false

Changed Hyperlinks: false

Application Version: 15.0300

Document Summary

General

Stream Path: VBA/Module1

VBA File Name: Module1.bas

Stream Size: 2857

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . S . . . O . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 06 f0 00 00 00 14 07 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 53 07 00 00 4f 0a 00 00 00 00 00 00 01 00 00 00 32 06 eb af 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

String)

VB_Name

Decode

Encode

Function

String

Integer

Encode(a

Decode(a

Mid(a,

Attribute

Len(a)

Chr(Asc(s)

General

Stream Path: VBA/Module2

VBA File Name: Module2.bas

Stream Size: 2905

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . K . . . { . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 06 f0 00 00 00 0c 07 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 4b 07 00 00 7b 0a 00 00 00 00 00 00 01 00 00 00 32 06 b8 ff 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

Decode_msg(a

String)

VB_Name

Encode_msg

Function

String

Integer

Encode_msg(a

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 2857

VBA Code Keywords

VBA File Name: Module2.bas, Stream Size: 2905

VBA Code Keywords


VBA Code

Mid(a,

Attribute

Len(a)

Chr(Asc(s)

Decode_msg

Keyword

General

Stream Path: VBA/Sheet1

VBA File Name: Sheet1.cls

Stream Size: 985

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . 2 . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 cc 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d3 02 00 00 27 03 00 00 00 00 00 00 01 00 00 00 32 06 e6 e8 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General

Stream Path: VBA/ThisWorkbook

VBA File Name: ThisWorkbook.cls

Stream Size: 993

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . 2 . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 01 00 01 f0 00 00 00 cc 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d3 02 00 00 27 03 00 00 00 00 00 00 01 00 00 00 32 06 ce be 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

"ThisWorkbook"

VB_PredeclaredId

VB_GlobalNameSpace

VBA File Name: Sheet1.cls, Stream Size: 985

VBA Code Keywords

VBA File Name: ThisWorkbook.cls, Stream Size: 993

VBA Code Keywords


VBA Code

VB_Base

VB_Customizable

VB_TemplateDerived

Keyword

General

Stream Path: PROJECT

File Type: ASCII text, with CRLF line terminators

Stream Size: 512

Entropy: 5.31312081928

Base64 Encoded: True

Data ASCII: I D = " { 6 B B 5 4 A F 6 - 5 9 2 E - 4 1 B E - B 9 0 4 - 6 2 B 4 D A 9 6 6 B B C } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 1 0 3 0 A 0 A 0 E 0 A 0 E 0 A 0 E 0 A 0 E " . . D P B = " 3 C 3 E 3 7 7 2 4 9 A

Data Raw: 49 44 3d 22 7b 36 42 42 35 34 41 46 36 2d 35 39 32 45 2d 34 31 42 45 2d 42 39 30 34 2d 36 32 42 34 44 41 39 36 36 42 42 43 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4d 6f 64 75 6c

General

Stream Path: PROJECTwm

File Type: data

Stream Size: 110

Entropy: 3.27860397782

Base64 Encoded: False

Data ASCII: T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . . .

Data Raw: 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 4d 6f 64 75 6c 65 32 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 32 00 00 00 00 00

General

Stream Path: VBA/_VBA_PROJECT

File Type: data

Stream Size: 3070

Entropy: 4.35297311303


Data ASCII: . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 .0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B. a . s . i . c .

Data Raw: cc 61 a3 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

General

Stream Path: VBA/__SRP_0

File Type: data

Stream Size: 1379

Entropy: 3.98499878803


Streams

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 512

Stream Path: PROJECTwm, File Type: data, Stream Size: 110

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3070

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 1379


Data ASCII: . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . .~ . . . ~ ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . F . s . j . . . X . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 93 4b 2a a3 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 02 00 03 00 00 00 00 00 01 00 00 00 03 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e

General

General


File Type: data

Stream Size: 91

Entropy: 1.99447307955


Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . a r . . . . . . .

Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 09 00 00 00 00 00 03 00 09 00 00 00 00 00 04 00 01 00 00 08 01 00 00 00 61 72 00 00 7f 00 00 00 00

General


File Type: data

Stream Size: 494

Entropy: 3.72252509102


Data ASCII: r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q. . . . . . . . . . . . . . . . . . . x . . . . . . . . . . v . . . . J . . c l . s . . ) ( < . . . k v . . l . . M \\ . . @ . , . . . . . . ., . ` 1 p . 6 . . < . , . . l p . . . . . . . . . . . < . . . . . . . < . ` 1 p . 5 < . . . l x . l p . * 1 x . . . . v . d l . . . .. . . . . . . . . . P . x . , . . . . . . . . . . . . . . . . . . . . . . . . . x .

Data Raw: 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 08 00 00 00 00 00 02 00 02 00 02 00 03 00 00 00 01 06 00 00 00 00 00 00 71 06 00 00 00 00 00 00 e1 06 00 00 00 00 00 00 b8 00 00 00 78 00 00 00 00 02 00 12 f4 01 04 76 ff 80 0c 00 4a e4 fe 63 6c ff 73 00 00 29 28 3c ff 01 00 6b 76 ff

General


File Type: data

Stream Size: 158

Entropy: 2.20810075976


Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . ` . . . . . . . . . .. . . . . . . . a . . . . . . . . . . . . 0 ( . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . 0 . . . . . .n . . . . . . .

Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 28 00 81 00 00 00 00 00 02 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 61 00 00 00 00 00 01 00 00 00 00 00 10 30 28 00 a9 00 00 00 00 00 02 00 01 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00

General


File Type: data

Stream Size: 158

Entropy: 2.20810075976


Data ASCII: r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . ` . . . . . . . . . .. . . . . . . . a . . . . . . . . . . . . 0 ( . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . 0 . . . . . .n . . . . . . .

Data Raw: 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 05 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 28 00 81 00 00 00 00 00 05 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 61 00 00 00 00 00 01 00 00 00 00 00 10 30 28 00 a9 00 00 00 00 00 05 00 01 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff 00 00






Network Port Distribution

Total Packets: 117

• 53 (DNS)

• 443 (HTTPS)

General


File Type: data

Stream Size: 494

Entropy: 3.7844443316


Data ASCII: r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q. . . . . . . . . . . . . . . . . . . x . . . . . . . . . . v . . . . J . . c l . s . . ) ( < . . . k v . . l . . M \\ . . @ . , . . . . . . ., . ` 1 p . 6 . . < . , . . l p . . . . . . . . . . . < . . . . . . . < . ` 1 p . 5 < . . . l x . l p . * 1 x . . . . v . d l . . . .. . . . . . . . . . P . x . , . . . . . . . . . . . . . . . . . . . . . . . . . x .

Data Raw: 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 04 00 08 00 00 00 00 00 05 00 02 00 02 00 03 00 00 00 01 06 00 00 00 00 00 00 71 06 00 00 00 00 00 00 e1 06 00 00 00 00 00 00 b8 00 00 00 78 00 00 00 00 02 00 12 f4 01 04 76 ff 80 0c 00 4a e4 fe 63 6c ff 73 00 00 29 28 3c ff 01 00 6b 76 ff

General

Stream Path: VBA/dir

File Type: data

Stream Size: 594

Entropy: 6.41829373269

Base64 Encoded: True

Data ASCII: . N . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r .. . . . . . . . . R . [ . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2D F 8 D 0 4 C . -

Data Raw: 01 4e b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 ce 52 bf 5b 1c 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

Jan 26, 2021 14:31:46.881541014 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.881761074 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.923943996 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.924043894 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.924549103 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.924640894 CET 49739 443 192.168.2.3 172.217.23.22


Stream Path: VBA/dir, File Type: data, Stream Size: 594

TCP Packets


Jan 26, 2021 14:31:46.927722931 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.930056095 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.970319033 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.972345114 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.984492064 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.984517097 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.984550953 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.984563112 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.984594107 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.984644890 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.986599922 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.986627102 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.986644983 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:46.986666918 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:46.986705065 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.013245106 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.013370037 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.045506954 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.050199032 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.057296038 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.057307959 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.057318926 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.057332993 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.057375908 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.057399988 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.057425022 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.057446003 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.066473007 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.089231014 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.089313030 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.091388941 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.091996908 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.093956947 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.094038963 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.105776072 CET 49739 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.109781981 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.109868050 CET 49738 443 192.168.2.3 172.217.23.22

Jan 26, 2021 14:31:47.138912916 CET 443 49738 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.140136957 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:31:47.149867058 CET 443 49739 172.217.23.22 192.168.2.3

Jan 26, 2021 14:32:07.976258039 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:07.977279902 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.018970966 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.019082069 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.019694090 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.019768000 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.076133966 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.076317072 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.118755102 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.118802071 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132617950 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132682085 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132721901 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132734060 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.132760048 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132791042 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.132802010 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132844925 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.132849932 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132886887 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.132894039 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132910013 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.132929087 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.132940054 CET 49751 443 192.168.2.3 216.58.207.129



Jan 26, 2021 14:32:08.133248091 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.196650028 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.198640108 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.239641905 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.239697933 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.239813089 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.239847898 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.241440058 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.241487026 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.241590977 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.253468990 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.253545046 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.253909111 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.254717112 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.254940033 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.296025991 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.296066046 CET 443 49751 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.296220064 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.296495914 CET 49751 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.297156096 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.297183990 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.297213078 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.297239065 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.297251940 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.297307968 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.300184965 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.300230026 CET 443 49752 216.58.207.129 192.168.2.3

Jan 26, 2021 14:32:08.300257921 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.300296068 CET 49752 443 192.168.2.3 216.58.207.129

Jan 26, 2021 14:32:08.302489996 CET 443 49751 216.58.207.129 192.168.2.3



Jan 26, 2021 14:30:39.484234095 CET 65110 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:39.532227993 CET 53 65110 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:40.597071886 CET 58361 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:40.645020008 CET 53 58361 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:42.125075102 CET 63492 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:42.175821066 CET 53 63492 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:45.926326036 CET 60831 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:45.977264881 CET 53 60831 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:48.494499922 CET 60100 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:48.545234919 CET 53 60100 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:49.430907965 CET 53195 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:49.488815069 CET 53 53195 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:49.573499918 CET 50141 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:49.632549047 CET 53 50141 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:49.913549900 CET 53023 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:49.971419096 CET 53 53023 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:50.920181990 CET 53023 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:50.977792025 CET 53 53023 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:51.240510941 CET 49563 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:51.288634062 CET 53 49563 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:51.915024042 CET 53023 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:51.971468925 CET 53 53023 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:53.057286024 CET 51352 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:53.105492115 CET 53 51352 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:53.930627108 CET 53023 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:53.986733913 CET 53 53023 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:54.162420034 CET 59349 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:54.210294962 CET 53 59349 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:55.093364954 CET 57084 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:55.141525030 CET 53 57084 8.8.8.8 192.168.2.3

UDP Packets


Jan 26, 2021 14:30:56.041286945 CET 58823 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:56.089339018 CET 53 58823 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:57.198477983 CET 57568 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:57.246397018 CET 53 57568 8.8.8.8 192.168.2.3

Jan 26, 2021 14:30:57.947045088 CET 53023 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:30:58.003221035 CET 53 53023 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:09.565696001 CET 50540 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:09.616250038 CET 53 50540 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:11.441077948 CET 54366 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:11.511662006 CET 53 54366 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:19.976780891 CET 53034 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:20.034174919 CET 53 53034 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:26.716742039 CET 57762 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:26.764749050 CET 53 57762 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:29.577908039 CET 55435 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:29.626009941 CET 53 55435 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:44.936527014 CET 50713 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:44.998441935 CET 53 50713 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:46.196573019 CET 56132 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:46.255901098 CET 53 56132 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:46.566256046 CET 58987 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:46.598316908 CET 56579 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:46.614017010 CET 53 58987 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:46.662988901 CET 53 56579 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:46.814575911 CET 60633 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:46.878897905 CET 53 60633 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:46.973306894 CET 61292 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:47.001678944 CET 63619 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:47.029531002 CET 53 61292 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:47.058792114 CET 53 63619 8.8.8.8 192.168.2.3

Jan 26, 2021 14:31:56.233194113 CET 64938 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:31:56.293199062 CET 53 64938 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:07.765593052 CET 61946 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:07.834574938 CET 53 61946 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:14.966969013 CET 64910 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:15.023273945 CET 53 64910 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:15.762644053 CET 52123 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:15.813479900 CET 53 52123 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:15.981089115 CET 64910 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:16.037868977 CET 53 64910 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:16.766773939 CET 52123 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:16.826214075 CET 53 52123 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:16.984596014 CET 64910 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:17.032715082 CET 53 64910 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:17.768594980 CET 52123 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:17.819318056 CET 53 52123 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:18.988802910 CET 64910 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:19.047285080 CET 53 64910 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:19.772795916 CET 52123 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:19.824657917 CET 53 52123 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:22.017765999 CET 56130 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:22.085000992 CET 53 56130 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:22.993000031 CET 64910 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:23.041687012 CET 53 64910 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:23.906477928 CET 52123 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:23.957268953 CET 53 52123 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:28.154576063 CET 56338 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:28.202656031 CET 53 56338 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:30.591909885 CET 59420 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:30.639792919 CET 53 59420 8.8.8.8 192.168.2.3

Jan 26, 2021 14:32:53.257709980 CET 58784 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:32:53.314480066 CET 53 58784 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:28.779947042 CET 63978 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:28.836323023 CET 53 63978 8.8.8.8 192.168.2.3



Jan 26, 2021 14:33:29.549254894 CET 62938 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:29.611645937 CET 53 62938 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:30.432437897 CET 55708 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:30.480443954 CET 53 55708 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:31.255276918 CET 56803 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:31.313632965 CET 53 56803 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:32.114250898 CET 57145 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:32.170357943 CET 53 57145 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:32.779699087 CET 55359 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:32.838764906 CET 53 55359 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:33.504837036 CET 58306 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:33.552918911 CET 53 58306 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:34.568327904 CET 64124 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:34.626879930 CET 53 64124 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:35.530077934 CET 49361 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:35.586673021 CET 53 49361 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:36.267347097 CET 63150 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:36.315896988 CET 53 63150 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:36.404707909 CET 53279 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:36.405458927 CET 56881 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:36.465280056 CET 53 53279 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:36.470338106 CET 53 56881 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:38.231004953 CET 53642 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:38.287024021 CET 53 53642 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:38.546447992 CET 55667 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:38.613450050 CET 53 55667 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:41.276727915 CET 54833 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:41.332961082 CET 53 54833 8.8.8.8 192.168.2.3

Jan 26, 2021 14:33:46.358330011 CET 62476 53 192.168.2.3 8.8.8.8

Jan 26, 2021 14:33:46.414863110 CET 53 62476 8.8.8.8 192.168.2.3


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Jan 26, 2021 14:31:46.196573019 CET 192.168.2.3 8.8.8.8 0x47b1 Standard query (0)

www.youtube.com

A (IP address) IN (0x0001)

Jan 26, 2021 14:31:46.814575911 CET 192.168.2.3 8.8.8.8 0x80c Standard query (0)

i.ytimg.com A (IP address) IN (0x0001)

Jan 26, 2021 14:32:07.765593052 CET 192.168.2.3 8.8.8.8 0xb1af Standard query (0)

yt3.ggpht.com A (IP address) IN (0x0001)

Jan 26, 2021 14:32:22.017765999 CET 192.168.2.3 8.8.8.8 0xed8c Standard query (0)

s2.googleusercontent.com


Jan 26, 2021 14:32:53.257709980 CET 192.168.2.3 8.8.8.8 0x343 Standard query (0)

www.youtube.com


Jan 26, 2021 14:33:36.405458927 CET 192.168.2.3 8.8.8.8 0xb793 Standard query (0)

www.google.co.uk


Jan 26, 2021 14:33:38.546447992 CET 192.168.2.3 8.8.8.8 0xffcf Standard query (0)

consent.youtube.com


Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Jan 26, 2021 14:31:46.255901098 CET

8.8.8.8 192.168.2.3 0x47b1 No error (0) www.youtube.com

youtube-ui.l.google.com CNAME (Canonical name)

IN (0x0001)

Jan 26, 2021 14:31:46.878897905 CET

8.8.8.8 192.168.2.3 0x80c No error (0) i.ytimg.com 172.217.23.22 A (IP address) IN (0x0001)

Jan 26, 2021 14:32:07.834574938 CET

8.8.8.8 192.168.2.3 0xb1af No error (0) yt3.ggpht.com photos-ugc.l.googleusercontent.com

CNAME (Canonical name)

IN (0x0001)

Jan 26, 2021 14:32:07.834574938 CET

8.8.8.8 192.168.2.3 0xb1af No error (0) photos-ugc.l.googleusercontent.com

216.58.207.129 A (IP address) IN (0x0001)

Jan 26, 2021 14:32:22.085000992 CET

8.8.8.8 192.168.2.3 0xed8c No error (0) s2.googleusercontent.com

googlehosted.l.googleusercontent.com

CNAME (Canonical name)

IN (0x0001)

DNS Queries

DNS Answers


Jan 26, 2021 14:32:22.085000992 CET

8.8.8.8 192.168.2.3 0xed8c No error (0) googlehosted.l.googleusercontent.com

172.217.22.225 A (IP address) IN (0x0001)

Jan 26, 2021 14:32:53.314480066 CET

8.8.8.8 192.168.2.3 0x343 No error (0) www.youtube.com

youtube-ui.l.google.com CNAME (Canonical name)

IN (0x0001)

Jan 26, 2021 14:33:36.470338106 CET

8.8.8.8 192.168.2.3 0xb793 No error (0) www.google.co.uk

172.217.22.227 A (IP address) IN (0x0001)

Jan 26, 2021 14:33:38.613450050 CET

8.8.8.8 192.168.2.3 0xffcf No error (0) consent.youtube.com

216.58.207.142 A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Jan 26, 2021 14:31:46.984594107 CET

172.217.23.22 443 192.168.2.3 49739 CN=edgestatic.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Tue Jan 05 12:53:26 CET 2021 Thu Jun 15 02:00:42 CEST 2017

Tue Mar 30 13:53:25 CEST 2021 Wed Dec 15 01:00:42 CET 2021

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GTS CA 1O1, O=Google Trust Services, C=US

CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:31:46.986644983 CET

172.217.23.22 443 192.168.2.3 49738 CN=edgestatic.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US




771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:08.132760048 CET

216.58.207.129 443 192.168.2.3 49752 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US




771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:08.132929087 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

HTTPS Packets


Jan 26, 2021 14:32:22.202195883 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:22.202351093 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:22.202497005 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:22.202658892 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:32:22.202805042 CET





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021



NotBefore

NotAfter



Code Manipulations

Statistics

Behavior

• EXCEL.EXE

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

Jan 26, 2021 14:33:36.589231014 CET

172.217.22.227 443 192.168.2.3 49781 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US




771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021

Jan 26, 2021 14:33:36.589303017 CET

172.217.22.227 443 192.168.2.3 49780 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US




771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Thu Jun 15 02:00:42 CEST 2017

Wed Dec 15 01:00:42 CET 2021



NotBefore

NotAfter


Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792Analysis Process: EXCEL.EXE PID: 1492 Parent PID: 792

General


File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 26/01/2021

Path: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding

Imagebase: 0x1000000

File size: 27110184 bytes

MD5 hash: 5D6638F2C8F8571C593999C58866007E

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\~DF74F98228394A0526.TMP read attributes | synchronize | generic read | generic write

device synchronous io non alert | non directory file

success or wait 1 689292AB unknown

File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\43EBE61E.tmp success or wait 1 117495B DeleteFileW

Old File Path New File Path Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsb unknown 55 07 70 72 61 74 65 73 68 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

.pratesh success or wait 1 11651E4 WriteFile

C:\Users\user\Desktop\~$Encode and Decode the Massage.xlsb unknown 110 07 00 70 00 72 00 61 00 74 00 65 00 73 00 68 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00

..p.r.a.t.e.s.h. . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

success or wait 1 1165241 WriteFile

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache success or wait 1 10720F4 RegCreateKeyExW

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0 success or wait 1 107211C RegCreateKeyExW

HKEY_CURRENT_USER\Software\Microsoft\VBA success or wait 1 68968A84 RegCreateKeyExA

File CreatedFile Created

File DeletedFile Deleted

File WrittenFile Written

Key CreatedKey Created


HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1 success or wait 1 68968A84 RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common success or wait 1 68968A84 RegCreateKeyExA


Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSForms dword 1 success or wait 1 107213B RegSetValueExW

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0

MSComctlLib dword 1 success or wait 1 107213B RegSetValueExW

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol





Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff71b880000


MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596




Reputation: high









Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Key Value CreatedKey Value Created

Analysis Process: iexplore.exe PID: 7104 Parent PID: 792Analysis Process: iexplore.exe PID: 7104 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104Analysis Process: iexplore.exe PID: 6168 Parent PID: 7104

General


Disassembly



Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7104 CREDAT:17410 /prefetch:2

Imagebase: 0x12e0000


MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A




Reputation: high








Automated Malware Analysis Report for Encode and Decode the ...

Documents

Transcript of Automated Malware Analysis Report for Encode and Decode the ...