Loading ...

Play interactive tourEdit tour

Analysis Report KAsJ2r4XYY.dll

Overview

General Information

Sample Name:KAsJ2r4XYY.dll
Analysis ID:381747
MD5:2d242e5ea5fbb1541d1c72b6a01236f6
SHA1:1c593344883c0db0f34a917381ea7865cbfceba2
SHA256:d7102c2bee0abe8f04f3faf34374462dbe7b528f3de6492b6e9ce230a5a8d5ef
Tags:dllGoziISFBUrsnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Yara detected Ursnif
Machine Learning detection for sample
Writes or reads registry keys via WMI
Writes registry values via WMI
Antivirus or Machine Learning detection for unpacked file
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • loaddll32.exe (PID: 5904 cmdline: loaddll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 3728 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 5944 cmdline: rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 2212 cmdline: rundll32.exe C:\Users\user\Desktop\KAsJ2r4XYY.dll,StartService MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • iexplore.exe (PID: 6348 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6400 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6348 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 7164 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 3420 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 5200 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17418 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 1268 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5068 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1268 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

[{"RSA Public Key": "Om1HeBhXBR6NHvmWFG5B2kyl5mdcRMsb8ux2uo9VgGW0O2LzHZKk3w9bxw9stgphU0ayytcOYkK6GCNJlKSeMTZJ5WPgZiX+MaXiUccStEUTXkW1ubp0gdr16sb5U4M+rzWWPvc3s7bj9o1yqSJtP7PmMVp7E+3llLULQ9/DZbAD7SXaft6wcY8wFjSkI+8D"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.loaddll32.exe.9a0000.1.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              0.2.loaddll32.exe.10000000.4.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                2.2.rundll32.exe.36c0000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  3.2.rundll32.exe.2fe0000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    3.2.rundll32.exe.10000000.5.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.4ff94a0.4.raw.unpackMalware Configuration Extractor: Ursnif [{"RSA Public Key": "Om1HeBhXBR6NHvmWFG5B2kyl5mdcRMsb8ux2uo9VgGW0O2LzHZKk3w9bxw9stgphU0ayytcOYkK6GCNJlKSeMTZJ5WPgZiX+MaXiUccStEUTXkW1ubp0gdr16sb5U4M+rzWWPvc3s7bj9o1yqSJtP7PmMVp7E+3llLULQ9/DZbAD7SXaft6wcY8wFjSkI+8D"}, {"c2_domain": ["bing.com", "update4.microsoft.com", "under17.com", "urs-world.com"], "botnet": "5566", "server": "12", "serpent_key": "10301029JSJUYDWG", "sleep_time": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}]
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: KAsJ2r4XYY.dllVirustotal: Detection: 52%Perma Link
                      Machine Learning detection for sampleShow sources
                      Source: KAsJ2r4XYY.dllJoe Sandbox ML: detected
                      Source: 0.2.loaddll32.exe.10000000.4.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 3.2.rundll32.exe.10000000.5.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: KAsJ2r4XYY.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_009212D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B212D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
                      Source: Joe Sandbox ViewIP Address: 185.243.114.196 185.243.114.196
                      Source: Joe Sandbox ViewASN Name: ACCELERATED-ITDE ACCELERATED-ITDE
                      Source: global trafficTCP traffic: 192.168.2.3:49748 -> 185.243.114.196:80
                      Source: unknownDNS traffic detected: queries for: login.microsoftonline.com
                      Source: GiGr-rA9TBhE2c3LJn7PvDweiOo.gz[1].js.20.drString found in binary or memory: http://feross.org
                      Source: {5CD1EFE9-95B2-11EB-90E4-ECF4BB862DED}.dat.25.dr, ~DFB944C173FC982650.TMP.25.drString found in binary or memory: http://under17.com/joomla/X_2FkL3FeOxUDMJ/FYE4xQai74UAgYvt6w/rz9YymYaY/A1831r9BfghFj3EKo2Ac/ILaAjMeO
                      Source: ~DF76D71240BBB52F37.TMP.19.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/finanzen/top-stories/ein-trick-soll-auslandschweizern-in-der-ferne-helfen-
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/digital/tilman-santarius-einmal-zoomen-statt-bahn-spart-90-pro
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/international/k
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/international/papst-franziskus-warnt-vor-r
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/politik/bundesregierung-stuft-niederlande-als-hochinzidenzgebi
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/politik/corona-jens-spahn-plant-freiheiten-f
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/politik/jeder-mensch-kann-europa-ver
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/politik/stuttgart-querdenker-demo-alle-emp
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/politik/union-s
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/schweiz/schweizer-pass-nach-der-schulzeit-junge-glp-will-einb
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/vermischtes/taucherin-tot-aus-dem-rhein-geborgen/ar-BB1fi1Ia?o
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/briten-wollen-impfnachweise-nach-israelischem-vorbild-einf
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/deutschlands-star-virologe-empfiehlt-ernsthaften-lockdown-so-wi
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/die-st-galler-stadtpolizei-bereitet-sich-auf-eine-weitere-krawa
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/ich-w
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/iran-keine-verhandlungen-mit-usa-bei-atomtreffen-in-wien/ar-BB1
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/r
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/t
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/unruhen-in-nordirland-demonstranten-setzen-autos-in-brand-und-g
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/news/other/weitere-proteste-in-myanmar-ostereier-mit-parolen-gegen-die-jun
                      Source: msnpopularnow[1].json.28.drString found in binary or memory: https://www.msn.com/de-ch/reisen/artikel/berghuus-radons-in-der-schweiz-ein-hoch-auf-die-schweinebac

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.loaddll32.exe.9a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.36c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2fe0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5944, type: MEMORY

                      E-Banking Fraud:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.loaddll32.exe.9a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.36c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2fe0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5944, type: MEMORY

                      System Summary:

                      barindex
                      Writes or reads registry keys via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Writes registry values via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001D9F NtMapViewOfSection,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001EB5 GetProcAddress,NtCreateSection,memset,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002375 NtQueryVirtualMemory,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_009283B7 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0092B341 NtQueryVirtualMemory,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B283B7 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B2B341 NtQueryVirtualMemory,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A596E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A5C76
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A1374
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A554B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A6424
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A1000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A1918
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A3314
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A28EB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A20EE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A52EC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A5AF6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A3BDB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A3FA8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A3A85
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A1B95
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002154
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00924094
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_009297F2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0092B11C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_0366348F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_0366596E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03665C76
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03661374
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_0366237B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_0366247B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_0366554B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03664859
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03666424
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03661000
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03663314
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03661918
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_036620EE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_036652EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_036628EB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03665AF6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03663BDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03663FA8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03663A85
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03661B95
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B24094
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B297F2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B2B11C
                      Source: KAsJ2r4XYY.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: classification engineClassification label: mal84.troj.winDLL@18/115@6/1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0092757F CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF151D54B9C8834E13.TMPJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\KAsJ2r4XYY.dll,StartService
                      Source: KAsJ2r4XYY.dllVirustotal: Detection: 52%
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\KAsJ2r4XYY.dll,StartService
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                      Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6348 CREDAT:17410 /prefetch:2
                      Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17410 /prefetch:2
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17418 /prefetch:2
                      Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1268 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\KAsJ2r4XYY.dll,StartService
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6348 CREDAT:17410 /prefetch:2
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17410 /prefetch:2
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17418 /prefetch:2
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1268 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001745 LoadLibraryA,GetProcAddress,
                      Source: KAsJ2r4XYY.dllStatic PE information: section name: .code
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F push dword ptr [ebp-10h]; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F push dword ptr [ebp-0Ch]; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F push 00000000h; mov dword ptr [esp], edx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F push edx; mov dword ptr [esp], 00000002h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A348F push 00000000h; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A6194 push eax; mov dword ptr [esp], 00000004h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A6194 push esi; mov dword ptr [esp], 00001000h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A6194 push 00000000h; mov dword ptr [esp], ebp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B push 00000000h; mov dword ptr [esp], edi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B push 00000000h; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B push dword ptr [ebp-10h]; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B push dword ptr [ebp-10h]; mov dword ptr [esp], esi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A237B push edi; mov dword ptr [esp], 00000004h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push 00000000h; mov dword ptr [esp], eax
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push 00000000h; mov dword ptr [esp], edi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push 00000000h; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push dword ptr [ebp-10h]; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push dword ptr [ebp-10h]; mov dword ptr [esp], esi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A247B push edi; mov dword ptr [esp], 00000004h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-08h]; mov dword ptr [esp], edi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-10h]; mov dword ptr [esp], edx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push 00000000h; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-10h]; mov dword ptr [esp], edi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-0Ch]; mov dword ptr [esp], ecx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push 00000000h; mov dword ptr [esp], ebp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push ebx; mov dword ptr [esp], 00000001h
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-0Ch]; mov dword ptr [esp], eax
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push 00000000h; mov dword ptr [esp], edx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push dword ptr [ebp-08h]; mov dword ptr [esp], edi
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push 00000000h; mov dword ptr [esp], edx
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A4859 push 00000000h; mov dword ptr [esp], ecx

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.loaddll32.exe.9a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.36c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2fe0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5944, type: MEMORY
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\loaddll32.exeWindow / User API: threadDelayed 418
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_009212D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04B212D4 RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,memset,CreateFileA,GetFileTime,FindCloseChangeNotification,StrRChrA,lstrcat,FindFirstFileA,FindFirstFileA,CompareFileTime,CompareFileTime,FindClose,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,StrChrA,memcpy,FindNextFileA,FindClose,FindFirstFileA,CompareFileTime,FindClose,HeapFree,HeapFree,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001745 LoadLibraryA,GetProcAddress,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_026A2DF5 or edx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 2_2_03662DF5 or edx, dword ptr fs:[00000030h]
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.469842682.0000000001290000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.470506785.0000000003550000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000002.469842682.0000000001290000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.470506785.0000000003550000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.469842682.0000000001290000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.470506785.0000000003550000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.469842682.0000000001290000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.470506785.0000000003550000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0092269C cpuid
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_1000102F GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_0092269C RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001850 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.loaddll32.exe.9a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.36c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2fe0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5944, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.loaddll32.exe.9a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.rundll32.exe.36c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.2fe0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.10000000.5.unpack, type: UNPACKEDPE
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5944, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation2Path InterceptionProcess Injection12Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection12LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Rundll321NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsAccount Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Owner/User Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 381747 Sample: KAsJ2r4XYY.dll Startdate: 04/04/2021 Architecture: WINDOWS Score: 84 33 urs-world.com 2->33 45 Found malware configuration 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected  Ursnif 2->49 51 2 other signatures 2->51 8 loaddll32.exe 1 2->8         started        11 iexplore.exe 1 53 2->11         started        13 iexplore.exe 2 61 2->13         started        15 iexplore.exe 1 49 2->15         started        signatures3 process4 signatures5 53 Writes or reads registry keys via WMI 8->53 55 Writes registry values via WMI 8->55 17 rundll32.exe 8->17         started        20 cmd.exe 1 8->20         started        22 iexplore.exe 31 11->22         started        25 iexplore.exe 86 11->25         started        27 iexplore.exe 167 13->27         started        29 iexplore.exe 32 15->29         started        process6 dnsIp7 43 Writes registry values via WMI 17->43 31 rundll32.exe 20->31         started        35 under17.com 185.243.114.196, 80 ACCELERATED-ITDE Netherlands 22->35 37 prda.aadg.msidentity.com 27->37 39 login.microsoftonline.com 27->39 41 a.privatelink.msidentity.com 27->41 signatures8 process9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      KAsJ2r4XYY.dll52%VirustotalBrowse
                      KAsJ2r4XYY.dll100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      0.2.loaddll32.exe.920000.0.unpack100%AviraHEUR/AGEN.1108168Download File
                      3.2.rundll32.exe.4b20000.3.unpack100%AviraHEUR/AGEN.1108168Download File
                      0.2.loaddll32.exe.10000000.4.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      3.2.rundll32.exe.10000000.5.unpack100%AviraTR/Crypt.XPACK.Gen8Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      urs-world.com0%VirustotalBrowse
                      under17.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://under17.com/joomla/X_2FkL3FeOxUDMJ/FYE4xQai74UAgYvt6w/rz9YymYaY/A1831r9BfghFj3EKo2Ac/ILaAjMeO0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      urs-world.com
                      185.186.244.95
                      truetrueunknown
                      under17.com
                      185.243.114.196
                      truetrueunknown
                      login.microsoftonline.com
                      unknown
                      unknownfalse
                        high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://www.msn.com/de-ch/nachrichten/politik/union-smsnpopularnow[1].json.28.drfalse
                          high
                          https://www.msn.com/de-ch/news/other/briten-wollen-impfnachweise-nach-israelischem-vorbild-einfmsnpopularnow[1].json.28.drfalse
                            high
                            https://www.msn.com/de-ch/nachrichten/politik/bundesregierung-stuft-niederlande-als-hochinzidenzgebimsnpopularnow[1].json.28.drfalse
                              high
                              https://www.msn.com/de-ch/nachrichten/schweiz/schweizer-pass-nach-der-schulzeit-junge-glp-will-einbmsnpopularnow[1].json.28.drfalse
                                high
                                http://under17.com/joomla/X_2FkL3FeOxUDMJ/FYE4xQai74UAgYvt6w/rz9YymYaY/A1831r9BfghFj3EKo2Ac/ILaAjMeO{5CD1EFE9-95B2-11EB-90E4-ECF4BB862DED}.dat.25.dr, ~DFB944C173FC982650.TMP.25.drfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.msn.com/de-ch/news/other/die-st-galler-stadtpolizei-bereitet-sich-auf-eine-weitere-krawamsnpopularnow[1].json.28.drfalse
                                  high
                                  https://www.msn.com/de-ch/finanzen/top-stories/ein-trick-soll-auslandschweizern-in-der-ferne-helfen-msnpopularnow[1].json.28.drfalse
                                    high
                                    https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e~DF76D71240BBB52F37.TMP.19.drfalse
                                      high
                                      https://www.msn.com/de-ch/reisen/artikel/berghuus-radons-in-der-schweiz-ein-hoch-auf-die-schweinebacmsnpopularnow[1].json.28.drfalse
                                        high
                                        https://www.msn.com/de-ch/nachrichten/international/kmsnpopularnow[1].json.28.drfalse
                                          high
                                          https://www.msn.com/de-ch/news/other/iran-keine-verhandlungen-mit-usa-bei-atomtreffen-in-wien/ar-BB1msnpopularnow[1].json.28.drfalse
                                            high
                                            https://www.msn.com/de-ch/news/other/tmsnpopularnow[1].json.28.drfalse
                                              high
                                              https://www.msn.com/de-ch/nachrichten/politik/stuttgart-querdenker-demo-alle-empmsnpopularnow[1].json.28.drfalse
                                                high
                                                https://www.msn.com/de-ch/news/other/unruhen-in-nordirland-demonstranten-setzen-autos-in-brand-und-gmsnpopularnow[1].json.28.drfalse
                                                  high
                                                  https://www.msn.com/de-ch/nachrichten/digital/tilman-santarius-einmal-zoomen-statt-bahn-spart-90-promsnpopularnow[1].json.28.drfalse
                                                    high
                                                    https://www.msn.com/de-ch/news/other/rmsnpopularnow[1].json.28.drfalse
                                                      high
                                                      https://www.msn.com/de-ch/news/other/ich-wmsnpopularnow[1].json.28.drfalse
                                                        high
                                                        https://www.msn.com/de-ch/nachrichten/politik/jeder-mensch-kann-europa-vermsnpopularnow[1].json.28.drfalse
                                                          high
                                                          https://www.msn.com/de-ch/nachrichten/international/papst-franziskus-warnt-vor-rmsnpopularnow[1].json.28.drfalse
                                                            high
                                                            http://feross.orgGiGr-rA9TBhE2c3LJn7PvDweiOo.gz[1].js.20.drfalse
                                                              high
                                                              https://www.msn.com/de-ch/nachrichten/vermischtes/taucherin-tot-aus-dem-rhein-geborgen/ar-BB1fi1Ia?omsnpopularnow[1].json.28.drfalse
                                                                high
                                                                https://www.msn.com/de-ch/news/other/deutschlands-star-virologe-empfiehlt-ernsthaften-lockdown-so-wimsnpopularnow[1].json.28.drfalse
                                                                  high
                                                                  https://www.msn.com/de-ch/news/other/weitere-proteste-in-myanmar-ostereier-mit-parolen-gegen-die-junmsnpopularnow[1].json.28.drfalse
                                                                    high
                                                                    https://www.msn.com/de-ch/nachrichten/politik/corona-jens-spahn-plant-freiheiten-fmsnpopularnow[1].json.28.drfalse
                                                                      high

                                                                      Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      185.243.114.196
                                                                      under17.comNetherlands
                                                                      31400ACCELERATED-ITDEtrue

                                                                      General Information

                                                                      Joe Sandbox Version:31.0.0 Emerald
                                                                      Analysis ID:381747
                                                                      Start date:04.04.2021
                                                                      Start time:18:55:47
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 8m 16s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:light
                                                                      Sample file name:KAsJ2r4XYY.dll
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:33
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal84.troj.winDLL@18/115@6/1
                                                                      EGA Information:Failed
                                                                      HDC Information:
                                                                      • Successful, ratio: 48% (good quality ratio 45.4%)
                                                                      • Quality average: 78.9%
                                                                      • Quality standard deviation: 29%
                                                                      HCA Information:
                                                                      • Successful, ratio: 85%
                                                                      • Number of executed functions: 0
                                                                      • Number of non-executed functions: 0
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      • Found application associated with file extension: .dll
                                                                      Warnings:
                                                                      Show All
                                                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                      • Created / dropped Files have been reduced to 100
                                                                      • Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.42.151.234, 52.147.198.201, 20.82.210.154, 184.30.24.56, 88.221.62.148, 13.107.21.200, 204.79.197.200, 20.54.26.129, 67.26.83.254, 8.241.83.126, 8.238.85.126, 8.241.126.249, 8.238.29.126, 20.190.159.134, 40.126.31.141, 40.126.31.137, 40.126.31.135, 20.190.159.132, 40.126.31.143, 40.126.31.8, 40.126.31.6, 20.190.159.133, 20.190.159.137, 40.126.31.7, 40.126.31.140, 40.126.31.5, 40.126.31.142, 20.190.159.131, 40.126.31.9, 20.82.209.183, 92.122.213.247, 92.122.213.194, 152.199.19.161, 20.190.160.67, 20.190.160.73, 20.190.160.8, 20.190.160.75, 20.190.160.71, 20.190.160.2, 20.190.160.6, 20.190.160.132
                                                                      • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, www2.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, update4.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, www.tm.a.prd.aadg.akadns.net, login.msa.msidentity.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, www2-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      18:57:02API Interceptor1x Sleep call for process: rundll32.exe modified
                                                                      18:58:00API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      185.243.114.196swlsGbeQwT.dllGet hashmaliciousBrowse
                                                                        document-1048628209.xlsGet hashmaliciousBrowse
                                                                          document-1771131239.xlsGet hashmaliciousBrowse
                                                                            document-1370071295.xlsGet hashmaliciousBrowse
                                                                              document-69564892.xlsGet hashmaliciousBrowse
                                                                                document-1320073816.xlsGet hashmaliciousBrowse
                                                                                  document-184653858.xlsGet hashmaliciousBrowse
                                                                                    document-1729033050.xlsGet hashmaliciousBrowse
                                                                                      document-540475316.xlsGet hashmaliciousBrowse
                                                                                        document-1456634656.xlsGet hashmaliciousBrowse
                                                                                          document-1376447212.xlsGet hashmaliciousBrowse
                                                                                            document-1813856412.xlsGet hashmaliciousBrowse
                                                                                              document-1776123548.xlsGet hashmaliciousBrowse
                                                                                                document-684762271.xlsGet hashmaliciousBrowse
                                                                                                  document-1590815978.xlsGet hashmaliciousBrowse
                                                                                                    document-66411652.xlsGet hashmaliciousBrowse
                                                                                                      document-415601328.xlsGet hashmaliciousBrowse
                                                                                                        document-69633738.xlsGet hashmaliciousBrowse
                                                                                                          document-779106205.xlsGet hashmaliciousBrowse
                                                                                                            document-2092157215.xlsGet hashmaliciousBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              urs-world.comswlsGbeQwT.dllGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1048628209.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1771131239.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-69564892.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1729033050.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1813856412.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1776123548.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-647734423.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1579869720.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-895003104.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-779106205.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-806281169.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-839860086.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1061603179.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-909428158.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1747349663.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1822768538.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-1952275091.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-583955381.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              document-719712851.xlsGet hashmaliciousBrowse
                                                                                                              • 185.186.244.95
                                                                                                              under17.comswlsGbeQwT.dllGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1048628209.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1771131239.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1370071295.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-69564892.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1320073816.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-184653858.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1729033050.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-540475316.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1456634656.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1376447212.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1813856412.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1776123548.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-684762271.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1590815978.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-66411652.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-415601328.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-895003104.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-69633738.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-779106205.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196

                                                                                                              ASN

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              ACCELERATED-ITDEswlsGbeQwT.dllGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1048628209.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1771131239.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1370071295.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-69564892.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1320073816.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-184653858.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1729033050.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-540475316.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1456634656.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1376447212.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1813856412.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1776123548.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-684762271.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-1590815978.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-66411652.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-415601328.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-69633738.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-779106205.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196
                                                                                                              document-2092157215.xlsGet hashmaliciousBrowse
                                                                                                              • 185.243.114.196

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40515B78-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):29272
                                                                                                              Entropy (8bit):1.769110427245521
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:ruZkZzr2z8wWz8yGPtz8yGVA3fz8yGV7fOpOMz8yG8i7ch2fl9Wz87G8i7Oa4B:ruZkZv2vWCtDf2tMgueB
                                                                                                              MD5:CC95A06E21067F12C80786AD9ABC02C3
                                                                                                              SHA1:949D8FA7FEC7419F6CE5A513AB208D19B1E88A2E
                                                                                                              SHA-256:388AE714261BD8FB02423F72DDE09BA95119377CDE9D69036B739A2A2F8CD916
                                                                                                              SHA-512:D92B6C2E2925AD12605231DEDBF77A8B3F436095574AA454A14AFB78260FD637ACBD5064EAEA0905F5C1A052E4018440D2CE27F0C4D2FA3030DFAF588C1C9A94
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5CD1EFE7-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):50344
                                                                                                              Entropy (8bit):2.0168860207743036
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:r2Z5ZX2UWgtMf0FMyh8nJeMfMHsQC3SPSg:ryvGDkyZyhgkH6S9
                                                                                                              MD5:C05D72F42DA45AEDB553A348F70A7375
                                                                                                              SHA1:1A943D1ED10EB5521AC6BCD6246A4AE9F42584DD
                                                                                                              SHA-256:6C55658B68281F5A6445E8A0987384528EE9E0FBBC6ADB4CB79C41EB83B8A993
                                                                                                              SHA-512:97A227F1F50B6A081FA9B4A9DB1598C31D3EDF5CD2FD23FA3333377AC3C09441E6570C69138A680208ECED038F16503D7C9CC360B56716F23DFD1694A562CE5B
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F44FC35-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):21592
                                                                                                              Entropy (8bit):1.7599042592478111
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:rRZyZj12jS6WjSwG7ZtjSwGcwdVfjSwGcwKw2SlQMjSwGTwZwKwy9y:rRZyZp2/Wkt3gVf37XSlQMQk7f9y
                                                                                                              MD5:CD8E997A7C4C404FED93A6A0F1FDCA25
                                                                                                              SHA1:F9210AB2637E2E080515E9622CD36F1CE41AD702
                                                                                                              SHA-256:C50020481F0EE97D12899089B578C183E8D3822D238B343DFD8109B2C69877C6
                                                                                                              SHA-512:13548878D69050A1CA315EFED45D7966CB979A6890347CC4061F946027961597092E2150C5AEF2926ACC64FE63CA782F7D73D67094F30469453BBE3D00B592B5
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{40515B7A-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):43408
                                                                                                              Entropy (8bit):2.5081041542731346
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:r6yMklZVXC1mZIXhQsfxOfxfjfxRQZpqAIC:QmOXhQ2xoxfzxEfT
                                                                                                              MD5:963E38C994B4012E5CA7CEBA752F2F0C
                                                                                                              SHA1:A2A8A5880FF45787D713038BD4A8A336DE6292BC
                                                                                                              SHA-256:97EC4030095731ED869936514E018210CE03E1911DC7FF014161773478336DE8
                                                                                                              SHA-512:A9C41B25336D9831E09BECAC1894BB10679EA77022A7E42A2AD4110B2B74A72293E2FB9C47B5E62BBA9BEA6F7200ABC327739E633A9F39709B48D101272345F4
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CD1EFE9-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:modified
                                                                                                              Size (bytes):27088
                                                                                                              Entropy (8bit):1.8411466434539112
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:IwtXGcprDMGwpaoXG4pQ6lGrapbSWZGQpB2GHHpckaTGUp8bGzYpmYOOGopJm6sG:rXZYQU6OBS+j12pWhMaTmx/Txxp/PA
                                                                                                              MD5:4FBBAC2FE018B7DA170EC046F831DA55
                                                                                                              SHA1:26EF9CF83CAFF792B37D719AA131396AA98AA8B3
                                                                                                              SHA-256:8AA62D824AF016FB7E1B9D4603222798172BBFE97970BD535EF5E262E3D8D998
                                                                                                              SHA-512:9F56CE1E949EF31B13537ECDD200D1AD457E12B84700C3C9F80440DD2510FF69DBBCC6AB5495E94F0EBD7B527D743A7C55DB289316303AD5EA5486F9EE427E81
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CD1EFEB-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):41180
                                                                                                              Entropy (8bit):2.3784212855244817
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:rA8my5cUGQHBVGBE0fBEB+BLBwcADBGZv6BGxtyy:veTm89D6AZCAxoy
                                                                                                              MD5:8492908E1B87C0F24B6415FD21EFB449
                                                                                                              SHA1:26AD390A12FD1CD9F91D52DB23D7DC7F5B89DF80
                                                                                                              SHA-256:F31D7E8F0F5407AA51D3A851DC3233E30B458BEE0676807E41CA6C754EA3324E
                                                                                                              SHA-512:842F68103D576F4963CB2AF177421BA8775A07DB2216E1B8649E72B8013B9396ED6C56145C7D099B8EB08D085E4FE01090EBE6C2C30F137AB09CD1DFE4F2D0A2
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F44FC37-95B2-11EB-90E4-ECF4BB862DED}.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:Microsoft Word Document
                                                                                                              Category:dropped
                                                                                                              Size (bytes):24624
                                                                                                              Entropy (8bit):1.724238680069102
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:IwfGcprqGwpaS7G4pQ+GrapbSvZGQpBqGHHpcUaTGUp8pGzYpmOlOGopokrhrSwU:r1ZyQG6wBSrjx25WnMz6AhrS+Bjg
                                                                                                              MD5:FF7D1DD13FAE5E3CE4A224FA4164E408
                                                                                                              SHA1:605089EFC26C8339DFB83C72157CC6128447EECA
                                                                                                              SHA-256:D3C6E76FA126F898A20AA8563620A65185DC4BD20F0317D750C8577A366D324E
                                                                                                              SHA-512:5A36ED39D8A251D307D233AD9C49C8F0383D0E05E0ABFE8E7BBE0851B3365444CBE83B6170CB53C7E9D9BD28C25D819C6226F636FC2516163A38528738C97C1C
                                                                                                              Malicious:false
                                                                                                              Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):10192
                                                                                                              Entropy (8bit):4.533422310026393
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:0Ph+Qhato4xOxDehrmrPh+Qhato4xOxDehrm+:0Z+dnmDehKrZ+dnmDehK+
                                                                                                              MD5:6E1AA8D94A96F03A178408E083C2D1D0
                                                                                                              SHA1:2BF9993284D7C75CBE1DF68761D159FCD4B6EDCE
                                                                                                              SHA-256:3D501F4DB52491531E84453528422A3D748469E1D3812108B85AFFE2AF32C050
                                                                                                              SHA-512:7A78503A5476E8655539E7CA3D8D1DC246B0CA51258DF6F7972FD2BA3396321A466E7E91C25E76452D9714C795E9DD7CD864DF7E63960E3B43E4E7D609346F10
                                                                                                              Malicious:false
                                                                                                              Preview: +.h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.a./.s.i.m.g./.f.a.v.i.c.o.n.-.2.x...i.c.o........... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\GiGr-rA9TBhE2c3LJn7PvDweiOo.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):374771
                                                                                                              Entropy (8bit):5.158592433297743
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:1irrzbB3LH7gaV6Z8LAfP0Rp6Izc04YFdNwRm2EjXi4SG7oIBYQmzeH:aHNfi4KwYQmzeH
                                                                                                              MD5:F279A46B56038C41BB3FC11D67D0FE46
                                                                                                              SHA1:B48121E695FD6483CAA7F48DE73FE9F121777109
                                                                                                              SHA-256:A9EA274B393E34591387AC0B4DE594BEE296386543DE34F4897281324DB0DCBB
                                                                                                              SHA-512:4C1754CF5E368D8CE86B135B789A4FF4BAAD1419F30A1EB3B65EAB62217C054D0066EA5FC22B5AA7643EA959854EBC2029B39CB7D1AEAAFB78B95A2A46430F84
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/GiGr-rA9TBhE2c3LJn7PvDweiOo.gz.js
                                                                                                              Preview: (function(n){function t(r){if(i[r])return i[r].exports;var u=i[r]={i:r,l:!1,exports:{}};return n[r].call(u.exports,u,u.exports,t),u.l=!0,u.exports}var i={};return t.m=n,t.c=i,t.d=function(n,i,r){t.o(n,i)||Object.defineProperty(n,i,{enumerable:!0,get:r})},t.r=function(n){typeof Symbol!="undefined"&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"});Object.defineProperty(n,"__esModule",{value:!0})},t.t=function(n,i){var r,u;if((i&1&&(n=t(n)),i&8)||i&4&&typeof n=="object"&&n&&n.__esModule)return n;if(r=Object.create(null),t.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:n}),i&2&&typeof n!="string")for(u in n)t.d(r,u,function(t){return n[t]}.bind(null,u));return r},t.n=function(n){var i=n&&n.__esModule?function(){return n["default"]}:function(){return n};return t.d(i,"a",i),i},t.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},t.p="",t(t.s=0)})([function(n,t,i){window.SpeechSDK=i(1)},function(n,t,i){"use strict";function r(n){for(
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\H_VmuFPRwWZ4UrVl0mPztnf3z5U[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:38:22], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):13897
                                                                                                              Entropy (8bit):7.900268685598436
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:hE9ZTKqcnOdNOEX35wsXK/vWqv/CAU7zXwn1sIQcoo43P:hE9oqcOdfX35wsaWqv6HUn1H4P
                                                                                                              MD5:B545C910F9993F7F930513DB793F4EE0
                                                                                                              SHA1:1FF566B853D1C1667852B565D263F3B677F7CF95
                                                                                                              SHA-256:A797D6446620B867248B43792B9AA457B42ADBB7099D9B3129E0D7743DAF67ED
                                                                                                              SHA-512:12A3A9EC217F8B05151D2BDC76B6B2942C86098F1182AD76B7119B959B9937ACFCACC0361188CDF17A629B1D4E76985DFC6AB409939496AF62354AE9FCEB162D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/H_VmuFPRwWZ4UrVl0mPztnf3z5U.jpg
                                                                                                              Preview: ......JFIF.....H.H....!.Exif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:08:01 11:38:22................................................................................................ ..................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..-#".Uj..........b.T..Gj.#..E..XD..0...ML...H....i.UN}.p}?:].pE8&O....*q.~UOR@l&...m;...jJE....v..8.p...Z..f'
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\HdepnBaFj-yarvouFUIlfV4Q9D8.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3201
                                                                                                              Entropy (8bit):5.369958740257869
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:rmo6TIPx85uuYPXznTBB0D6e7htJETfD8QJLxDO7KTUx42Z3rtki:sYuYPXznb0DR7dw8QhIWTQrt7
                                                                                                              MD5:4AADD0F43326BAD8EFD82C85B6D9A20E
                                                                                                              SHA1:4093FC4AB9821B646D64C98051A1CF0679CB2188
                                                                                                              SHA-256:968849A1E6AAED249C78B6CF1AF585AB6C8482A8C5398AB1D2DC3CB92E9EA68F
                                                                                                              SHA-512:616B06A6E3B2385E5487C819FC7F595D473B2F14E8CB76EFB894EDEAB3B26D2C9B679A9B275D924BECC37E156C70B0B56126CCFB62C8B23ABBA9DE07BD93D72A
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/HdepnBaFj-yarvouFUIlfV4Q9D8.gz.js
                                                                                                              Preview: var __spreadArrays=this&&this.__spreadArrays||function(){for(var i=0,n=0,r=arguments.length;n<r;n++)i+=arguments[n].length;for(var u=Array(i),f=0,n=0;n<r;n++)for(var e=arguments[n],t=0,o=e.length;t<o;t++,f++)u[f]=e[t];return u};define("clientinst",["require","exports"],function(n,t){function it(){a=0;u()}function u(){var n,s,t,o;e&&clearTimeout(e);for(n in i)if(i.hasOwnProperty(n)){s=n!=_G.IG?_G.lsUrl.replace(_G.IG,n):_G.lsUrl;for(t in i[n])i[n].hasOwnProperty(t)&&(o=b+s+"&TYPE=Event."+t+"&DATA="+f("[")+i[n][t]+f("]"),ut(o)||(g().src=o));delete i[n]}typeof r!="undefined"&&r.setTimeout&&(e=r.setTimeout(u,w))}function rt(){return _G!==undefined&&_G.EF!==undefined&&_G.EF.logsb!==undefined&&_G.EF.logsb===1}function ut(n){return rt()?ft(n,""):!1}function ft(n,t){var i="sendBeacon",r=!1;if(navigator&&navigator[i])try{navigator[i](n,t);r=!0}catch(u){}return r}var y,d,i,g,o,p;t.__esModule=!0;t.Wrap=t.Log2=t.LogInstrumented=t.Log=t.LogCustomEvent=void 0;var r=n("env"),s=n("event.native"),h=n("e
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\MDr1f9aJs4rBVf1F5DAtlALvweY.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):257
                                                                                                              Entropy (8bit):4.781091704776374
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:qMH4WXMHwmnIB4JmhyfAIB4Jmml0X2IUJIB4JrNOsK1A4JWW7jKYHVA4JRGYdA4S:q6XzD4jr43ldI74FNQlNj7jM9TlMlbSr
                                                                                                              MD5:51A9EA95D5ED461ED98AC3D23A66AA15
                                                                                                              SHA1:62FBB857B873BD79BEE7F16D0766A452FA2798A3
                                                                                                              SHA-256:A5B4181611E951FAECD6C164D704569C633E95FE68D3D1934B911A089EBF70E8
                                                                                                              SHA-512:CEE4231894F82627E50EC746D7C150E5303A1BF8864D7B084173B9D17663A27CC2915F5D0D4DC0602FE26D9EAA10DD98CF3422E7601F520EF34D45C9A506D6F7
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/MDr1f9aJs4rBVf1F5DAtlALvweY.gz.js
                                                                                                              Preview: var BM=BM||{};BM.rules={"#sc_hdu":[-1,-1,1],"#hp_id_hdr":[-1,-1,1],"#hp_container":[-1,-1,1],".hp_sw_logo":[-1,-1,0],".b_searchboxForm":[-1,-1,0],"#crs_pane":[-1,-1,0],"#sb_foot":[-1,-1,0],"#sh_rdiv":[-1,-1,0],"img,div[data-src]":[-1,-1,0],iframe:[-1,-1,0]}
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\N55Tc-oLNOuzZam9OghLsR0GD5U[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=GIMP 2.10.18, datetime=2020:04:16 19:04:38], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):8245
                                                                                                              Entropy (8bit):7.528284902127932
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:BKWN2AtZTviNV8+xq4UZg11u5FR5CUtlkZPRKY:Yi2aZTvNSU+ODR5CCkRr
                                                                                                              MD5:8BC40A6F56CB4477BFB120A472920EC1
                                                                                                              SHA1:379E5373EA0B34EBB365A9BD3A084BB11D060F95
                                                                                                              SHA-256:9050D49D0786F054BC4B7DA42690B034C208A4736B7DE430383A3333A51C9835
                                                                                                              SHA-512:50CD42440CF3C68FC807338C4F5E3AF681FEE41C0767EE7392F9C21A75D2B6483587E89E048128470DBA92EB054E82459BC16A3B0EE61DD89BAEA11E934EAAE9
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/N55Tc-oLNOuzZam9OghLsR0GD5U.jpg
                                                                                                              Preview: ......JFIF.....H.H......Exif..II*...............V...........^...(...........1.......f...2.......t...i...............H.......H.......GIMP 2.10.18..2020:04:16 19:04:38.....................................................................................................................................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(....(...(.....(...(..`.QE..QE..QE..QIH..(...(.....P.E.P.E...QE...QE.-.Q@..R..E.P.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NGDGShwgz5vCvyjNFyZiaPlHGCE.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):252
                                                                                                              Entropy (8bit):4.837090729138339
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:qbLkyK4hImTzBwhLM1whA+XzFE8KSiQLGPQQgnaqza:IQD2IkzaLMGAMzDBVKY+ia
                                                                                                              MD5:1F62E9FDC6CA43F3FC2C4FA56856F368
                                                                                                              SHA1:75ADD74C4E04DB88023404099B9B4AAEA6437AE7
                                                                                                              SHA-256:E1436445696905DF9E8A225930F37015D0EF7160EB9A723BAFC3F9B798365DF6
                                                                                                              SHA-512:6AADAA42E0D86CAD3A44672A57C37ACBA3CB7F85E5104EB68FA44B845C0ED70B3085AA20A504A37DDEDEA7E847F2D53DB18B6455CDA69FB540847CEA6419CDBC
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/NGDGShwgz5vCvyjNFyZiaPlHGCE.gz.js
                                                                                                              Preview: var Button;(function(){WireUp.init("button_init",function(n){var t=n.getAttribute("data-appns"),i=n.getAttribute("data-k");sj_be(n,"click",function(){Log.Log("Click","Button","",!1,"AppNS",t,"K",i,"Category","CommonControls")})})})(Button||(Button={}))
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1612
                                                                                                              Entropy (8bit):4.869554560514657
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                                                                                                              MD5:DFEABDE84792228093A5A270352395B6
                                                                                                              SHA1:E41258C9576721025926326F76063C2305586F76
                                                                                                              SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                                                                                                              SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:res://ieframe.dll/NewErrorPageTemplate.css
                                                                                                              Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):576
                                                                                                              Entropy (8bit):5.192163014367754
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:9mPi891gAseP24yXNbdPd1dPkelrR5MdKIKG/OgrfYc3tOfIvHbt:9mPlP5smDy1dV1dHrLMdKIKG/OgLYgtV
                                                                                                              MD5:F5712E664873FDE8EE9044F693CD2DB7
                                                                                                              SHA1:2A30817F3B99E3BE735F4F85BB66DD5EDF6A89F4
                                                                                                              SHA-256:1562669AD323019CDA49A6CF3BDDECE1672282E7275F9D963031B30EA845FFB2
                                                                                                              SHA-512:CA0EB961E52D37CAA75F0F22012C045876A8B1A69DB583FE3232EA6A7787A85BEABC282F104C9FD236DA9A500BA15FDF7BD83C1639BFD73EF8EB6A910B75290D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/Xp-HPHGHOZznHBwdn7OWdva404Y.gz.js
                                                                                                              Preview: var SsoFrame;(function(n){function t(n){if(n&&n.url&&n.sandbox){var t=sj_ce("iframe"),i=t.style;i.visibility="hidden";i.position="absolute";i.height="0";i.width="0";i.border="none";t.src=decodeURIComponent(n.url);t.id="aadssofr";t.setAttribute("sandbox",n.sandbox);_d.body.appendChild(t);n.currentEpoch&&sj_cook.set("SRCHUSR","T",n.currentEpoch,!0,"/");Log&&Log.Log&&Log.Log("ClientInst","NoSignInAttempt","OrgId",!1)}}function i(n){try{n&&n.length===2&&t(n[1])}catch(i){}}n.createFrame=t;n.ssoFrameEntry=i;sj_evt.bind("ssoFrameExists",i,!0,null,!1)})(SsoFrame||(SsoFrame={}))
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):2997
                                                                                                              Entropy (8bit):4.4885437940628465
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                                                                                                              MD5:2DC61EB461DA1436F5D22BCE51425660
                                                                                                              SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                                                                                                              SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                                                                                                              SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                                                                                                              Malicious:false
                                                                                                              Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[2]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):2997
                                                                                                              Entropy (8bit):4.4885437940628465
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
                                                                                                              MD5:2DC61EB461DA1436F5D22BCE51425660
                                                                                                              SHA1:E1B79BCAB0F073868079D807FAEC669596DC46C1
                                                                                                              SHA-256:ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
                                                                                                              SHA-512:A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=9002
                                                                                                              Preview: .<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can&rsquo;t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can&rsquo;t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4720
                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                              Malicious:false
                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gDsOfTXNZVl18jxNDvhXqAdf2tM.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1821
                                                                                                              Entropy (8bit):5.098212659804913
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:0N3GKBel/r5+8cDYC1YvHIH6ayskysb6NccyskpY3Imqc+DkR:oGKBelzw8fCuoaay5ySSy5q3Mc+4R
                                                                                                              MD5:EC15EB7CBFBFAA68BB1DE04A28C80270
                                                                                                              SHA1:D2570D4CFF3139EA66D15799C9E67211F5A03B20
                                                                                                              SHA-256:810A85F1E705231989251F3EB52DAFF3F0ACEE09C703339C301A7CBD22CF8FE6
                                                                                                              SHA-512:077446A676E47447CB771A119CD0EC2EC168E65FED4579E663866D2846F51E93B47367518EB9D79E04EACE139CDFF043E1E28D64559412B4770388B2FEF96A21
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/gDsOfTXNZVl18jxNDvhXqAdf2tM.gz.js
                                                                                                              Preview: (function(){function b(e){var l=e[1],s=l&&_ge(l.vid);s&&(h=_ge("bnp.nid."+f),i=n.getAttribute("data-overlay")==="true"?!0:!1,c=n.getAttribute("data-setscroll")==="true"?!0:!1,k(),ClassUtil.removeClass(h,y),s.style.display="block",c&&d(),sj_evt.fire("bnp.notif.shown",s),i?nt():sj_evt.fire("McpDismissed"),u=_ge(w),t=_ge(v),t.focus(),r=_ge(p),u&&sj_be(u,o,tt),t&&sj_be(t,o,g))}var v="bnp_btn_accept",o="click",y="b_hide",p="cookie_preference",w="bnp_btn_preference",r,u,t,n=_ge("bnp_cookie_banner"),s=_ge("b_footer"),f=_w.bnp.pb_sttc.id,h,e,i,c,k=function(){var t=n&&n.getAttribute("data-position"),i=_ge("bnp_container");i&&t&&t.toLocaleLowerCase()=="top"&&(i.style.top=t+"px",i.style.bottom="auto")},d=function(){var i=_ge("bnp_container"),r=_ge("bnp_action_container"),n=_ge("bnp_content_desc"),u=_ge("bnp_title_container"),t;i&&r&&n&&u&&(t=i.offsetHeight-(r.offsetHeight+u.offsetHeight+130),n.style.maxHeight=t+"px",t<280&&(n.style.marginRight="-10px"))},g=function(t){ManagedCookiePreferenceActio
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\hceflue5sqxkKta9dP3R-IFtPuY.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):426
                                                                                                              Entropy (8bit):4.904019517984965
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:2gcmRRt9Y4LF1Zd4XV4LFUXCdg/qUWYzP++xAQI:2gcmRRFfgiUb6MAj
                                                                                                              MD5:857A0DE0BBF14F3427A1AFA5CD985BCE
                                                                                                              SHA1:0C1D2E767F07E5C0F14EA64980DB213D379CC6F7
                                                                                                              SHA-256:3ED65F33193430C0B9DB61FFE7F5FE27B29F86A28563992C3AFC47D4C22C23D7
                                                                                                              SHA-512:E7F2603855A16464417B772517676F080CCEFFB8069C687BAC798B7EB2875FCDC207E40E8C56E7CFFD4D56CED572270988599D1D2B73FB8AAA7FDD076FE3E7B7
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/hceflue5sqxkKta9dP3R-IFtPuY.gz.js
                                                                                                              Preview: (function(n){function i(){var i=document.documentElement,r=document.body,u="innerWidth"in window?window.innerWidth:i.clientWidth,f="innerHeight"in window?window.innerHeight:i.clientHeight,e=window.pageXOffset||i.scrollLeft,o=window.pageYOffset||i.scrollTop,s=document.visibilityState||"default";n.enqueue(t,{x:e,y:o,w:u,h:f,dw:r.clientWidth,dh:r.clientHeight,v:s})}var t="V";n.wireup(t,{load:null,compute:i,unload:null})})(BM)
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):12105
                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1567
                                                                                                              Entropy (8bit):5.248121948925214
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:KyskFELvJnSYVtXpQyL93NzpGaQJWA6vrIhf7:KybivJnSE5aU93HGaQJWAiIh
                                                                                                              MD5:F9D8B007B765D2D1D4A09779E792FE62
                                                                                                              SHA1:C2CBDA98252249E9E1114D1D48679B493CBFA52D
                                                                                                              SHA-256:9400DF53D61861DF8BCD0F53134DF500D58C02B61E65691F39F82659E780F403
                                                                                                              SHA-512:07032D7D9A55D3EA91F0C34C9CD504700095ED8A47E27269D2DDF5360E4CAC9D0FAD1E6BBFC40B79A3BF89AA00C39683388F690BB5196B40E5D662627A2C495A
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz.js
                                                                                                              Preview: var wln=wln||"",Identity;(function(n){function i(n){n.style.display="none";n.setAttribute("aria-hidden","true")}function r(n){n.style.display="inline-block";n.setAttribute("aria-hidden","false")}var u,t;n&&n.sglid&&sj_be&&sj_cook&&sj_evt&&_d&&typeof _d.querySelectorAll!="undefined"&&(u=function(n){var i=n.getAttribute("data-a"),t=n.getAttribute("data-p");i==="false"&&t!=null&&sj_be(n,"click",function(){sj_cook.set("SRCHUSR","POEX",t,!0,"/")})},sj_evt.bind("identityHeaderShown",function(){var n=!1;sj_be(_ge("id_l"),"click",function(){var i,t;if(!n){for(i=_d.querySelectorAll(".b_imi"),t=0;t<i.length;t++)u(i[t]);n=!0}})},!0));sj_evt&&n&&(t=function(t){var h;if(t==null||t.idp!=="orgid"||(h=n.wlProfile(),h==null||h.name==null||t.name!=null)){var e=_ge("id_n"),u=_ge("id_p"),o=_ge("id_s"),s=_ge("id_a"),f=t?t.displayName:wln,c=t?t.img:null,l=t?t.idp:null,a=t?t.cid:null;e&&s&&(a||f)?(u&&c&&(u.title=f,u.src=c,r(u)),f.length>10&&(f=f.substring(0,10).replace(/\s+$/,"")+"."),e.textContent=f,e.inn
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):226
                                                                                                              Entropy (8bit):4.923112772413901
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:2LGfGIEW65JcYCgfkF2/WHRMB58IIR/QxbM76Bhl:2RWIyYCwk4/EMB5ZccbM+B/
                                                                                                              MD5:A5363C37B617D36DFD6D25BFB89CA56B
                                                                                                              SHA1:31682AFCE628850B8CB31FAA8E9C4C5EC9EBB957
                                                                                                              SHA-256:8B4D85985E62C264C03C88B31E68DBABDCC9BD42F40032A43800902261FF373F
                                                                                                              SHA-512:E70F996B09E9FA94BA32F83B7AA348DC3A912146F21F9F7A7B5DEEA0F68CF81723AB4FEDF1BA12B46AA4591758339F752A4EBA11539BEB16E0E34AD7EC946763
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz.js
                                                                                                              Preview: (function(n,t,i){if(t){var r=!1,f=function(){r||(r=!0,typeof wlc!="undefined"&&wlc(sj_evt,sj_cook.set,wlc_t))},u=function(){setTimeout(f,t)};n.bind("onP1",function(){i?n.bind("aad:signedout",u):u()},1)}})(sj_evt,wlc_d,wlc_wfa)
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pXscrbCrewUD-UetJTvW5F7YMxo.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):511
                                                                                                              Entropy (8bit):4.980041296618112
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:yWF4eguIWKvU9bEMsR5OErixCvJO1Vi5rgsM:LF4mKctEMYOK4CvJUVYM
                                                                                                              MD5:D6741608BA48E400A406ACA7F3464765
                                                                                                              SHA1:8961CA85AD82BB701436FFC64642833CFBAFF303
                                                                                                              SHA-256:B1DB1D8C0E5316D2C8A14E778B7220AC75ADAE5333A6D58BA7FD07F4E6EAA83C
                                                                                                              SHA-512:E85360DBBB0881792B86DCAF56789434152ED69E00A99202B880F19D551B8C78EEFF38A5836024F5D61DBC36818A39A921957F13FBF592BAAFD06ACB1AED244B
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/pXscrbCrewUD-UetJTvW5F7YMxo.gz.js
                                                                                                              Preview: var BingAtWork;(function(n){var t;(function(n){function t(t,i){var u,r;t.isAuthenticated&&(n.raiseAuthEventAndLog(t),u=_ge("sb_form_q"),u&&(r=u.getAttribute("value"),r&&(n.fetchLowerHeader(r),n.fetchScopeBar(r),i.notifEnabled&&i.notifFetchAsync&&n.fetchNotificationConditional())))}function i(n,i){n&&n.length==2&&t(n[1],i)}n.bindToConditionalSignIn=function(n){sj_evt.bind("ssofirstquery",function(t){return i(t,n)},!0,null,!1)}})(t=n.ConditionalSignIn||(n.ConditionalSignIn={}))})(BingAtWork||(BingAtWork={}))
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\test[1].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):64
                                                                                                              Entropy (8bit):4.373593025747649
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:UMs1TE5LH0cHrJU4YCf:U37cVUof
                                                                                                              MD5:E82D9BD501B46DF5CB2B650AF9E1B126
                                                                                                              SHA1:0FE6876226E88D8104ED51CB6329EB172BBA8D68
                                                                                                              SHA-256:C2BA8FCCFC980BCC8FC24E7A41BFCFEE88CCA9331C8D4D62890D7DFAB4A12226
                                                                                                              SHA-512:D3715E6A3C9012F2D8E1269E5C4B3E2F77FD2CD8E793AD39E51F1E1BE30F0818DDD01FAF3708EF789FDF347B92C6477C10A1155DEC582FF68185CBFD41C662E4
                                                                                                              Malicious:false
                                                                                                              Preview: IPv6Tests.TestIPv6Response('{&quot;type&quot;: &quot;4&quot;}');
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):5839
                                                                                                              Entropy (8bit):7.9250841372798595
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEMYxUwhZLlOtY+fA4PsSCbH6AzdLwiAflKa+SeaoQrono2b9ikUTLKH3V1YWl9:pPZch9gKaXPsSa6SdLwPQHSeNUooOnUM
                                                                                                              MD5:92624AEC4EDA937E88E943503776336A
                                                                                                              SHA1:2A20DC93804CCEB1C9423AD233CCAF677CC491E7
                                                                                                              SHA-256:F030C9376CFFB73E413D3B2A7C37C56C172B8A31A0D3DF58465A6DAB5A5DE294
                                                                                                              SHA-512:169975E8D825C227D334C026A1B017850F7C668C67897ACEB34E0A44093049CA76D697458C769947E81C0F3D47B972E764AFC6CC7BB2F0D75451487524EAF095
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhZsE.img&ehk=wkstOBEs6%2f%2bY%2bU76Drh7M5rDa8DMwYuFJILSwcR2QeM%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....n!.3......a..). c.......=*.`A.#.s.6...*1P.4N7.r...a......[.y%.K!...X.g.Gj..|s1..5i...I!...9.ww>.+....P.W&,+...|.v...T...Cuj.2..g..=...[.I=.N..V.te..S.t...........Q.......6.i...G1.T..)..Z.<3.'.d..V......a..s.=;..K...c....y.9.".G......}...(.wc+.....~...ri.[]...su,.1#...t.7.|=s.]j9`...6.%...I...R...s....EgA...{...$7s)h....u!.+K.i..-5....1J..0U.&....94..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[2].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):5649
                                                                                                              Entropy (8bit):7.918115971132142
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:5PEuUE9sqSNbl0MuagfZZy+ONW1EpkZTtH8EzNg91dY8esUtHV0Dyqf6qr:5PaIjOS4IJkEzeesWHVqBr
                                                                                                              MD5:50C9965EDF656ADF7AADD1E25C793E6B
                                                                                                              SHA1:6BD384C58B7CC4DEFB060F63EC1828250D95829F
                                                                                                              SHA-256:01EB6B5FDFF37ACF0F839A9F27C0E3903496A55F396C28332F4B68D405F4C278
                                                                                                              SHA-512:9CEE691797961188709080991CF0EED7FAC180D3E6747C99EC669D4AEB5A4EE5E3AFFD7589F26A6586EC39C1910920E5A82E6CE7CA97769B0237B9426E93F88E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fie4t.img&ehk=cag8kBIe2WvO4jBEE2jUZ2B9H7DECMB0Mf9%2foFzW3Ws%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.............C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+B..f.....gRU.1.:..'.5.pV..*..Xd~`Vnq[.hP.=c....E.......`^w...-C...X..\.p.e..O.<../i..,5Wum.j..R0y...JP3....8=(.....#>....A...z....0(....Rb.t..**..QE.$...2.n..J.X.......;....Y.@...6?.8f8A..k..v..J.M.H'.<....?....*...p.I&....d.\v:.7O.....c,...q...\...R.2[..J...rT..y.....W.m..N9..-.`A..@n... ...t..=.....k.A....s....P...c.*[o...'>...tl...S..e.!Y...0~R6.G_
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[3].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4976
                                                                                                              Entropy (8bit):7.90916888477519
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEcFVD4Fn6s3/o4oECJYtvPmWd6BUc/cxmBG5MnHh2Lti6XxP:pPN6B3/3CgveWUF/BlyBhP
                                                                                                              MD5:7B6DAF8F38B0D6C35F6A585EA6F5FF7C
                                                                                                              SHA1:53A7A8C177805E0B56BD39A796CBCAEF7F94059F
                                                                                                              SHA-256:4AB7A4617D78E096CA0C025A851854EA3178696178AB6BD56CFC65338DEFA206
                                                                                                              SHA-512:66989BE6DFF467A8AB629F72AC9FD5526411AE608D1C9AE2683FFD40898699307D5B8F0A406377A7CB572A53E0650D3C5ABE1C18F2BA4D7527E46B83A9555541
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhUO6.img&ehk=SDxWE134VkA1eEap8h6JY9WAK4k9TMJyrRhPzgIyHmQ%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.............C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..;..^.@....VR.........le.....dR.@...V5v.%..d....i...'|{...7X......xV8.....}.g.z.V.y..u?uz..sze...4..2*......|..]..N:......"&.....`.....JHt..;..9...9.[.4..y"a............$.O,$qK+..9...N..mu...)Y-pU.(.=.......2).....R......_.i...Fx......T....o{.B.+i.b`.yx'#.......:b....zm.1....voN.W..J..~@=....-M....Op..bi#..?.n\...}..]'.<..Y....KDS...1..h0..8.MK..Q.<....Z.q..g
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[4].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4887
                                                                                                              Entropy (8bit):7.90650017037878
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEdmyzgDsv/G56KqcIiUy4BQjyNgqNap7pq0T6HyCK:pPWmUgDs25bjUHKyNgqNap7IHyCK
                                                                                                              MD5:2559EE81256DFE1BF31F17F45F44AAE2
                                                                                                              SHA1:E97B9561B3E3E1FA982E253E16A059BCF492840F
                                                                                                              SHA-256:AB2D5211488DCD54098E8A09CBECB58DE0AC312EA6C6F4D047B32FCACEBD16C3
                                                                                                              SHA-512:90CE8A196AE0B5BB7188BCC004C101DBA63A60AECE26042FE1B18D59879BB6F6BD75DA7D36845AAEFE54C6BB6865FC1AEFF15DDDC9E64CD0A2719CECB29E5417
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fgxeP.img&ehk=0PZgMz9X8lrbBs0BDCOMvUrKSupSm06dh3salDJLwuo%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...{T..~..<...!....#CqW..Jp.=).0..K....j..R..9..r:..,..".Wp.O......#.zUymd..5...([... ...*..f_........V....j.d.8>.wdX....A=}....,..l..<....g.%..=.-.j[.J...@....?...;..R..K..T.vF21.WS....ngK`...9+.jI.RHq..>.*}1s.....B..R....Q..{...^..:....b.I*"d.'8..\I./|.$.Z....Br.w1[..Gabp.7.5RZ%..3..".zv.7B.Z..F.c.GZ).s.+uV)X..t.}M...Gr75}.?,...|.I..6..!. ..(...1F.#X
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[5].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4527
                                                                                                              Entropy (8bit):7.90307601288542
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEAu4ONUL0/SGXTHx7PVuMh10nvc54tyiSMnn:pPBujmwSGjRRuMf/DJMn
                                                                                                              MD5:3EBA9EE21050E333915BCC13F9580181
                                                                                                              SHA1:BD8B55B700D152218C8C394F24343F7F2F344E05
                                                                                                              SHA-256:85EF76B6496CC8B563D32F02750D44858FE824022C1C0F3D282A59318CE39C87
                                                                                                              SHA-512:7E59C4CBB87A9A3DDB19B8DB8DBE498B16D479E73F2701A23EE6D3DC8F9423DBE5E209EFE1DC3D3477E0C466ED63C6333B787C92A282860154B8BEAEAD821F06
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fibNh.img&ehk=3x4%2fNPXV9EBmnOAAcX1%2fQ5Gyb%2b1gXOoslmw8FjV9k3o%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...u.R.^......-..(...b.Z(.....5u.-...y..)^.8&.....\..v.t......UFY.\......H.0#....{.1.o..Xz.....X$e.we...s..Q...Y$N..;.Ry=6..Z.kb.v....(.|...1..W..=...H.....Wmr..f%^.9../>(.h.eG...."..U...Q.Br?....U]M^...w+....E,9Ry.b..n...D.3..[8.Z..F....W.z1.V.55...f...?...1..........}^.P..E c...z...I.<l.OB:..!R3Z3.JPz....fdb.H)@....Q@.E%(..b...c.4......gT...f..y_..c...8A.j6F
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[6].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):7021
                                                                                                              Entropy (8bit):7.933108261342034
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:5Px9q5BO35FdqEuKa6YRjFgb3RoaEImCXpV3:JOBmXqrgb3Ronc7
                                                                                                              MD5:44F7C809F214CE85CBD257F0A5B6CABE
                                                                                                              SHA1:2AAB8ABF215D6184430CC5A613B95DE2C37A1AE8
                                                                                                              SHA-256:09616D9D7B29250AA20BF6991659A26B1A35BCE909B59B27A67EC3F84BB471D7
                                                                                                              SHA-512:B9664880E25F87F746D8A4DC8D43D381A1EFC963A6FFEB1970AADB734086D384A203C7966E8ADC1D6C2ABD3A676D97B6A15B55ACBAED5F52A376BB688B9BBA1D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fijdJ.img&ehk=A%2b4qx1841Yn%2fVW3OxzhL470sC5TKuV8Xuu5w%2brgbKio%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....H.H.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...N.Sytyg..3.....Dg...w'R...jm..a..rn.....}(.}(.].m..R.>.l>.\...m.v.m..G...K..m!..&.nh..\.r.ZiJ....f..*...`.*y.9.|GN..).+>cGL....R...O. ..VBR...~..{Q.U..l..W.*.../j.c....N.L.L1U..Lu\.n.S.)V.t.:|..Em..j...e.b..6SJU...*[4Q+...9J)s..h...*P..k....D{)BT.iB....%8%H...\.*D{(.M........H@ 1....p.7..^.x....S../..JR...4w1."l.....?..K.)RkFW1.Lud.4.W9..X.M)VJ.J..'
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\th[7].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4186
                                                                                                              Entropy (8bit):7.897188510192193
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEyR15mS+mXbhzTNRU+rg8WcMHxbasWvnzs5clp:pPpR15mS+wTNRU2pWcMHxmhzP
                                                                                                              MD5:A3275E97CE5E2696FECD66AAD091EBDD
                                                                                                              SHA1:442D64A8B9EC87A638AE6E26420C3B9695A81139
                                                                                                              SHA-256:8A0EB92E780869E0C945DFB91D1EF7CCD1D5C746651950CEA87C174C30C837FD
                                                                                                              SHA-512:41CCC218B82712DCAFF6C99CCE8FB9B0D71DCA2AB65C0D29E2639142876B03AB0E0B7A98FAB5694D7AE1E6E47F08A6128728870D44E14EF39797FECD76267B36
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fij1k.img&ehk=qLLbONdxbZkSSFWsv%2brh3vI4YUbEfid%2f4Ut3UGK44UE%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....,.,.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........R.&(.8.1@...)...n)1O.&(...Q.\R.4=E_..P..DjX.8.u.-8.*YF|.f....6L.|.P...k..Y.+x.).......a.En...(..s3.,....u.....]..H0.+"o.[s./.].)5...F....."I.4.q5vk.!.y....v.:.A.z..-.-U.I.c.4F.qe..+.ec.]ln.qNo....l.*...A..O....$.N...+.J.........6.4.z.@.N*9u..;.@GU2..X......[..\...q.t.u/.7.3cRF......V..>K....sZO.2..BA....L.....+.#..'...T..?.^....fG....E..5..]..z.F.SF.....
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1516
                                                                                                              Entropy (8bit):5.30762660027466
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:+FE64YTsQF61KWllWeM2lSoiLKiUfpIYdk+fzvOMuHMH34tDO8XgGQE3BUf4JPwk:+FdF6UYXEBi9kIHIB1UY
                                                                                                              MD5:EF3DA257078C6DD8C4825032B4375869
                                                                                                              SHA1:35FE0961C2CAF7666A38F2D1DE2B4B5EC75310A1
                                                                                                              SHA-256:D94AC1E4ADA7A269E194A8F8F275C18A5331FE39C2857DCED3830872FFAE7B15
                                                                                                              SHA-512:DBA7D04CDF199E68F04C2FECFDADE32C2E9EC20B4596097285188D96C0E87F40E3875F65F6B1FF5B567DCB7A27C3E9E8288A97EC881E00608E8C6798B24EF3AF
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz.js
                                                                                                              Preview: var Identity=Identity||{},ham_id_js_downloaded=!1;(function(n,t,i,r,u,f,e){e.wlProfile=function(){var r=sj_cook.get,u="WLS",t=r(u,"N"),i=r(u,"C");return i&&e.wlImgSm&&e.wlImgLg?{displayName:t?t.replace(/\+/g," "):"",name:n(t.replace(/\+/g," ")),img:e.wlImgSm.replace(/\{0\}/g,f(i)),imgL:e.wlImgLg.replace(/\{0\}/g,f(i)),idp:"WL"}:null};e.headerLoginMode=0;e.popupAuthenticate=function(n,i,r){var o,u,h,c,v=sb_gt(),l=Math.floor(v/1e3).toString(),s="ct",a=new RegExp("([?&])"+s+"=.*?(&|$)","i");return n.toString()==="WindowsLiveId"&&(o=e.popupLoginUrls,u=o[n],u=u.match(a)?u.replace(a,"$1"+s+"="+l+"$2"):u+"?"+s+"="+l,e.popupLoginUrls.WindowsLiveId=u),(o=e.popupLoginUrls)&&(u=o[n]+(i?"&perms="+f(i):"")+(r?"&src="+f(r):""))&&(h=e.pop(u))&&(c=setInterval(function(){h.closed&&(t.fire("id:popup:close"),clearInterval(c))},100))};e.pop=function(n){return r.open(n,"idl","location=no,menubar=no,resizable=no,scrollbars=yes,status=no,titlebar=no,toolbar=no,width=1000,height=620")};var o=u("id_h"),s=u("id
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1220
                                                                                                              Entropy (8bit):5.024732410536042
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:6Vj1V5FrGj6BBEEo6maDU6CWi4dDRRE0Slc7qHy5++vY:8v5TBG6U6C+DLSiL+P
                                                                                                              MD5:E34F2CDADA9986F52CCFAB129645ABAC
                                                                                                              SHA1:93FF6CA74EB48A6825F9BC21BEE52159987C0A82
                                                                                                              SHA-256:79C181E7D29CF735AE99FD86C42934D7FD6FB51E6481D788E1CB812C7DC63DF6
                                                                                                              SHA-512:671EF1DB12BEE74E8E6BAEE8850F4F6A278E51F2236A851A24D889CE40040273088B2D206F2AA42BD1475F4F88F7B4420BC4CE6922023DE205308C56A3C96A4C
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz.js
                                                                                                              Preview: var Feedback;(function(n){var t;(function(){"use strict";function u(t,i){var u=t.getAttribute("id"),f;u||(u="genId"+n.length,t.setAttribute("id",u));f=new r(u,i,t.getAttribute(i));n.push(f)}function i(n,t,i){i===null?n.removeAttribute(t):n.setAttribute(t,i)}function t(n,t,r,f){for(var e,s=_d.querySelectorAll(r),o=0;o<s.length;o++)(e=s[o],f&&e.id&&f[e.id])||(u(e,n),i(e,n,t))}function f(n){for(var u=_d.querySelectorAll(n),e=1,f={},t,i,r=0;r<u.length;++r){if(t=u[r],!t.id){for(;;)if(i="fbpgdgelem"+e++,!_ge(i))break;t.id=i}f[t.id]=t}return f}function e(){var i="tabindex",r="-1",n=f("#fbpgdg, #fbpgdg *");t(i,r,"div",n);t(i,r,"svg",n);t(i,r,"a",n);t(i,r,"li",n);t(i,r,"input",n);t(i,r,"select",n);t("aria-hidden","true","body :not(script):not(style)",n)}function o(){for(var r,t=0;t<n.length;t++)r=_d.getElementById(n[t].id),r&&i(r,n[t].attributeName,n[t].originalAttributeValue);n.length=0}function s(){typeof sj_evt!="undefined"&&(sj_evt.bind("onFeedbackStarting",function(){e()}),sj_evt.bind("onF
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):964
                                                                                                              Entropy (8bit):4.421237058266115
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:t741nTY2jmYXhgauOwgXl3gHuWg9cZLzix9QiVCVCTikxQmQ6Nkpgeoo7:dQnkwXhnuOwIlwHuW7nC9QkaUzQm3Nk5
                                                                                                              MD5:88E3ED3DD7EEE133F73FFB9D36B04B6F
                                                                                                              SHA1:518B54603727D68665146F987C13F3E7DCDE8D82
                                                                                                              SHA-256:A39AB0A67C08D907EDDB18741460399232202C26648D676A22AD06E9C1D874CB
                                                                                                              SHA-512:90FF1284A7FEB9555DFC869644BD5DF8A022AE7873547292D8F6A31BA0808613B6A7F23CB416572ADB298EEE0998E0270B78F41C619D84AB379D0CA9D1D9DA6B
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg
                                                                                                              Preview: <svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" enable-background="new 0 0 16 16"><g fill="#00809D"><path d="M2.25 0h-1.25c-.263 0-.521.107-.707.293-.186.186-.293.444-.293.707v1.25c0 .552.448 1 1 1s1-.448 1-1v-.25h.25c.552 0 1-.448 1-1s-.448-1-1-1zM1 8.75c.552 0 1-.448 1-1v-1.5c0-.552-.448-1-1-1s-1 .448-1 1v1.5c0 .552.448 1 1 1zM2.25 12h-.25v-.25c0-.552-.448-1-1-1s-1 .448-1 1v1.25c0 .263.107.521.293.707s.444.293.707.293h1.25c.552 0 1-.448 1-1s-.448-1-1-1zM11.75 2h.25v.25c0 .552.448 1 1 1s1-.448 1-1v-1.25c0-.263-.107-.521-.293-.707-.186-.186-.444-.293-.707-.293h-1.25c-.552 0-1 .448-1 1s.448 1 1 1zM6.25 2h1.5c.552 0 1-.448 1-1s-.448-1-1-1h-1.5c-.552 0-1 .448-1 1s.448 1 1 1zM14.5 7h-.5v-.75c0-.552-.448-1-1-1s-1 .448-1 1v.75h-3.5c-.828 0-1.5.671-1.5 1.5v3.5h-.75c-.552 0-1 .448-1 1s.448 1 1 1h.75v.5c0 .828.672 1.5 1.5 1.5h6c.828 0 1.5-.672 1.5-1.5v-6c0-.829-.672-1.5-1.5-1.5z"/></g><path fill="none" d="M0 0h16v16h-16z"/></svg>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hsq54HXv3E6bOWi_58PaE6vwTYM.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:exported SGML document, ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4424
                                                                                                              Entropy (8bit):5.151067247813042
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:B3D+ca6IQkQQX6hJmK/Kl9L3vVPTkyfXeJLYLZq76NH:V+ca6IBQQX6aKClFfVPTkyWJLW/
                                                                                                              MD5:FA0E965181E637575B37390656518D0D
                                                                                                              SHA1:06F24D11B54319BE23CDB7C8EEB9D79AAD9CFD06
                                                                                                              SHA-256:4CCC277A590605079234A0C82BFB6C0909B72453D8A45DCACF64463BC429492C
                                                                                                              SHA-512:CA8557ACBC8F7EDEF64FFB0C8A1A7AACE917848FDFA5D3A0ED2867999C6D994DC5E12CEE70E4771C7B0C9C1638071495BD771945FB204B9CFCC589386FFF3A40
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/hsq54HXv3E6bOWi_58PaE6vwTYM.gz.js
                                                                                                              Preview: define("rmsajax",["require","exports"],function(n,t){function c(){for(var i,n=[],t=0;t<arguments.length;t++)n[t]=arguments[t];if(n.length!=0){if(i=n[n.length-1],n.length==1)ot(i)&&f.push(i);else if(n.length==3){var o=n[0],s=n[1],u=n[2];st(o)&&st(s)&&ot(u)&&(ht(r,o,u),ht(e,s,u))}return window.rms}}function nt(){var i=arguments,n,t;for(o.push(i),n=0;n<i.length;n++)t=i[n],ct(t,r),t.d&&tt.call(null,t);return window.rms}function kt(){var t=arguments,n;for(s.push(t),n=0;n<t.length;n++)ct(t[n],e);return window.rms}function l(){var t,i,n;for(ri(),t=!1,n=0;n<o.length;n++)t=tt.apply(null,p.call(o[n],0))||t;for(i=0;i<s.length;i++)t=ti.apply(null,p.call(s[i],0))||t;if(!t)for(n=0;n<f.length;n++)f[n]()}function tt(){var n=arguments,t,i,f,e;if(n.length===0)return!1;if(t=r[ut(n[0])],n.length>1)for(i=ui.apply(null,n),f=0;f<i.length;f++)e=i[f],e.run=u,dt(e,function(n){return function(){gt(n,i)}}(e));else t.run=u,ft(t,function(){it(t)});return!0}function dt(n,t){var f,u,r;if(!n.state){if(n.state=pt,at(n)
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\lvgH[1].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:gzip compressed data, max speed, from TOPS/20
                                                                                                              Category:dropped
                                                                                                              Size (bytes):377
                                                                                                              Entropy (8bit):7.41819284585811
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:XtAbNp318VwpXnmf77BbGaPEfBNw8ypMF7cpkBKRiTH+m+9hSI/v22WUzYg5apTm:Xe3ZpXnmV85uPRfmOwIn22dzYggpT3QB
                                                                                                              MD5:66D7D24593577DAC0890A339E8A0516B
                                                                                                              SHA1:CE5E56A7CACB0782B6A97C6E7383ECEB3212A764
                                                                                                              SHA-256:077AD2F9C9513A7AAE1C9D4E7613C714437DA9D1020EB33CEE9834F7EAAFC6C8
                                                                                                              SHA-512:3EAF45FC5AEE34F2D22F907C7B3ABFC5C9665D8FE39DE9928C5C308FE78BF89569A6319347C63A47596D5E876A49A068BA70DD074FA05AE044188E2D5D289D91
                                                                                                              Malicious:false
                                                                                                              Preview: ..........T.Ms.0.F....p..K_.PI..#...U.Z?6L.H.`.M.._..v..3g..9T..p..<s.Q...29..J}.........q......-.[."...iL...P.u;Q....-8j]..>....s......!.f.m.b..c..U...!.1....Y...K_...u..tF. ..1.b...'..`-Py....i.P|4~._.............d....._..%JT_.#.ON..e..K...g.4;c..h.c.;._Er.s?D~.v*:.582.N.......K..%..|..._.7u=@.xY=]D..q.'.tl...X......c=BF>C....A..m...4.o.............Y.b....
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\model[1].json
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16232
                                                                                                              Entropy (8bit):5.521169464151162
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:HiePm3yt9YYr+R1r6m75bh5u5hOuKsVMhu3kx0m4iDewY/rfrEraIO1uYPW:CZ3yjYYQF5uTOuKsV2u3kx0m4iDewY/i
                                                                                                              MD5:674960F3F7AE46A594B5859BD6E6A698
                                                                                                              SHA1:CBD0345D8D39D145F0696FA5085391D4C382D628
                                                                                                              SHA-256:94D6D69973E55C3528543D3C7FB9177E6698B1F27C254DEAD11769173C85BD62
                                                                                                              SHA-512:3E1470CFBCF50B225B4625B3C15F88737D25DE79E2E756C0CDEBB8D6EC2971C9B360B244024798FD95BB991534E324A6E8BDD63BA01797551CAE78A98A39B60B
                                                                                                              Malicious:false
                                                                                                              Preview: {"ClientSettings":{"Pn":{"Cn":1,"St":0,"Qs":0,"Prod":"P"},"Sc":{"Cn":1,"St":0,"Qs":0,"Prod":"H"},"Qz":{"Cn":1,"St":0,"Qs":0,"Prod":"T"},"Ap":true,"Mute":true,"Lad":"2021-04-04T00:00:00Z","Iotd":0,"Dft":null,"Mvs":0,"Flt":0,"Imp":2},"MediaContents":[{"ImageContent":{"Description":"If you find yourself in Germany or Austria around Easter, you.ll see trees, branches and bushes decorated in colourful eggs such as these. The Ostereierbaum (or Easter egg tree) is a German tradition dating back centuries. Nobody is quite sure of the exact origin, but eggs have long been a symbol of rebirth and spring.","Image":{"Url":"/th?id=OHR.EggTree_ROW9453259256_1920x1080.jpg&rf=LaDigue_1920x1080.jpg","Wallpaper":"/th?id=OHR.EggTree_ROW9453259256_1920x1200.jpg&rf=LaDigue_1920x1200.jpg","Downloadable":true},"Headline":"Info","Title":"Ostereierbaum (Easter egg tree) in Saalfeld, Germany","Copyright":". Rudi Sebastian/Alamy","SocialGood":null,"MapLink":{"Url":"","Link":""},"QuickFact":{"MainText":"","Lin
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\msnpopularnow[1].json
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):10557
                                                                                                              Entropy (8bit):5.518665687721615
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Z/m8FlXHUHRiHeRABau450ZqVPtNK3Hutvzx/JTpkH2W8TDE3PXIt6pNsmlXbOmL:xm8XXHKNicP+c1U+txhTp5WC+A8IwQ2l
                                                                                                              MD5:71185BA6B97E9A2E74DFE7A2D1CA07EA
                                                                                                              SHA1:07ABA570A6FCB6CBF848FA621343AC4FA849B19B
                                                                                                              SHA-256:BC90D83DD02A419048C92CDDC51FCCAD0AE5A26B9AEAD6130C3F2E1EDAB96C2A
                                                                                                              SHA-512:DC8FAE80B64EB351E1ADF5B5F6B1566BE4E441032C9F818B5A6E29F5527D04056781633AF8D1916ED622D9E7B05F0B66FD6943D8CC9F9B7F7C7CD94979440E9A
                                                                                                              Malicious:false
                                                                                                              Preview: {"title":"","data":[{"typeName":"Msn","items":[{"url":"https://www.msn.com/de-ch/nachrichten/schweiz/schweizer-pass-nach-der-schulzeit-junge-glp-will-einb.rgerungsdebatte-aufmischen/ar-BB1fif4j?ocid=BingHPC","imageUrl":"/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fiaI7.img&ehk=3CfFOJqoBtbGInsAB%2fv9rlt%2f4VmgtElnbKf98WA8jNw%3d&w=150&h=150&c=8&rs=2&pid=WP0","shortTitle":"watson.ch","longTitle":"Junge GLP fordert Recht auf Schweizer Pass nach der Schulzeit","accessibilityTitle":"","subtext":"","isRecommendedNews":false},{"url":"https://www.msn.com/de-ch/nachrichten/vermischtes/taucherin-tot-aus-dem-rhein-geborgen/ar-BB1fi1Ia?ocid=BingHPC","imageUrl":"/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhZsE.img&ehk=wkstOBEs6%2f%2bY%2bU76Drh7M5rDa8DMwYuFJILSwcR2QeM%3d&w=150&h=150&c=8&rs=2&pid=WP0","shortTitle":"watson.ch","longTitle":"Taucherin tot aus dem Rhein geborgen","accessibilityTitle":"","subtext":"","isRecommendedNews
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\rts9nEsNRQyptbf7QsuOprgSs18.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):16187
                                                                                                              Entropy (8bit):5.285269342274473
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:+WLj/9N/zdUjP+c4QQKaKCTpTkyWJL4O4YuiqRqNlRxW+:+u/P/zdUrahT9SP1uiqR0T3
                                                                                                              MD5:5401B96838943118DA599809C0682C8C
                                                                                                              SHA1:BDCCFB10E4A0F35D86A5744C6A96797D2AA7830E
                                                                                                              SHA-256:BDA0C9E0E383E135046A76CA040CB3B2D9477B3CB2AF95358682B5F2FB143794
                                                                                                              SHA-512:D46F15DEBC4932D8B789E001DDCB03BDE8094C5A93F4404C3626F241AB89AD97766FDC4E6D612E317A26ABB5AD1D8722ED7F17EF1A1723B0BB19E5274ADA1D3E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/rts9nEsNRQyptbf7QsuOprgSs18.gz.js
                                                                                                              Preview: var customEvents,__spreadArrays,fallbackReplay,EventLoggingModule;_w.EventsToDuplicate=[];_w.useSharedLocalStorage=!1;define("shared",["require","exports"],function(n,t){function s(n,t){for(var r=n.length,i=0;i<r;i++)t(n[i])}function r(n){for(var i=[],t=1;t<arguments.length;t++)i[t-1]=arguments[t];return function(){n.apply(null,i)}}function u(n){i&&event&&(event.returnValue=!1);n&&typeof n.preventDefault=="function"&&n.preventDefault()}function f(n){i&&event&&(event.cancelBubble=!0);n&&typeof n.stopPropagation=="function"&&n.stopPropagation()}function e(n,t,i){for(var r=0;n&&n.offsetParent&&n!=(i||document.body);)r+=n["offset"+t],n=n.offsetParent;return r}function o(){return(new Date).getTime()}function h(n){return i?event:n}function c(n){return i?event?event.srcElement:null:n.target}function l(n){return i?event?event.fromElement:null:n.relatedTarget}function a(n){return i?event?event.toElement:null:n.relatedTarget}function v(n,t,i){while(n&&n!=(i||document.body)){if(n==t)return!0;n=n.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sbi[1].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):46137
                                                                                                              Entropy (8bit):5.492718429280291
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:WkuL2ym/YIZE2u1U5l7Ez+YIdQFSO4FWCPPZPzATfZjFwummSczZxG3IuO7JUDWB:plB1FWCpPwkNijuSjyir
                                                                                                              MD5:8147A3C6CCDAD2147CA32BA6DB54E40A
                                                                                                              SHA1:3257CCC8CED1107ACBE3697B61F1C5ED3A86A4E6
                                                                                                              SHA-256:E783F26B771F68588FF468DE04C50E6A3E7BC4A11FEBDB52A17511E9DFE91297
                                                                                                              SHA-512:005695CB7F9FBB397109F11FDD375F23D5C678C7F26036E3937C916F75C96857F6A7C1B10D5820588461479A14B69026A3277389E5C02D09359D5A2BD9CF3C67
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=8BB3CF3BB75D43448A7AA2A010908F39&form=REDIRERR
                                                                                                              Preview: <style type="text/css">#sbiarea,#sbicom{display:none}.hassbi #sbiarea{display:inline-block}#sbiarea{margin:0 0 0 18px}.sbox #sb_form #sbiarea{margin:0}#sb_sbi{display:inline-block;cursor:pointer}img#sbi_b{vertical-align:-2px;height:20px;width:20px}#detailPage #detailheader img#sbi_b,.blue2#miniheader img#sbi_b,.sbox img#sbi_b{vertical-align:-3px}.blue2#miniheader img#sbi_b{vertical-align:-1px}#sbi_b.grayscaled{filter:grayscale(1) brightness(1.4);-webkit-filter:grayscale(1) brightness(1.4)}#sbi_b.grayscaled:hover{filter:grayscale(1) brightness(1);-webkit-filter:grayscale(1) brightness(1)}#sb_sbip[shdlg] #sbi_b{filter:grayscale(0);-webkit-filter:grayscale(0)}#sb_sbip .rms_iac{display:inline-block}#sb_sbip:not(.disableTooltip):hover::before,#sb_sbip.shtip:not(.disableTooltip)::before,#sb_sbip[vptest]::before{bottom:-27px;left:10px;z-index:6}#sb_sbip:not(.disableTooltip):hover::after,#sb_sbip.shtip:not(.disableTooltip)::after,#sb_sbip[vptest]::after{top:40px;left:10px;z-index:4}#hp_contain
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\swyt_VnIjJDWZW5KEq7a8l_1AEw.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):2298
                                                                                                              Entropy (8bit):5.34865319631632
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:KWEkTScZVcMBOwXhzwBi88RnX8ec0T39B8onA008xG9FLCx3w0S5xJ:KWEkTDZVXpR0BiXjTtB8mA0zxWsx3PG/
                                                                                                              MD5:A8D7D1B3681590980B2D7480906078DB
                                                                                                              SHA1:C9A7A400DB1EBAD4DCA028546EE5F5B2EF4136BD
                                                                                                              SHA-256:1390485DC88B6230389D9C95232A3710BF38D47271708A279B12D7E68E43F649
                                                                                                              SHA-512:710D31EFD76614EC4C94888E2FCC49ABAB50EF406FC0F1C5C10D8AA21D4E9F349DE78068B2BAFE495C074AB4E6EC0A5D44EB5506B2D79C78707A23C1D8206664
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/swyt_VnIjJDWZW5KEq7a8l_1AEw.gz.js
                                                                                                              Preview: var Bnp=Bnp||{};Bnp.Global=Bnp.Global||{};Bnp.Version="1";Bnp.Partner=Bnp.Partner||function(){function u(n){sj_evt.fire("onBnpRender",n)}function i(n){var r=r||{};if(typeof r.stringify=="function")return r.stringify(n);var o=typeof n,u=n&&n.constructor==Array,f=[],e,t;if(o!="object"||n==null)return o=="string"?'"'+n+'"':String(n);for(e in n)t=n[e],t&&t.constructor!=Function&&(u?f.push(i(t)):f.push('"'+e+'":'+i(t)));return(u?"[":"{")+String(f)+(u?"]":"}")}function o(n){for(var r=[],u=n.getElementsByTagName("script"),t,i;u.length;)t=u[0],i=sj_ce("script"),t.src?i.src=t.src:t.text&&(i.text=t.text),i.type=t.type,t.parentNode.removeChild(t),r.push(i);return r}function s(n){for(var t=0;t<n.length;t++)f(n[t])}function f(n){t=t||_d.getElementsByTagName("head")[0];t.appendChild(n)}function h(n){for(var t,i=0;i<n.length;i++)t=sj_ce("style"),t.type="text/css",t.textContent!==undefined?t.textContent=n[i]:t.styleSheet.cssText=n[i],f(t)}function c(){sj_evt.fire("onPopTR")}var n="dhplink",t,e=2500,r=
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th8OZJGP4T.jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4801
                                                                                                              Entropy (8bit):7.888971314817874
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPExDH+yDBnNvL3pc4k5pATc/2bGwfr1swp7xHLMd5ix+kkPeixaFv:pPsH9ND3rk5pAc/Jwfr1swodsxJ6xaJ
                                                                                                              MD5:999E313132E93B64215C9E697E38A957
                                                                                                              SHA1:0C6FE685F55484552F9707221677181C8C8E019A
                                                                                                              SHA-256:7F44187AFFBD7B5883EC3F2D6D8DECEDF970E69C23188010359CA5972343465F
                                                                                                              SHA-512:D1E36C878479DB2717893C4AD4FB950FDDDFA429A6E60275FB57981463FE72D291C7A7E71739861E3D75528D834D5594073122B8617BA033ED489C9A82587385
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhS6M.img&ehk=%2f0JAqpQqod962cMnoZLARKJBDpX3cb4q6U7AFUmBfA4%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.j...`......|.).....S.4...:R.,:g.0....1F.U...a..W........_..sH.4.-.......`.[.N....@{....R.X.j Q.(l.<.Vn..m.:.L...i.7s.~.s.../...(U.$.=i6.g9...6...c.....c.y.....m&.C....{.n.`h.h..O*F..1..i.{e$.~..Q...,..v..>6 ...m..(.'.OLSr.p*A...V.....z...b.C...M...To..`f@I.x...I...F<hX....m.~.S9.B..Rr8.I.m....1.p?....kV.....^J.<.y0.....:..#..c6=(..I.e......A.h.c......1..=
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\thQTFZKKK8.jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):7167
                                                                                                              Entropy (8bit):7.9380429811903745
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEal92hQ3Qj75YY/nTXniMv2ofpJJFMmSMFobLizXUyqqHZCiBJDGrZxWVj1MgR:pPUhQ27T/n/VpTwAobOQyqu8iBJDsoVN
                                                                                                              MD5:682C835CF71EF751DDE2F8395941CAB6
                                                                                                              SHA1:62B8C13B80D920A0A4617FD9AD2B194A36391E25
                                                                                                              SHA-256:2924103CAE9DF18AE07872F53F93A13BB49BB7A5100EAD50A4DACFCA7BAD5452
                                                                                                              SHA-512:7003948EC0AD851287C23000C3F0B968094F3B784606178B6E4F436F061634F05D5FE0ED64EE890493D276E9F2112C6FE131E808075E5F9EE339DD72CDD585E6
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhRFn.img&ehk=cKDFEIrw%2b9reMVTIyE35a3QZsOE6kFlfr5ySngUqTWA%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..G..p...,S.K.O.g....x...i.(..........D.6.....$z...^.].{Y.s..Y.....a..U..f.X...,W-.....<S....>Rq$,:v..U./f..T.R`U....V....._.x...H....7v.;~...p8...a..n..x....!....C.U.EZw&.......2(..)3R2.I...y....)...n.1.ozx4..1J.... ...Ph..z...>k.!.6....h....e...6.Z.f`..-._.....UL.et...R....-.,2.:{.ye.F.........c.u9.{...F.^..~r.d..{.....1u..!...bxt..F?....K..9d..v... dv..../!
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[10].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):5415
                                                                                                              Entropy (8bit):7.91796622622107
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPE8eJtwmwlv88xL0qY6QM+8RiN5TJIKwVRAfWqAb3ClZqh:pP/ejYlv8RD8OSKw4Xla
                                                                                                              MD5:28692C34C68238A81EDBF6F30F8A8BA4
                                                                                                              SHA1:E085B7A4C52760FE8417F23CCC86DB220F5FA18F
                                                                                                              SHA-256:13AC2E579CE02005D32CED80FE879E9906434A78FC598BA9A1DC776F4B0F4230
                                                                                                              SHA-512:2F228B08B852F20C0BEFA8F1DB3D52870499BF9DFF82746493472DAEF62B7F76F553F7FCB9725B14851DE38CF6396BD30B088380AD5BF284F7F3D5FEF648A87D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fffYr.img&ehk=mFQjcWcVXEVFKbA2hXkz%2b7uKnHcFiCBLAp6nogJDzAg%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...G..S..;U.$.....q.....b....z.....`........6..m.....}k(.3..b.O.jX.....* ...P.....{.m..7..Q[vV.]iz[.!T....se...z....c..m...38..).w">K.{.......5...V.Q#.Vf..a#...w...I.x.Q<.. ..j....rjx...f....6v......n.....<.....Z....$C.a<qA....d=r1..z......w.L..-..3...L...X.'....\..F{...WU.^..Z6.m...?...~P......kp..s].8.e.......d3.=9?...B..Aa..q....J........%....o......
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1920x1080, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):342089
                                                                                                              Entropy (8bit):7.9725019091607
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:mBlAVPTvYwTnCCvR2MDIiC0nk6XGvGGHHdsP/5WYAlxI0d1knETaD/:YAhYwrpY6a8k3OGHHKX5XAlj/QlD/
                                                                                                              MD5:F1C96ED00E560599B1526CFA3C19599A
                                                                                                              SHA1:BF294455EAE854A5D500C03B314808949CF976E5
                                                                                                              SHA-256:600FB7AC06F10B840AD0D50DE947736422344C6CF4F14058D89F8BE6895FFC33
                                                                                                              SHA-512:53A79DD10D53184165EC1CE81D8891D0497C5687837FCE698AB20E76325B2C646B0506C7C6BAB04EF7D94089E8E681C831AF148FC4E73957CC0839DFA0E6A0DD
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?id=OHR.EggTree_ROW9453259256_1920x1080.jpg&rf=LaDigue_1920x1080.jpg
                                                                                                              Preview: ......JFIF.............C......................................#$&$#.//22//@@@@@@@@@@@@@@@...C......................%.....%/"...."/*-&&&-*44//44@@>@@@@@@@@@@@@......8....".......................................N.........................!1."AQa..2q.#BR...br...$3.C...S....%4cs.D..5...&6.T...............................7.....................!..1AQ."aq..2.B..R...#b..r..3...............?.hz.d...V.H...(.....@.....*(..'..@.5...TP.M.54b.3EE....4QV....A...rjrk.....Q..P.M.5.U.9.|.*h..:2h..9.'5.P...FMEM.d.*(.&.......T.P.MFM.P.M.4Q@.4d.E.d...Q@NM..E.d..EE.d...Q@.4d.Q@NO..4TP..FME....EE.94d..Q@NO..5.P..FM.P..Q.EE.9>u.4T...4d.QR....4P..qQ.E..2h.(.&.&...NM.5.5.2jrj(.$..QE.94d.QB.&..**A95.4Q@.4d.Q@O4d.Q@NM.5.P..Q..E....FM.P..FO.E....E...Q.SQ..3S.QE.9>td..T...&.(.&..:..@.>u95.P...G5.4..FM...2h...y..(.#&.jj(....(..:...y..(..G54P...h..9.'.(..&...2|.rh.E.sFM..$.>td.Q@.>u95.P.MNME....s.E.....E.d.F(...:2|.2h....&.(.&.|...:2j(.'&..(..d..EN(.9...1@G>tsSEE.9..Tb..<..S..T....N(...
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[2].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3388
                                                                                                              Entropy (8bit):7.847965799915417
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEEDN8ioDntZPqShQ34EDax8stWo7C/394jVl4d/LGZYpgK:pP5DKiw7hQ3tax8Hou/3945W5F
                                                                                                              MD5:A7018A09BF53F8F7838ED97E15C4FABE
                                                                                                              SHA1:CBE9CB5F2787366A33C38B3C254F87065FD93BD5
                                                                                                              SHA-256:824D7FADB5588119066F21912A8ADA68E87A5569CB8C98BD7F71437EB67E33B7
                                                                                                              SHA-512:0357F18FC8176B304881D2615744CE000BDD61E43570D64EDFCD98BFDF34280394440B97CCDA9BA08F85C1EAE5B6757D23EA96D01A4FCA5F2D771C1AF6B755D5
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fiaI7.img&ehk=3CfFOJqoBtbGInsAB%2fv9rlt%2f4VmgtElnbKf98WA8jNw%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D.4...+..../Kc......{9.f....$I..d...w.C...."....U[..u.J....I..=..Fy...........Y..C3..$+.......I.X.........N4.#.H.4.SI...u..h......N.A..zr(.S.EC(...;O.[.....d..(.Q.Mjj.....e0....I....F5..,@.3.$.>..)E.r...sTN.D.......?AN....\3{..a.G......t.-az.=/.A.-....x...9.5Y.2.bO.?...G....+..F.."..5b8...A_qS...SRWG#.N.....R..)1KE.6..Hh...."..wJF..~...\R.O.I.....C8{.G.Q
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[3].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3162
                                                                                                              Entropy (8bit):7.851788596860546
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPE0eLIrMQZ/x1uPJJrin2W24Lb8lIgz7aDv:pPLrMsuBJu2W24v8NHaL
                                                                                                              MD5:615F1E169A6E7183CC5168258A331776
                                                                                                              SHA1:BD08005F7489FDB23E62AC745B8D244A704115E0
                                                                                                              SHA-256:C5F8CBDFF17E58F1D8502366A0ABEC43E5204098BBDE5FC8C91BED76223324E2
                                                                                                              SHA-512:776A237A8D506EDA8C461CBB2EA264AB92E844691120B467E310035E4C10E13BE0F745422D9FCEE8342961E1C08617754A821D1E2E7F98D81E0207FBEB45EE30
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fi584.img&ehk=dfl%2bR3dwqSLwpwPVO7smRtXbeZcs4ElRDOejoKKNn4I%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..pi3E..a.\.Q@...t......QHAA.QL....P..E..QE..)I.i)x.@":(..!F)..F..6.u.R.Q@!....(+QsnQ...8.1N..m%:..XJ)h.V...(..(......C...b.E-....B}....I..S...m>1..kr.(.;..k+.J$Ei6...*.0..T.&*.EL1.U)....b..F.j|..d.P.Lc...\...v).)q.W.)...\U...f........QZ...c..D..z......-2..]...[.......c..........)..(..\R..^X.J`.....HG.*9.S.!G.h.=.7X...l|.`}j..V3..N.V.P8.G.)....&2...zV....O.V".?
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[4].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):7167
                                                                                                              Entropy (8bit):7.934137514608077
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:pPWkVLcn6gvx1imz1SaT4aCVN5QTg+IvQ1D6k:59+6gvx1zS73Ne0vq7
                                                                                                              MD5:399AB5A4790FFDDBE9B917F5C3374C65
                                                                                                              SHA1:D788D105B2C8BAF840B30C0268DC6F8C47D6D5A6
                                                                                                              SHA-256:2CA1FFE43C5E92F7FA661EEC90888E13FA98B4F69441318D359C77BC19073F1D
                                                                                                              SHA-512:C7B197FEC81AA5D57574337606C8115F0AD9E1C734CE01F6A41302DBEEA6A3AFA1E6093B0478EEFBF9796A299A55F1B6C35705AF7489D4D6014B34828573FF64
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fi2Ow.img&ehk=OQsKDUqL7EMqghAwKvOKweh98q%2fbEN8M6ZN76lFf%2bwg%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....,.,.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....b....[9 .#vb....q...].Z.}Yn..g...3..H. ..a......yO......A?...?..i._.iwI...Ep..~.5....T.I.'.k*...)...*nZ..D..I$.c.K.g..&.t.B.]N.H.#..B.r.,*.0.....<.......'.dFI.K@....A..9QT.u....:...Zf$p.............T.I'...n...a.xP.p3..........ch....4.5!....$dz.&....Q.1.."..z.....=p.#...dv.&....+.I..p.r..6.I...O$....t.w.)3....JO.~T..S.T.B.=W....\....I.u........4...$.p
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[5].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):8530
                                                                                                              Entropy (8bit):7.957613076175718
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:pPZ9iRdfknUslvgKq1XWwBtmKTy9wPNMoB399J4cqXPmW:5Z9kdf2ZgKq1mum0MoBd41f5
                                                                                                              MD5:3D3E9A51FCC499AE22059FCB6A0660BA
                                                                                                              SHA1:F76B030DE6C88A5FC13E1355508A9C0298D6AF91
                                                                                                              SHA-256:8F65302F4278661E2721314E6F1738FB1F72CCC060B94FE12C7401486296E2F1
                                                                                                              SHA-512:01E396E54DCF53C9EEE8AA3E29493291E664E251435CC7DFF7F823B5974B0C1977B11525AA86F366777134F9AC594FCCDDA1CD20A14BD70CBF28A743DE8D7D9C
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhUxT.img&ehk=spkAuMJVG3xjF5gYRovkH%2fzrgTFc8NrIiyubHEZlXkE%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....,.,.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.~.nL...R..)..C....E.G...p...bf.].....:S....r>..Wq.J9.......:..;......A.....Gbp....X..L.Y.......a..B......@2m.....F-l...=... W...t1Devul......u5|.i...R+o.f.F...>`.]....;;D`#.U.p....~.....m..m$..s0.....x.Qv...A.W..=.;.Z...G...[[.[..@..F.h..".x....s,k.$.VGf!B.....W~'._K......3...e..a.....H.)p..,k...,A....{u.Rz.....yQ.h.fw...R}.+...i.3%.*..d......$..K.m.....E..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[6].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 350x350, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):7474
                                                                                                              Entropy (8bit):7.941410417196082
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:NPBvRdZQ9pEUZVOYwttP9Vtp40gUjn0lV:VBvRgB3y9VteUQlV
                                                                                                              MD5:13DBEE7C856CF142A28D757947B14459
                                                                                                              SHA1:9106DE20E19AB819BF8A71879420B53FF0199684
                                                                                                              SHA-256:10F5AFBFDFC63FA1A4940EFF0A14D774C807834A045968B208FC78BC8FE1DE71
                                                                                                              SHA-512:6748B8889A6D43C6BB6DA13310508E6AE3DF782B0341F4EA6A6CB4CA226ED9E67587095F86EF84B0AFAE3ED57CD7CE01BF5D827C645CC0A3A80F5BEF3CC358B7
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fi9p4.img&ehk=zU%2f4yR%2bfMhWe5pnUIGAW4Rf6Yu7%2fpHei%2btI87GH0ySM%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....^.^.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...x...1.b..........i.e6....c..A..Q...Iw.V..mr..J..N[.t.X....X.....J..1........+....).nh........9..9F..{.y8.......GvcxcP......j..-..R.0.O#.;...}I..R.F.Zs_\.......9...*5.4.$...;Xm.8..`?......3Hs....-..H...Kk..b.1....I.%.#....O\.a..an.L.YT....ff..u..,Ej.N...8.di.F....p.9..j....IY......y%H.Z..&..2.,H>k....Kw.S...C..p.fC../...aFM$.WCz.....[.]...H..9..qHu;.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[7].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):9224
                                                                                                              Entropy (8bit):7.939686542739047
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:5PO3KCG+3AtVXTgS6k9E12I0jKdgwYR3EZfY6:JmKZ+3AXjgnkVImKdgTY/
                                                                                                              MD5:79EE847AEAABDD1E45159D2830E0442C
                                                                                                              SHA1:155322CAA981F73E3011D5F1B92F7BC13471621C
                                                                                                              SHA-256:BC2BBE0D7A391C9519F8ED4A3B58DBAF86D55C45D4C57F21A4B7466EB46CFE06
                                                                                                              SHA-512:D93024C26A6BC98196F5FC9CDAE626A194F461635E71CEAE46C773C8F6E751451488862E6D85BC8C448CDAB9A944B4BFFCDEC3C2916BB3AC7495F038ABA8A145
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fibqB.img&ehk=lDpJLyHCMowq4uBGbhYIXhkraS3DJQM3a8Oyr9vQxb0%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....H.H.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.z...f9m3n.V.l.i.........oe.l...l.R...+w_..=G......H.....; F.R)I.r.u8.q..-.A#.u1.k.1....v..009.J...-nf.E.:....v\........._...yS..;...X.-i............J...I.......1]^.....(....}.2..&..5.v..u.p..0.x.....!.]..t..P...mo.f..y*?u....^..=.....r..e.-...2c....z.j_.Ks.lof..H.....9..c.n....z.....\.$.... ..q.......J4....,.C.q.............1.8..@...u...y.Qk..w...H.~.v
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[8].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3405
                                                                                                              Entropy (8bit):7.840054904653915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPE6xik4dLW7yfazoSGlvMWuDz93IAOgbpJBNe3lb:pPUdLWGiz+lLuDz9YmpHm
                                                                                                              MD5:705C72A6F4BD4C8546CCB432CCE0D6A3
                                                                                                              SHA1:94382BFA602F8A19CB21B5895815754BCEA18A13
                                                                                                              SHA-256:B7DB744A0C9F97A34919837B1023D05CE79936C7B3A5F43392F1233265428415
                                                                                                              SHA-512:25A49F078828DFC327D8819DFB31C420E4E56DD92BCD1C687863AAE6BF98CFA244AD57BAD3166B4C97CD7F2D42039B9768618B4C255BBC3FA84930B1D33021CD
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhntd.img&ehk=QPkJ6XXH%2fAKe0mkWgulu%2fcLHMomF7UITRqFRRPYmr5g%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....u.S.U.#.?..=?:.....c.....dJ.A..;w4.....LZ'.*3.....=Md...I.V.......&...2U...(...!V.w.q..*.y.....}O"...a.v..U..d...?....7'...N.&.p.m4......5y..$8.........XY.|...jK.Bc....9x..)_Vg).8...f.t...Z....]..?.].Vr.+.i..'..<..ZzRL.<...T...yQ#..*F...Q..}b..)..[.......e.q.y..!.q.........]. ..`t..*.E.z.i...*:A..........Pj.^|fH......s...z.D........1T.'....2....R.......
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\th[9].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4005
                                                                                                              Entropy (8bit):7.883949948835025
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:pyYcuERAM2jH4q4faD8e/r7M+CKBXUQE4ujTJODE76IU7fed8k4NGEOOCKcxZoNU:pPE+jHLD8UPMyX9ERd6IXKcxqNjlC
                                                                                                              MD5:F0AF6E10839001ABCE369EE02F5D0115
                                                                                                              SHA1:CE6B134F19C3023E011932B8361ACDFB6D15E14A
                                                                                                              SHA-256:1C1D499E11DFBFC8354FFB52F955AE613FCB90DDB60E00A87C0F6BC828FDDFEE
                                                                                                              SHA-512:DC9CDC6D6344D9EAA268EAE68DDEDDC34954D562AE66976D580F7218783CB003AED35A5D18E93FBE5C1F8E90F1EB41BEE0B5C51634D50F14F146B446D80ED1A2
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fi2fi.img&ehk=1ha0338pQs3MYV0qtdEMjBO7B2B6uPy7qRvQ4mJp6A4%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..1.F=..*...... .Nb......v.C...z.IxI.Y..H'..`;..OE.u.Zi..=...|.T...u.#..'..f.chSr..~..uk.....x.q7..Fw....g.n.h.=.Q..$..VC..*....<;...[<.....5s.....{.Et..=+.N.s..4.f......qcgh..n.e .D9....4-CGe...C..C+}.._..kqz..V.c3.>..9?.3T...4..f.,..q.[...W...Vz.x.b.<S..5..oo<..6...a.A...a..N6.m..JV.Z6qW..U....&.B..DV..HW..!..V.`^.$S7PM..#mf.B_5..FU".{..Y....,..k...
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\uYzy_SF_Qx-quOm8IecsaqSoOd0[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1400
                                                                                                              Entropy (8bit):4.810462023135915
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:t4LxHXU4dxCey0fA53J/S/7/sG5BmefEqrR5GTGOby2NF2E/:+x3U4S55Z/aB5BmefEqrRYK6
                                                                                                              MD5:2C4837A751CDB1A7366A56A0BD33EF59
                                                                                                              SHA1:B98CF2FD217F431FAAB8E9BC21E72C6AA4A839DD
                                                                                                              SHA-256:AA593C656009A40AC1782DD6FEE1EF31F9D4CCAD9F3F657DDF9A72C1EB7E553A
                                                                                                              SHA-512:79DBB36F29034FCB52BA9C51A01346F9CEA694CAEBA9B149EEB66DB732B73C01C71FB7F4FBA892E67523E955153FAE4D0148C1024291CBBA0CBFC26FC5C8641E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/uYzy_SF_Qx-quOm8IecsaqSoOd0.svg
                                                                                                              Preview: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 40 40" style="width:64px;height:64px;">.. <style type="text/css">.. .anim {.. animation-name: blink;.. animation-duration: 1s;.. animation-iteration-count: infinite;.. fill: #05E9F5;.. transition-timing-function: linear;.. }.. @keyframes blink {.. 0% {.. opacity: 0.. }.. 50% {.. opacity: 1.. }.. 75% {.. opacity: 1.. }.. 100% {.. opacity: 1.. }.. }.. .delay1 {.. animation-delay: 0s;.. }.. .delay2 {.. animation-delay: .125s;.. }.. .delay3 {.. animation-delay: .25s;.. }.. .delay4 {.. animation-delay: .375s;.. }.. .delay5 {.. animation-delay: .5s;.. }.. .delay6 {.. animation-delay: .675s;.. }.. .delay7 {.. animation-delay: .75s;.. }.. .delay8 {.. animation-delay: .875s;.. }.. </style>.. <circle class="delay1 anim" cx="20" cy="8" r="3" />.. <circle class="dela
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\A3AS6HK7.htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):60375
                                                                                                              Entropy (8bit):5.762616771639474
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:GdrSCXrLQ4o3HuzcpUQ83ETOuKsIecFXdAjvd594fJLYvmpWfb097Q53Opw:GhLQt3OwmQ8sd59RZew
                                                                                                              MD5:09C020DB00E5D29853CB187DA1D96AC1
                                                                                                              SHA1:D243C98683425D934522BA2DE9074B963A831083
                                                                                                              SHA-256:79E0AC403758E0C6D850EB4C3EA7ACBF0D7F4B059FACCF27A64FFD4BF4035461
                                                                                                              SHA-512:64A26DAD5D148A035D403125CCB2658489DCF24A4EA5D061C3129392259703A64537D26BC1CC032D82EF22FEAEC1FD63F25BBFF29A11720F14D4F0020D4513FF
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/?form=REDIRERR
                                                                                                              Preview: <!doctype html><html lang="en" dir="ltr"><head><meta name="theme-color" content="#4F4F4F" /><meta name="description" content="Bing helps you turn information into action, making it faster and easier to go from searching to doing." /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta property="fb:app_id" content="570810223073062" /><meta property="og:type" content="website" /><meta property="og:title" content="Info" /><meta property="og:image" content="https://www.bing.com/th?id=OHR.EggTree_ROW9453259256_tmb.jpg&amp;rf=" /><meta property="og:image:width" content="1366" /><meta property="og:image:height" content="768" /><meta property="og:url" content="https://www.bing.com/?form=HPFBBK&amp;ssd=20210404_0700&amp;mkt=de-CH" /><meta property="og:site_name" content="Bing" /><meta property="og:description" content="If you find yourself in Germany or Austria around " /><title>Bing</title><link rel="shortcut icon"
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\CMm2G4GK3T9XHTMByeN2QI1OVUs[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:51:08], progressive, precision 8, 160x158, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):12415
                                                                                                              Entropy (8bit):7.878337322573188
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:dnoYiTiJAAcGIs8E76ZFIN92VPGeBe+ELS:dnyiCAcGIu2FIN92REm
                                                                                                              MD5:A0BFF1A68EAB91DAC459F3B2EB4B3DE3
                                                                                                              SHA1:08C9B61B818ADD3F571D3301C9E376408D4E554B
                                                                                                              SHA-256:7DB453C22084AEF847E1CA04E9FC1B1CF0D468A5C11ABF3C09968C840CD96A87
                                                                                                              SHA-512:3685F5DD0B8869A0B71C4CADF4FE8559094DC431FEE1E14C349BF6E933702B90136EE45277A97627F69BBB6FAB5ED9EF98AFEBCF88079C5EFFEBD4100B64CE21
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/CMm2G4GK3T9XHTMByeN2QI1OVUs.jpg
                                                                                                              Preview: ......JFIF.....H.H.....>Exif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:07:31 17:51:08...............................................................................................P...................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........,f.iJ..b..vR..6.@...*T..8..0%H...8...cH.I.S.F(.....yZLS.....P..1.,i1F(.s.&.....+..iqR/.(.E.".Q.M)VYiR
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Jl2vUSlEIqWjk-99MuYp4W74zvQ[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1529
                                                                                                              Entropy (8bit):4.135964697042234
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:tVvnjuJOeUsc4wg5a2/gt+lm/3HljKR99U1TrD3ptYZ7GDlh6mI0jeI4dIwDq8rz:rn1edcjg5pm/lKRXU1TrD5tJf6mzjidJ
                                                                                                              MD5:6D8EF11CB1C03B39D9ED4E4C9A2190B9
                                                                                                              SHA1:265DAF51294422A5A393EF7D32E629E16EF8CEF4
                                                                                                              SHA-256:D72BEAE30A6B2B36C3E03847CE4EA04211D7373D4066FF937A7A05DF4E0C3DB6
                                                                                                              SHA-512:C8820BDF2FC34CCFF7018A1C1E3E74ED1FE0B287926050F9B6BA59C08DCC216E8732F862AB0BF086BC05275C51E6F81132AFA60F6D50A19585642BC906DCDD92
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/Jl2vUSlEIqWjk-99MuYp4W74zvQ.svg
                                                                                                              Preview: <svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8 0C6.41775 0 4.87103 0.469192 3.55544 1.34824C2.23985 2.22729 1.21447 3.47672 0.608967 4.93853C0.00346629 6.40034 -0.15496 8.00887 0.153721 9.56072C0.462403 11.1126 1.22433 12.538 2.34315 13.6569C3.46197 14.7757 4.88743 15.5376 6.43928 15.8463C7.99113 16.155 9.59966 15.9965 11.0615 15.391C12.5233 14.7855 13.7727 13.7602 14.6518 12.4446C15.5308 11.129 16 9.58225 16 8C16 5.87827 15.1571 3.84344 13.6569 2.34315C12.1566 0.842854 10.1217 0 8 0V0Z" fill="white"/>..<path d="M3.72395 9.60957L5.72394 11.6096C5.97398 11.8595 6.31306 12 6.66661 12C7.02016 12 7.35924 11.8595 7.60928 11.6096L12.2759 6.9429C12.4033 6.81991 12.5049 6.67278 12.5747 6.51011C12.6446 6.34744 12.6814 6.17248 12.6829 5.99544C12.6845 5.8184 12.6507 5.64283 12.5837 5.47897C12.5167 5.3151 12.4177 5.16623 12.2925 5.04104C12.1673 4.91585 12.0184 4.81685 11.8545 4.74981C11.6907 4.68277 11.5151 4.64903 11.3381 4.65057C11.16
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):726
                                                                                                              Entropy (8bit):4.636787858533541
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:tbH41nlcWYiB1+Xl0ML2t1iOfEmmgaUEUZQ6nMAIPWSxs4yPISEIe9t8aayPISEx:t741nTYifqLL2+O7mgaxSQ6MFnE3nkO
                                                                                                              MD5:6601E4A25AB847203E1015B32514B16C
                                                                                                              SHA1:282FE75F6FED3CFC85BD5C3544ADB462ED45C839
                                                                                                              SHA-256:6E5D3FFF70EEC85FF6D42C84062076688CB092A3D605F47260DBBE6B3B836B21
                                                                                                              SHA-512:305C325EAD714D7BCBD25F3ACED4D7B6AED6AE58D7D4C2F2DFFCE3DFDEB0F427EC812639AD50708EA08BC79E4FAD8AC2D9562B142E0808936053715938638B7C
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/KC_nX2_tPPyFvVw1RK20Yu1FyDk.svg
                                                                                                              Preview: <svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" enable-background="new 0 0 16 16">.. <path d="M0 0h16v16h-16v-16z" fill="none"/>.. <path fill="#007DAA" d="M11 4h4l-5-4v3c0 .552.447 1 1 1zm-3-1v-3h-4.5c-.828 0-1.5.672-1.5 1.5v13c0 .828.672 1.5 1.5 1.5h10c.828 0 1.5-.672 1.5-1.5v-8.5h-4c-1.654 0-3-1.346-3-3zm4.707 10.707c-.181.181-.431.293-.707.293h-7c-.276 0-.526-.112-.707-.293s-.293-.431-.293-.707.112-.526.293-.707.431-.293.707-.293h7c.276 0 .526.112.707.293s.293.431.293.707-.112.526-.293.707zm0-5.414c.181.181.293.431.293.707s-.112.526-.293.707-.431.293-.707.293h-7c-.276 0-.526-.112-.707-.293s-.293-.431-.293-.707.112-.526.293-.707.431-.293.707-.293h7c.276 0 .526.112.707.293z"/>..</svg>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\MstqcgNaYngCBavkktAoSE0--po.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):391
                                                                                                              Entropy (8bit):5.184440623275194
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:2Qxjl/mLAHPWEaaGRHkj6iLUEkFKgs5qHT:2QC8H+aGRHk+i1kFKgs5qHT
                                                                                                              MD5:55EC2297C0CF262C5FA9332F97C1B77A
                                                                                                              SHA1:92640E3D0A7CBE5D47BC8F0F7CC9362E82489D23
                                                                                                              SHA-256:342C3DD52A8A456F53093671D8D91F7AF5B3299D72D60EDB28E4F506368C6467
                                                                                                              SHA-512:D070B9C415298A0F25234D1D7EAFB8BAE0D709590D3C806FCEAEC6631FDA37DFFCA40F785C86C4655AA075522E804B79A7843C647F1E98D97CCE599336DD9D59
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/MstqcgNaYngCBavkktAoSE0--po.gz.js
                                                                                                              Preview: (function(){function n(){var n=_ge("id_p"),t,i;n&&(t="",i="",n.dataset?(t=n.dataset.src,i=n.dataset.alt):(t=n.getAttribute("data-src"),i=n.getAttribute("data-alt")),t&&t!=""&&(n.onerror=function(){n.onerror=null;n.src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNgYAAAAAMAASsJTYQAAAAASUVORK5CYII=";n.alt=""},n.onload=function(){n.alt=i},n.src=t))}n()})()
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\PA3TC2iNXZkiG2C3IJp5VAvC_yY.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):930
                                                                                                              Entropy (8bit):5.191402456846154
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:GFUFqJYYmaLOTCE20aOtZP9F3a6MakIq+lvyUJ9sq5aOB:BWOWEZP9U6MHEvyUJ9s6
                                                                                                              MD5:73BFB9BB67A7271E257A4547007469A5
                                                                                                              SHA1:28F7B820679A99318E0DC596A54480D6AD5C3661
                                                                                                              SHA-256:A22BB5BD48C4C578C6BC4FDC4B8FF18F9162848F14E05AE283EC848B08EC8C15
                                                                                                              SHA-512:432142851A492C7635B764AC5293B6EFC943624FBD2FEA5D0F2D8900208B5F6233F5563B7CC08F314E29889B2628F298355484700816A3679F6A3315E63581F0
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/PA3TC2iNXZkiG2C3IJp5VAvC_yY.gz.js
                                                                                                              Preview: var ShareDialog;(function(n){function i(){t("bootstrap",arguments)}function r(){t("show",arguments)}function u(){t("showError",arguments)}function t(n,t){for(var r=["shdlgapi",n],i=0;i<t.length;i++)r.push(t[i]);sj_evt.fire.apply(null,r)}n.bootstrap=i;n.show=r;n.showError=u})(ShareDialog||(ShareDialog={})),function(n){function i(){t==0&&u()}function r(){sj_evt.unbind("shdlgapi",i)}function u(){t=1;var n=ShareDialogConfig.shareDialogUrl+"&IG="+_G.IG;n=e(n,["uncrunched","testhooks"]);sj_ajax(n,{callback:function(n,i){n?(t=2,i.appendTo(_d.body),r(),f()):t=3},timeout:0})}function f(){var n="rms";_w[n]&_w[n].start()}function e(n,t){var i,r,u;for(r in t)u=new RegExp("[?&]"+t[r]+"=[^?&#]*","i"),(i=location.href.match(u))&&i[0]&&(n+="&"+i[0].substring(1));return n}function o(){n.inited=0}function s(){n.inited||(n.inited=1,sj_evt.bind("shdlgapi",i,!0),sj_evt.bind("ajax.unload",o,!1))}var t=0;s()}(ShareDialog||(ShareDialog={}))
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Passport[1].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, ASCII text
                                                                                                              Category:dropped
                                                                                                              Size (bytes):329
                                                                                                              Entropy (8bit):5.086971439676268
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:qzxUe3X965+zAqEFtTNfYEAn4TXQ3SOFCL0H4WZhCroOI:kxFkXq6tTRYEVTAx4IHH7CroOI
                                                                                                              MD5:7B7D5DA1B057EB0D5A58C2585E80BACA
                                                                                                              SHA1:29714CD8C570E321C1C1C991E77ACE3945312AC6
                                                                                                              SHA-256:023CD9B7315636BE1BE24DC78144554B0E76777BD476ED581378172DE9B12A05
                                                                                                              SHA-512:1A4E36E3124968166579C04D05A1325242E1DFE20DF4C804081487A019B88395A679A439525488F78B73334C5B0BD38D61E24F8E23F2F8274C6BAC323291CEE8
                                                                                                              Malicious:false
                                                                                                              Preview: <html><head><title>Bing</title></head><body>Loading...<script type="application/x-javascript">//<![CDATA[.var _w = window; var o = _w.opener; var mainWindow; (mainWindow = o) || (mainWindow = _w.parent); if (mainWindow) {mainWindow.sj_evt && mainWindow.sj_evt.fire("wl:cancel"); };if (o) _w.close();;.// </script></body></html>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Passport[2].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, ASCII text
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):329
                                                                                                              Entropy (8bit):5.086971439676268
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:qzxUe3X965+zAqEFtTNfYEAn4TXQ3SOFCL0H4WZhCroOI:kxFkXq6tTRYEVTAx4IHH7CroOI
                                                                                                              MD5:7B7D5DA1B057EB0D5A58C2585E80BACA
                                                                                                              SHA1:29714CD8C570E321C1C1C991E77ACE3945312AC6
                                                                                                              SHA-256:023CD9B7315636BE1BE24DC78144554B0E76777BD476ED581378172DE9B12A05
                                                                                                              SHA-512:1A4E36E3124968166579C04D05A1325242E1DFE20DF4C804081487A019B88395A679A439525488F78B73334C5B0BD38D61E24F8E23F2F8274C6BAC323291CEE8
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/secure/Passport.aspx?popup=1&ssl=1
                                                                                                              Preview: <html><head><title>Bing</title></head><body>Loading...<script type="application/x-javascript">//<![CDATA[.var _w = window; var o = _w.opener; var mainWindow; (mainWindow = o) || (mainWindow = _w.parent); if (mainWindow) {mainWindow.sj_evt && mainWindow.sj_evt.fire("wl:cancel"); };if (o) _w.close();;.// </script></body></html>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\RrvsBuqGHDpqG7NAz4Q0BMOqQBg.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4140
                                                                                                              Entropy (8bit):5.268233767834181
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:cithlPK4kMRX+1XewlYONYyuGNc22nDmSOsDg:ciJALYONEGNc22nbOsDg
                                                                                                              MD5:7651609B4BE35F5DE8024F570EF6CF87
                                                                                                              SHA1:4B72E4BB1D8F170D6B17FA1D769584A7D0F02F70
                                                                                                              SHA-256:4CA5C607D14D17F8A9EEA9FB0A624BC00C49BFDFBB6A78E1292EAE1461B7D9F0
                                                                                                              SHA-512:7BE114BD02AA079F01FBFC343811F74896BB247ABB79C67998B7DB0F20F8ED1260DEA83523F61CDD0E2231F2428437F9FBF88F39DAD821A3F09A5116C5DA7A2D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/RrvsBuqGHDpqG7NAz4Q0BMOqQBg.gz.js
                                                                                                              Preview: var Feedback;(function(n){var t;(function(){function r(i,r,u,f,e,o){i=typeof i===t?!1:i;i&&scrollTo(0,0);u=typeof u===t?!0:u;n.PackageLoad.Load(r,u,f,e,o)}function e(n,t){for(var r=0,i=null;n&&n.getAttribute&&(!(t>=1)||r<t);){if(i=n.getAttribute("data-fbhlsel"),i!=null)break;r++;n=n.parentNode}return i}var u="feedbackformrequested",c="feedbackInitialized",i,f="",o="feedback-binded",s="clicked",t="undefined",h;n.Bootstrap.InitializeFeedback=function(l,a,v,y,p,w,b,k){function tt(t){var r=null,i;return t&&(i=new h,n.fel("ajax.feedback.collectsettings","gsf",i),r=i.findSettings(t)),r}var d=_ge(a),g,nt;d&&d.classList&&d.classList.contains(o)||(p=typeof p===t?!1:p,g=e(d,3),f!=="sb_feedback"&&(f=a,typeof sj_evt!==t&&(i&&sj_evt.unbind(u,i),i=function(n){var u=null,t=null,f=null,o,i,s;n&&n.length>1&&(i=n[1],i.tagName!==undefined&&i.nodeType!==undefined?(u=i,t=tt(u)):t=i,o=t&&t.elementToHighlight||u,f=e(o));s=t&&t.linkId||a;r(y,l,v,s,f,t)},sj_evt.bind(u,i,1)),typeof SearchAppWrapper!==t&&SearchA
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\b4Jy0kwhnsWcsDQyuzAEsN7RmhQ[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:59:08], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):14848
                                                                                                              Entropy (8bit):7.9161237402148545
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:d5KKqPy60pSDqRxY0cKZR+dG0cDizbS4z0GoJmsrod96rIE1KRCLHXl4DPzEmISD:dg9PJvoe0LsG0IiF+TVERCjgEmgDG
                                                                                                              MD5:094FAB391B9B906B8A88922CE6827471
                                                                                                              SHA1:6F8272D24C219EC59CB03432BB3004B0DED19A14
                                                                                                              SHA-256:E7DAFF9BBB32681540E010FB10BA87D51938B42B275D0C422E253CED0DD96B79
                                                                                                              SHA-512:B0BE13E1A3E4B5758DFF4B36C1FF49020565FD316295A7413E5312FB90B0EE4B7D93B4FE4AC5DBB4F122E4CAC0705307A29DA52DBF66A3AC0DA91CC94F5B3EF4
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/b4Jy0kwhnsWcsDQyuzAEsN7RmhQ.jpg
                                                                                                              Preview: ......JFIF.....H.H....#JExif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:07:31 17:59:08...............................................................................................["..................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....{Ry..J.#..uj..\..\~...f.9..v...M[.....q..Px....(<P.E.P.E.P.J.!8....<.I.T-%F\..Ld.Ff..Sr)........@..M74.i.~.i4
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):748
                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:res://ieframe.dll/down.png
                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\eF3rIdIG4fsLyPy7mzgRnjCDKIA[1].png
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:PNG image data, 1642 x 116, 8-bit colormap, non-interlaced
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):12172
                                                                                                              Entropy (8bit):7.918443542633748
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:55tSglBjXtk3RBPvjc6/sB7WYFH+CEWAY7ajZiS8aQoFiJ8VJUsLYpP7:YHHjNsB7WYtFEV1iS8XoFRJbLmP7
                                                                                                              MD5:4CF2646B3478E81FB9444ED499C19310
                                                                                                              SHA1:785DEB21D206E1FB0BC8FCBB9B38119E30832880
                                                                                                              SHA-256:3E3D1F762BE8E3AF89D77E1F291E6228D55FBA619AD6C0763224B4A640D0D9BD
                                                                                                              SHA-512:6CC812012B23313ED2A83706D81B9737C3C6D8EA656FFE8D612006C4C6C03ACCA8428D4C2F89615581F1ACD866925F6DA94F2C66275101558DC8D202E9764796
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/eF3rIdIG4fsLyPy7mzgRnjCDKIA.png
                                                                                                              Preview: .PNG........IHDR...j...t.............PLTE...ttt"""............"""///...,,,000....}....................................................................*x.%..$..#..$.""",,,....Q".L"~..~......................................*:*............................#...................."..........---...........O.#.+++......---...................$............................y..`..G.................)..........................................wwwttt...[[[......413......................................................................vwzlllqqq.........rxxvxy...vwy...........vwy......!W..........Y..4f.......uwzwxz......xxxwxzwwzvvzvwy...vxz.3..0..........l..m..4......."...3.....2..3..l..4.....3..3...........d!.a...?..>..=wxyvwyvwyvv{wxxwxzvxz]ffwwyvwzwwwwxzvxzvxywwzwxzvwzwwzwxzwwzvxywwy..>.......................!....tRNS..C.....`....C...1.....P......P.....$`..............@.....j.0.G..p. p.@.`+.``..>^.`........ k@.@.P..p........0... .........................P....``....i...@.. ..0@.......^f....P.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):229
                                                                                                              Entropy (8bit):4.773871204083538
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:2LGffIc6CaA5FSAGG4Aj6NhyII6RwZtSAnM+LAX6jUYkjdnwO6yJxWbMPJ/WrE6J:2LGXX6wFSADj6iIunnyh6TbMFsise2
                                                                                                              MD5:EEE26AAC05916E789B25E56157B2C712
                                                                                                              SHA1:5B35C3F44331CC91FC4BAB7D2D710C90E538BC8B
                                                                                                              SHA-256:249BCDCAA655BDEE9D61EDFF9D93544FA343E0C2B4DCA4EC4264AF2CB00216C2
                                                                                                              SHA-512:A664F5A91230C0715758416ADACEEAEFDC9E1A567A20A2331A476A82E08DF7268914DA2F085846A744B073011FD36B1FB47B8E4EED3A0C9F908790439C930538
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz.js
                                                                                                              Preview: (function(){var t=_ge("id_h"),n=_ge("langChange"),i=_ge("me_header"),r=_ge("langDId"),u=_ge("mapContainer");t!=null&&n!=null&&i==null&&(r===null||u===null)&&(t.insertBefore(n,t.firstChild),n.className=n.className+" langdisp")})()
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):2678
                                                                                                              Entropy (8bit):5.2826483006453255
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:5sksiMwg1S0h195DlYt/5ZS/wAtKciZIgDa4V8ahSuf/Z/92zBDZDNJC0x0M:yklg1zbed3SBkdZYcZGVFNJCRM
                                                                                                              MD5:270D1E6437F036799637F0E1DFBDCAB5
                                                                                                              SHA1:5EDC39E2B6B1EF946F200282023DEDA21AC22DDE
                                                                                                              SHA-256:783AC9FA4590EB0F713A5BCB1E402A1CB0EE32BB06B3C7558043D9459F47956E
                                                                                                              SHA-512:10A5CE856D909C5C6618DE662DF1C21FA515D8B508938898E4EE64A70B61BE5F219F50917E4605BB57DB6825C925D37F01695A08A01A3C58E5194268B2F4DB3D
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/eaMqCdNxIXjLc0ATep7tsFkfmSA.gz.js
                                                                                                              Preview: var IPv6Tests;(function(n){function c(t){var r,c,o,l,f,s,i,a,v;try{if(y(),t==null||t.length==0)return;if(r=sj_cook.get(n.ipv6testcookie,n.ipv6testcrumb),r!=null&&r=="1"&&!u)return;if(c=sj_cook.get(n.ipv6testcookie,n.iptypecrumb),r!=null&&c&&u&&(o=Number(r),l=(new Date).getTime(),o!=NaN&&o>l))return;if(f=_d.getElementsByTagName("head")[0],!f)return;if(s="ipV6TestScript"+t,i=sj_ce("script",s),i.type="text/javascript",i.async=!0,i.onerror=function(){Log.Log("ipv6test","IPv6Test Dom_ "+t,"IPv6TestError",!1,"Error","JSONP call resulted in error.")},a=_ge(s),a&&f)return;f.insertBefore(i,f.firstChild);i.setAttribute("src",_w.location.protocol+"//"+t+".bing.com/ipv6test/test");e&&p();v=u?(new Date).getTime()+h:"1";sj_cook.set(n.ipv6testcookie,n.ipv6testcrumb,v.toString(),!1)}catch(w){Log.Log("ipv6test","Dom_ "+t,"IPv6TestError",!1,"Error","Failed to make JSONP call. Exception - "+w.message)}}function l(t){if(!t){Log.Log("ipv6test","IPv6TestResponseError","IPv6TestError",!1,"Error","Got null re
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon-2x[1].ico
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4286
                                                                                                              Entropy (8bit):3.8046022951415335
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                              MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                              SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                              SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                              SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/sa/simg/favicon-2x.ico
                                                                                                              Preview: ...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):671
                                                                                                              Entropy (8bit):5.014579690661168
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:tbH4/KYf3UnlcWYl7qy/gk63xsV8tGXcqecDDWUV8jEPsycd23Wt+MKsAnueOc+d:t74LfEnTYpq+gTxs6GUUQEPssmYsAnuH
                                                                                                              MD5:D9ED1A42342F37695571419070F8E818
                                                                                                              SHA1:7DD559538B6D6F0F0D0D19BA1F7239056DFFBC2A
                                                                                                              SHA-256:0C1E2169110DD2B16F43A9BC2621B78CC55423D769B0716EDAA24F95E8C2E9FE
                                                                                                              SHA-512:67F0BC641D78D5C12671FDD418D541F70517C3CA72C7B4682E7CAC80ABE6730A60D7C3C9778095AAB02C1BA43C8DD4038F48A1A17DA6A5E6C5189B30CA19A115
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg
                                                                                                              Preview: <svg focusable="false" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 16 16" enable-background="new 0 0 16 16" xml:space="preserve">..<path fill="#919191" d="M15.707,0.293c-0.391-0.391-1.024-0.391-1.415,0L7.994,6.591L1.696,0.293C1.298-0.091,0.665-0.08,0.281,0.318...c-0.375,0.388-0.375,1.003,0,1.391l6.298,6.298l-6.298,6.298c-0.384,0.398-0.373,1.031,0.025,1.415c0.388,0.375,1.003,0.375,1.391,0...l6.298-6.298l6.298,6.298c0.398,0.384,1.031,0.373,1.415-0.025c0.375-0.388,0.375-1.003,0-1.39L9.409,8.006l6.298-6.298...C16.098,1.317,16.098,0.684,15.707,0.293z"/>..<path fill="none" d="M0,0h16v16H0V0z"/>..</svg>..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hqx6FcD0hjfzrON5oLgx2RMMD1s.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):443
                                                                                                              Entropy (8bit):4.86644754379557
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:kdXCJAUQECJA5MeMJA561cnGfbs4Hbrk86fYXChdJAjU:8CJWECJKMeMJK61cuo47rk8WYMdJyU
                                                                                                              MD5:56583BD882D9571EC02FBDF69D854205
                                                                                                              SHA1:8DFF13B78F4CBCC482DC5C7FC1495390200C0B94
                                                                                                              SHA-256:DF0089A92B304A88F35AA0117CF8647695659AAF68B38B1B7A72A7C53465E9C7
                                                                                                              SHA-512:418B3003B568F2FDB862035EE624CE93087861AEBB6680CDC0E0F1212297B64D30596EEF931B8C6E818292C4AB14C8C17FF0BAF9E58ED93392AD7A80621EBBE4
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/hqx6FcD0hjfzrON5oLgx2RMMD1s.gz.js
                                                                                                              Preview: var OutlinePolyfil=function(){function n(){var n=this;this.attachHandlers=function(){n.attachHandlersForOutline()};this.attachHandlersForOutline=function(){addEventListener("keydown",n.onTabKey);addEventListener("mousedown",n.onMouseDown)};this.onTabKey=function(n){n.keyCode==9&&document.body.classList.add("tabbing")};this.onMouseDown=function(){document.body.classList.remove("tabbing")};this.attachHandlers()}return n}();new OutlinePolyfil
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):12105
                                                                                                              Entropy (8bit):5.451485481468043
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                              MD5:9234071287E637F85D721463C488704C
                                                                                                              SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                              SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                              SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                              Malicious:false
                                                                                                              Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\k5oM71-Oyo7w7ptkcB_2S5dIr7I.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):21824
                                                                                                              Entropy (8bit):5.243380331742482
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:HXpeDC+2uguwBYFsOZrSzz3wp0OxAmzjEHU:HXpeDz2gFsOZrOXWz4HU
                                                                                                              MD5:071CABC528DA3CDD5BD5C7F0EC48ED96
                                                                                                              SHA1:8B665A2DA630D6711E01E838877510F48C40E9CE
                                                                                                              SHA-256:9871F6289648EEA5CB484C2307C4E7BCDF3857AEB27EB07E0ACFD4C1B77EDBB5
                                                                                                              SHA-512:771DA4D3B22B53C5B1B1D2DF1B923B78124A7F92576700F7E988A1E40C2806CB2366D52C556F1FD49862B1A584D871ED7207B54174172740B4ED125AAD4C531F
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/k5oM71-Oyo7w7ptkcB_2S5dIr7I.gz.js
                                                                                                              Preview: (function () {.. if (typeof window !== 'undefined') {.. (function (arr) { arr.forEach(function (item) { if (item.hasOwnProperty('remove')) { return; } Object.defineProperty(item, 'remove', { configurable: true, enumerable: true, writable: true, value: function remove() { if (this.parentNode === null) { return; } this.parentNode.removeChild(this); } }); }); })([Element.prototype, CharacterData.prototype, DocumentType.prototype]);.... !function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n():"function"==typeof define&&define.amd?define(n):n()}(0,function(){"use strict";function e(e){var n=this.constructor;return this.then(function(t){return n.resolve(e()).then(function(){return t})},function(t){return n.resolve(e()).then(function(){return n.reject(t)})})}function n(e){return!(!e||"undefined"==typeof e.length)}function t(){}function o(e){if(!(this instanceof o))throw new TypeError("Promises must be constructed via new");if("function"!=typeof e)throw new Type
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\kBH4DSEA84cgV7IKw7_Bwvm2NpI[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:58:04], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):11847
                                                                                                              Entropy (8bit):7.82741108986083
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:dhK4s5Is9xn1pwLz+SHW36K+Oas6GKNQsjM+N7WzAVrzj+cq615Te+Se:d4ZOOloH/HW3Rp5Ka2tWzAVrzjv55ia
                                                                                                              MD5:5CCC9B225B51915169D6F4C27FA26C9A
                                                                                                              SHA1:9011F80D2100F3872057B20AC3BFC1C2F9B63692
                                                                                                              SHA-256:10D8D2141A01589A82B139B01A75B74D9DFAB16D273C9B2EC7F5087D3EF16B3B
                                                                                                              SHA-512:E2AEB96F6FEC6710AAFF6E52CC24E773CD194F9DEE1BC01FEED88A8EC48033DD9BD8AD0A18C14502DCB6A6ECF05418F18D125E00C4E0E06533495A00F3AF411F
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/kBH4DSEA84cgV7IKw7_Bwvm2NpI.jpg
                                                                                                              Preview: ......JFIF.....H.H......Exif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:07:31 17:58:04...................................................................................................................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...LT...{..3....P.1F)....1N....b.S.F(....;.b...\S.F(.....Q..n(.?.b...1O...cqF)....R.1@....b....R.\P.1K.v(. ..\S
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\n1U5gwBiwMo7s-fWOh2kSe3Kils[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31 17:53:43], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):12094
                                                                                                              Entropy (8bit):7.886865463015066
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:SiKi8QXz83TatNZ7rBakT+m47amRNj5y4zYOyuRHExmmjGjWddkuz4nicyktAtmR:SRi8083g7rBamzWNjPzguCxmmjGid60g
                                                                                                              MD5:05034EB84E5E7915CA36EB6FE59DFBA7
                                                                                                              SHA1:9F5539830062C0CA3BB3E7D63A1DA449EDCA8A5B
                                                                                                              SHA-256:9BEC2E05752C0699DB84352BB6E3DD4E5DAA927D32EC8123966F4A8FDF8B181A
                                                                                                              SHA-512:EB645D1FBB404B00D19C743C3F6F00597D91DE73EA2F02AE61AB76AFB13A913F68CB2419C205684CAD827D1369D8F76D9B7E709B8EF0AB05A86B305A7A5B7089
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/n1U5gwBiwMo7s-fWOh2kSe3Kils.jpg
                                                                                                              Preview: ......JFIF.....H.H.....zExif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:07:31 17:53:43...................................................................................................................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..8...R.Vf.|lcR..........sJ.#...1+..VR:b.b....8&*B.Qq.fj.6W50....`L.z..OrK_.+v..+..2....1.Q...K!.b..n.).A.j.s
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\n_C4vBfAV3O9RfkGjfduaZoxjAs[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:40:12], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):17171
                                                                                                              Entropy (8bit):7.923606790170532
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:oYOT4bsa8uRaCLYIrdjf7xR346jojxR0WKHfoe:oYOT4Ya8uRnxT/346AhKHfoe
                                                                                                              MD5:D7AE018EA70FA15F5E5389E4F96AD768
                                                                                                              SHA1:9FF0B8BC17C05773BD45F9068DF76E699A318C0B
                                                                                                              SHA-256:A4F4A44961E03A073E3F351F296EC19C50005AA96360A9E5CEE50E0587738FBB
                                                                                                              SHA-512:FD5B341BECCBBE7C16065217BBCAF6DF2C44629DE778E1263FE6A071565718C920335DBA220FDDF8EB18ECBBF2BEBC698B03BCF555949CB3DD66575249471406
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/n_C4vBfAV3O9RfkGjfduaZoxjAs.jpg
                                                                                                              Preview: ......JFIF.....H.H....(.Exif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:08:01 11:40:12................................................................................................(..................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...3J8...D....m8P...\.L..c..%.4.R...@.iqJ.4.CCJ.o.....-.!...1.Q.LB...S.U~...iXw.1J(..b.o.b.zSsHb.@..(... .H:...M.O4.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\th[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):6031
                                                                                                              Entropy (8bit):7.925095463416465
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEfMhWVUbP584ZqIxH7DA7X7pKa12P7SxsqQusglF1vX0achf3E2Vqq5kvjubXt:pPAeuUTmeDA7X9zxtQnosa43ZVq0kvjY
                                                                                                              MD5:782FA500C4DE9EF3D6A570C44542135F
                                                                                                              SHA1:95CC28C5A573A1AE015D3410DE3C2CCB71FA79EC
                                                                                                              SHA-256:8B43AA67282F1DC99CB93985FE5FC77DC65B9A39E5006E60F6D0BB5DC49A941F
                                                                                                              SHA-512:7A2F7593A4D1586028423AA6BFD4AF3052F129B8C823600BACC72A67D5314AF387124C923F3D4036D07E3F45B50325ACE6872D2F8C909E2BBACEFB90E8E67E73
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhYQ1.img&ehk=8PmfcecZjncH7mrSqaE5nKIoGXW0lWAPwFq0KSIPYzk%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....,.,.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...a...xoOcWE.e....W?g.P]...'OB8?.....06:.R?..[\."....X...q[.%."..*A(.I.........{..K5...y.W>#.O..-..:j[....*...._.G&.W..t_...h!f.......z....Z.X.D3.rR0~...W.,%J....t..O?...}.;Mk...H^\.G$..e....dx....".7i.L2..$...eN5kTP..L.m.c...8c...2{..k.ynnX..G.G3....ln... .+......F..y`j...)W.....ep.C...-d..L.....e...=E;X.k..o..F..K.....~F.!..JC....+..0.9...d.;1.1.YJ.%.$
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\th[2].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):5617
                                                                                                              Entropy (8bit):7.914560278102853
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPEWX8Dv5SwIDNSPlSR8gBQYLlsVF5DSqm2bGv5BJEjhMtHHq2qWS+8:pPRCcxpiQuV3DVXbGv5BJOatHJnS1
                                                                                                              MD5:ABD3CCCBC0A3814411F339C1308C8123
                                                                                                              SHA1:2CACFD1DAEC0226E726B7CC5625A2C420D2B64CB
                                                                                                              SHA-256:4043C9590ED06FB4478C2C34CED13E37CB103962F2D6D1A2ACB6596571834252
                                                                                                              SHA-512:585FB9C4FD4EFD1334A711C96800357C30E1E4B4D53419DA89395878B430B8F5378BB2E9837F0CEBFB8464492349D7131F9FFF8FFF14B4B2965E37F0716991EF
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhEPW.img&ehk=Y%2fkZDfGzvXTsnRuECbI3b9UBYNSaV6AAHPuYXAT9Ezw%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...nk.........XH.;..?.=.G.\..}..o..]O...w....L........B....B.S...u.j.....s.h...i..1[.U....!@zS+..-.@al.d.e...-...x.....w.1r..h.L+\!..e..mv...eU.....w.>1..!..V....B..z.P...9.qW7v.m.1F+[.Xf.:rzRb.<.b.....v)1.E..uc...i.0.)$$ed.....B......T....$..aZ1O....R.Y-.:n`r...zs.............h.I/..............c^Y.1.%.97..*.....Q<.2cv..A5..o.Bur.A......<...+]Z.nC..P6..${.A?.vX.!
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\th[3].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4312
                                                                                                              Entropy (8bit):7.896629933392767
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:pPE6aOSXvobhyGJ9XqX/qXkUTHgxHUymzHUyrxX968:pP2OSDeR74yJ9X
                                                                                                              MD5:C8F0AB2811C7353A12CE0A7463442862
                                                                                                              SHA1:51F0C9EC54F6F22A97BF9632C358B022D8219309
                                                                                                              SHA-256:50007CCC1F55815370BF8D7CC0257076B695A6CD1EDC8F3E20B7139C64CB0EC3
                                                                                                              SHA-512:938273185F822CA5F779203E939B51BC211CE961EFE74F007FC2F6EAB9D154559D6F810A8CCCF87A1718F66B32C34FF270386AC5F0039A9EADA6B1B8458533F9
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhEhY.img&ehk=DiJV2bamEdyntRs4dmR33nolNSElabA2YgjiEaUh4ZA%3d&w=150&h=150&c=8&rs=2&pid=WP0
                                                                                                              Preview: ......JFIF.....`.`.....C...........................$ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...........=)#)==================================================..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....I.......IP.......T...:B..8;[....Z.i...S.+.5...0}j&.h."...KIVi..$+,a.|u..@r.WE*..NP..9.Bt....B.*U...Y).85X..M.q8.._........G...Z.,[N..I..Z._.9B.T...FPvev.....P..'..{.(.8.$...W..#M.y./....|.q..S.8|M!...`.tyu.k.=...j.......x.y..y.G..p..^....]9r.r..G.Vv.R..#...R.A.[3N......&.)<.j..9..6...;.8.E^kr;QJ.w4,|'s#...c...4......7...*..G..B@..8....,....r=E|...<..9...
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4L4QdyjTv0HYE2Ig2ol9eYoqxg8[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1101
                                                                                                              Entropy (8bit):4.829151166001716
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:t0S8eLfl954T0u2y3EO1gRcDrIvQaDxijjfscC:vLfRWtPDuQKIjq
                                                                                                              MD5:91CD11CFCCA65CFACE96153268D71F63
                                                                                                              SHA1:E0BE107728D3BF41D8136220DA897D798A2AC60F
                                                                                                              SHA-256:8EE1E6D7A487C38412D7B375AC4A6BD7E47F70858055EEB7957226ADA05544BE
                                                                                                              SHA-512:4367CE147C7FA4590838F23C47819B8954858128336979E28BA116924B92660A7CBDC9A8292C45C5F26FF591F423F03DFADCB78A772DBE86AC5FBABF0B4E7711
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg
                                                                                                              Preview: <svg focusable="false" width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. <rect fill-opacity="0.2" fill="#000" x="0" y="0" width="24" height="24" rx="2"></rect>.. <g transform="translate(4, 4)">.. <path d="M13.2916881,1.29304814 L7.99395739,6.59077883 L2.69622669,1.29304814 C2.30349711,0.913737214 1.67923378,0.919161894 1.29315522,1.30524045 C0.907076669,1.691319 0.90165199,2.31558234 1.28096291,2.70831192 L6.57869361,8.00604261 L1.28096291,13.3037733 C0.90165199,13.6965029 0.907076669,14.3207662 1.29315522,14.7068448 C1.67923378,15.0929233 2.30349711,15.098348 2.69622669,14.7190371 L7.99395739,9.42130639 L13.2916881,14.7190371 C13.6844177,15.098348 14.308681,15.0929233 14.6947596,14.7068448 C15.0808381,14.3207662 15.0862628,13.6965029 14.7069519,13.3037733 L9.40922117,8.00604261 L14.7069519,2.70831192 C15.0976827,2.31746305 15.0976827,1.683897 14.7069519,1.29304814 C14.316103,0.902317288 13
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5rqGloMo94v3vwNVR5OsxDNd8d0[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):461
                                                                                                              Entropy (8bit):4.834490109266682
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:tI9mc4sl3WGPXN4x7ZguUz/KVqNFvneuFNH2N9wF+tC77LkeWVLKetCsYuwdOvX0:t41WeXNC1f3q/7H2DIZWYeIsrGYyKYx7
                                                                                                              MD5:4E67D347D439EEB1438AA8C0BF671B6B
                                                                                                              SHA1:E6BA86968328F78BF7BF03554793ACC4335DF1DD
                                                                                                              SHA-256:74DEB89D481050FD76A788660674BEA6C2A06B9272D19BC15F4732571502D94A
                                                                                                              SHA-512:BE40E5C7BB0E9F4C1687FFDDBD1FC16F1D2B19B40AB4865BE81DD5CF5F2D8F469E090219A5814B8DAED3E2CD711D4532E648664BFA601D1FF7BBAA83392D320E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/5rqGloMo94v3vwNVR5OsxDNd8d0.svg
                                                                                                              Preview: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><title>UserSignedOutIcon</title><circle cx="16" cy="16" r="16" fill="#eee"/><path d="M12.73 13.1a3.271 3.271 0 1 1 3.27 3.2 3.237 3.237 0 0 1-3.27-3.2zm-2.73 9.069h1.088a4.91 4.91 0 0 1 9.818 0h1.094a5.884 5.884 0 0 0-3.738-5.434 4.238 4.238 0 0 0 2.1-3.635 4.366 4.366 0 0 0-8.73 0 4.238 4.238 0 0 0 2.1 3.635 5.878 5.878 0 0 0-3.732 5.434z" fill="#666"/><path fill="none" d="M0 0h32v32h-32z"/></svg>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\6sxhavkE4_SZHA_K4rwWmg67vF0.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):20320
                                                                                                              Entropy (8bit):5.35616705330287
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:Kh4xTJXiXZ4sb4ZENXjTDDoFWZ3BnqIfP5IDV6s4RKAvKXAL5Nuwbv++9O:YoTdiJpjBpBnqIH+Z6se4XALueO
                                                                                                              MD5:07F6B49331D0BD13597934A20FAC385B
                                                                                                              SHA1:B39E1439D7FC072AF4961D4AB6DE07D0BC64B986
                                                                                                              SHA-256:4752E030AC235C73E92EC8BBF124D9A32A424457CA9A6D6027A9595DA76F98D7
                                                                                                              SHA-512:333B12B6BC7F72156026829E820A4F24759E15973B474E2FFB264DEE4C50B0E478128255E416F3194E8C170A28DF02AA425D720CC5E15BC2382EA2D6D57A6F5B
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/6sxhavkE4_SZHA_K4rwWmg67vF0.gz.js
                                                                                                              Preview: /*!DisableJavascriptProfiler*/.var BM=BM||{};BM.config={B:{timeout:250,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:14e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:10}},function(n){function vt(){if(!document.querySelector||!document.querySelectorAll){k({FN:"init",S:"QuerySelector"});return}w={};e=[];ft=1;ut=0;rt=0;o=[];s=0;h=!1;var n=Math.floor(Math.random()*1e4).toString(36);t={P:{C:0,N:0,I:n,S:fi,M:r,T:0,K:r,F:0}};vi()}function ei(n,t){var r={};for(var i in n)i.indexOf("_")!==0&&(i in t&&(n[i]!==t[i]||i==="i")?(r[i]=t[i],n[i]=t[i]):r[i]=null);return r}function oi(n){var i={};for(var t in n)n.hasOwnProperty(t)&&(i[t]=n[t]);return i}function b(n,t,r,u){if(!h){k({FN:"snapshot",S:n});return}r=r||gt;t=t||!1;var f=g()+r;ot(o,n)===-1&&o.push(n);t?(yt(),pt(t,u)):f>s&&(yt(),rt=sb_st(pt,r),s=f)}function k(n){var u={T:"CI.BoxModelError",FID:"CI",Name:ht,SV:ct,P:t&&"P"in t?d(t.P):r,TS:f(),ST:v},i,e;for(i in n)u[i]=n[i];e=d(u);wt(e)}func
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BJp5dDFvoQm12CHBfp4PC6aiyg4.gz[1].css
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):73202
                                                                                                              Entropy (8bit):5.307816444057117
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:kcGJTL/mKzAAFl7JlsG0GRe1cxnoWC1kuyOYkTs/Kun:LGJ4AFl7JlsG0GRCcxnoWC1kuyOYkT0
                                                                                                              MD5:C912DA2683E71660357A600EE34A7873
                                                                                                              SHA1:5DFD028307D4CD8A66492E807B848FEC177AEC3A
                                                                                                              SHA-256:525D57B5D38D8212993C66A33F4CD15EDBD0F260A5AFCF539D092047A908D6EE
                                                                                                              SHA-512:31E2A56C27CC037AD903292DFA518E86642C2A610E9923DD4F7A2FD1347167E042E957A85E98561CC9178318D121DEA3EF165F88EEC79915D0687939DC25BBC9
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/BJp5dDFvoQm12CHBfp4PC6aiyg4.gz.css
                                                                                                              Preview: .scopes{color:rgba(255,255,255,.8);display:inline-block;left:0;white-space:nowrap;list-style:none;line-height:39px}.scopes.sc_hide{display:none}.scopes .scope{font-size:.8125rem;cursor:pointer;vertical-align:middle;margin-right:36px;background-repeat:no-repeat;position:relative;display:inline-block}.scopes .scope:hover,.scopes .scope.focusin{color:#fff}.scopes .scope:hover .overflow_menu,.scopes .scope.focusin .overflow_menu{transform:none}.scopes .scope:focus-within .overflow_menu{color:#fff;transform:none}.scopes .scope a{color:inherit;cursor:pointer;text-decoration:none}.scopes .scope.dots{margin-bottom:8px;font-weight:bold}.scopes .scope.dots:before{display:inline-block;content:'. . .'}.scopes .scope.dots.hover_focus:focus{outline:none}.scopes .scope .overflow_menu{color:#666;cursor:pointer;transform:scale(0);position:absolute;background-color:#fff;border-radius:6px;padding:4px 0;box-shadow:0 4px 12px 1px rgba(0,0,0,.14);min-width:155px}.scopes .scope .overflow_menu .overflow_item{
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ELqKWpA6KkapLUFbOLS-IQ2zfXc[1].jpg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01 11:43:45], progressive, precision 8, 160x160, frames 3
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):9908
                                                                                                              Entropy (8bit):7.8062296698930025
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:sWK8UVOGWSkbr43J1ZBpYKL2wth0XM2Cc8AyJKl4xV0KamWtOb+SP0cX:s18bVBrK9B6G2whJ2i/cmygrP0e
                                                                                                              MD5:968C49AC8A1A3EF85F2884F226C55742
                                                                                                              SHA1:10BA8A5A903A2A46A92D415B38B4BE210DB37D77
                                                                                                              SHA-256:E441AFC03F067D1D85DF1F69EB8F482BFDA697CC217E11E1547B3CE964B15B2A
                                                                                                              SHA-512:07B13D6E736683E36091E5BC52F953F9077AD9CD656F0F91E52F17C4630BE3D7524000AA37CFD6CB29ECBB5315F973086630F240118DBE248B4F8A3E79B2B524
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/ELqKWpA6KkapLUFbOLS-IQ2zfXc.jpg
                                                                                                              Preview: ......JFIF.....H.H.....PExif..II*...............J...........R...(...........1.......Z...2.......f...z...H.......H.......GIMP 2.10.8.2019:08:01 11:43:45...............................................................................................a...................JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...M......*.i.@.=h......)(.....)i(....(.h...)h...ZJZ.(...(...(....(...)i(......M.N4...S..4..!.E......(......(...Z(..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):282
                                                                                                              Entropy (8bit):4.768675821769942
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:tbXH4mc4sl3UY7eERI1+N9H5R0MLERIwoVNdJMvdIXyCWfuBIAFfu:tbH41niB1+bj0MLBnpavdqyVGBIAFm
                                                                                                              MD5:E38795B634154EC1FF41C6BCDA54EE52
                                                                                                              SHA1:16C6BF388D00A650A75685C671AF002CEA344B4B
                                                                                                              SHA-256:66B589F920473F0FD69C45C8E3C93A95BB456B219CBA3D52873F2A3A1880F3F0
                                                                                                              SHA-512:DCA2E67C46CFF1B9BE39CE8B0D83C34173E6B77EC08FA4EB4BA18A4555144523C570D785549FED7A9909C2E2C3B48D705B6E332832CA4D5DE424B5F7C3CD59BE
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/Fsa_OI0AplCnVoXGca8ALOo0S0s.svg
                                                                                                              Preview: <svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16">.. <path d="M0 0h16v16h-16z" fill="none"/>.. <path d="M8 1a7 7 0 1 0 7 7 7 7 0 0 0-7-7zm1 10a1 1 0 0 1-2 0v-3a1 1 0 0 1 2 0zm-.293-5.293a1 1 0 1 1 .293-.707 1 1 0 0 1-.293.707z" fill="#767676"/>..</svg>
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\JDHEvZVDnqsG9UcxzgIdtGb6thw.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):408
                                                                                                              Entropy (8bit):5.040387533075148
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:2QWV6yRZ1nkDXAn357CXYX0cO2mAICL2b3TRn:2QO6P+5OYXJPi3TRn
                                                                                                              MD5:B4D53E840DB74C55CC3E3E6B44C3DAC1
                                                                                                              SHA1:89616D8595CF2D26B581287239AFB62655426315
                                                                                                              SHA-256:622B88D7D03DDACC92B81FE80A30B3D5A04072268BF9473BB29621E884AAB5F6
                                                                                                              SHA-512:4798E4E1E907EAE161E67B9BAB42206CE0F22530871EEC63582161E29DD00D2D7034E7D12CB3FE56FFF673BC9BB01F0646F9CA5DAED288134CB25978EFBBEC8F
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/JDHEvZVDnqsG9UcxzgIdtGb6thw.gz.js
                                                                                                              Preview: (function(){function u(){n&&(n.value.length>0?Lib.CssClass.add(sj_b,t):Lib.CssClass.remove(sj_b,t))}function f(r){n.value="";Lib.CssClass.remove(sj_b,t);sj_log("CI.XButton","Clicked","1");i&&Lib.CssClass.add(i,"b_focus");n.focus();n.click();r&&(r.preventDefault(),r.stopPropagation())}var i=_ge("b_header"),n=_ge("sb_form_q"),r=_ge("sb_clt"),t="b_sbText";n&&r&&(sj_be(r,"click",f),sj_be(n,"keyup",u),u())})()
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1612
                                                                                                              Entropy (8bit):4.869554560514657
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
                                                                                                              MD5:DFEABDE84792228093A5A270352395B6
                                                                                                              SHA1:E41258C9576721025926326F76063C2305586F76
                                                                                                              SHA-256:77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
                                                                                                              SHA-512:E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
                                                                                                              Malicious:false
                                                                                                              Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NnFHhz2jL6yzChtIhaB5IIVKY5k[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1111
                                                                                                              Entropy (8bit):4.61511796141903
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:twgonGLheJUVYxCdBTMqTS05sLGkkhQgbQgwHW4QhJ:6gAShpyxCdBTrS05sLKhvUfSJ
                                                                                                              MD5:C04C8834AC91802186E6CE677AE4A89D
                                                                                                              SHA1:367147873DA32FACB30A1B4885A07920854A6399
                                                                                                              SHA-256:46CC84BA382B065045DB005E895414686F2E76B64AF854F5AD1AC0DF020C3BDB
                                                                                                              SHA-512:82388309085BD143E32981FE4C79604DCEFC4222FB2B53A8625852C3572BDE3D3A578DD558478E6A18F7863CC4EC19DFBA3EE78AD8A4CC71917BFFE027DC22C0
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/NnFHhz2jL6yzChtIhaB5IIVKY5k.svg
                                                                                                              Preview: <svg width="20px" height="16px" viewBox="0 0 20 16" focusable="false" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. <g transform="translate(-10, -12)" fill="#007DAA" >.. <path d="M28.125,14.4615385 L25,14.4615385 L24.26875,13.0203077 C23.95125,12.3950769 23.30125,12 22.59125,12 L17.40875,12 C16.69875,12 16.04875,12.3950769 15.73125,13.0203077 L15,14.4615385 L11.875,14.4615385 C10.84,14.4615385 10,15.2886154 10,16.3076923 L10,26.1538462 C10,27.1729231 10.84,28 11.875,28 L28.125,28 C29.16,28 30,27.1729231 30,26.1538462 L30,16.3076923 C30,15.2886154 29.16,14.4615385 28.125,14.4615385 Z M20,25.5384615 C17.23875,25.5384615 15,23.3341538 15,20.6153846 C15,17.8966154 17.23875,15.6923077 20,15.6923077 C22.76125,15.6923077 25,17.8966154 25,20.6153846 C25,23.3341538 22.76125,25.5384615 20,25.5384615 Z M20,18.1538462 C18.62125,18.1538462 17.5,19.2578462 17.5,20.6153846 C17.5,21.9729231 18.62125,23.0769231 20,23.0769231 C21.37875,23.0769231
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\RYAVY2NL.htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):60387
                                                                                                              Entropy (8bit):5.762663884561899
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:GdrSCXrLQ4o3HuzcpUQq3ETOuKsIecFXdAjvd594fJLYv4jmAPb097Q53Opw:GhLQt3OwmQqsd59RQew
                                                                                                              MD5:21DBD31067685E115CB500A2715D3C27
                                                                                                              SHA1:7457F9D0CDAF7D00A81445ED1FAB918C0906ECBF
                                                                                                              SHA-256:2B36C567E597F687426721261AF8DF656DF93C7A5596FBDE620AAC1A2259D25D
                                                                                                              SHA-512:0350D68D409A7ACD7A6E015E482DA50F5961D8F75CBEEB4B5857FB31654D7B22B04E129B3E9C626A753EC774E821CE987A53F58FE22FF060152C973AFD2FA26A
                                                                                                              Malicious:false
                                                                                                              Preview: <!doctype html><html lang="en" dir="ltr"><head><meta name="theme-color" content="#4F4F4F" /><meta name="description" content="Bing helps you turn information into action, making it faster and easier to go from searching to doing." /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta property="fb:app_id" content="570810223073062" /><meta property="og:type" content="website" /><meta property="og:title" content="Info" /><meta property="og:image" content="https://www.bing.com/th?id=OHR.EggTree_ROW9453259256_tmb.jpg&amp;rf=" /><meta property="og:image:width" content="1366" /><meta property="og:image:height" content="768" /><meta property="og:url" content="https://www.bing.com/?form=HPFBBK&amp;ssd=20210404_0700&amp;mkt=de-CH" /><meta property="og:site_name" content="Bing" /><meta property="og:description" content="If you find yourself in Germany or Austria around " /><title>Bing</title><link rel="shortcut icon"
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\XvRHqJwJt19aXQca73hQTfvNMxk[1].svg
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):545
                                                                                                              Entropy (8bit):5.028824557535963
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:t4102hriVtBr4pFm9z0kjhlHJW1QOYIX+Xw5RxnnS8K0ML2wtp:t41jiVt5wIz0kjhlHJW1QNCRxS8KLL2a
                                                                                                              MD5:58725E06FABDC207D4350D6F3C5B33D0
                                                                                                              SHA1:5EF447A89C09B75F5A5D071AEF78504DFBCD3319
                                                                                                              SHA-256:EDD5715C42AD596AFE1CF07A400D4F33A2F5388C18ADFDD169A7E9467BC9E9DB
                                                                                                              SHA-512:69F8A2161EDE8AA0BE70ECF641D1C05D7E9B5E6952DD41255E02B7AE9FAFDC94A9547DDDB46A2FF9A56C852239558E3C6634D93A1D6D7669C719956C8D2F5DD6
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/XvRHqJwJt19aXQca73hQTfvNMxk.svg
                                                                                                              Preview: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" enable-background="new 0 0 20 20">.. <circle fill="#00809D" cx="10" cy="10" r="3"/>.. <circle fill="#00809D" cx="5.5" cy="5.5" r="1.25"/>.. <path stroke="#00809D" stroke-width="2" stroke-linecap="round" stroke-miterlimit="10" d="M1 7.25v-2.5c0-2.071 1.679-3.75 3.75-3.75h2.5M7.25 19h-2.5c-2.071 0-3.75-1.679-3.75-3.75v-2.5M19 12.75v2.5c0 2.071-1.679 3.75-3.75 3.75h-2.5M12.75 1h2.5c2.071 0 3.75 1.679 3.75 3.75v2.5" fill="none"/>.. <path fill="none" d="M0 0h20v20h-20z"/>..</svg>..
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Y[1].htm
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:gzip compressed data, max speed, from TOPS/20
                                                                                                              Category:dropped
                                                                                                              Size (bytes):367
                                                                                                              Entropy (8bit):7.392499740804336
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:XtUTUdia1puX2slMH9S4/0hEHSKkim3Lp6WzxV2D+WPrB0TkMfNejI40mpE/:XyTUkaXYZMdSrEHSKk13EWHu+KmoF0mW
                                                                                                              MD5:8E7BD070E6285A8ED6C1F07DB9035F31
                                                                                                              SHA1:85C99C4BE6922B8E1F5176C7A88E1F51B6C634ED
                                                                                                              SHA-256:5BA44EFA7743241F7F9AB33C1255EE2470EE375CAE4B3BDA725F6A491AA42063
                                                                                                              SHA-512:5E1ED89DE6ED6B71B74DB11FC5902C5C01A79D18B5AF5569A236E0AD05BC7B51953F9F167138725F60D1627DCA5521118A623F2E7867AE7B9BF37AF9CC8F165D
                                                                                                              Malicious:false
                                                                                                              Preview: ..........T.KS.0..........hZJ.P.X.@."..\.>...54.w...=.b........^......S..%.....Dr.oo0G......vx............F.:..z0..r!.2...R.mJ...a.c.py....../'K.<.Y.L....*...y..P....\,S..t.2.+Vk....Qu...@.CD...%.....X..v.....q../..A...d.....M...B.{..\.......6. ...G...'.g.s...4v.,6...?}.g7,.')|.F.}X......X7,J.3....&!=....M.FtlXw6g....].....Kc..1.7........A.V....
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\a282eRIAnHsW_URoyogdzsukm_o.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):423
                                                                                                              Entropy (8bit):5.117319003552808
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:2gSYjthM4GF4aaXtdhI9DfaUZnsMQYAQI:2gSW/bS9/ZnsMAj
                                                                                                              MD5:3A5049DB26AF9CE03DB6A53D3541082D
                                                                                                              SHA1:934DAEA4EDDE2568CA02AB89AF23FDCFEB57339A
                                                                                                              SHA-256:AF8C36DEFED55D79106513865F69933E546E1E4C361E41C29F65905DED009047
                                                                                                              SHA-512:5E21B6E184CBB0013DCCE174345DAC14BB64D391CCA3B253F73C7373253FDCA5E0BB297A0BD2FAD237E4F796895807660369680621C49C8F99DF428ED3218C9E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/a282eRIAnHsW_URoyogdzsukm_o.gz.js
                                                                                                              Preview: (function(n){function i(){var e,o,u,s,f,r;if(document.querySelector&&document.querySelectorAll){e=[];o=n.rules;for(u in o)for(s=o[u],u+=!s[2]?"":" >*",f=document.querySelectorAll(u),r=0;r<f.length;r++){var i=f[r],h=0,c=0,l=i.offsetWidth,a=i.offsetHeight;do h+=i.offsetLeft,c+=i.offsetTop;while(i=i.offsetParent);e.push({_e:f[r],x:h,y:c,w:l,h:a})}n.enqueue(t,e)}}var t="L";n.wireup(t,{load:null,compute:i,unload:null})})(BM)
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bLULVERLX4vU6bjspboNMw9vl_0.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:very short file (no magic)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:V:V
                                                                                                              MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                              SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                              SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                              SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/bLULVERLX4vU6bjspboNMw9vl_0.gz.js
                                                                                                              Preview: 0
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):748
                                                                                                              Entropy (8bit):7.249606135668305
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                              MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                              SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                              SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                              SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                              Malicious:false
                                                                                                              Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1]
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4720
                                                                                                              Entropy (8bit):5.164796203267696
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                              MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                              SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                              SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                              SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:res://ieframe.dll/errorPageStrings.js
                                                                                                              Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\lK_FmcR4naKX9hpIwfe9ify1hf4.gz[1].js
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):125734
                                                                                                              Entropy (8bit):5.670169400028476
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:ppkCMu1Rv0SuDHT4kfr5IRnO8E9FqJCnq1EoAXycCroA0wT8aHs3:3Mu1Rv0SvNmeGq1ENXdTAVM
                                                                                                              MD5:C24FE194A488B12CCE5B3858D12C2C3D
                                                                                                              SHA1:E55B3E549CA42D614BEE0C4538F9EDA6C89DE00D
                                                                                                              SHA-256:45A1BD96D9A1BB1F03191C2F062FDC5369542864C4777A67623811BE6463D4D6
                                                                                                              SHA-512:4F1C02C2FE716DBEAF061DC9476AD35E33F5C808FD3D79D0ADBECED81B65A02225F7356DBCB10A7232BDD7D02BC0C908F17BB61B058FF5FB99747202522B5473
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/rp/lK_FmcR4naKX9hpIwfe9ify1hf4.gz.js
                                                                                                              Preview: var __assign=this&&this.__assign||function(){return __assign=Object.assign||function(n){for(var t,r,i=1,u=arguments.length;i<u;i++){t=arguments[i];for(r in t)Object.prototype.hasOwnProperty.call(t,r)&&(n[r]=t[r])}return n},__assign.apply(this,arguments)},__rest=this&&this.__rest||function(n,t){var u={},r;for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&t.indexOf(i)<0&&(u[i]=n[i]);if(n!=null&&typeof Object.getOwnPropertySymbols=="function")for(r=0,i=Object.getOwnPropertySymbols(n);r<i.length;r++)t.indexOf(i[r])<0&&Object.prototype.propertyIsEnumerable.call(n,i[r])&&(u[i[r]]=n[i[r]]);return u},__spreadArrays=this&&this.__spreadArrays||function(){for(var i=0,n=0,r=arguments.length;n<r;n++)i+=arguments[n].length;for(var u=Array(i),f=0,n=0;n<r;n++)for(var e=arguments[n],t=0,o=e.length;t<o;t++,f++)u[f]=e[t];return u},__awaiter=this&&this.__awaiter||function(n,t,i,r){function u(n){return n instanceof i?n:new i(function(t){t(n)})}return new(i||(i=Promise))(function(i,f){function o(n){
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\model[1].json
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):16232
                                                                                                              Entropy (8bit):5.521169464151162
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:HiePm3yt9YYr+R1r6m75bh5u5hOuKsVMhu3kx0m4iDewY/rfrEraIO1uYPW:CZ3yjYYQF5uTOuKsV2u3kx0m4iDewY/i
                                                                                                              MD5:674960F3F7AE46A594B5859BD6E6A698
                                                                                                              SHA1:CBD0345D8D39D145F0696FA5085391D4C382D628
                                                                                                              SHA-256:94D6D69973E55C3528543D3C7FB9177E6698B1F27C254DEAD11769173C85BD62
                                                                                                              SHA-512:3E1470CFBCF50B225B4625B3C15F88737D25DE79E2E756C0CDEBB8D6EC2971C9B360B244024798FD95BB991534E324A6E8BDD63BA01797551CAE78A98A39B60B
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/hp/api/model?form=REDIRERR
                                                                                                              Preview: {"ClientSettings":{"Pn":{"Cn":1,"St":0,"Qs":0,"Prod":"P"},"Sc":{"Cn":1,"St":0,"Qs":0,"Prod":"H"},"Qz":{"Cn":1,"St":0,"Qs":0,"Prod":"T"},"Ap":true,"Mute":true,"Lad":"2021-04-04T00:00:00Z","Iotd":0,"Dft":null,"Mvs":0,"Flt":0,"Imp":2},"MediaContents":[{"ImageContent":{"Description":"If you find yourself in Germany or Austria around Easter, you.ll see trees, branches and bushes decorated in colourful eggs such as these. The Ostereierbaum (or Easter egg tree) is a German tradition dating back centuries. Nobody is quite sure of the exact origin, but eggs have long been a symbol of rebirth and spring.","Image":{"Url":"/th?id=OHR.EggTree_ROW9453259256_1920x1080.jpg&rf=LaDigue_1920x1080.jpg","Wallpaper":"/th?id=OHR.EggTree_ROW9453259256_1920x1200.jpg&rf=LaDigue_1920x1200.jpg","Downloadable":true},"Headline":"Info","Title":"Ostereierbaum (Easter egg tree) in Saalfeld, Germany","Copyright":". Rudi Sebastian/Alamy","SocialGood":null,"MapLink":{"Url":"","Link":""},"QuickFact":{"MainText":"","Lin
                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\msnpopularnow[1].json
                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):10557
                                                                                                              Entropy (8bit):5.518665687721615
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:Z/m8FlXHUHRiHeRABau450ZqVPtNK3Hutvzx/JTpkH2W8TDE3PXIt6pNsmlXbOmL:xm8XXHKNicP+c1U+txhTp5WC+A8IwQ2l
                                                                                                              MD5:71185BA6B97E9A2E74DFE7A2D1CA07EA
                                                                                                              SHA1:07ABA570A6FCB6CBF848FA621343AC4FA849B19B
                                                                                                              SHA-256:BC90D83DD02A419048C92CDDC51FCCAD0AE5A26B9AEAD6130C3F2E1EDAB96C2A
                                                                                                              SHA-512:DC8FAE80B64EB351E1ADF5B5F6B1566BE4E441032C9F818B5A6E29F5527D04056781633AF8D1916ED622D9E7B05F0B66FD6943D8CC9F9B7F7C7CD94979440E9A
                                                                                                              Malicious:false
                                                                                                              IE Cache URL:https://www.bing.com/hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&&form=REDIRERR
                                                                                                              Preview: {"title":"","data":[{"typeName":"Msn","items":[{"url":"https://www.msn.com/de-ch/nachrichten/schweiz/schweizer-pass-nach-der-schulzeit-junge-glp-will-einb.rgerungsdebatte-aufmischen/ar-BB1fif4j?ocid=BingHPC","imageUrl":"/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fiaI7.img&ehk=3CfFOJqoBtbGInsAB%2fv9rlt%2f4VmgtElnbKf98WA8jNw%3d&w=150&h=150&c=8&rs=2&pid=WP0","shortTitle":"watson.ch","longTitle":"Junge GLP fordert Recht auf Schweizer Pass nach der Schulzeit","accessibilityTitle":"","subtext":"","isRecommendedNews":false},{"url":"https://www.msn.com/de-ch/nachrichten/vermischtes/taucherin-tot-aus-dem-rhein-geborgen/ar-BB1fi1Ia?ocid=BingHPC","imageUrl":"/th?u=https%3a%2f%2fimg-s-msn-com.akamaized.net%2ftenant%2famp%2fentityid%2fBB1fhZsE.img&ehk=wkstOBEs6%2f%2bY%2bU76Drh7M5rDa8DMwYuFJILSwcR2QeM%3d&w=150&h=150&c=8&rs=2&pid=WP0","shortTitle":"watson.ch","longTitle":"Taucherin tot aus dem Rhein geborgen","accessibilityTitle":"","subtext":"","isRecommendedNews

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):5.103552893623064
                                                                                                              TrID:
                                                                                                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                              • DOS Executable Generic (2002/1) 0.20%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:KAsJ2r4XYY.dll
                                                                                                              File size:128528
                                                                                                              MD5:2d242e5ea5fbb1541d1c72b6a01236f6
                                                                                                              SHA1:1c593344883c0db0f34a917381ea7865cbfceba2
                                                                                                              SHA256:d7102c2bee0abe8f04f3faf34374462dbe7b528f3de6492b6e9ce230a5a8d5ef
                                                                                                              SHA512:6d80bbd41c916b660a0d798208585a327c7322ee83f8ad4c7af7668dd0c6ceb8a39491abc56ab430418e5bc2ec9df4a547f0e833984ed7ea18b4b148d26359c3
                                                                                                              SSDEEP:1536:DWKaY5Se9WnVI78XvnoxJasJvRHKmyGDvDk0Rt9Y56l5ZMpvV05o9OX5xPw8:DWa0eQnVI7qCqZGDvDk4wol5w0EU
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._W...6e..6e..6e..)v..6e...w..6e.Rich.6e.................PE..L.....f`...........!.....Z...........`.......p.....................

                                                                                                              File Icon

                                                                                                              Icon Hash:74f0e4ecccdce0e4

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x10006099
                                                                                                              Entrypoint Section:.code
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x10000000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                              DLL Characteristics:
                                                                                                              Time Stamp:0x6066E9D0 [Fri Apr 2 09:54:24 2021 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:811de8e945c2087a6e052096546cd842

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push ebx
                                                                                                              push ebx
                                                                                                              and dword ptr [esp], 00000000h
                                                                                                              add dword ptr [esp], ebp
                                                                                                              mov ebp, esp
                                                                                                              add esp, FFFFFFF8h
                                                                                                              push esi
                                                                                                              mov dword ptr [esp], FFFF0000h
                                                                                                              call 00007F0D71016B30h
                                                                                                              push ecx
                                                                                                              add dword ptr [esp], 00000247h
                                                                                                              sub dword ptr [esp], ecx
                                                                                                              push ecx
                                                                                                              mov dword ptr [esp], 00005267h
                                                                                                              call 00007F0D710134D9h
                                                                                                              push esi
                                                                                                              mov esi, eax
                                                                                                              or esi, eax
                                                                                                              mov eax, esi
                                                                                                              pop esi
                                                                                                              jne 00007F0D710185D2h
                                                                                                              pushad
                                                                                                              push 00000000h
                                                                                                              mov dword ptr [esp], edi
                                                                                                              xor edi, edi
                                                                                                              or edi, dword ptr [ebx+0041856Bh]
                                                                                                              mov eax, edi
                                                                                                              pop edi
                                                                                                              push edx
                                                                                                              add dword ptr [esp], 40h
                                                                                                              sub dword ptr [esp], edx
                                                                                                              push ebx
                                                                                                              mov dword ptr [esp], 00001000h
                                                                                                              push edi
                                                                                                              sub dword ptr [esp], edi
                                                                                                              xor dword ptr [esp], eax
                                                                                                              push 00000000h
                                                                                                              call dword ptr [ebx+0045D014h]
                                                                                                              mov dword ptr [ebp-04h], ecx
                                                                                                              and ecx, 00000000h
                                                                                                              xor ecx, eax
                                                                                                              and edi, 00000000h
                                                                                                              or edi, ecx
                                                                                                              mov ecx, dword ptr [ebp-04h]
                                                                                                              push eax
                                                                                                              sub eax, dword ptr [esp]
                                                                                                              or eax, edi
                                                                                                              and dword ptr [ebx+0041809Bh], 00000000h
                                                                                                              xor dword ptr [ebx+0041809Bh], eax
                                                                                                              pop eax
                                                                                                              cmp ebx, 00000000h
                                                                                                              jbe 00007F0D710185AEh
                                                                                                              add dword ptr [ebx+004180F7h], ebx
                                                                                                              add dword ptr [ebx+00418633h], ebx
                                                                                                              mov dword ptr [ebp-04h], edx
                                                                                                              sub edx, edx
                                                                                                              xor edx, dword ptr [ebx+004180F7h]
                                                                                                              mov esi, edx
                                                                                                              mov edx, dword ptr [ebp-04h]
                                                                                                              push edi
                                                                                                              xor edi, dword ptr [esp]
                                                                                                              xor edi, dword ptr [ebx+0041856Bh]
                                                                                                              and ecx, 00000000h
                                                                                                              or ecx, edi
                                                                                                              pop edi
                                                                                                              cld
                                                                                                              rep movsb
                                                                                                              push ebx
                                                                                                              mov dword ptr [eax+eax], 00000000h

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x170000x51.data
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5d0500x64.data
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x5d0000x50.data
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .code0x10000x159660x15a00False0.70799087789data6.48337924377IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .data0x170000x510x200False0.140625data0.863325225156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .rdata0x180000x44c5f0x1800False0.13330078125data0.926783139034IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .data0x5d0000x2500x400False0.2900390625data2.96075631554IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              user32.dllGetActiveWindow, CheckDlgButton, CheckMenuItem, CheckRadioButton, CheckMenuRadioItem
                                                                                                              kernel32.dllGetProcAddress, LoadLibraryA, VirtualProtect, VirtualAlloc, lstrlenA, GetCurrentThreadId, GetCurrentProcess, GetCurrentThread, Module32FirstW
                                                                                                              ole32.dllOleInitialize
                                                                                                              comctl32.dllDPA_Sort

                                                                                                              Exports

                                                                                                              NameOrdinalAddress
                                                                                                              StartService10x1000b959

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Apr 4, 2021 18:58:07.600804090 CEST4974880192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:07.600861073 CEST4974980192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:08.590600014 CEST4974880192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:08.606271029 CEST4974980192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:10.590683937 CEST4974880192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:10.606307030 CEST4974980192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:14.608742952 CEST4975280192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:15.622315884 CEST4975280192.168.2.3185.243.114.196
                                                                                                              Apr 4, 2021 18:58:17.638129950 CEST4975280192.168.2.3185.243.114.196

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Apr 4, 2021 18:56:27.610282898 CEST6493853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:27.661509037 CEST53649388.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:29.904279947 CEST6015253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:29.950160980 CEST53601528.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:30.829324961 CEST5754453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:30.875340939 CEST53575448.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:34.728648901 CEST5598453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:34.778789997 CEST53559848.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:36.646050930 CEST6418553192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:36.700548887 CEST53641858.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:37.888761044 CEST6511053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:37.935349941 CEST53651108.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:38.682307959 CEST5836153192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:38.736848116 CEST53583618.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:40.214221954 CEST6349253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:40.260200977 CEST53634928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:41.369178057 CEST6083153192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:41.417992115 CEST53608318.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:42.479974031 CEST6010053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:42.526197910 CEST53601008.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:43.744175911 CEST5319553192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:43.793410063 CEST53531958.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:44.976269007 CEST5014153192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:45.034862995 CEST53501418.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:46.232037067 CEST5302353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:46.291232109 CEST53530238.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:46.994873047 CEST4956353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:47.041007042 CEST53495638.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:47.777889013 CEST5135253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:47.835448980 CEST53513528.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:48.626391888 CEST5934953192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:48.672518969 CEST53593498.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:50.318913937 CEST5708453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:50.365659952 CEST53570848.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:56:59.768665075 CEST5882353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:56:59.826195955 CEST53588238.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:04.621097088 CEST5756853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:04.677375078 CEST53575688.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:18.677835941 CEST5054053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:18.737010002 CEST53505408.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:20.227236032 CEST5436653192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:20.275999069 CEST53543668.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:20.559334040 CEST5303453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:20.614182949 CEST53530348.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:20.675209045 CEST5776253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:20.729763031 CEST53577628.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:21.508186102 CEST5543553192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:21.517031908 CEST5071353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:21.573930979 CEST53507138.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:21.583472967 CEST53554358.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:21.614002943 CEST5613253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:21.671776056 CEST53561328.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:24.858932972 CEST5898753192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:24.913906097 CEST53589878.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:36.552911997 CEST5657953192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:36.600281000 CEST53565798.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:40.304420948 CEST6063353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:40.358575106 CEST53606338.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:48.665844917 CEST6129253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:48.720395088 CEST53612928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:49.653027058 CEST6129253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:49.709651947 CEST53612928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:50.669909954 CEST6129253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:50.715852976 CEST53612928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:52.667727947 CEST6129253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:52.723737001 CEST53612928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:57:56.683665037 CEST6129253192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:57:56.729597092 CEST53612928.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:06.486561060 CEST6361953192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:06.542745113 CEST53636198.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:07.506000042 CEST6493853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:07.583383083 CEST53649388.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:11.274224043 CEST6194653192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:11.330255985 CEST53619468.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:13.719815016 CEST6491053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:13.791820049 CEST53649108.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:14.850806952 CEST5212353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:14.898058891 CEST53521238.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:15.225184917 CEST5613053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:15.298180103 CEST53561308.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:15.925690889 CEST5633853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:15.941443920 CEST5942053192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:15.983675003 CEST53563388.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:15.995733023 CEST53594208.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:21.660877943 CEST5878453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:21.721563101 CEST53587848.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:37.475678921 CEST6397853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:37.531588078 CEST53639788.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:38.478279114 CEST6293853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:38.564630032 CEST53629388.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:38.570694923 CEST5570853192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:38.625051975 CEST53557088.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:38.630319118 CEST5680353192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:38.684590101 CEST53568038.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:42.607873917 CEST5714553192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:42.663883924 CEST53571458.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:42.882540941 CEST5535953192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:42.948448896 CEST53553598.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:44.167092085 CEST5830653192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:44.221791983 CEST53583068.8.8.8192.168.2.3
                                                                                                              Apr 4, 2021 18:58:45.443466902 CEST6412453192.168.2.38.8.8.8
                                                                                                              Apr 4, 2021 18:58:45.512501001 CEST53641248.8.8.8192.168.2.3

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Apr 4, 2021 18:57:21.508186102 CEST192.168.2.38.8.8.80x6b2Standard query (0)login.microsoftonline.comA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:07.506000042 CEST192.168.2.38.8.8.80xb0c5Standard query (0)under17.comA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:21.660877943 CEST192.168.2.38.8.8.80xc7b7Standard query (0)under17.comA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:42.882540941 CEST192.168.2.38.8.8.80x2c05Standard query (0)urs-world.comA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:44.167092085 CEST192.168.2.38.8.8.80x5bfbStandard query (0)urs-world.comA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:45.443466902 CEST192.168.2.38.8.8.80xbc6dStandard query (0)urs-world.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Apr 4, 2021 18:57:21.583472967 CEST8.8.8.8192.168.2.30x6b2No error (0)login.microsoftonline.coma.privatelink.msidentity.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Apr 4, 2021 18:57:21.583472967 CEST8.8.8.8192.168.2.30x6b2No error (0)a.privatelink.msidentity.comprda.aadg.msidentity.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Apr 4, 2021 18:57:21.583472967 CEST8.8.8.8192.168.2.30x6b2No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Apr 4, 2021 18:57:21.671776056 CEST8.8.8.8192.168.2.30x185No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:07.583383083 CEST8.8.8.8192.168.2.30xb0c5No error (0)under17.com185.243.114.196A (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:15.983675003 CEST8.8.8.8192.168.2.30x51bbNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:21.721563101 CEST8.8.8.8192.168.2.30xc7b7Server failure (2)under17.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:42.948448896 CEST8.8.8.8192.168.2.30x2c05No error (0)urs-world.com185.186.244.95A (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:44.221791983 CEST8.8.8.8192.168.2.30x5bfbNo error (0)urs-world.com185.186.244.95A (IP address)IN (0x0001)
                                                                                                              Apr 4, 2021 18:58:45.512501001 CEST8.8.8.8192.168.2.30xbc6dNo error (0)urs-world.com185.186.244.95A (IP address)IN (0x0001)

                                                                                                              Code Manipulations

                                                                                                              Statistics

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Start time:18:56:35
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Windows\System32\loaddll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:loaddll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll'
                                                                                                              Imagebase:0x70000
                                                                                                              File size:116736 bytes
                                                                                                              MD5 hash:542795ADF7CC08EFCF675D65310596E8
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.468304011.00000000009A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              General

                                                                                                              Start time:18:56:35
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                                                                                                              Imagebase:0xbd0000
                                                                                                              File size:232960 bytes
                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:56:35
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\KAsJ2r4XYY.dll,StartService
                                                                                                              Imagebase:0xb20000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.233568120.00000000036C0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:56:35
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:rundll32.exe 'C:\Users\user\Desktop\KAsJ2r4XYY.dll',#1
                                                                                                              Imagebase:0xb20000
                                                                                                              File size:61952 bytes
                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.430938761.000000000526D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352421951.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352356466.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352397565.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352410447.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352378361.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.469880378.0000000002FE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.352447282.000000000536B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:57:18
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                              Imagebase:0x7ff7121d0000
                                                                                                              File size:823560 bytes
                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:57:19
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6348 CREDAT:17410 /prefetch:2
                                                                                                              Imagebase:0xfa0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:58:06
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                              Imagebase:0x7ff7121d0000
                                                                                                              File size:823560 bytes
                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:58:07
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17410 /prefetch:2
                                                                                                              Imagebase:0xfa0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:58:14
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7164 CREDAT:17418 /prefetch:2
                                                                                                              Imagebase:0xfa0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:58:37
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                              Imagebase:0x7ff7121d0000
                                                                                                              File size:823560 bytes
                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Start time:18:58:38
                                                                                                              Start date:04/04/2021
                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1268 CREDAT:17410 /prefetch:2
                                                                                                              Imagebase:0xfa0000
                                                                                                              File size:822536 bytes
                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >